Merge branch 'fix/fix_free_eb_twice_issue_v51' into 'release/v5.1'

fix(wifi): fix ampdu to normal cause free buffer twice issue(Backport v5.1)

See merge request espressif/esp-idf!33896

components/bt/host/bluedroid/api/include/api/esp_gap_bt_api.h

@@ -406,8 +406,9 @@ typedef union {
      * @brief ESP_BT_GAP_MODE_CHG_EVT
      */
     struct mode_chg_param {
-        esp_bd_addr_t bda;                      /*!< remote bluetooth device address*/
+        esp_bd_addr_t bda;                      /*!< remote bluetooth device address */
-        esp_bt_pm_mode_t mode;                  /*!< PM mode*/
+        esp_bt_pm_mode_t mode;                  /*!< PM mode */
+        uint16_t interval;                      /*!< Number of baseband slots. unit is 0.625ms */
     } mode_chg;                                 /*!< mode change event parameter struct */
 
     /**

components/bt/host/bluedroid/bta/dm/bta_dm_pm.c

@@ -75,7 +75,7 @@ void bta_dm_init_pm(void)
 {
     memset(&bta_dm_conn_srvcs, 0x00, sizeof(bta_dm_conn_srvcs));
 
-    /* if there are no power manger entries, so not register */
+    /* if there are no power manager entries, so not register */
     if (p_bta_dm_pm_cfg[0].app_id != 0) {
         bta_sys_pm_register((tBTA_SYS_CONN_CBACK *)bta_dm_pm_cback);
 
@@ -694,9 +694,9 @@ static BOOLEAN bta_dm_pm_sniff(tBTA_DM_PEER_DEVICE *p_peer_dev, UINT8 index)
 #endif
     {
 #if (BTM_SSR_INCLUDED == TRUE)
-        /* Dont initiate Sniff if controller has alreay accepted
+        /* Dont initiate Sniff if controller has already accepted
          * remote sniff params. This avoid sniff loop issue with
-         * some agrresive headsets who use sniff latencies more than
+         * some aggressive headsets who use sniff latencies more than
          * DUT supported range of Sniff intervals.*/
         if ((mode == BTM_PM_MD_SNIFF) && (p_peer_dev->info & BTA_DM_DI_ACP_SNIFF)) {
             APPL_TRACE_DEBUG("%s: already in remote initiate sniff", __func__);
@@ -917,7 +917,7 @@ void bta_dm_pm_btm_status(tBTA_DM_MSG *p_data)
         } else {
 #if (BTM_SSR_INCLUDED == TRUE)
             if (p_dev->prev_low) {
-                /* need to send the SSR paramaters to controller again */
+                /* need to send the SSR parameters to controller again */
                 bta_dm_pm_ssr(p_dev->peer_bdaddr);
             }
             p_dev->prev_low = BTM_PM_STS_ACTIVE;
@@ -980,6 +980,7 @@ void bta_dm_pm_btm_status(tBTA_DM_MSG *p_data)
             ) {
             tBTA_DM_SEC conn;
             conn.mode_chg.mode = p_data->pm_status.status;
+            conn.mode_chg.interval = p_data->pm_status.value;
             bdcpy(conn.mode_chg.bd_addr, p_data->pm_status.bd_addr);
             bta_dm_cb.p_sec_cback(BTA_DM_PM_MODE_CHG_EVT, (tBTA_DM_SEC *)&conn);
         }

components/bt/host/bluedroid/bta/include/bta/bta_api.h

@@ -993,6 +993,7 @@ typedef struct {
 typedef struct {
     BD_ADDR         bd_addr;            /* BD address peer device. */
     tBTA_PM_MODE    mode;               /* the new connection role */
+    UINT16          interval;           /* Number of baseband slots */
 } tBTA_DM_MODE_CHG;
 
 typedef struct {

components/bt/host/bluedroid/btc/core/btc_dm.c

@@ -602,6 +602,7 @@ static void btc_dm_pm_mode_chg_evt(tBTA_DM_MODE_CHG *p_mode_chg)
     msg->act = BTC_GAP_BT_MODE_CHG_EVT;
     memcpy(param.mode_chg.bda, p_mode_chg->bd_addr, ESP_BD_ADDR_LEN);
     param.mode_chg.mode = p_mode_chg->mode;
+    param.mode_chg.interval= p_mode_chg->interval;
     memcpy(msg->arg, &param, sizeof(esp_bt_gap_cb_param_t));
 
     ret = btc_inter_profile_call(msg);

components/esp_rom/esp32c2/ld/esp32c2.rom.ld

@@ -1532,7 +1532,7 @@ ppGetTxframe = 0x40001bf8;
 ppMapTxQueue = 0x40001bfc;
 ppProcTxSecFrame = 0x40001c00;
 ppProcessRxPktHdr = 0x40001c04;
-ppProcessTxQ = 0x40001c08;
+/*ppProcessTxQ = 0x40001c08;*/
 ppRecordBarRRC = 0x40001c0c;
 lmacRequestTxopQueue = 0x40001c10;
 lmacReleaseTxopQueue = 0x40001c14;

components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.eco4.ld

@@ -48,6 +48,16 @@ mbedtls_mpi_gcd = 0x40002768;
 mbedtls_mpi_inv_mod = 0x4000276c;
 mbedtls_mpi_is_prime_ext = 0x40002770;
 
