Commit Graph

216 Commits

Author SHA1 Message Date
Aditya Patwardhan
0d20f8816f esp-tls: Fix build issue when esp-tls server session tickets have been enabled.
Closes https://github.com/espressif/esp-idf/issues/10765
2023-02-24 04:45:23 +00:00
Omar Chebib
5e5343d429 TWDT: Use the new TWDT Kconfig options in the examples and tests 2023-02-17 11:22:25 +08:00
Cao Sen Miao
94120b82c2 esp32h2: add build test 2023-01-17 10:29:04 +08:00
Harshit Malpani
49ce5ada76
ci: Fix ci failures for target esp32c6 2023-01-04 11:20:52 +05:30
Harshit Malpani
43e4383bb7
esp-tls: fix build error without -Wno-format compile flag when building for Linux target 2023-01-04 11:17:27 +05:30
Harshit Malpani
aefd3b0aec
esp-tls: update esp-tls to support linux build 2023-01-04 11:17:27 +05:30
Laukik Hase
665ad3dbdb
esp_tls: Fix issue when timeout is not explicitly given in esp_tls_cfg_t
- If internet connectivity weakened or disappeared suddenly while we were
  in the TLS handshake stage, the app got stuck at that point indefinitely.
- This was because when timeout was not explicitly specified in esp_tls_cfg_t,
  the default timeout was set at the wrong place. This causes the sockets to be
  setup with zero timeout, hence the indefinite wait.
2022-12-16 10:20:21 +05:30
Nathan Phillips
057f5cb120 Distinguish 4 identical log messages
Say which certificate couldn't be parsed in each one.
2022-12-08 10:31:28 +00:00
Harshit Malpani
295507bc1b
esp-tls: use gettimeofday() instead of xTaskGetTickCount() 2022-11-29 11:04:54 +05:30
Aditya Patwardhan
c099209d7c esp-tls: Fix esp-cryptoauthlib built dependency when secure element
support is enabled
2022-11-11 16:13:15 +05:30
Aditya Patwardhan
14e64783e7 esp-tls/Kconfig: Fix dependency for ESP-TLS Server menuconfig option 2022-11-03 07:17:05 +00:00
Aditya Patwardhan
8ad4de7991 esp-tls: Add changes to the Cert selection callback PR. 2022-11-03 07:17:05 +00:00
Akos Vandra
e9e3dc7904 esp-tls: Add support for the CERTIFICATE SELECTION HOOK. The hook has access to required information so that the application can make a more informed decision on which certificate to serve (such as alpn value, server certificate type, etc.)
Closes https://github.com/espressif/esp-idf/pull/9833

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-11-03 07:17:05 +00:00
Song Ruo Jing
be0fdfa176 soc: Add a soc cap, SOC_CLK_RC_FAST_D256_SUPPORTED, for whether the target has the RC_FAST_D256 clock 2022-11-01 11:23:26 +08:00
yuanjianmin
ddbe6aa42a esp-tls: Fix memory leak in mbedtls ds peripheral when MBEDTLS_THREADING_C enabled 2022-10-13 14:17:42 +08:00
Yuan Jian Min
9a97cfbffc esp-tls: socket will be set to -1 and will not be closed
Closes https://github.com/espressif/esp-idf/issues/9847
2022-09-26 19:15:04 +08:00
harshal.patil
aaf8b5d98e ci: Migrate esp-tls unit tests from unit-test-app to component-test-app 2022-09-14 12:03:49 +05:30
Laukik Hase
6319970ab7
esp_tls/wpa_supplicant: Updated deprecated mbedtls APIs 2022-08-24 11:59:34 +05:30
Ivan Grokhotkov
401c10ecfb build system: re-add -Wno-format as private flag for some components 2022-08-03 16:42:47 +04:00
Marius Vikhammer
7e60e07a0a Merge branch 'feature/esp8684_sha' into 'master'
mbedtls: enable hw support for SHA on C2

