jim
5a234cf642
mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation
2024-01-08 14:23:32 +08:00
Mahavir Jain
e9094cef66
fix(mbedtls): dynamic buffer feature issue with mbedtls 3.5.0
...
Set max TLS version in the SSL context during setup phase. Dynamic
buffer feature overrides the `mbedtls_ssl_setup` API and hence
this change is required per upstream 3.5.0 codebase change.
2023-10-11 09:32:32 +00:00
Mahavir Jain
90290507fb
fix(mbedtls): Build issue in dynamic buffer feature
...
Fix build issue in mbedTLS dynamic buffer feature with
`CONFIG_MBEDTLS_DHM_C` enabled case. Also added a build
configuration for the test coverage.
Closes https://github.com/espressif/esp-idf/issues/11770
2023-06-29 13:30:30 +05:30
harshal.patil
9c3a6c4f53
mbedtls: replace low-level sha apis with md apis in esp_ssl_tls
2023-04-17 12:50:15 +05:30
Laukik Hase
1e4493e592
mbedtls: Fix build with dynamic buffers feature
2023-01-09 15:41:36 +05:30
Laukik Hase
aeb42ce3a7
https_server: Fix example when MBEDTLS_DYNAMIC_BUFFER
is enabled
...
- While checking if ciphersuite uses RSA key exchange methods,
the APIs `mbedtls_ssl_get_ciphersuite_id_from_ssl` and
`mbedtls_ssl_ciphersuite_from_id` were used to get the ciphersuite
info.
- However, this is incorrect as we need the ciphersuite info from the
handshake instance and not the ssl_session instance.
2022-09-30 23:25:27 +05:30
Laukik Hase
d7eb2c7b4e
mbedtls: MBEDTLS_PRIVATE
& MBEDTLS_ALLOW_PRIVATE_ACCESS
-related cleanup
2022-09-29 10:13:14 +05:30
Laukik Hase
9b290e3668
mbedtls/port: Fix dynamic buffers feature for v3.2.1
...
Co-authored-by: Li Jingyi <lijingyi@espressif.com>
2022-08-24 11:59:34 +05:30
Li Jingyi
c88af419a3
mbedtls: fix ssl server crash when enable mbedtls dynamic buffer
...
Not free keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods, because keycert will be used to parse client key exchange.
2022-05-20 11:21:48 +00:00
Li Jingyi
fa3cbf9162
fix(mbedtls): fix ssl server memory leak when enable mbedtls dynamic buffer function
2022-05-09 13:56:20 +00:00
Laukik Hase
87d3296c37
mbedtls: Disable MBEDTLS_DYNAMIC_BUFFER
when TLS 1.3 is enabled
...
- Resulted in a crash in the handshake stage when
used alongside TLS 1.3 (MBEDTLS_SSL_PROTO_TLS1_3)
- Fix build error when MBEDTLS_HARDWARE_SHA=n &&
MBEDTLS_DYNAMIC_BUFFER=y
- Fix build error when TLS 1.3 is enabled with
MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n
2022-03-11 10:03:48 +05:30
Laukik Hase
3925365351
ci: Fix pre-check
stage failing tests
...
- Updated license headers
- Re-enabled public headers and static analysis checks
- Fix public header file check failure
Co-authored-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
60b167f2d6
mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE
from multiple files
...
after they have been again made public in mbedtls-3.1
*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326
mbedtls-3.0: Fixed ESP32 build issues
...
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr
mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required
mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module
mbedtls-3.0: Fixed ESP32-H2 build issues
ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices
- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3
ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2
- Tests:
- example_test_protocols 1/2
ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0
mbedtls-3 update:
...
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
0483bfbbfe
Initial Changes for updating mbedtls to v3.0
2022-03-03 01:37:09 +05:30
Laukik Hase
424c45df91
ci: Fix issues for build stage
...
- Fixed logs expecting different format specifier
- Updated ignore list for check_public_header test
- Updated functions ported from mbedTLS
2022-01-25 10:51:27 +05:30
Laukik Hase
befc93aa2d
mbedtls: Added option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
...
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT
(config was kept for backward compatibility)
- Combined mbedTLS v2.28.x related options under a separate Kconfig menu
2022-01-25 10:51:27 +05:30
Li Jingyi
2b1402890d
fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable MBEDTLS_SSL_PROTO_DTLS when open MBEDTLS_DYNAMIC_BUFFER
2021-12-21 16:11:03 +08:00
Li Jingyi
981ef057c4
feat(mbedtls): modify __wrap_mbedtls_ssl_setup to decrease SSL peak heap cost
2021-12-01 17:15:25 +08:00
Mahavir Jain
f7ed95349f
mbedtls: fix dynamic buffer feature build
2021-11-02 15:52:09 +08:00
yuanjm
93604b1a11
mbedtls: Fix mbedtls_ssl_send_alert_message crash due to ssl->out_iv is NULL
2021-04-22 09:33:59 +00:00
Aditya Patwardhan
bf513b6f31
Fix esp_tls: Prevent freeing of global ca store after each connection
...
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
Dong Heng
1c9592efc4
fix(mbedtls): fix mbedtls dynamic resource memory leaks and RSA cert drop earlier
...
RX process caches the session information in "ssl->in_ctr" not in "ssl->in_buf".
So when freeing the SSL, can't free the "ssl->in_ctr", because the "ssl->in_buf"
is empty.
Make the RX process like TX process, and cache the session information in
"ssl->in_buf", so that the cache buffer can be freed when freeing the SSL.
Closes https://github.com/espressif/esp-idf/issues/6104
2020-11-19 07:31:50 +00:00
Angus Gratton
66fb5a29bb
Whitespace: Automated whitespace fixes (large commit)
...
Apply the pre-commit hook whitespace fixes to all files in the repo.
(Line endings, blank lines at end of file, trailing whitespace)
2020-11-11 07:36:35 +00:00
Dong Heng
3d57bf30a2
feat(mbedtls): add dynamic buffer and local resource managment to decrease SSL heap cost
2020-05-14 11:45:09 +00:00