Commit Graph

313 Commits

Author SHA1 Message Date
Li Jingyi
e3b39381fd fix(mbedtls): fix compiling error when open MBEDTLS_SSL_PROTO_DTLS and disable MBEDTLS_DYNAMIC_BUFFER feature when MBEDTLS_SSL_PROTO_DTLS is selected 2021-12-23 15:34:18 +08:00
Jiang Jiang Jian
0fed811a46 Merge branch 'feature/mbedtls-2.16.12-integration_v4.3' into 'release/v4.3'
mbedtls: upgrade to release v2.16.12 (v4.3)

See merge request espressif/esp-idf!16484
2021-12-22 13:32:30 +00:00
Mahavir Jain
0fd5c562bf mbedtls: upgrade to release v2.16.12
For release notes, please refer to:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12
2021-12-21 14:04:31 +05:30
Mahavir Jain
9d79b70acf mbedtls: small documentation update 2021-12-21 14:04:12 +05:30
Li Jingyi
32e29580de feat(mbedtls): modify __wrap_mbedtls_ssl_setup to decrease SSL peak heap cost 2021-12-21 15:19:29 +08:00
Mahavir Jain
70936f4c92 mbedtls: remove wrap from component.mk as well
Note: This was not required in original MR, as master branch does
not support GNU Make.
2021-12-02 17:15:42 +05:30
Mahavir Jain
7a8c8f8576 esp_bignum: move check for supported MPI bits at start of API
This can allow hardware MPI API to return as soon as it identifies
that it can handle require bitlength operation.
2021-12-02 15:08:42 +05:30
Mahavir Jain
1cae1fc18e mbedtls: update mbedtls submodule pointer for MPI API change 2021-12-02 15:08:41 +05:30
Mahavir Jain
0befb28237 mbedtls: fix hardware MPI (bignum) related regression
In commit de22f3a4e5, combination of
hardware and software MPI (bignum) related approach was used to
work around chip (e.g. ESP32-C3) limitation of max 3072 bits support.

This was done using linker "--wrap" flag but since the relevant API is
being used in same translation (compilation unit), hardware mode was not
getting used in some cases (e.g., RSA key generation).

This commit modified internal mbedTLS API and makes software+hardware
combination deterministic.
2021-12-02 15:08:37 +05:30
Mahavir Jain
f864e1ddbb mbedtls: update kconfig help to correct on supported MPI bits 2021-12-02 15:07:37 +05:30
Marius Vikhammer
1c9f018891 aes: fix potential unaligned access in aes-gcm 2021-11-04 10:59:53 +08:00
Victor Morales
caafeff63f esp_crt_bundle: remove EC-ACC certificate
Fixes bug #7631
2021-10-07 13:13:52 +05:30
Zim Kalinowski
121910b939 Merge branch 'ci/change_perf_key_v4.3' into 'release/v4.3'
ci: update performance test key to db compatible format (v4.3)

See merge request espressif/esp-idf!14654
2021-09-10 04:23:09 +00:00
Marius Vikhammer
d5d126b73e aes/sha: fixed driver reseting the wrong GDMA channel
Driver was using the channel ID from tx when reseting rx.
But since rx and tx is not necessarily from the same pair this could lead
to the driver reseting the wrong DMA channel.
2021-08-30 17:06:13 +08:00
Fu Hanxi
2231d6b158 ci: update performance test key to db compatible format 2021-08-04 12:22:25 +08:00
Mahavir Jain
ab452839ed Merge branch 'feature/upgrade_mbedtls_to_v4.3' into 'release/v4.3'
mbedtls: upgrade to release v2.16.11 (v4.3)

See merge request espressif/esp-idf!14437
2021-07-21 12:17:00 +00:00
Mahavir Jain
f817971f68 mbedtls: fix crt_bundle test to ensure proper server start event
This fixes occasional test failure that was observed due to
client task getting started before server was up.
2021-07-20 14:15:59 +05:30
Mahavir Jain
4333e618b5 mbedtls: upgrade to release v2.16.11
For detailed release notes please refer to:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11
2021-07-20 14:15:59 +05:30
Mahavir Jain
dd12e9f8cd Merge branch 'cert/skipping_keyelements_validation' into 'master'
MbedTLS: Add config option for key elements and key element extension for SSL connection