Closes IDF-3830 and IDF-5141

See merge request espressif/esp-idf!18531
2022-06-23 14:18:49 +08:00
Marius Vikhammer
f4c79687f8 SHA: added hardware support for SHA on C2. 2022-06-23 11:01:16 +08:00
Aditya Patwardhan
8785d1687c esp_tls.h: Add note regarding default timeout_ms value 2022-06-21 16:33:52 +05:30
Aditya Patwardhan
2ea419db22 esp_tls_mbedtls.c: Fix esp-idf integration of esp-cryptoauthlib
menuconfig option
2022-06-03 23:12:11 +05:30
Michael (XIAO Xufeng)
6a8aed12ee ci: partially enable ut tests for esp32c2
Disabled test cases are tracked in:

 IDF-4465, IDF-5045, IDF-5057, IDF-5058, IDF-5059, IDF-5060, IDF-5061, IDF-5131

- test_fatfs: IDF-5136

- test_pm: IDF-5053

- test_cache_mmu: IDF-5138

- test_partitions: IDF-5137

- test_vfs: IDF-5139

- test_freertos: IDF-5140

- test_wpa_supplicant: IDF-5046

- test_mbedtls: IDF-5141

- test_pthread: IDF-5142

- test_protocomm: IDF-5143

- test_lightsleep: IDF-5053

- test_taskwdt: IDF-5055

- test_tcp_transport: IDF-5144

- test_app_update: IDF-5145

- test_timer: IDF-5052

- test_spi: IDF-5146

- test_rtc_clk: IDF-5060

- test_heap: IDF-5167

ci: fixed issues for tests of libgcc, ets_timer, newlib

test_pm: support on C2
2022-06-02 14:23:35 +08:00
Li Jingyi
6d58008119 esp-tls: add api to free client session
Free session with mbedtls api to avoid mem-leak
2022-05-23 16:28:40 +08:00
Aditya Patwardhan
aa9de02259 esp_tls.h: Clean up included header files. 2022-05-11 07:09:34 +00:00
Aditya Patwardhan
788c9ddf8d esp_tls: Added getter function for esp_tls ssl ctx. 2022-05-11 07:09:34 +00:00
Aditya Patwardhan
434e74ff73 esp_tls: Make esp_tls_t as private structure. 2022-05-11 07:09:34 +00:00
Ivan Grokhotkov
47659be5b8
build system: remove lwip from common requirements
lwip was added to common requirements list to provide "sys/socket.h"
header to all components without additional requirements specified.

However, lwip pulls in a lot of dependencies on other components.
This commit removes lwip from common requirements to reduce the number
of components in G1-only apps.

To compensate for this removal, the following changes are made:
- newlib (which is a common requirement) has a public dependency on
  lwip if lwip is present in the build. This ensures that sys/socket.h
  is available as long as lwip component is included into the build.
- lwip is now a public requirement of esp-tls since esp_tls.h includes
  sys/socket.h header.
- lwip is now a public requirement o esp_http_client because
  sys/socket.h is included from esp_http_client.h
- lwip is now a private requirement of esp_wifi for "smartconfig_ack"
- lwip is now a private requirement of mqtt for socket functions
- lwip is now a public requirement of tcp_transport because
  esp_transport_tcp.h includes sys/socket.h header.
- mbedtls checks if lwip component is present in the build. If yes,
  net_sockets.c is added to the build, along with the dependency on
  lwip. Previously lwip was a public requirement of mbedtls
  unconditionally.

system/g1_components test app is updated to reflect the changes

Default public dependencies of a component before and after this
change, except common requirements:

- esp_timer (public dependency of freertos)
- bootloader_support (public dependency of esp_hw_support)
- vfs (public dependency of lwip)
- esp_wifi (public dependency of lwip)
- esp_event (public dependency of esp_wifi)
- esp_netif (public dependency of esp_event)
- esp_eth (public dependency of esp_netif)
- esp_phy (public dependency of esp_wifi)

After:

- esp_timer (public dependency of freertos)
- bootloader_support (public dependency of esp_hw_support)

Altogether, the following components have been always added as
public requirements to all other components, and are not added now
([breaking-change]):

