From 0483bfbbfe50e20fc636bd978bbf18109aaf62d1 Mon Sep 17 00:00:00 2001
From: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Date: Mon, 10 May 2021 09:13:44 +0530
Subject: [PATCH] Initial Changes for updating mbedtls to v3.0

---
 components/lwip/lwip                                          | 2 +-
 components/mbedtls/CMakeLists.txt                             | 3 ++-
 components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c    | 4 ++--
 components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h    | 2 +-
 components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c             | 1 -
 components/mbedtls/port/esp_hardware.c                        | 2 +-
 components/mbedtls/port/include/mbedtls/esp_config.h          | 4 ++++
 components/mbedtls/test/test_esp_crt_bundle.c                 | 1 -
 components/mbedtls/test/test_rsa.c                            | 2 +-
 components/protocomm/src/security/security1.c                 | 1 +
 components/wpa_supplicant/src/crypto/tls_mbedtls.c            | 3 ++-
 .../atecc608_ecdsa/components/esp-cryptoauthlib               | 2 +-
 12 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/components/lwip/lwip b/components/lwip/lwip
index 2749568fe1..2195f7416f 160000
--- a/components/lwip/lwip
+++ b/components/lwip/lwip
@@ -1 +1 @@
-Subproject commit 2749568fe15df2003f6c3f37f0dfd44f8f01fcd6
+Subproject commit 2195f7416fb3136831babf3e96c027a73075bd4f
diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt
index f1935a9da8..31af4c6a96 100644
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@@ -8,11 +8,12 @@ if(NOT BOOTLOADER_BUILD)
 endif()
 
 idf_component_register(SRCS "esp_crt_bundle/esp_crt_bundle.c"
-    INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include"
+    INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include" "."
     REQUIRES lwip
     PRIV_REQUIRES "${priv_requires}"
     )
 
+
 if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
     set(bundle_name "x509_crt_bundle")
     set(DEFAULT_CRT_DIR ${COMPONENT_DIR}/esp_crt_bundle)
diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
index e6329c5a42..c15354cf89 100644
--- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
+++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
@@ -56,10 +56,10 @@ static int tx_buffer_len(mbedtls_ssl_context *ssl, int len)
         return MBEDTLS_SSL_OUT_BUFFER_LEN;
     } else {
         return len + MBEDTLS_SSL_HEADER_LEN
-                   + MBEDTLS_SSL_COMPRESSION_ADD
                    + MBEDTLS_MAX_IV_LENGTH
                    + MBEDTLS_SSL_MAC_ADD
-                   + MBEDTLS_SSL_PADDING_ADD;
+                   + MBEDTLS_SSL_PADDING_ADD
+                   + MBEDTLS_SSL_MAX_CID_EXPANSION;
     }
 }
 
diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
index 5dac6dd188..906a1b222d 100644
--- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
+++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
@@ -10,7 +10,7 @@
 #include <stddef.h>
 #include <string.h>
 #include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h" // located at mbedtls/library/ssl_misc.h
 #include "mbedtls/platform.h"
 #include "esp_log.h"
 
diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
index 7368ac4fac..53657ef568 100644
--- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
+++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
@@ -34,7 +34,6 @@ static const char *TAG = "ESP_RSA_SIGN_ALT";
 #define SWAP_INT32(x) (((x) >> 24) | (((x) & 0x00FF0000) >> 8) | (((x) & 0x0000FF00) << 8) | ((x) << 24))
 
 #include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"
 #include <string.h>
diff --git a/components/mbedtls/port/esp_hardware.c b/components/mbedtls/port/esp_hardware.c
index 6d5c0d5ebf..2b609f8f31 100644
--- a/components/mbedtls/port/esp_hardware.c
+++ b/components/mbedtls/port/esp_hardware.c
@@ -9,7 +9,7 @@
 #include <stdio.h>
 #include <esp_system.h>
 
-#include "mbedtls/entropy_poll.h"
+#include <entropy_poll.h>
 
 #ifndef MBEDTLS_ENTROPY_HARDWARE_ALT
 #error "MBEDTLS_ENTROPY_HARDWARE_ALT should always be set in ESP-IDF"
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index b5d0fee0fd..3126e4081f 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2766,6 +2766,10 @@
 #include MBEDTLS_USER_CONFIG_FILE
 #endif
 
+/* Define this flag for now */
+/* To Do - while updating to v3.0 remove all the code where this flag is used */
+#define MBEDTLS_DEPRECATED_REMOVED
+
 #include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/components/mbedtls/test/test_esp_crt_bundle.c b/components/mbedtls/test/test_esp_crt_bundle.c
index 5b5eb13b7f..6628aec76a 100644
--- a/components/mbedtls/test/test_esp_crt_bundle.c
+++ b/components/mbedtls/test/test_esp_crt_bundle.c
@@ -27,7 +27,6 @@
 
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/net_sockets.h"
diff --git a/components/mbedtls/test/test_rsa.c b/components/mbedtls/test/test_rsa.c
index 2137de847e..46158d23a1 100644
--- a/components/mbedtls/test/test_rsa.c
+++ b/components/mbedtls/test/test_rsa.c
@@ -11,9 +11,9 @@
 #include "mbedtls/rsa.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/x509_crt.h"
-#include "mbedtls/entropy_poll.h"
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
+#include "mbedtls/library/entropy_poll.h"
 #include "freertos/FreeRTOS.h"
 #include "unity.h"
 #include "test_utils.h"
diff --git a/components/protocomm/src/security/security1.c b/components/protocomm/src/security/security1.c
index d9365f5027..dcc4f0904c 100644
--- a/components/protocomm/src/security/security1.c
+++ b/components/protocomm/src/security/security1.c
@@ -18,6 +18,7 @@
 #include <mbedtls/error.h>
 #include <mbedtls/ssl_internal.h>
 #include <mbedtls/constant_time.h>
+#include <mbedtls/library/ssl_misc.h>
 
 #include <protocomm_security.h>
 #include <protocomm_security1.h>
diff --git a/components/wpa_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/src/crypto/tls_mbedtls.c
index 61e397511c..e5948252e1 100644
--- a/components/wpa_supplicant/src/crypto/tls_mbedtls.c
+++ b/components/wpa_supplicant/src/crypto/tls_mbedtls.c
@@ -12,7 +12,8 @@
 #include "crypto/md5.h"
 #include "crypto/sha256.h"
 #include "crypto/sha384.h"
-#include "mbedtls/ssl_internal.h"
+#include "mbedtls/library/ssl_misc.h"
+//#error "It is included"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/debug.h"
diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib b/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib
index 077758db50..ef34699429 160000
--- a/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib
+++ b/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib
@@ -1 +1 @@
-Subproject commit 077758db50d4b55addab56e723a5a379f09077d0
+Subproject commit ef346994291313f72c3dd3b0dc048f0247b46ef8