mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
3b71bd7326
- Added MBEDLTS_PRIVATE(...) wherever necessary - For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL - For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this. Currently, corresponding snippet has been commented. - Examples tested: hello-world | https_request | wifi_prov_mgr mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues - Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port - DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument - Added MBEDTLS_PRIVATE(...) wherever required mbedtls-3.0: Fixed ESP32-S2 build issues - Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module mbedtls-3.0: Fixed ESP32-H2 build issues ci: Fixing build stage - Added MBEDTLS_PRIVATE(...) wherever required - Added RNG function parameter - Updated GCM Module changes - Updated Copyright notices - Tests: - build_esp_idf_tests_cmake_esp32 - build_esp_idf_tests_cmake_esp32s2 - build_esp_idf_tests_cmake_esp32c3 - build_esp_idf_tests_cmake_esp32s3 ci: Fixing build stage (mbedtls-related changes) - Added MBEDTLS_PRIVATE(...) wherever required - Updated SHAXXX functions - Updated esp_config according to mbedtls changes - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 ci: Fixing build stage (example-related changes) - Added MBEDTLS_PRIVATE(...) wherever required - Updated SHAXXX functions - Updated esp_config according to mbedtls changes - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 ci: Fixing target_test stage - Updated test SSL version to TLS_v1_2 - Tests: - example_test_protocols 1/2 ci: Fixing build stage - Added checks for MBEDTLS_DHM_C (disabled by default) - Updated esp_cryptoauthlib submodule - Updated factory partition size for legacy BLE provisioning example - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
192 lines
5.7 KiB
C
192 lines
5.7 KiB
C
/*
|
|
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
|
|
*
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
#include <sys/param.h>
|
|
#include <stdbool.h>
|
|
#include "esp_mbedtls_dynamic_impl.h"
|
|
|
|
int __real_mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl);
|
|
|
|
int __wrap_mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl);
|
|
|
|
static const char *TAG = "SSL client";
|
|
|
|
static int manage_resource(mbedtls_ssl_context *ssl, bool add)
|
|
{
|
|
int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
|
|
|
|
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
|
|
return 0;
|
|
}
|
|
|
|
if (!add) {
|
|
if (!ssl->MBEDTLS_PRIVATE(out_left)) {
|
|
CHECK_OK(esp_mbedtls_free_tx_buffer(ssl));
|
|
}
|
|
}
|
|
|
|
switch (state) {
|
|
case MBEDTLS_SSL_HELLO_REQUEST:
|
|
break;
|
|
case MBEDTLS_SSL_CLIENT_HELLO:
|
|
if (add) {
|
|
size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
|
|
|
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
|
|
}
|
|
break;
|
|
|
|
|
|
case MBEDTLS_SSL_SERVER_HELLO:
|
|
if (add) {
|
|
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
|
|
} else {
|
|
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_SERVER_CERTIFICATE:
|
|
if (add) {
|
|
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
|
|
} else {
|
|
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
|
|
|
|
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT
|
|
esp_mbedtls_free_cacert(ssl);
|
|
#endif
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
|
|
if (add) {
|
|
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
|
|
} else {
|
|
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
|
|
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
|
|
}
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
|
|
if (add) {
|
|
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
|
|
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
|
|
}
|
|
} else {
|
|
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
|
|
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
|
|
}
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_SERVER_HELLO_DONE:
|
|
if (add) {
|
|
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
|
|
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
|
|
}
|
|
} else {
|
|
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
|
|
}
|
|
break;
|
|
|
|
|
|
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
|
|
if (add) {
|
|
size_t buffer_len = 3;
|
|
mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
|
|
|
|
while (key_cert && key_cert->cert) {
|
|
size_t num;
|
|
|
|
buffer_len += esp_mbedtls_get_crt_size(key_cert->cert, &num);
|
|
buffer_len += num * 3;
|
|
|
|
key_cert = key_cert->next;
|
|
}
|
|
|
|
buffer_len = MAX(buffer_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
|
|
|
|
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
|
|
if (add) {
|
|
size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
|
|
|
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
|
|
if (add) {
|
|
size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
|
|
|
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
|
|
} else {
|
|
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA
|
|
esp_mbedtls_free_dhm(ssl);
|
|
esp_mbedtls_free_keycert_key(ssl);
|
|
esp_mbedtls_free_keycert(ssl);
|
|
#endif
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
|
|
if (add) {
|
|
size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
|
|
|
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_CLIENT_FINISHED:
|
|
if (add) {
|
|
size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
|
|
|
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
|
|
}
|
|
break;
|
|
|
|
|
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
|
case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
|
|
if (add) {
|
|
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
|
|
} else {
|
|
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
|
|
}
|
|
break;
|
|
#endif
|
|
|
|
|
|
case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
|
|
if (add) {
|
|
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
|
|
} else {
|
|
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_SERVER_FINISHED:
|
|
if (add) {
|
|
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
|
|
} else {
|
|
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
|
|
}
|
|
break;
|
|
case MBEDTLS_SSL_FLUSH_BUFFERS:
|
|
break;
|
|
case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int __wrap_mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
|
|
{
|
|
CHECK_OK(manage_resource(ssl, true));
|
|
|
|
CHECK_OK(__real_mbedtls_ssl_handshake_client_step(ssl));
|
|
|
|
CHECK_OK(manage_resource(ssl, false));
|
|
|
|
return 0;
|
|
}
|