- lwip
- vfs
- esp_wifi
- esp_event
- esp_netif
- esp_eth
- esp_phy

Application components now need to explicitly declare dependencies on
these components.
2022-05-02 20:47:17 +02:00
Laukik Hase
864c59c091
esp_tls: Remove deprecated API
- Removed deprecated esp_tls_conn_new() viz. duplicated by
  esp_tls_conn_new_sync()
- Removed deprecated esp_tls_conn_delete()
- Marked esp_tls_conn_http_new() as deprecated, added alternative
  esp_tls_conn_http_new_sync() (similar to esp_tls_conn_http_new_async())
2022-04-20 12:18:25 +05:30
Laukik Hase
d7090b4d52 https_server: Add config option to min. cert. auth mode
- Added a config option to set the minimum Certificate Verification
  mode to Optional
- When this option is enabled, the peer (the client) certificate
  is checked by the server, however the handshake continues even if
  verification failed.
- By default, the peer certificate is not checked and ignored by the server.

Closes https://github.com/espressif/esp-idf/issues/8664
2022-03-29 08:57:36 +00:00
Aditya Patwardhan
4c58685c00 esp_https_server: Enable secure element support.
Closes https://github.com/espressif/esp-idf/issues/8286
2022-03-27 14:35:25 +05:30
Mahavir Jain
102f8e961f esp-tls: use SOC capability macros instead of target names 2022-03-22 02:06:30 +00:00
Mahavir Jain
93987e6b79 Merge branch 'fix/remove_test_cert_files_from_mbedtls_port_directory' into 'master'
mbedtls: Remove certs.c and certs.h from port directory

Closes IDF-4709

See merge request espressif/esp-idf!17485
2022-03-18 16:47:53 +08:00
Aditya Patwardhan
f31d8dd295 mbedtls: Remove certs.c and certs.h from port directory 2022-03-15 17:16:07 +05:30
Anton Maklakov
e27f1331e4 components: correct printf() placeholder for time_t
Using C99 %jd, https://en.cppreference.com/w/c/chrono/time_t
2022-03-14 14:05:47 +07:00
Aditya Patwardhan
8f67af174e Merge branch 'contrib/github_pr_8462' into 'master'
Add WolfSSL esp_tls TLS1.3 configuration option (GitHub PR)

Closes IDFGH-6838 and IDFGH-6683

See merge request espressif/esp-idf!17324
2022-03-08 10:57:05 +08:00
Alexander Klassen
a46776ad02 Add WolfSSL esp_tls TLS1.3 configuration option
Closes https://github.com/espressif/esp-idf/issues/8313
2022-03-07 09:44:23 +00:00
Sudeep Mohanty
a9fda54d39 esp_hw_support/esp_system: Re-evaluate header inclusions and include directories
This commit updates the visibility of various header files and cleans up
some unnecessary inclusions. Also, this commit removes certain header
include paths which were maintained for backward compatibility.
2022-03-07 11:18:08 +05:30
Laukik Hase
f5feb7813e mbedtls: Fix build errors related to TLS 1.3
- Kconfig: Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled
- esp-tls (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
60b167f2d6 mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE from multiple files
after they have been again made public in mbedtls-3.1

*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326 mbedtls-3.0: Fixed ESP32 build issues
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0 mbedtls-3 update:
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Mahavir Jain
8e94cf2bb1 Add http_parser (new component) dependency 2022-01-11 10:26:25 +05:30
Mahavir Jain
201e0b39a7 esp-tls: remove redundant snippet from CMakeList 2022-01-04 15:41:06 +05:30
Mahavir Jain
c26500cd5a esp-tls: mark esp_tls_conn_delete API as deprecated
It is recommended to use `esp_tls_conn_destroy` API instead
2022-01-04 15:40:07 +05:30
Jakob Hasse
16514f93f0 refactor (test_utils)!: separate file for memory check functions
Memory check (leaks and heap tracing) functions for unit tests
now have a separate file now and are renamed for more consistency.

BREAKING CHANGE: renamed memory check function names which may be used
                 in unit tests outside IDF.
2021-12-08 11:06:00 +08:00
Roland Dobai
766aa57084 Build & config: Remove leftover files from the unsupported "make" build system 2021-11-11 15:32:36 +01:00
Mahavir Jain
8c9a3da695 mbedtls: disable Diffie-Hellman key exchange modes by default
Using these ciphers can constitute a security risk if the server
uses a weak prime for the key exchange.

