diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 7fd3d87ab6..534f2ea6da 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -698,6 +698,21 @@ menu "mbedTLS" Standard ECDSA is "fragile" in the sense that lack of entropy when signing may result in a compromise of the long-term signing key. + config MBEDTLS_SHA1_C + bool "Enable the SHA-1 cryptographic hash algorithm" + default y + help + Enabling MBEDTLS_SHA1_C adds support for SHA-1. + SHA-1 is considered a weak message digest and its use constitutes + a security risk. + Disabling this configuration option could impact TLS 1.2 / Wi-Fi Enterprise compatibility + with certain older certificates that rely on SHA-1 for digital signatures. + Before proceeding, ensure that all your certificates are using stronger hash algorithms, + such as SHA-256 (part of the SHA-2 family). + If you're using older certificates or if you're unsure about the impact on your product, + please consider testing the changes in a controlled environment for individual features + like OTA updates, cloud connectivity, secure local control, etc. + config MBEDTLS_SHA512_C bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms" default y diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index d1413571db..93e8e81eef 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -2504,8 +2504,11 @@ * on it, and considering stronger message digests instead. * */ +#if CONFIG_MBEDTLS_SHA1_C #define MBEDTLS_SHA1_C - +#else +#undef MBEDTLS_SHA1_C +#endif /** * \def MBEDTLS_SHA224_C * diff --git a/components/mbedtls/port/sha/block/esp_sha1.c b/components/mbedtls/port/sha/block/esp_sha1.c index 1e73fe5d92..1b6f47e836 100644 --- a/components/mbedtls/port/sha/block/esp_sha1.c +++ b/components/mbedtls/port/sha/block/esp_sha1.c @@ -15,7 +15,7 @@ #include -#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) +#if defined(MBEDTLS_SHA1_ALT) #include "mbedtls/sha1.h" @@ -217,4 +217,4 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) return ret; } -#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ +#endif /* MBEDTLS_SHA1_ALT */ diff --git a/components/mbedtls/port/sha/dma/esp_sha1.c b/components/mbedtls/port/sha/dma/esp_sha1.c index 409a1d1d51..70da0317f4 100644 --- a/components/mbedtls/port/sha/dma/esp_sha1.c +++ b/components/mbedtls/port/sha/dma/esp_sha1.c @@ -15,7 +15,7 @@ #include -#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) +#if defined(MBEDTLS_SHA1_ALT) #include "mbedtls/sha1.h" @@ -217,4 +217,4 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) return ret; } -#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ +#endif /* MBEDTLS_SHA1_ALT */ diff --git a/components/mbedtls/port/sha/parallel_engine/esp_sha1.c b/components/mbedtls/port/sha/parallel_engine/esp_sha1.c index 9790a72737..cd38987e60 100644 --- a/components/mbedtls/port/sha/parallel_engine/esp_sha1.c +++ b/components/mbedtls/port/sha/parallel_engine/esp_sha1.c @@ -17,7 +17,7 @@ #include -#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) +#if defined(MBEDTLS_SHA1_ALT) #include "mbedtls/sha1.h" @@ -420,4 +420,4 @@ out: return ret; } -#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ +#endif /* MBEDTLS_SHA1_ALT */ diff --git a/components/mbedtls/test_apps/main/test_mbedtls_sha.c b/components/mbedtls/test_apps/main/test_mbedtls_sha.c index 5b6d71e2f3..b17c84e46c 100644 --- a/components/mbedtls/test_apps/main/test_mbedtls_sha.c +++ b/components/mbedtls/test_apps/main/test_mbedtls_sha.