+/* Moved from mbedtls.ld to mbedtls.eco4 ld */
+mbedtls_cipher_init = 0x4000277c;
+mbedtls_cipher_set_padding_mode = 0x40002780;
+mbedtls_cipher_reset = 0x40002784;
+mbedtls_cipher_finish = 0x40002788;
+mbedtls_cipher_crypt = 0x4000278c;
+mbedtls_cipher_cmac_starts = 0x40002790;
+mbedtls_cipher_cmac_update = 0x40002794;
+mbedtls_cipher_cmac_finish = 0x40002798;
+
 /***************************************
  Group eco4_rom_mbedtls
  ***************************************/

components/esp_rom/esp32c2/ld/esp32c2.rom.mbedtls.ld

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -43,14 +43,6 @@ mbedtls_asn1_write_mpi = 0x400026d4;
 mbedtls_base64_decode = 0x400026d8;
 mbedtls_ccm_star_encrypt_and_tag = 0x40002774;
 mbedtls_ccm_star_auth_decrypt = 0x40002778;
-mbedtls_cipher_init = 0x4000277c;
-mbedtls_cipher_set_padding_mode = 0x40002780;
-mbedtls_cipher_reset = 0x40002784;
-mbedtls_cipher_finish = 0x40002788;
-mbedtls_cipher_crypt = 0x4000278c;
-mbedtls_cipher_cmac_starts = 0x40002790;
-mbedtls_cipher_cmac_update = 0x40002794;
-mbedtls_cipher_cmac_finish = 0x40002798;
 mbedtls_ctr_drbg_init = 0x4000279c;
 mbedtls_ctr_drbg_seed = 0x400027a0;
 mbedtls_ctr_drbg_free = 0x400027a4;

components/esp_rom/esp32c3/ld/esp32c3.rom.ld

@@ -1571,7 +1571,7 @@ ppEnqueueTxDone = 0x400016cc;
 ppGetTxQFirstAvail_Locked = 0x400016d0;
 ppGetTxframe = 0x400016d4;
 ppProcessRxPktHdr = 0x400016e0;
-ppProcessTxQ = 0x400016e4;
+/*ppProcessTxQ = 0x400016e4;*/
 ppRecordBarRRC = 0x400016e8;
 lmacRequestTxopQueue = 0x400016ec;
 lmacReleaseTxopQueue = 0x400016f0;

components/esp_rom/esp32c6/ld/esp32c6.rom.net80211.ld

@@ -37,7 +37,7 @@ ieee80211_ampdu_start_age_timer = 0x40000b84;
 ieee80211_is_tx_allowed = 0x40000b8c;
 ieee80211_output_pending_eb = 0x40000b90;
 /*ieee80211_output_process = 0x40000b94;*/
-ieee80211_set_tx_desc = 0x40000b98;
+/*ieee80211_set_tx_desc = 0x40000b98;*/
 //sta_input = 0x40000b9c;
 wifi_get_macaddr = 0x40000ba0;
 wifi_rf_phy_disable = 0x40000ba4;

components/esp_rom/esp32s3/ld/esp32s3.rom.ld

@@ -1874,7 +1874,7 @@ ppGetTxQFirstAvail_Locked = 0x400055b0;
 ppGetTxframe = 0x400055bc;
 /*ppMapTxQueue = 0x400055c8;*/
 ppProcessRxPktHdr = 0x400055e0;
-ppProcessTxQ = 0x400055ec;
+/*ppProcessTxQ = 0x400055ec;*/
 ppRecordBarRRC = 0x400055f8;
 lmacRequestTxopQueue = 0x40005604;
 lmacReleaseTxopQueue = 0x40005610;

components/esp_wifi/lib

@@ -1 +1 @@
-Subproject commit 5a165aca9498ed054ab7704cd6f89056189600e9
+Subproject commit 053b6d2bb60aed38ab8c3d18da63d07ef00241eb

components/mbedtls/CMakeLists.txt

@@ -266,6 +266,9 @@ if(CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN OR CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY)
 
     if(CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY)
         target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_verify")
+        target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_verify_restartable")
+        target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_read_signature")
+        target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_read_signature_restartable")
     endif()
 endif()
 

components/mbedtls/port/ecdsa/ecdsa_alt.c

@@ -10,6 +10,7 @@
 #include "mbedtls/ecp.h"
 #include "mbedtls/error.h"
 #include "mbedtls/ecdsa.h"
+#include "mbedtls/asn1.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/platform_util.h"
 #include "esp_private/periph_ctrl.h"
@@ -417,6 +418,37 @@ static int esp_ecdsa_verify(mbedtls_ecp_group *grp,
     return ret;
 }
 