Footprint impact:
Roughly 3K saved in text+rodata in default https_request example
2021-11-02 15:52:09 +08:00
John Ohl
27d66c0e33 Encoding base64 with wolfSSL should produce the same result as esp_crypto_bas64_encode_mbedtls and not encode in PEM format /w new lines
Closes https://github.com/espressif/esp-idf/pull/7676
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-10-17 00:01:23 +08:00
Laukik Hase
1d2b2b5879 feature: Added user callback for esp_https_server
- Can be used to get connection or client information (SSL context)
- E.g. Client certificate, Socket FD, Connection state, etc.
- Added example callback for getting client certificate information in 'https_server/simple' example

Closes https://github.com/espressif/esp-idf/issues/7479
2021-10-11 09:41:01 +05:30
Mahavir Jain
8b4c0e71a9 Merge branch 'feature/mbedtls_session_ticket_support' into 'master'
Feature/mbedtls session ticket support

Closes IDFGH-5288 and IDF-3242

See merge request espressif/esp-idf!14496
2021-09-17 09:59:02 +00:00
Aditya Patwardhan
b4e4b9f20d Added support for client session tickets in esp-tls (with mbedtls)
* client session tickets for individual tls connections are supported
* reorganize the esp-tls error codes.
* Update esp_err_to_name.c
* Fix styling
2021-09-15 22:19:04 +05:30
Daniel Bahrdt
7e886ca9ed Implement server session ticket support with mbedtls
Closes https://github.com/espressif/esp-idf/pull/7048

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-09-15 22:19:04 +05:30
Aditya Patwardhan
c6c2ea975f Fix esp_mbedtls_write API
Fix esp_wolfssl_write API
Closes https://github.com/espressif/esp-idf/issues/7461
2021-09-15 21:40:54 +05:30
Sachin Billore
667017d517 ESP32S3 support for ESP-MQTT SSL Mutual Authentication with Digital Signature
Closes IDF-3859
2021-09-06 11:17:30 +05:30
Shu Chen
6fce2930d0 esp32h2: enable more components to support esp32h2
Involved components:
 * app_trace
 * esp-tls
 * esp_adc_cal
 * esp_pm
 * esp_serial_slave_link
 * esp_timer
 * freertos
 * idf_test
 * log
 * mbedtls
 * newlib
 * perfmon
 * spi_flash
 * spiffs
 * ulp
 * unity
 * vfs
2021-07-01 19:53:11 +08:00
Aditya Patwardhan
0e01a22264 esp_tls_wolfssl: Improved error messages 2021-06-28 14:51:41 +05:30
Aditya Patwardhan
4af1176d15 esp_tls_mbedtls: Improved the error messages.
The error message string for error codes is printedwhen log level is set to debug
2021-06-28 14:51:41 +05:30
Jan Brudny
967e057906 esp-tls, esp_http_client and esp_http_server: update copyright notice 2021-05-31 20:06:09 +08:00
David Cermak
f68d7d7023 esp_tls: Renamed public API to indicate the Plain TCP connection
Also added parameter checks if used from as a public API
and updated the `is_plein_tcp` description that it's possible to connect
directly using plain tcp transport with the new API.
2021-05-25 10:55:50 +02:00
David Cermak
f249ddd9ae esp_transport: Use tcp_connect from esp_tls for plain TCP
so we don't have to allocate esp_tls structure (~2KB) to save heap when using plain TCP connection

Closes https://github.com/espressif/esp-idf/issues/6940
2021-05-25 07:04:02 +02:00
Jiri Schiebel
c01e259a98 esp_tls: esp_tls_connect: Reduce input params to err_handle
Pass only the error_handle instead of instead of the full config structure
2021-05-25 07:04:02 +02:00
Aditya Patwardhan
1abdfee3b7 secure_element: Update esp-cryptoauthlib submodule latest version.
*This updates the cryptoauthlib version in the esp-cryptoauthlib to cryptoauthlib-v3.3.1
2021-05-24 07:28:20 +00:00
Axel Lin
52442be9e1 esp-tls: Fix setsockopt for TCP_KEEPIDLE
Current code applies keep_alive_enable setting to TCP_KEEPIDLE, fix it.