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -27,9 +27,13 @@ TEST_CASE("mbedtls SHA self-tests", "[mbedtls]") { start_apb_access_loop(); +#if CONFIG_MBEDTLS_SHA1_C TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha1_self_test(1), "SHA1 self-tests should pass."); +#endif TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha256_self_test(1), "SHA256 self-tests should pass."); +#if CONFIG_MBEDTLS_SHA512_C TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha512_self_test(1), "SHA512 self-tests should pass."); +#endif verify_apb_access_loop(); } @@ -158,17 +162,19 @@ TEST_CASE("mbedtls SHA multithreading", "[mbedtls]") void tskRunSHASelftests(void *param) { for (int i = 0; i < 5; i++) { +#if CONFIG_MBEDTLS_SHA1_C if (mbedtls_sha1_self_test(1)) { printf("SHA1 self-tests failed.\n"); while (1) {} } +#endif if (mbedtls_sha256_self_test(1)) { printf("SHA256 self-tests failed.\n"); while (1) {} } -#if SOC_SHA_SUPPORT_SHA512 +#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C if (mbedtls_sha512_self_test(1)) { printf("SHA512 self-tests failed.\n"); while (1) {} @@ -178,7 +184,7 @@ void tskRunSHASelftests(void *param) printf("SHA512 self-tests failed.\n"); while (1) {} } -#endif //SOC_SHA_SUPPORT_SHA512 +#endif //SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C } xSemaphoreGive(done_sem); vTaskDelete(NULL); diff --git a/components/mbedtls/test_apps/main/test_rsa.c b/components/mbedtls/test_apps/main/test_rsa.c index f69a0238f8..457caaa45d 100644 --- a/components/mbedtls/test_apps/main/test_rsa.c +++ b/components/mbedtls/test_apps/main/test_rsa.c @@ -3,7 +3,7 @@ * Focus on testing functionality where we use ESP32 hardware * accelerated crypto features * - * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -88,25 +88,33 @@ static const char *rsa3072_cert = "-----BEGIN CERTIFICATE-----\n"\ /* Root cert from openssl s_client -connect google.com:443 -showcerts */ static const char *rsa2048_cert = "-----BEGIN CERTIFICATE-----\n"\ - "MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"\ - "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"\ - "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n"\ - "WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n"\ - "AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"\ - "CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n"\ - "OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n"\ - "T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n"\ - "JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n"\ - "Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n"\ - "PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n"\ - "aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n"\ - "TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n"\ - "LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n"\ - "BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n"\ - "dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n"\ - "AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n"\ - "NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n"\ - "b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n"\ + "MIIFCzCCAvOgAwIBAgIQf/AFoHxM3tEArZ1mpRB7mDANBgkqhkiG9w0BAQsFADBH\n"\ + "MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\n"\ + "QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIw\n"\ + "MTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNl\n"\ + "cnZpY2VzMQwwCgYDVQQDEwNXUjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"\ + "AoIBAQCp/5x/RR5wqFOfytnlDd5GV1d9vI+aWqxG8YSau5HbyfsvAfuSCQAWXqAc\n"\ + "+MGr+XgvSszYhaLYWTwO0xj7sfUkDSbutltkdnwUxy96zqhMt/TZCPzfhyM1IKji\n"\ + "aeKMTj+xWfpgoh6zySBTGYLKNlNtYE3pAJH8do1cCA8Kwtzxc2vFE24KT3rC8gIc\n"\ + "LrRjg9ox9i11MLL7q8Ju26nADrn5Z9TDJVd06wW06Y613ijNzHoU5HEDy01hLmFX\n"\ + "xRmpC5iEGuh5KdmyjS//V2pm4M6rlagplmNwEmceOuHbsCFx13ye/aoXbv4r+zgX\n"\ + "FNFmp6+atXDMyGOBOozAKql2N87jAgMBAAGjgf4wgfswDgYDVR0PAQH/BAQDAgGG\n"\ + "MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/\n"\ + "AgEAMB0GA1UdDgQWBBTeGx7teRXUPjckwyG77DQ5bUKyMDAfBgNVHSMEGDAWgBTk\n"\ + "rysmcRorSCeFL1JmLO/wiRNxPjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAKG\n"\ + "GGh0dHA6Ly9pLnBraS5nb29nL3IxLmNydDArBgNVHR8EJDAiMCCgHqAchhpodHRw\n"\ + "Oi8vYy5wa2kuZ29vZy9yL3IxLmNybDATBgNVHSAEDDAKMAgGBmeBDAECATANBgkq\n"\ + "hkiG9w0BAQsFAAOCAgEARXWL5R87RBOWGqtY8TXJbz3S0DNKhjO6V1FP7sQ02hYS\n"\ + "TL8Tnw3UVOlIecAwPJQl8hr0ujKUtjNyC4XuCRElNJThb0Lbgpt7fyqaqf9/qdLe\n"\ + "SiDLs/sDA7j4BwXaWZIvGEaYzq9yviQmsR4ATb0IrZNBRAq7x9UBhb+TV+PfdBJT\n"\ + "DhEl05vc3ssnbrPCuTNiOcLgNeFbpwkuGcuRKnZc8d/KI4RApW//mkHgte8y0YWu\n"\ + "ryUJ8GLFbsLIbjL9uNrizkqRSvOFVU6xddZIMy9vhNkSXJ/UcZhjJY1pXAprffJB\n"\ + "vei7j+Qi151lRehMCofa6WBmiA4fx+FOVsV2/7R6V2nyAiIJJkEd2nSi5SnzxJrl\n"\ + "Xdaqev3htytmOPvoKWa676ATL/hzfvDaQBEcXd2Ppvy+275W+DKcH0FBbX62xevG\n"\ + "iza3F4ydzxl6NJ8hk8R+dDXSqv1MbRT1ybB5W0k8878XSOjvmiYTDIfyc9acxVJr\n"\ + "Y/cykHipa+te1pOhv7wYPYtZ9orGBV5SGOJm4NrB3K1aJar0RfzxC3ikr7Dyc6Qw\n"\ + "qDTBU39CluVIQeuQRgwG3MuSxl7zRERDRilGoKb8uY45JzmxWuKxrfwT/478JuHU\n"\ + "/oTxUFqOl2stKnn7QGTq8z29W+GgBLCXSBxC9epaHM0myFH/FJlniXJfHeytWt0=\n"\ "-----END CERTIFICATE-----\n"; @@ -211,38 +219,38 @@ static const uint8_t pki_rsa3072_output[] = { }; static const uint8_t pki_rsa2048_output[] = { - 0x47, 0x0b, 0xe5, 0x8a, 0xcd, 0x2f, 0x78, 0x07, - 0x69, 0x69, 0x70, 0xff, 0x81, 0xdf, 0x96, 0xf0, - 0xed, 0x82, 0x3a, 0x3d, 0x46, 0xab, 0xe9, 0xc3, - 0xb5, 0xd9, 0xca, 0xa2, 0x05, 0xa9, 0xf6, 0x6e, - 0xad, 0x6c, 0xe0, 0xd1, 0xa2, 0xb4, 0xf2, 0x78, - 0x4a, 0x93, 0xfc, 0x45, 0xe1, 0x9b, 0xdd, 0x62, - 0xf9, 0x66, 0x2a, 0x14, 0x38, 0x12, 0xb6, 0x50, - 0x0b, 0xe3, 0x53, 0x9c, 0x12, 0x56, 0xf1, 0xb7, - 0x83, 0xd5, 0xf3, 0x24, 0x81, 0xcc, 0x5a, 0xeb, - 0xec, 0xac, 0x68, 0xa8, 0x0c, 0xd7, 0x84, 0x7a, - 0xbb, 0x77, 0x7b, 0xd5, 0x5b, 0xcf, 0x7b, 0x25, - 0xd0, 0x75, 0x80, 0x21, 0x12, 0x97, 0x6b, 0xe1, - 0xb6, 0x51, 0x12, 0x52, 0x6e, 0x01, 0x92, 0xb7, - 0xcc, 0x70, 0x4b, 0x46, 0x11, 0x98, 0x5a, 0x84, - 0x1c, 0x90, 0x45, 0x0f, 0x15, 0x77, 0xdb, 0x79, - 0xe8, 0xff, 0x1f, 0xaa, 0x58, 0x95, 0xce, 0x3c, - 0x65, 0x0c, 0x66, 0x29, 0xe1, 0x9c, 0x41, 0xbb, - 0xde, 0x65, 0xb8, 0x29, 0x36, 0x94, 0xbd, 0x87, - 0x93, 0x39, 0xc5, 0xeb, 0x49, 0x21, 0xc1, 0xeb, - 0x48, 0xbd, 0x19, 0x13, 0x4d, 0x40, 0x90, 0x88, - 0xc6, 0x12, 0xd9, 0xf7, 0xdd, 0xc8, 0x4f, 0x89, - 0xc0, 0x91, 0xf8, 0xeb, 0xcf, 0xe3, 0x12, 0x17, - 0x88, 0x9c, 