384 Commits

Author SHA1 Message Date
nilesh.kale
a5350112fb feat(mbedtls): updated mbedtls version from 2.28.7 to 2.28.8
This MR updated MbedTLS version to 2.28.8.
2024-04-05 15:17:03 +05:30
harshal.patil
7f20e696b6
fix(mbedtls/gcm): Avoid using GCM hardware when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-16 11:55:41 +05:30
harshal.patil
3bffba71c0
fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-16 11:55:41 +05:30
nilesh.kale
6fa8029146 feat(mbedtls): Update mbedtls to 2.28.7
This MR updates MbedlTLS version from 2.28.5 to 2.28.7
2024-02-09 11:38:23 +05:30
Aditya Patwardhan
b92c24a9ba Merge branch 'fix/aes_mpi_interrupt_allocation_workflow_v4.4' into 'release/v4.4'
fix(mbedtls): move interrupt allocation during initialization phase (v4.4)

See merge request espressif/esp-idf!27443
2023-12-15 17:12:42 +08:00
Shreyas Sheth
d6f65b1472 fix(wpa_supplicant): Remove deprecated mbedtls functions used in fast pbkdf2 and fix ci error 2023-12-05 23:59:58 +05:30
Kapil Gupta
3e4f49606b change(esp_wifi): Port fast_pbkdf2 implementation for mbedlts
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.

Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
2023-12-05 16:54:31 +05:30
harshal.patil
9e61344890 ci(mbedtls): added a test for the mbedtls_internal_shaX_process API 2023-12-05 16:54:31 +05:30
harshal.patil
edef8d5fae fix(mbedtls): Fix the port for the mbedtls_internal_shaX_process API
- Also added the fix to update intermediate SHA state in the mbedtls_shaX_update API
2023-12-05 16:54:31 +05:30
harshal.patil
00919c3967
fix(mbedtls/aes): fix AES interrupt allocation for AES-GCM operations 2023-12-01 18:25:11 +05:30
harshal.patil
bffe5d2864
fix(mbedtls): move interrupt allocation during initialization phase 2023-12-01 18:25:10 +05:30
Mahavir Jain
aee6e63337 Merge branch 'feature/gcm_operation_using_ctr_based_calculation_v4.4' into 'release/v4.4'
GCM operation optimisation (v4.4)

See merge request espressif/esp-idf!26523
2023-10-26 17:23:07 +08:00
LiPeng
72e67e3cf7
mbedtls: GCM implementation is replaced with CTR-based calculation
- GCM operation in mbedtls used ECB, which calculated only 16 bytes of data each time.
	- Therefore, when processing a large amount of data, it is necessary to frequently set hardware acceleration calculations,
	- which could not make good use of the AES DMA function to improve efficiency.
	- Hence, GCM implementation is replaced with CTR-based calculation which utilizes AES DMA to improve efficiency.
2023-10-25 18:02:47 +05:30
Harshit Malpani
967cae5892
feat(mbedtls): Update to release v2.28.5 2023-10-17 15:09:36 +05:30
Mahavir Jain
4636443b49
fix(aes): correct the linking of the DMA descriptors
For certain data lengths, the last input descriptor was not getting appended
correctly and hence the EOF flag in the DMA descriptor link list was
set at incorrect location. This was resulting in the peripheral being
stalled expecting more data and eventually the code used to timeout
waiting for the AES completion interrupt.

Required configs for this issue:

CONFIG_MBEDTLS_HARDWARE_AES
CONFIG_SOC_AES_SUPPORT_DMA

This observation is similar to the issue reported in:
https://github.com/espressif/esp-idf/issues/10647

To recreate this issue, start the AES-GCM DMA operation with data length
12280 bytes and this should stall the operation forever.

In this fix, we are tracing the entire descriptor list and then appending the
extra bytes descriptor at correct position (as the last node).
2023-09-06 08:30:37 +05:30
Mahavir Jain
b64670b51e
fix(aes-gcm): correct the DMA completion wait condition for hardware GCM case
DMA operation completion must wait until the last DMA descriptor
ownership has been changed to hardware, that is hardware is completed
the write operation for entire data. Earlier for the hardware GCM case,
the first DMA descriptor was checked and it could have resulted in some
race condition for non interrupt (MBEDTLS_AES_USE_INTERRUPT disabled) case.
2023-09-06 08:30:37 +05:30
Aditya Patwardhan
ab260561ab Merge branch 'bugfix/sha_dma_mode_incorrect_result_v4.4' into 'release/v4.4'
fix(sha): DMA mode iteration calculation issue for certain data lengths (v4.4)

See merge request espressif/esp-idf!25129
2023-08-21 14:33:44 +08:00
Harshit Malpani
c112914dac
feat(mbedtls): Update to release v2.28.4 2023-08-17 10:37:19 +05:30
Mahavir Jain
847722e21c
ci(test): add SHA DMA mode test for large data in PSRAM
Covers a test scenario described in following issue:
https://github.com/espressif/esp-idf/issues/11915
2023-08-02 10:19:31 +05:30
Mahavir Jain
2aa5963bbd
fix(sha): DMA mode iteration calculation issue for certain data lengths
SHA hardware DMA mode calculation had off-by-one error for specific
input lengths. This was causing last chunk of the input data not being
fed to the hardware accelerator and hence resulting in an incorrect
final result.

Closes: https://github.com/espressif/esp-idf/issues/11915
2023-08-02 10:18:12 +05:30
harshal.patil
ae3026a60b fix(mbedtls): Fixed the transmission of return values of the esp-aes APIs
- Earlier, some intermediate return values were not stored and returned,
thus incorrect return values used to get transmitted to the upper layer of APIs.

- Also, zeroised the output buffer in case of error condition.
2023-07-20 18:54:37 +05:30
Aditya Patwardhan
6afa8e4347 Merge branch 'bugfix/aes_dma_align_issue_v4.4' into 'release/v4.4'
aes: fix DMA descriptor calculation for the alignment case (v4.4)

See merge request espressif/esp-idf!24095
2023-06-14 16:55:42 +08:00
Mahavir Jain
98c53234fc
aes: fix DMA descriptor calculation for the alignment case
The number of the DMA descriptors allocated for certain length (e.g.,
8176) were not sufficient (off by 1 error). This used to result in the
dynamic memory corruption as the region was modified beyond the
allocated range.

This change fixes the DMA descriptor calculation part and allocates
sufficient DMA descriptors based on the data length alignment considerations.

Test has also been added to cover the specific scenario in the CI.

Closes https://github.com/espressif/esp-idf/issues/11310
2023-06-07 09:20:20 +05:30
Christoph Baechler
d007b0ebb2
esp_ds: ignore releasing mutex if not called from same task 2023-05-19 08:32:00 +05:30
harshal.patil
617d935b44 mbedtls: Update to release v2.28.3
- Release Notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
2023-04-03 14:28:12 +05:30
Mahavir Jain
2a1ede3f9d Merge branch 'update_v4.4/mbedtls_v2.28.2' into 'release/v4.4'
mbedtls: Update to release v2.28.2 (v4.4)

See merge request espressif/esp-idf!21896
2023-02-02 22:27:22 +08:00
harshal.patil
ecdd202285 mbedtls/port: added stream_block parameter sanity check 2023-01-25 15:38:28 +05:30
harshal.patil
734724ba79 mbedtls: fix esp_aes_crypt_ctr writing to null stream block 2023-01-25 15:38:28 +05:30
harshal.patil
865a72eb8f mbedtls: added SOC_AES_SUPPORT_AES_192 check in esp_aes_gcm_setkey() 2023-01-25 15:38:28 +05:30
Laukik Hase
0f46f0cfa4
mbedtls: Update config options as per v2.28.2 release 2023-01-04 15:36:24 +05:30
Laukik Hase
e7fb0dbdaa
mbedtls: Update to v2.28.2
- Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
2023-01-04 14:05:56 +05:30
Aditya Patwardhan
606ada809a esp_rsa_sign_alt: Fix esp_init_ds_data_ctx API to not modify user defined data when it is given directory from flash 2022-08-23 13:27:03 +05:30
Roland Dobai
f935c17a95 Tools: Fix Python style warnings 2022-08-09 14:30:52 +02:00
Laukik Hase
f7c20f3718
mbedtls: Update to release v2.28.1
- Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1
2022-07-14 10:01:39 +05:30
Laukik Hase
9e2369cb79
ci: Enable custom certificate bundle test for ESP32-S3
- Increase leakage limit for `test performance RSA key operations`
  UT by 64 bytes
2022-06-23 16:32:26 +05:30
Laukik Hase
e114850dda
mbedtls: Acquire lock before enabling MPI (RSA) hardware
- For ESP32-S3
2022-06-23 16:32:26 +05:30
Mahavir Jain
660b876465
esp_crt_bundle: Fix build problems if MBEDTLS_CERTIFICATE_BUNDLE is disabled
Exclude source and include file from build list if certificate bundle feature
is disabled.