Fixes: 2d25252746 ("esp-tls: Rework tcp_connect() to use more subroutines")
Signed-off-by: Axel Lin <axel.lin@gmail.com>
2021-04-06 15:37:16 +08:00
yuanjm
f68e55edb3 esp-tls: Separate timeout_ms conditional judgement from keep alive 2021-03-10 02:19:29 +00:00
yuanjm
c62cbd1254 transport: Support bind socket to specified interface in transport and esp-tls 2021-03-10 02:19:29 +00:00
Aditya Patwardhan
bf513b6f31 Fix esp_tls: Prevent freeing of global ca store after each connection
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
yuanjm
da58235a0e components: Use CONFIG_LWIP_IPV6 to strip IPv6 function in components 2021-02-23 18:26:03 +08:00
David Cermak
eb772e152c esp_tls: Fix unresolved lwip symbol when complex dependency tree 2021-02-16 09:01:35 +01:00
David Cermak
5cfa545d08 esp-tls: Added _esp_tls_net_init to init fd for both mbedtls/wolfssl 2021-02-16 09:01:35 +01:00
David Cermak
4375f888fa esp-tls: Fix wolfssl error codes for WANT_READ/WANT_WRITE
wolfSSL error codes are mostly positive numbers, but esp-tls potentially
non-block API (read/write) returns ssize_t, i.e. bytes read/written if
>0, errorcode otherwise. To comply with this API we have to conditionate
the wolfssl return codes to negative numbers, preferably the same codes
as mbedTLS codes.
2021-02-16 09:01:35 +01:00
David Cermak
2d25252746 esp-tls: Rework tcp_connect() to use more subroutines
Refactored the esp_tcp_connect() functionality to break it down to
* dns-resolution + socket creation
* set configured socket options
* set/reset non-block mode
* the actual connection in non-blocking mode
2021-02-16 09:01:35 +01:00
David Cermak
6b318fe583 esp_tls: Updated connection method to use non-blocking connect
For better control over connection timeouts
To be in line with former tcp_transport, as esp-tls is not used for
plain tcp transports
2021-02-16 09:00:43 +01:00
David Cermak
2c28ffffee tcp_transport/esp_tls: Use common TCP transport to reduce code duplication
For high level review of the changes.
2021-02-16 09:00:43 +01:00
David Cermak
391d7bf271 tcp_transport: Add TCP transport connection errors
Transport's error_handle is used to capture different types of errors
including esp_err_t from esp-tls and socket/system errors.
This change adds the following error codes for TCP transport:
* connection closed by a FIN flag (clean closure from server)
* DNS resolution problem
* connection timeout
These errors are already defined in esp-tls component and since this
component will be used in the future for both TCP and SSL transport, we
currently report these issues in transport::error_handle::esp_tls_last_error
of standard esp error type (esp_err_t)

Closes https://github.com/espressif/esp-mqtt/issues/182
2021-02-16 09:00:43 +01:00
Aditya Patwardhan
0175c68400 esp_tls: Fix misplaced paranthesis in esp_tls_mbedtls.c
Fixes one part of -  https://github.com/espressif/esp-idf/issues/6440
2021-02-10 02:07:58 +00:00
Mahavir Jain
f5e51e7c1b Merge branch 'feature/esp32c3_ds_mbedtls_integration' into 'master'
esp32c3/Digital Signature: mbedtls integration through ESP-TLS

