490 Commits

Author SHA1 Message Date
nilesh.kale
ef7a749367 feat(mbedtls): updated mbedtls version from 3.5.2 to 3.6.0
This MR updated MbedTLS version to latest version 3.6.0.
2024-05-15 11:43:54 +05:30
harshal.patil
f7b3cd6cbd
ci(mbedtls/gcm): Added test to verify software fallback for non-AES cipher GCM operations 2024-03-12 13:47:50 +05:30
harshal.patil
c367de40ba
fix(mbedtls/gcm): Add support for software fallback for non-AES ciphers in a GCM operation
- Even if the config MBEDTLS_HARDWARE_AES is enabled, we now support fallback
to software implementation of GCM operations when non-AES ciphers are used.
2024-03-12 13:47:25 +05:30
harshal.patil
74eb2add93 fix(mbedtls/gcm): Avoid using GCM hardware when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-23 11:26:21 +08:00
harshal.patil
9f461c010b fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-23 11:26:21 +08:00
nilesh.kale
4f63e93118 feat(mbedtls): updated mbedtls version from 3.5.0 to 3.5.2
This updates the submodule mbedtls to its latest version 3.5.2.
2024-02-05 12:50:59 +05:30
jim
dfe28ce029 mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation 2024-01-08 14:37:41 +08:00
Daniel Mangum
3ef1cf7edb
mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding
Updates config to define the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY
option, which replaced the previously used
MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be
used as the new one exceeds the maximum length for an option name in
esp-idf.

See https://github.com/Mbed-TLS/mbedtls/pull/4490 for more information.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2024-01-02 11:22:38 +05:30
Aditya Patwardhan
5a14730f75 fix(mbedtls): Removed redundant menuconfig entry 2023-12-15 09:50:22 +00:00
harshal.patil
206af07ad4
fix(mbedtls/aes): fix AES interrupt allocation for AES-GCM operations 2023-12-01 16:49:47 +05:30
harshal.patil
b72804340c
fix(mbedtls): move interrupt allocation during initialization phase 2023-12-01 16:49:47 +05:30
Kapil Gupta
973aca32be change(esp_wifi): Port fast_pbkdf2 implementation for mbedlts
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.

Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
2023-11-01 21:56:56 +05:30
Jiang Guang Ming
883d7e793f feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM 2023-10-26 20:56:29 +08:00
Jiang Jiang Jian
5293a3e403 Merge branch 'feature/mbedtls_3_5_0_update_v5.0' into 'release/v5.0'
feat(mbedtls): update to 3.5.0 release (v5.0)

See merge request espressif/esp-idf!26477
2023-10-26 17:58:51 +08:00
Mahavir Jain
3e90ed6428 fix(mbedtls): remove deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
This config has been removed in the upstream mbedTLS starting 3.0
release. Please see mbedTLS changelog for more details.
2023-10-16 03:54:57 +00:00
Mahavir Jain
088c546964 fix(mbedtls): dynamic buffer feature issue with mbedtls 3.5.0
Set max TLS version in the SSL context during setup phase. Dynamic
buffer feature overrides the `mbedtls_ssl_setup` API and hence
this change is required per upstream 3.5.0 codebase change.
2023-10-16 03:54:57 +00:00
Mahavir Jain
97fe016e4e feat(mbedtls): update to 3.5.0 release
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
2023-10-16 03:54:57 +00:00
harshal.patil
6fdbd027c5
feat(esp_hw_support): Add locking layer for the ECC peripheral 2023-09-29 11:24:34 +05:30
Mahavir Jain
aba35cd526
fix(aes): correct the linking of the DMA descriptors
For certain data lengths, the last input descriptor was not getting appended
correctly and hence the EOF flag in the DMA descriptor link list was
set at incorrect location. This was resulting in the peripheral being
stalled expecting more data and eventually the code used to timeout
waiting for the AES completion interrupt.

Required configs for this issue:

CONFIG_MBEDTLS_HARDWARE_AES
CONFIG_SOC_AES_SUPPORT_DMA

This observation is similar to the issue reported in:
https://github.com/espressif/esp-idf/issues/10647

To recreate this issue, start the AES-GCM DMA operation with data length
12280 bytes and this should stall the operation forever.