Closes https://github.com/espressif/esp-idf/issues/8714
Closes IDFGH-7106
2022-06-12 09:29:12 +05:30
Li Jingyi
4896d0c8f3 mbedtls: fix ssl server crash when enable mbedtls dynamic buffer
Not free keycert until MBEDTLS_SSL_CLIENT_KEY_EXCHANGE for rsa key exchange methods, because keycert will be used to parse client key exchange.
2022-06-08 14:27:41 +08:00
Espressif BOT
2d91698324 Update esp_crt_bundle certificates 2022-06-02 11:03:24 +05:30
Aditya Patwardhan
a1d5a9b971 esp_crt_bundle: Add bounds checking for the "esp_crt_bundle_set" API.
Closes https://github.com/espressif/esp-idf/issues/8397
2022-06-01 15:09:50 +05:30
Mahavir Jain
ec0f7850a0 mbedtls: move locally managed root certificates to separate file
Purpose:
This will allow for easily automating periodic updates to
"cacrt_all.pem" file.

Note:
For now newly created "cacrt_local.pem" contains single "DST Root CA X3"
which we are keeping to manage compatibility with endpoints like
"howsmyssl.com". Please note this Root CA is expired and is not part of
Mozilla’s NSS root certificate store.
2022-06-01 15:07:31 +05:30
Laukik Hase
43d3cb37a0 esp_crt_bundle: Fix build error
- When `esp_crt_bundle.h` is included before any config,
  a build error (`esp_err_t` not defined) is observed

Closes https://github.com/espressif/esp-idf/issues/8606
2022-06-01 15:06:59 +05:30
Li Jingyi
81c195fed2 fix(mbedtls): fix ssl server memory leak when enable mbedtls dynamic buffer function 2022-05-19 10:41:40 +08:00
Laukik Hase
51fc67f5fa ci: Fix issues for build stage
- Fixed logs expecting different format specifier
- Updated ignore list for check_public_header test
- Updated functions ported from mbedTLS
- Fix for make-system build errors
2022-02-02 15:03:48 +05:30
Laukik Hase
11366d643f mbedtls: Added option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- Removed code regarding MBEDTLS_DYNAMIC_FREE_PEER_CERT
  (config was kept for backward compatibility)
- Combined mbedTLS v2.28.x related options under a separate Kconfig menu
2022-02-02 10:56:48 +05:30
Laukik Hase
76b9beff3c mbedtls: Moved mbedtls_mpi_mul_int to port layer 2022-02-02 10:56:48 +05:30
Laukik Hase
76658d5066 mbedtls: Added config options for v2.28.0 upgrade 2022-02-02 10:56:48 +05:30
Laukik Hase
0fdc5f7490 mbedtls: Upgrade to v2.28.0 2022-02-02 10:56:13 +05:30
Jiang Jiang Jian
7f48664eda Merge branch 'feature/mbedtls-2.16.12-integration_v4.4' into 'release/v4.4'
mbedtls: upgrade to release v2.16.12 (v4.4)

See merge request espressif/esp-idf!16483
2021-12-23 03:26:17 +00:00
Li Jingyi
c91afab332 fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable MBEDTLS_SSL_PROTO_DTLS when open MBEDTLS_DYNAMIC_BUFFER 2021-12-21 16:31:47 +08:00