+/*
+ * Verify ECDSA signature of hashed message
+ */
+extern int __real_mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
+                         const unsigned char *buf, size_t blen,
+                         const mbedtls_ecp_point *Q,
+                         const mbedtls_mpi *r,
+                         const mbedtls_mpi *s,
+                         mbedtls_ecdsa_restart_ctx *rs_ctx);
+
+int __wrap_mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
+                         const unsigned char *buf, size_t blen,
+                         const mbedtls_ecp_point *Q,
+                         const mbedtls_mpi *r,
+                         const mbedtls_mpi *s,
+                         mbedtls_ecdsa_restart_ctx *rs_ctx);
+
+int __wrap_mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
+                         const unsigned char *buf, size_t blen,
+                         const mbedtls_ecp_point *Q,
+                         const mbedtls_mpi *r,
+                         const mbedtls_mpi *s,
+                         mbedtls_ecdsa_restart_ctx *rs_ctx)
+{
+    if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) && blen == ECDSA_SHA_LEN) {
+        return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
+    } else {
+        return __real_mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, rs_ctx);
+    }
+}
+
 /*
  * Verify ECDSA signature of hashed message
  */
@@ -438,10 +470,84 @@ int __wrap_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
                          const mbedtls_mpi *r,
                          const mbedtls_mpi *s)
 {
-    if (grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) {
+    return __wrap_mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);
-        return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
+}
-    } else {
+
-        return __real_mbedtls_ecdsa_verify(grp, buf, blen, Q, r, s);
+
+int __real_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
+                                             const unsigned char *hash, size_t hlen,
+                                             const unsigned char *sig, size_t slen,
+                                             mbedtls_ecdsa_restart_ctx *rs_ctx);
+
+int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
+                                             const unsigned char *hash, size_t hlen,
+                                             const unsigned char *sig, size_t slen,
+                                             mbedtls_ecdsa_restart_ctx *rs_ctx);
+
+int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
+                                             const unsigned char *hash, size_t hlen,
+                                             const unsigned char *sig, size_t slen,
+                                             mbedtls_ecdsa_restart_ctx *rs_ctx)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    unsigned char *p = (unsigned char *) sig;
+    const unsigned char *end = sig + slen;
+    size_t len;
+    mbedtls_mpi r, s;
+    mbedtls_mpi_init(&r);
+    mbedtls_mpi_init(&s);
+
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
     }
+
+    if (p + len != end) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+        goto cleanup;
+    }
+
+    if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
+        (ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
+        ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    if ((ret = __wrap_mbedtls_ecdsa_verify_restartable(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
+                                                    &ctx->MBEDTLS_PRIVATE(Q), &r, &s, NULL)) != 0) {
+        goto cleanup;
+    }
+
+    /* At this point we know that the buffer starts with a valid signature.
+     * Return 0 if the buffer just contains the signature, and a specific
+     * error code if the valid signature is followed by more data. */
+    if (p != end) {
+        ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
+    }
+
+cleanup:
+    mbedtls_mpi_free(&r);
+    mbedtls_mpi_free(&s);
+
+    return ret;
+}
+
+
+int __real_mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
+                                    const unsigned char *hash, size_t hlen,
+                                    const unsigned char *sig, size_t slen);
+
+int __wrap_mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
+                                    const unsigned char *hash, size_t hlen,
+                                    const unsigned char *sig, size_t slen);
+
+int __wrap_mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
+                                    const unsigned char *hash, size_t hlen,
+                                    const unsigned char *sig, size_t slen)
+{
+    return __wrap_mbedtls_ecdsa_read_signature_restartable(
+            ctx, hash, hlen, sig, slen, NULL);
 }
 #endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY */

examples/bluetooth/bluedroid/classic_bt/a2dp_sink/main/main.c

@@ -91,7 +91,8 @@ static void bt_app_gap_cb(esp_bt_gap_cb_event_t event, esp_bt_gap_cb_param_t *pa
 
     /* when GAP mode changed, this event comes */
     case ESP_BT_GAP_MODE_CHG_EVT:
-        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_MODE_CHG_EVT mode: %d", param->mode_chg.mode);
+        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_MODE_CHG_EVT mode: %d, interval: %.2f ms",
+                 param->mode_chg.mode, param->mode_chg.interval * 0.625);
         break;
     /* when ACL connection completed, this event comes */
     case ESP_BT_GAP_ACL_CONN_CMPL_STAT_EVT: