mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'feature/mbedtls_3_5_0_update_v5.1' into 'release/v5.1'
feat(mbedtls): update to 3.5.0 release (v5.1) See merge request espressif/esp-idf!26475
This commit is contained in:
commit
ee6ea577e2
@ -110,9 +110,13 @@ list(REMOVE_ITEM src_x509 x509_crt.c)
|
|||||||
set_property(TARGET mbedx509 PROPERTY SOURCES ${src_x509})
|
set_property(TARGET mbedx509 PROPERTY SOURCES ${src_x509})
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
# Core libraries from the mbedTLS project
|
||||||
set(mbedtls_targets mbedtls mbedcrypto mbedx509)
|
set(mbedtls_targets mbedtls mbedcrypto mbedx509)
|
||||||
|
# 3rd party libraries from the mbedTLS project
|
||||||
|
list(APPEND mbedtls_targets everest p256m)
|
||||||
|
|
||||||
set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c")
|
set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c"
|
||||||
|
"${COMPONENT_DIR}/port/esp_platform_time.c")
|
||||||
|
|
||||||
if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
|
if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
|
||||||
set(mbedtls_target_sources ${mbedtls_target_sources}
|
set(mbedtls_target_sources ${mbedtls_target_sources}
|
||||||
|
@ -1052,16 +1052,4 @@ menu "mbedTLS"
|
|||||||
then the ESP will be unable to process keys greater
|
then the ESP will be unable to process keys greater
|
||||||
than SOC_RSA_MAX_BIT_LEN.
|
than SOC_RSA_MAX_BIT_LEN.
|
||||||
|
|
||||||
menuconfig MBEDTLS_SECURITY_RISKS
|
|
||||||
bool "Show configurations with potential security risks"
|
|
||||||
default n
|
|
||||||
|
|
||||||
config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
|
|
||||||
bool "X.509 CRT parsing with unsupported critical extensions"
|
|
||||||
depends on MBEDTLS_SECURITY_RISKS
|
|
||||||
default n
|
|
||||||
help
|
|
||||||
Allow the X.509 certificate parser to load certificates
|
|
||||||
with unsupported critical extensions
|
|
||||||
|
|
||||||
endmenu # mbedTLS
|
endmenu # mbedTLS
|
||||||
|
@ -1 +1 @@
|
|||||||
Subproject commit 727a037da6f9a62a9d3d5def5bd21a2bc9c621c6
|
Subproject commit dd91f30058dfad68d80267cc82cd8472c4aa54b5
|
@ -283,6 +283,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||||||
int __wrap_mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf)
|
int __wrap_mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf)
|
||||||
{
|
{
|
||||||
ssl->conf = conf;
|
ssl->conf = conf;
|
||||||
|
ssl->tls_version = ssl->conf->max_tls_version;
|
||||||
|
|
||||||
CHECK_OK(ssl_handshake_init(ssl));
|
CHECK_OK(ssl_handshake_init(ssl));
|
||||||
|
|
||||||
mbedtls_free(ssl->MBEDTLS_PRIVATE(out_buf));
|
mbedtls_free(ssl->MBEDTLS_PRIVATE(out_buf));
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
#include "esp_private/periph_ctrl.h"
|
#include "esp_private/periph_ctrl.h"
|
||||||
#include "ecdsa/ecdsa_alt.h"
|
#include "ecdsa/ecdsa_alt.h"
|
||||||
|
|
||||||
#define ECDSA_KEY_MAGIC 0xECD5A
|
#define ECDSA_KEY_MAGIC (short) 0xECD5A
|
||||||
#define ECDSA_SHA_LEN 32
|
#define ECDSA_SHA_LEN 32
|
||||||
#define MAX_ECDSA_COMPONENT_LEN 32
|
#define MAX_ECDSA_COMPONENT_LEN 32
|
||||||
|
|
||||||
|
25
components/mbedtls/port/esp_platform_time.c
Normal file
25
components/mbedtls/port/esp_platform_time.c
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
/*
|
||||||
|
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "mbedtls/build_info.h"
|
||||||
|
#include "mbedtls/platform_time.h"
|
||||||
|
|
||||||
|
#ifdef MBEDTLS_PLATFORM_MS_TIME_ALT
|
||||||
|
mbedtls_ms_time_t mbedtls_ms_time()
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
struct timespec tv = {};
|
||||||
|
mbedtls_ms_time_t current_ms;
|
||||||
|
|
||||||
|
ret = clock_gettime(CLOCK_MONOTONIC, &tv);
|
||||||
|
if (ret) {
|
||||||
|
return time(NULL) * 1000L;
|
||||||
|
}
|
||||||
|
|
||||||
|
current_ms = tv.tv_sec;
|
||||||
|
return current_ms * 1000L + tv.tv_nsec / 1000000L;
|
||||||
|
}
|
||||||
|
#endif // MBEDTLS_PLATFORM_MS_TIME_ALT
|
@ -56,8 +56,15 @@
|
|||||||
*/
|
*/
|
||||||
#ifdef CONFIG_MBEDTLS_HAVE_TIME
|
#ifdef CONFIG_MBEDTLS_HAVE_TIME
|
||||||
#define MBEDTLS_HAVE_TIME
|
#define MBEDTLS_HAVE_TIME
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_PLATFORM_MS_TIME_ALT
|
||||||
|
*
|
||||||
|
* Define platform specific function to get time since bootup in milliseconds.
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_PLATFORM_MS_TIME_ALT
|
||||||
#else
|
#else
|
||||||
#undef MBEDTLS_HAVE_TIME
|
#undef MBEDTLS_HAVE_TIME
|
||||||
|
#undef MBEDTLS_PLATFORM_MS_TIME_ALT
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -2731,25 +2738,6 @@
|
|||||||
*/
|
*/
|
||||||
#define MBEDTLS_X509_CRT_WRITE_C
|
#define MBEDTLS_X509_CRT_WRITE_C
|
||||||
|
|
||||||
/**
|
|
||||||
* \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
|
||||||
*
|
|
||||||
* Alow the X509 parser to not break-off when parsing an X509 certificate
|
|
||||||
* and encountering an unknown critical extension.
|
|
||||||
*
|
|
||||||
* Module: library/x509_crt.c
|
|
||||||
*
|
|
||||||
* Requires: MBEDTLS_X509_CRT_PARSE_C
|
|
||||||
*
|
|
||||||
* This module is supports loading of certificates with extensions that
|
|
||||||
* may not be supported by mbedtls.
|
|
||||||
*/
|
|
||||||
#ifdef CONFIG_MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
|
|
||||||
#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
|
||||||
#else
|
|
||||||
#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user