See merge request espressif/esp-idf!12898

(cherry picked from commit 76bd33e9a4)

38d67725 mbedtls: Add config option key element and key element ext
2021-07-14 16:43:58 +08:00
kapil.gupta
ae35d70359 wpa_supplicant: Write Crypto API based on mbedtls
This commit add following crypto changes

1. Update current crypto code with upstream supplicant code
2. Add a proper porting layer to use mbedtls APIs for all the crypto
   operations used by supplicant.

Internal crypto will be used when USE_MBEDLTS flag is disabled
in supplicant's menuconfig.

This commit also removes the clutter in crypto files due to partial
porting of some APIs to mbedtls, all the code from those files have
been removed and rewritten in a generic way, this is inspired from
current upstream code.

This also reduces the lib size significantly, supplicant's lib
size reduces around ~567kb after this change(NB: lib size doesn't
indicate reduction in final bin size).
2021-06-29 14:34:48 +08:00
Mahavir Jain
a213b289be Merge branch 'feature/extmem_alloc_for_s2_v4.3' into 'release/v4.3'
External memory allocation policy support  for ESP32-S2 (GitHub PR) (v4.3)

See merge request espressif/esp-idf!13619
2021-06-16 16:34:13 +00:00
Marcel Kottmann
4c8ae4fd56 mbedtls: Allow external mem alloc for ESP32-S2
Closes https://github.com/espressif/esp-idf/pull/6998
Closes IDFGH-5226
2021-06-16 11:11:55 +08:00
Marius Vikhammer
390bdf2f78 mbedtls: fixed CMake build warning
Building mbedtls with CMake would warn that:

"A private source from a directory other than that of target "mbedcrypto
 has a relative path"

This happened due to some of the CMake variables listing sources could be empty.

Changed to only use target_sources in the code-path where we set the sources,
so we only call target_sources will non-empty variables.

Closes https://github.com/espressif/esp-idf/issues/6767
2021-05-19 11:11:04 +08:00
yuanjm
6d32eec165 mbedtls: Fix mbedtls_ssl_send_alert_message crash due to ssl->out_iv is NULL 2021-04-30 02:01:51 +00:00
liuhan
9bf4d44235 mbedtls: Add CONFIG_MBEDTLS_ROM_MD5 to use ROM MD5 in mbedTLS 2021-04-22 12:34:00 +00:00
Angus Gratton
9c4c377f2d mbedtls tests: Add optional debug log output to AES stream tests 2021-03-25 15:28:45 +11:00
Angus Gratton
e6b8bc6ecb mbedtls aes dma: Fix bug where DMA would complete when the first output descriptor was done, not the last 2021-03-25 15:28:45 +11:00
Marius Vikhammer
1c8fd4041e aes/sha: use a shared lazy allocated GDMA channel for AES and SHA
Removed the old dynamically allocated GDMA channel approach.
It proved too unreliable as we couldn't not ensure consumers of the mbedtls
would properly free the channels after use.

Replaced by a single shared GDMA channel for AES and SHA, which won't be
released unless user specifically calls API for releasing it.
2021-03-10 09:40:35 +08:00
Aditya Patwardhan
947e445e02 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-03-05 09:53:19 +05:30
Marius Vikhammer
04df1f3a42 CI: enable example builds for C3
Enables building C3 examples in CI.

Fixes related warnings/errors and disables examples that cannot run.
2021-02-09 12:04:02 +08:00
ChenJianxing
243417c48c temporarily disable hardware encryption for esp32s3 2021-01-28 21:05:51 +08:00
Fu Hanxi
0146f258d7 style: format python files with isort and double-quote-string-fixer 2021-01-26 10:49:01 +08:00
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Jiang Jiang Jian
ea79091725 Merge branch 'bugfix/esp32c3_wpa4096_cert_support' into 'master'
MbedTLS: Add software fallback for Modular Exponentiation for larger bignum operations

Closes WIFI-3257 and IDFGH-132

See merge request espressif/esp-idf!11928
2021-01-21 12:45:19 +08:00
Marius Vikhammer
51169b0e0c AES/SHA: use GDMA driver instead of LL 2021-01-19 11:02:51 +08:00
kapil.gupta
de22f3a4e5 MbedTLS: Add software fallback implementation for exp mod
Add configuration option to fallback to software implementation
for exponential mod incase of hardware is not supporting it
for larger MPI value.

