Harshit Malpani
1c3c89eb43
fix(esp-tls): Retry reads if using session tickets with TLS 1.3
...
Fixed the error that occurred while performing OTA upgrades over
TLS 1.3 connection. After handshake is completed, post-handshake message
is received and internal state is changed. While performing mbedtls_ssl_read(),
it checks handshake state and if it is not MBEDTLS_SSL_HANDSHAKE_OVER,
mbedtls_ssl_handshake is called again.
2024-05-02 17:11:50 +05:30
Mahavir Jain
0b7bb679bb
esp_tls: add initial support for TLS 1.3 connection
2024-05-02 17:11:01 +05:30
Alex
97bdb74766
fix(esp-tls): fix pointer cast and condition for CONFIG_ATECC608A_TCUSTOM
...
Closes https://github.com/espressif/esp-idf/pull/11923
2023-08-24 04:17:56 +00:00
Aditya Patwardhan
6ef7d24fc9
esp-tls: Add changes to the Cert selection callback PR.
2022-12-05 08:59:24 +05:30
Akos Vandra
e6442657fd
esp-tls: Add support for the CERTIFICATE SELECTION HOOK. The hook has access to required information so that the application can make a more informed decision on which certificate to serve (such as alpn value, server certificate type, etc.)
...
Closes https://github.com/espressif/esp-idf/pull/9833
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-12-05 08:59:24 +05:30
yuanjianmin
0a41b9bcd8
esp-tls: Fix memory leak in mbedtls ds peripheral when MBEDTLS_THREADING_C enabled
2022-10-13 19:35:04 +08:00
Yuan Jian Min
769c6c2214
esp-tls: socket will be set to -1 and will not be closed
2022-09-26 19:20:15 +08:00
Laukik Hase
51cbbe486c
esp_tls/wpa_supplicant: Updated deprecated mbedtls APIs
2022-08-26 11:46:54 +05:30
Aditya Patwardhan
2ea419db22
esp_tls_mbedtls.c: Fix esp-idf integration of esp-cryptoauthlib
...
menuconfig option
2022-06-03 23:12:11 +05:30
Li Jingyi
6d58008119
esp-tls: add api to free client session
...
Free session with mbedtls api to avoid mem-leak
2022-05-23 16:28:40 +08:00
Aditya Patwardhan
788c9ddf8d
esp_tls: Added getter function for esp_tls ssl ctx.
2022-05-11 07:09:34 +00:00
Aditya Patwardhan
434e74ff73
esp_tls: Make esp_tls_t as private structure.
2022-05-11 07:09:34 +00:00
Laukik Hase
d7090b4d52
https_server: Add config option to min. cert. auth mode
...
- Added a config option to set the minimum Certificate Verification
mode to Optional
- When this option is enabled, the peer (the client) certificate
is checked by the server, however the handshake continues even if
verification failed.
- By default, the peer certificate is not checked and ignored by the server.
Closes https://github.com/espressif/esp-idf/issues/8664
2022-03-29 08:57:36 +00:00
Aditya Patwardhan
4c58685c00
esp_https_server: Enable secure element support.
...
Closes https://github.com/espressif/esp-idf/issues/8286
2022-03-27 14:35:25 +05:30
Laukik Hase
f5feb7813e
mbedtls: Fix build errors related to TLS 1.3
...
- Kconfig: Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled
- esp-tls (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
60b167f2d6
mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE
from multiple files
...
after they have been again made public in mbedtls-3.1
*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326
mbedtls-3.0: Fixed ESP32 build issues
...
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr
mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required
mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module
mbedtls-3.0: Fixed ESP32-H2 build issues
ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices
- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3
ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2
- Tests:
- example_test_protocols 1/2
ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0
mbedtls-3 update:
...
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Laukik Hase
1d2b2b5879
feature: Added user callback for esp_https_server
...
- Can be used to get connection or client information (SSL context)
- E.g. Client certificate, Socket FD, Connection state, etc.
- Added example callback for getting client certificate information in 'https_server/simple' example
Closes https://github.com/espressif/esp-idf/issues/7479
2021-10-11 09:41:01 +05:30
Mahavir Jain
8b4c0e71a9
Merge branch 'feature/mbedtls_session_ticket_support' into 'master'
...
Feature/mbedtls session ticket support
Closes IDFGH-5288 and IDF-3242
See merge request espressif/esp-idf!14496
2021-09-17 09:59:02 +00:00
Aditya Patwardhan
b4e4b9f20d
Added support for client session tickets in esp-tls (with mbedtls)
...
* client session tickets for individual tls connections are supported
* reorganize the esp-tls error codes.
* Update esp_err_to_name.c
* Fix styling
2021-09-15 22:19:04 +05:30
Daniel Bahrdt
7e886ca9ed
Implement server session ticket support with mbedtls
...
