Commit Graph

26 Commits

Author SHA1 Message Date
jim
5a234cf642 mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation 2024-01-08 14:23:32 +08:00
Mahavir Jain
e9094cef66 fix(mbedtls): dynamic buffer feature issue with mbedtls 3.5.0
Set max TLS version in the SSL context during setup phase. Dynamic
buffer feature overrides the `mbedtls_ssl_setup` API and hence
this change is required per upstream 3.5.0 codebase change.
2023-10-11 09:32:32 +00:00
Mahavir Jain
90290507fb
fix(mbedtls): Build issue in dynamic buffer feature
Fix build issue in mbedTLS dynamic buffer feature with
`CONFIG_MBEDTLS_DHM_C` enabled case. Also added a build
configuration for the test coverage.

Closes https://github.com/espressif/esp-idf/issues/11770
2023-06-29 13:30:30 +05:30
harshal.patil
9c3a6c4f53 mbedtls: replace low-level sha apis with md apis in esp_ssl_tls 2023-04-17 12:50:15 +05:30
Laukik Hase
1e4493e592
mbedtls: Fix build with dynamic buffers feature 2023-01-09 15:41:36 +05:30
Laukik Hase
aeb42ce3a7
https_server: Fix example when MBEDTLS_DYNAMIC_BUFFER is enabled
- While checking if ciphersuite uses RSA key exchange methods,
  the APIs `mbedtls_ssl_get_ciphersuite_id_from_ssl` and
  `mbedtls_ssl_ciphersuite_from_id` were used to get the ciphersuite
  info.
- However, this is incorrect as we need the ciphersuite info from the
  handshake instance and not the ssl_session instance.
2022-09-30 23:25:27 +05:30
Laukik Hase
d7eb2c7b4e
mbedtls: MBEDTLS_PRIVATE & MBEDTLS_ALLOW_PRIVATE_ACCESS-related cleanup 2022-09-29 10:13:14 +05:30
Laukik Hase
9b290e3668
mbedtls/port: Fix dynamic buffers feature for v3.2.1
Co-authored-by: Li Jingyi <lijingyi@espressif.com>
2022-08-24 11:59:34 +05:30
Li Jingyi
c88af419a3 mbedtls: fix ssl server crash when enable mbedtls dynamic buffer
Not free keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods, because keycert will be used to parse client key exchange.
2022-05-20 11:21:48 +00:00
Li Jingyi
fa3cbf9162 fix(mbedtls): fix ssl server memory leak when enable mbedtls dynamic buffer function 2022-05-09 13:56:20 +00:00
Laukik Hase
87d3296c37
mbedtls: Disable MBEDTLS_DYNAMIC_BUFFER when TLS 1.3 is enabled
- Resulted in a crash in the handshake stage when
  used alongside TLS 1.3 (MBEDTLS_SSL_PROTO_TLS1_3)
- Fix build error when MBEDTLS_HARDWARE_SHA=n &&
  MBEDTLS_DYNAMIC_BUFFER=y
- Fix build error when TLS 1.3 is enabled with
  MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n
2022-03-11 10:03:48 +05:30
Laukik Hase
3925365351 ci: Fix pre-check stage failing tests
- Updated license headers
- Re-enabled public headers and static analysis checks
- Fix public header file check failure

Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
60b167f2d6 mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE from multiple files
after they have been again made public in mbedtls-3.1

*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326 mbedtls-3.0: Fixed ESP32 build issues
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0 mbedtls-3 update:
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
0483bfbbfe Initial Changes for updating mbedtls to v3.0 2022-03-03 01:37:09 +05:30
Laukik Hase
424c45df91 ci: Fix issues for build stage
- Fixed logs expecting different format specifier
- Updated ignore list for check_public_header test
- Updated functions ported from mbedTLS
2022-01-25 10:51:27 +05:30
Laukik Hase
befc93aa2d mbedtls: Added option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT
  (config was kept for backward compatibility)
- Combined mbedTLS v2.28.x related options under a separate Kconfig menu
2022-01-25 10:51:27 +05:30
Li Jingyi
2b1402890d fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable MBEDTLS_SSL_PROTO_DTLS when open MBEDTLS_DYNAMIC_BUFFER 2021-12-21 16:11:03 +08:00
Li Jingyi
981ef057c4 feat(mbedtls): modify __wrap_mbedtls_ssl_setup to decrease SSL peak heap cost 2021-12-01 17:15:25 +08:00
Mahavir Jain
f7ed95349f mbedtls: fix dynamic buffer feature build 2021-11-02 15:52:09 +08:00
yuanjm
93604b1a11 mbedtls: Fix mbedtls_ssl_send_alert_message crash due to ssl->out_iv is NULL 2021-04-22 09:33:59 +00:00
Aditya Patwardhan
bf513b6f31 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
Dong Heng
1c9592efc4 fix(mbedtls): fix mbedtls dynamic resource memory leaks and RSA cert drop earlier
RX process caches the session information in "ssl->in_ctr" not in "ssl->in_buf".
So when freeing the SSL, can't free the "ssl->in_ctr", because the "ssl->in_buf"
is empty.

Make the RX process like TX process, and cache the session information in
"ssl->in_buf", so that the cache buffer can be freed when freeing the SSL.

Closes https://github.com/espressif/esp-idf/issues/6104
2020-11-19 07:31:50 +00:00
Angus Gratton
66fb5a29bb Whitespace: Automated whitespace fixes (large commit)
Apply the pre-commit hook whitespace fixes to all files in the repo.

(Line endings, blank lines at end of file, trailing whitespace)
2020-11-11 07:36:35 +00:00
Dong Heng
3d57bf30a2 feat(mbedtls): add dynamic buffer and local resource managment to decrease SSL heap cost 2020-05-14 11:45:09 +00:00