In this fix, we are tracing the entire descriptor list and then appending the
extra bytes descriptor at correct position (as the last node).
2023-09-06 08:30:00 +05:30
Mahavir Jain
29be69d797
fix(aes-gcm): correct the DMA completion wait condition for hardware GCM case
DMA operation completion must wait until the last DMA descriptor
ownership has been changed to hardware, that is hardware is completed
the write operation for entire data. Earlier for the hardware GCM case,
the first DMA descriptor was checked and it could have resulted in some
race condition for non interrupt (MBEDTLS_AES_USE_INTERRUPT disabled) case.
2023-09-06 08:29:57 +05:30
Jiang Jiang Jian
095f1f259b Merge branch 'bugfix/sha_dma_mode_incorrect_result_v5.0' into 'release/v5.0'
fix(sha): DMA mode iteration calculation issue for certain data lengths (v5.0)

See merge request espressif/esp-idf!25128
2023-08-21 10:40:15 +08:00
Harshit Malpani
53408df990
feat(mbedtls): Update to release/v3.4.1 2023-08-17 17:31:10 +05:30
Jiang Guang Ming
b554ee475c feat(mbedtls): support ecp fixed-point multiplication configurable 2023-08-09 16:54:28 +08:00
Mahavir Jain
080214b31a ci(test): add SHA DMA mode test for large data in PSRAM
Covers a test scenario described in following issue:
https://github.com/espressif/esp-idf/issues/11915
2023-08-02 04:48:48 +00:00
Mahavir Jain
66b718ac82 fix(sha): DMA mode iteration calculation issue for certain data lengths
SHA hardware DMA mode calculation had off-by-one error for specific
input lengths. This was causing last chunk of the input data not being
fed to the hardware accelerator and hence resulting in an incorrect
final result.

Closes: https://github.com/espressif/esp-idf/issues/11915
2023-08-02 04:48:48 +00:00
Mahavir Jain
f1d060a511 Merge branch 'bugfix/mbedtls_sha_test_fail_when_run_twice_v5.0' into 'release/v5.0'
fix(mbedtls): sha test will fail when run twice (backport v5.0)

See merge request espressif/esp-idf!24828
2023-07-17 20:07:34 +08:00
Mahavir Jain
1315845d75 Merge branch 'fix/mbedtls_internal_shaX_process_api_port_v5.0' into 'release/v5.0'
fix(mbedtls): Fix the port for mbedtls_internal_shaX_process api (v5.0)

See merge request espressif/esp-idf!24810
2023-07-17 17:00:44 +08:00
Jiang Guang Ming
f418a998a9 fix(mbedtls): sha test will fail when run twice 2023-07-17 10:54:32 +08:00
harshal.patil
f1ee3e41aa refactor(mbedtls): refactored the return values check in some esp-aes APIs 2023-07-14 21:00:16 +05:30
harshal.patil
3a73b1bf9b fix(mbedtls): Fix the port for the mbedtls_internal_shaX_process API
- Also added the fix to update intermediate SHA state in the mbedtls_shaX_update API
2023-07-14 14:18:10 +05:30
harshal.patil
400e220f06 fix(mbedtls): Fixed the transmission of return values of the esp-aes APIs
- Earlier, some intermediate return values were not stored and returned,
thus incorrect return values used to get transmitted to the upper layer of APIs.

- Also, zeroised the output buffer in case of error condition.
2023-07-14 13:41:13 +05:30
Laukik Hase
4da3e20855
fix(mbedtls): Fix incorrect assert for H/W MPI operations
- Closes https://github.com/espressif/esp-idf/issues/11850
2023-07-13 16:24:57 +05:30
harshal.patil
e858c2c1e0 mbedtls: update submodule to include:
fix: mbedtls_ecdsa_can_do was not being defined when ECDSA_SIGN_ALT is defined but ECDSA_VERIFY_ALT is not defined causing mbedtls_ecdsa_verify_restartable to always fail.
feature: initial version of the sbom.yml file
2023-07-07 10:30:33 +05:30
Jiang Jiang Jian
faf54ca1d6 Merge branch 'bugfix/aes_dma_align_issue_v5.0' into 'release/v5.0'
aes: fix DMA descriptor calculation for the alignment case (v5.0)

See merge request espressif/esp-idf!24094
2023-06-13 10:09:16 +08:00
Mahavir Jain
94e139e639
aes: fix DMA descriptor calculation for the alignment case
The number of the DMA descriptors allocated for certain length (e.g.,
8176) were not sufficient (off by 1 error). This used to result in the
dynamic memory corruption as the region was modified beyond the
allocated range.