Closes IDF-2267

See merge request espressif/esp-idf!12033
2021-01-22 17:06:46 +08:00
yuanjm
044c3e3e74 Modify esp-tls and tcp_transport to support keep alive for tcp and ssl connection
Closes IDFGH-4543
2021-01-22 06:56:28 +00:00
Aditya Patwardhan
79c23a1886 esp32c3/Digital Signature: mbedtls integration through ESP-TLS 2021-01-22 11:54:16 +05:30
Aditya Patwardhan
cc3843263a esp-tls: Added unit tests 2021-01-21 01:17:23 +00:00
Aditya Patwardhan
43a1b53aad esp_tls_wolfssl: Move order of crt_bundle check to match that in
esp_tls_mbedtls
2021-01-21 01:17:23 +00:00
Aditya Patwardhan
1a09e16af2 esp_tls: Fix memory leak when esp-tls server session is deleted 2021-01-21 01:17:23 +00:00
Aditya Patwardhan
cddb8c29e6 esp-tls: Fix mem leak when global_ca_store is freed 2021-01-21 01:17:23 +00:00
Aditya Patwardhan
0841d2bc75 esp_tls: Add warning if the CA chain provided contains one/more invalid
cert
2021-01-11 03:20:35 +00:00
Aditya Patwardhan
ca964dfbcc esp-tls: Changed default behaviour for esp-tls client ( for security
purpose)
        By default esp-tls client will now return error if no server verify option
        is provided, earlier it used to skip the verification by
        default.
        Added config option to skip server verification by default (for testing
        purpose)
        Updated required docs
2021-01-05 07:33:32 +00:00
Aditya Patwardhan
39b446f9fe esp_tls_wolfssl : Add domain name check 2020-12-23 18:10:36 +05:30
Aditya Patwardhan
95d9533294 esp-tls : (Fix) update tls->sockfd value after socket is freed internally
Closes https://github.com/espressif/esp-idf/issues/6163
2020-12-02 03:47:15 +00:00
Angus Gratton
935e4b4d62 Merge branch 'feature/riscv_arch' into 'master'
Add RISC-V support

Closes IDF-2359

See merge request espressif/esp-idf!11140
2020-11-13 07:50:31 +08:00
Angus Gratton
420aef1ffe Updates for riscv support
* Target components pull in xtensa component directly
* Use CPU HAL where applicable
* Remove unnecessary xtensa headers
* Compilation changes necessary to support non-xtensa gcc types (ie int32_t/uint32_t is no
  longer signed/unsigned int).

Changes come from internal branch commit a6723fc
2020-11-13 07:49:11 +11:00
David Cermak
ce519ee783 tcp_transport: Extend transport error storage for socket error
Everytime we report error and log errno, we also capture the actual
errno to an internal storage so that user application can retrieve
its value.
2020-11-12 12:46:22 +00:00
Aditya Patwardhan
8d65cee0a9 esp32/esp-tls: Make crypto abstraction layer inside esp-tls
Which allows several components to use cryptographic functions from
esp-tls which is the current abstraction layer.
2020-10-23 05:16:06 +00:00
Aditya Patwardhan
47f7c6a991 esp32s2/esp_ds: Digital Signature software support
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Mahavir Jain
52469c8505 esp-tls: enable TLS renegotiation using explicit API call
mbedTLS stack does not keep TLS renegotiation enabled even if
relevant config option is turned on, it needs explicit API call
`mbedtls_ssl_conf_renegotiation` to do so.

This issue was observed in case of Azure IoT, where keys needs to
be refreshed periodically to keep TLS connection intact.
2020-07-03 05:52:22 +00:00
Aditya Patwardhan
ea635c2bba esp_tls_wolfssl: fix incorrect error message after handshake fails 2020-06-18 10:10:40 +05:30
Aditya Patwardhan
423e600d46 secure_element: atecc608_ecdsa example
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl

Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Mahavir Jain
7a2ea9b7f7 esp-tls: add support for using hardware security module 2020-05-20 22:52:37 +05:30
David Cermak
6182e6f303 tcp_transport: close to return error only for socket error or invalid args
Closes https://github.com/espressif/esp-idf/issues/4872
2020-05-05 15:53:09 +02:00
Vikram Dattu
60dc4285f4 Fixed esp_tls_conn_write documentation.
Return value `0` in actual is case of partial write and not error as per `mbedtls_ssl_write`
Modified documentation of `esp_tls_conn_write` accordingly.

Even `esp_wolfssl_write` API considers just negative returns as errors.

Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
2020-04-01 11:04:09 +00:00
Aditya Patwardhan
d712453114 esp_tls_wolfssl: Added mutex to allow only one TLS conn using PSK at a time 2020-03-26 17:30:05 +05:30