Usecase:
ESP32C3 only supports till RSA3072 in hardware. This config option
will help to support 4k certificates for WPA enterprise connection.
2021-01-18 18:47:51 +05:30
morris
753a929525 global: fix sign-compare warnings 2021-01-12 14:05:08 +08:00
Marius Vikhammer
9c8e4fd4c5 C3: build and run unit tests
Enable building and running of unit tests in CI for C3 as well as fix
related compile errors

Also enables building of C3 test apps
2021-01-11 11:34:37 +08:00
Angus Gratton
795e69b570 mbedtls: Expand KConfig documentation for MBEDTLS_HAVE_TIME_DATE
Original comments were copied from mbedtls config.h, so not
directly applicable to ESP-IDF.

As reported https://esp32.com/viewtopic.php?f=13&t=18817&p=69772#p69772
2021-01-04 10:45:01 +11:00
Marius Vikhammer
1b6891c5d8 mbedtls: merge changes from C3 2020-12-29 10:56:13 +08:00
Marius Vikhammer
0a95151a75 unit_test: Refactor all performance tests that rely on cache compensated timer
There is no ccomp timer on C3, which means our performance tests will start
failing again due to variance caused by cache misses.

This MR adds TEST_PERFORMANCE_CCOMP_ macro that will only fail
performance test if CCOMP timer is supported on the target
2020-12-22 18:56:24 +11:00
Mahavir Jain
b85c534130 mbedtls: upgrade to v2.16.9 release
For details release notes please refer to:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9
2020-12-17 14:15:41 +05:30
Marius Vikhammer
457ce080ae AES: refactor and add HAL layer
Refactor the AES driver and add HAL, LL and caps.

Add better support for running AES-GCM fully in hardware.
2020-12-10 09:04:47 +00:00
Marius Vikhammer
7e0f362149 esp_crt_bundle: add additional unit tests
Add unit test for:
 * Trusted certificate with weak hash algorithm signature
 * Certificate with wrong signature

Merges https://github.com/espressif/esp-idf/pull/6117
2020-12-08 10:11:31 +08:00
Jeff Epler
a79cb9f8cd esp_crt_bundle: Allow verify_callback to correct BADCERT_BAD_MD 2020-12-03 14:53:53 +08:00
Angus Gratton
5228d9f9ce esp32c3: Apply one-liner/small changes for ESP32-C3 2020-12-01 10:58:50 +11:00
Angus Gratton
d6bdd1cb32 Merge branch 'bugfix/small_cleanups' into 'master'
Small cleanups

See merge request espressif/esp-idf!11141
2020-11-23 17:23:53 +08:00
Dong Heng
1c9592efc4 fix(mbedtls): fix mbedtls dynamic resource memory leaks and RSA cert drop earlier
RX process caches the session information in "ssl->in_ctr" not in "ssl->in_buf".
So when freeing the SSL, can't free the "ssl->in_ctr", because the "ssl->in_buf"
is empty.

Make the RX process like TX process, and cache the session information in
"ssl->in_buf", so that the cache buffer can be freed when freeing the SSL.

Closes https://github.com/espressif/esp-idf/issues/6104
2020-11-19 07:31:50 +00:00
Marius Vikhammer
09e1d104ba SHA: fix dma lldesc going out of scope issue
DMA process didnt wait for idle before returning.
This meant that there was a potential for the dma
descriptors which were on the stack to be reclaimed
before the DMA operation finished.
2020-11-18 06:04:31 +00:00
Angus Gratton
b798158b4c mbedtls: Avoid malloc in esp_sha() function 2020-11-17 22:51:32 +00:00