This change fixes the DMA descriptor calculation part and allocates
sufficient DMA descriptors based on the data length alignment considerations.

Test has also been added to cover the specific scenario in the CI.

Closes https://github.com/espressif/esp-idf/issues/11310
2023-06-07 09:26:30 +05:30
Christoph Baechler
ebf4abca14
esp_ds: ignore releasing mutex if not called from same task 2023-05-19 08:31:45 +05:30
Mahavir Jain
a1dd8403d6 Merge branch 'feature/update_mbedtls_v5.0' into 'release/v5.0'
mbedtls: Update to release/v3.4.0 (v5.0)

See merge request espressif/esp-idf!23400
2023-05-11 12:06:23 +08:00
Marius Vikhammer
124a43e9ec build-system: replace ADDITIONAL_MAKE_CLEAN_FILES with ADDITIONAL_CLEAN_FILES
ADDITIONAL_MAKE_CLEAN_FILES is deprecated and only worked with make.
Replaced with the new ADDITIONAL_CLEAN_FILES (CMake 3.15) which also works with ninja.
2023-05-10 09:56:15 +08:00
harshal.patil
35d466b814 mbedtls: fix ci failures for update v3.4.0
- While updating to mbedtls release/v3.4.0, building mbedtls/library/psa_crypto.c,
clang produced an unreachable-code warning, so added `-Wno-unreachable-code` compile option for clang.
- In `mbedtls/v3.4.0`, the ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
only when `MBEDTLS_ECDSA_SIGN_ALT` was not defined.
- added a patch in mbedtls library to fix it.
2023-04-24 12:07:10 +05:30
harshal.patil
c293708409 mbedtls: replace low-level sha apis with md apis in esp_ssl_tls 2023-04-24 12:03:55 +05:30
harshal.patil
8017e23611 mbedtls: Update config options as per release/v3.4.0
- Added a Kconfig option for the newly added mbedtls option MBEDTLS_PKCS7_C
2023-04-24 12:03:55 +05:30
harshal.patil
911c12b7f0 mbedtls: Update to release/v3.4.0
- Release Notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.4.0
2023-04-24 12:03:55 +05:30
Laukik Hase
d53d4ec930 esp32/mpi: Added alternate workaround for MPI data corruption issue
- Use DPORT_WRITE_REG (volatile writes) wrappers to write to the
  MPI peripheral
- Updated the previous workaround added for the same issue as it
  was failing in some long runs and with `COMPILER_OPTIMIZATION_PERF`
  enabled.
- The test performance numbers had to be updated due to the
  performance penalty introduced by this fix.

Closes https://github.com/espressif/esp-idf/issues/10403
2023-03-06 06:43:17 +00:00
Laukik Hase
db99f311fc mbedtls: Fix build with dynamic buffers feature 2023-02-19 03:53:02 +00:00
Laukik Hase
8b5ab6820f mbedtls: Update config options as per v3.3.0 release 2023-02-19 03:53:02 +00:00
Laukik Hase
88aa45ff17 mbedtls: Update to v3.3.0 2023-02-19 03:53:02 +00:00
Mahavir Jain
dcae357500 Merge branch 'fix/hardware_ecc_port_v5.0' into 'release/v5.0'
mbedtls/ecp: Fix incorrect ECP parameter value

See merge request espressif/esp-idf!22112
2023-02-19 11:49:14 +08:00
Sachin Parekh
131faba944 mbedtls/ecp: Fix incorrect ECP parameter value
- Add sanity checks in mbedtls port
- Add ECP test cases covering shorter scalar values
2023-02-08 21:35:49 +05:30
harshal.patil
3ca447956c mbedtls: fix null pointer dereference of variable iv_off
iv_off gets dereferenced before being check for NULL
2023-01-25 15:32:56 +05:30
harshal.patil
79fb21952e mbedtls/port: refactor sanity checks and their return values
Refactored and returned correct error codes for sanity checks
present in port layer esp_aes.c and esp_aes_gcm.c
2023-01-25 15:30:20 +05:30