Closes https://github.com/espressif/esp-idf/pull/7048
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-09-15 22:19:04 +05:30
Aditya Patwardhan
c6c2ea975f
Fix esp_mbedtls_write API
...
Fix esp_wolfssl_write API
Closes https://github.com/espressif/esp-idf/issues/7461
2021-09-15 21:40:54 +05:30
Aditya Patwardhan
0e01a22264
esp_tls_wolfssl: Improved error messages
2021-06-28 14:51:41 +05:30
Aditya Patwardhan
4af1176d15
esp_tls_mbedtls: Improved the error messages.
...
The error message string for error codes is printedwhen log level is set to debug
2021-06-28 14:51:41 +05:30
Jan Brudny
967e057906
esp-tls, esp_http_client and esp_http_server: update copyright notice
2021-05-31 20:06:09 +08:00
Aditya Patwardhan
1abdfee3b7
secure_element: Update esp-cryptoauthlib submodule latest version.
...
*This updates the cryptoauthlib version in the esp-cryptoauthlib to cryptoauthlib-v3.3.1
2021-05-24 07:28:20 +00:00
Aditya Patwardhan
bf513b6f31
Fix esp_tls: Prevent freeing of global ca store after each connection
...
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
Aditya Patwardhan
0175c68400
esp_tls: Fix misplaced paranthesis in esp_tls_mbedtls.c
...
Fixes one part of - https://github.com/espressif/esp-idf/issues/6440
2021-02-10 02:07:58 +00:00
Aditya Patwardhan
1a09e16af2
esp_tls: Fix memory leak when esp-tls server session is deleted
2021-01-21 01:17:23 +00:00
Aditya Patwardhan
cddb8c29e6
esp-tls: Fix mem leak when global_ca_store is freed
2021-01-21 01:17:23 +00:00
Aditya Patwardhan
0841d2bc75
esp_tls: Add warning if the CA chain provided contains one/more invalid
...
cert
2021-01-11 03:20:35 +00:00
Aditya Patwardhan
ca964dfbcc
esp-tls: Changed default behaviour for esp-tls client ( for security
...
purpose)
By default esp-tls client will now return error if no server verify option
is provided, earlier it used to skip the verification by
default.
Added config option to skip server verification by default (for testing
purpose)
Updated required docs
2021-01-05 07:33:32 +00:00
Aditya Patwardhan
95d9533294
esp-tls : (Fix) update tls->sockfd value after socket is freed internally
...
Closes https://github.com/espressif/esp-idf/issues/6163
2020-12-02 03:47:15 +00:00
David Cermak
ce519ee783
tcp_transport: Extend transport error storage for socket error
...
Everytime we report error and log errno, we also capture the actual
errno to an internal storage so that user application can retrieve
its value.
2020-11-12 12:46:22 +00:00
Aditya Patwardhan
47f7c6a991
esp32s2/esp_ds: Digital Signature software support
...
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Mahavir Jain
52469c8505
esp-tls: enable TLS renegotiation using explicit API call
...
mbedTLS stack does not keep TLS renegotiation enabled even if
relevant config option is turned on, it needs explicit API call
`mbedtls_ssl_conf_renegotiation` to do so.
This issue was observed in case of Azure IoT, where keys needs to
be refreshed periodically to keep TLS connection intact.
2020-07-03 05:52:22 +00:00
Aditya Patwardhan
423e600d46
secure_element: atecc608_ecdsa example
...
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl
Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Mahavir Jain
7a2ea9b7f7
esp-tls: add support for using hardware security module
2020-05-20 22:52:37 +05:30
Marius Vikhammer
947e3e94ed
Add ESP certificate bundle feature
...
Adds the ESP certificate bundle feature that enables users to bundle a
root certificate bundle together with their application.
Default bundle includes all Mozilla root certificates
Closes IDF-296
2020-03-04 10:51:43 +08:00
David Cermak
b69ac4448e
tcp_transport: added API for client-key password
2020-01-06 21:16:24 +00:00
Marius Vikhammer
ed85046138
tcp_transport: added functionality for using ALPN with SSL
...
Closes IDF-1160
2019-11-13 11:33:13 +08:00
Aditya Patwardhan
988f0c8feb
ESP_TLS: Generalizing error messages for esp_tls
...
:Replace mbedtls specific error messages
2019-10-28 16:05:31 +05:30
Aditya Patwardhan
f7eaa5f946
ESP_TLS: Restructuring esp_tls
...
1)Segregating mbedtls API into seperate file and cleaned esp_tls.c
2)Added support for wolfssl for CMake and make
3)Added support for debug_wolfssl (with menuconfig option)
4)Added info on wolfssl in ESP-TLS docs
2019-10-28 16:05:22 +05:30