espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 19:24:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(esp_tls): fix failing build with TLS1.3 only and dynamic buffer

Browse Source
This commit is contained in:
Ashish Sharma
2025-05-21 14:45:19 +08:00
parent 47d20da4cd
commit 2ef09a7952
4 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/esp-tls/esp_tls_mbedtls.c
View File

@@ -850,7 +850,9 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS #ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
ESP_LOGD(TAG, "Enabling client-side tls session ticket support"); ESP_LOGD(TAG, "Enabling client-side tls session ticket support");
mbedtls_ssl_conf_session_tickets(&tls->conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED); mbedtls_ssl_conf_session_tickets(&tls->conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
mbedtls_ssl_conf_renegotiation(&tls->conf, MBEDTLS_SSL_RENEGOTIATION_ENABLED); mbedtls_ssl_conf_renegotiation(&tls->conf, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
#endif /* CONFIG_MBEDTLS_SSL_RENEGOTIATION */
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */ #endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
#if CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 #if CONFIG_MBEDTLS_SSL_PROTO_TLS1_3

20
components/mbedtls/port/dynamic/esp_ssl_tls.c
View File

@@ -92,7 +92,8 @@ static int ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)
mbedtls_dhm_init( &handshake->dhm_ctx ); mbedtls_dhm_init( &handshake->dhm_ctx );
#endif #endif
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
mbedtls_ecdh_init( &handshake->ecdh_ctx ); mbedtls_ecdh_init( &handshake->ecdh_ctx );
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -121,9 +122,11 @@ static int ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
static int ssl_handshake_init( mbedtls_ssl_context *ssl ) static int ssl_handshake_init( mbedtls_ssl_context *ssl )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* Clear old handshake information if present */ /* Clear old handshake information if present */
if( ssl->transform_negotiate ) if( ssl->transform_negotiate )
mbedtls_ssl_transform_free( ssl->transform_negotiate ); mbedtls_ssl_transform_free( ssl->transform_negotiate );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( ssl->session_negotiate ) if( ssl->session_negotiate )
mbedtls_ssl_session_free( ssl->session_negotiate ); mbedtls_ssl_session_free( ssl->session_negotiate );
if( ssl->handshake ) if( ssl->handshake )
@@ -133,10 +136,12 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
* Either the pointers are now NULL or cleared properly and can be freed. * Either the pointers are now NULL or cleared properly and can be freed.
* Now allocate missing structures. * Now allocate missing structures.
*/ */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->transform_negotiate == NULL ) if( ssl->transform_negotiate == NULL )
{ {
ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( ssl->session_negotiate == NULL ) if( ssl->session_negotiate == NULL )
{ {
@@ -156,17 +161,22 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
/* All pointers should exist and can be directly freed without issue */ /* All pointers should exist and can be directly freed without issue */
if( ssl->handshake == NULL || if( ssl->handshake == NULL ||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
ssl->transform_negotiate == NULL || ssl->transform_negotiate == NULL ||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
ssl->session_negotiate == NULL ) ssl->session_negotiate == NULL )
{ {
ESP_LOGD(TAG, "alloc() of ssl sub-contexts failed"); ESP_LOGD(TAG, "alloc() of ssl sub-contexts failed");
mbedtls_free( ssl->handshake ); mbedtls_free( ssl->handshake );
mbedtls_free( ssl->transform_negotiate );
mbedtls_free( ssl->session_negotiate );
ssl->handshake = NULL; ssl->handshake = NULL;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_free( ssl->transform_negotiate );
ssl->transform_negotiate = NULL; ssl->transform_negotiate = NULL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
mbedtls_free( ssl->session_negotiate );
ssl->session_negotiate = NULL; ssl->session_negotiate = NULL;
return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
@@ -174,7 +184,9 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
/* Initialize structures */ /* Initialize structures */
mbedtls_ssl_session_init( ssl->session_negotiate ); mbedtls_ssl_session_init( ssl->session_negotiate );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_ssl_transform_init( ssl->transform_negotiate ); mbedtls_ssl_transform_init( ssl->transform_negotiate );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
int ret = ssl_handshake_params_init( ssl->handshake ); int ret = ssl_handshake_params_init( ssl->handshake );
if (ret != 0) { if (ret != 0) {
return ret; return ret;

1
examples/protocols/https_request/pytest_https_request.py
View File

@@ -130,6 +130,7 @@ def test_examples_protocol_https_request_cli_session_tickets(dut: Dut) -> None:
'config', 'config',
[ [
'ssldyn_tls1_3', 'ssldyn_tls1_3',
'ssldyn_tls1_3_only',
], ],
indirect=True, indirect=True,
) )

16
examples/protocols/https_request/sdkconfig.ci.ssldyn_tls1_3_only Normal file
View File

@@ -0,0 +1,16 @@
CONFIG_SPIRAM=y
CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC=y
CONFIG_EXAMPLE_CONNECT_ETHERNET=y
CONFIG_EXAMPLE_CONNECT_WIFI=n
CONFIG_EXAMPLE_USE_INTERNAL_ETHERNET=y
CONFIG_EXAMPLE_ETH_PHY_IP101=y
CONFIG_EXAMPLE_ETH_MDC_GPIO=23
CONFIG_EXAMPLE_ETH_MDIO_GPIO=18
CONFIG_EXAMPLE_ETH_PHY_RST_GPIO=5
CONFIG_EXAMPLE_ETH_PHY_ADDR=1
CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
CONFIG_EXAMPLE_SSL_PROTO_TLS1_3_CLIENT=y
CONFIG_EXAMPLE_CLIENT_SESSION_TICKETS=y
CONFIG_EXAMPLE_LOCAL_SERVER_URL="FROM_STDIN"
CONFIG_EXAMPLE_LOCAL_SERVER_URL_FROM_STDIN=y
CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n