0x88, 0xf4, 0xf5, 0xae, 0xf4, 0x15, - 0xfe, 0x17, 0xf6, 0xa4, 0x74, 0x49, 0x02, 0x05, - 0x11, 0x3b, 0x92, 0x25, 0x39, 0x2c, 0x4b, 0x08, - 0x19, 0x76, 0x13, 0x8d, 0xf9, 0xda, 0xae, 0xdf, - 0x30, 0xda, 0xcc, 0xbb, 0x3f, 0xb9, 0xb0, 0xd6, - 0x5c, 0x78, 0x4b, 0x2b, 0x35, 0x51, 0x17, 0x48, - 0xf5, 0xd4, 0x39, 0x7e, 0x05, 0x83, 0x68, 0x86, - 0x44, 0x5f, 0x56, 0x1d, 0x2c, 0x53, 0xd3, 0x64, - 0x3a, 0xb2, 0x0c, 0x4a, 0x85, 0xd6, 0x5b, 0x7e, - 0xf9, 0xe9, 0x50, 0x29, 0x5d, 0x4f, 0xcc, 0xc9, + 0x3c, 0xd6, 0xc2, 0xbf, 0x01, 0x4a, 0x00, 0x95, + 0x2c, 0x32, 0x11, 0xc0, 0xc9, 0x7e, 0x8f, 0x0a, + 0x15, 0xee, 0xfb, 0x34, 0x1d, 0xaa, 0xae, 0x15, + 0x11, 0x6d, 0x99, 0x2b, 0x09, 0xeb, 0x3f, 0x89, + 0x46, 0x98, 0x08, 0x2f, 0x10, 0x13, 0xa1, 0x17, + 0xc7, 0xec, 0x67, 0x3a, 0x34, 0x4f, 0x40, 0xcd, + 0xe2, 0xc0, 0xbe, 0x99, 0xc7, 0xe7, 0xff, 0xea, + 0xd0, 0x82, 0xd2, 0x62, 0x73, 0xde, 0x56, 0xe8, + 0xb6, 0xa7, 0xe7, 0xe1, 0x64, 0x90, 0x00, 0x56, + 0x1d, 0x2c, 0x1c, 0xc5, 0xec, 0x7f, 0xb1, 0x87, + 0x59, 0xb1, 0xd6, 0x44, 0x0f, 0x67, 0x35, 0xb4, + 0x91, 0x49, 0xed, 0x10, 0x4c, 0xef, 0xe5, 0xc8, + 0xea, 0x0d, 0xbd, 0xaf, 0xb9, 0xad, 0x12, 0x41, + 0xaa, 0xf4, 0x68, 0x54, 0x08, 0xec, 0x70, 0x8c, + 0xac, 0x6b, 0x57, 0xcf, 0x0a, 0x0c, 0x08, 0x34, + 0x28, 0x29, 0x27, 0xa4, 0x71, 0x80, 0x43, 0x59, + 0xd9, 0x35, 0x88, 0x28, 0x1d, 0xfa, 0x0b, 0x72, + 0xa0, 0xe1, 0x03, 0x65, 0x7a, 0xf8, 0x1c, 0x76, + 0x9a, 0xad, 0x21, 0x23, 0x11, 0x2f, 0x45, 0x40, + 0x72, 0x05, 0x69, 0x1b, 0x2a, 0x74, 0x9f, 0x95, + 0x44, 0x60, 0x05, 0x6a, 0x17, 0x80, 0x4a, 0xa0, + 0xed, 0x23, 0xa6, 0xef, 0x79, 0x5d, 0x83, 0xd8, + 0x8d, 0xd8, 0xe1, 0x4c, 0x5e, 0xf8, 0xfa, 0x11, + 0x57, 0xbe, 0xca, 0x22, 0x93, 0x5b, 0xe6, 0x8b, + 0xe1, 0x31, 0xde, 0x70, 0x80, 0x4a, 0xa2, 0xd3, + 0x91, 0xe8, 0xde, 0x88, 0xa2, 0x98, 0x73, 0x49, + 0x0d, 0x26, 0xe1, 0x42, 0xd7, 0xb9, 0x5e, 0xf6, + 0x05, 0x09, 0x27, 0xc6, 0x8c, 0xc2, 0xb1, 0x53, + 0x5f, 0x19, 0xaf, 0x2b, 0xfe, 0xac, 0x6a, 0x27, + 0xde, 0x89, 0xbc, 0x72, 0x3e, 0xd5, 0x9f, 0x36, + 0xc2, 0x91, 0x68, 0x30, 0xe7, 0x76, 0x96, 0x56, + 0x8f, 0x01, 0xc4, 0x5b, 0xb7, 0xb3, 0x90, 0x7f, }; #ifdef CONFIG_MBEDTLS_HARDWARE_MPI @@ -573,7 +581,7 @@ TEST_CASE("mbedtls RSA Generate Key", "[mbedtls][timeout=60]") const int exponent = 65537; #if CONFIG_MBEDTLS_MPI_USE_INTERRUPT && CONFIG_ESP_TASK_WDT_EN && !CONFIG_ESP_TASK_WDT_INIT - /* Check that generating keys doesnt starve the watchdog if interrupt-based driver is used */ + /* Check that generating keys doesn't starve the watchdog if interrupt-based driver is used */ esp_task_wdt_config_t twdt_config = { .timeout_ms = 1000, .idle_core_mask = (1 << 0), // Watch core 0 idle diff --git a/components/mbedtls/test_apps/main/test_sha.c b/components/mbedtls/test_apps/main/test_sha.c index b7f324833d..dbf1dbfca6 100644 --- a/components/mbedtls/test_apps/main/test_sha.c +++ b/components/mbedtls/test_apps/main/test_sha.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -119,14 +119,17 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]") TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]") { + int r = -1; const void* ptr; spi_flash_mmap_handle_t handle; +#if CONFIG_MBEDTLS_SHA1_C uint8_t sha1_espsha[20] = { 0 }; uint8_t sha1_mbedtls[20] = { 0 }; +#endif uint8_t sha256_espsha[32] = { 0 }; uint8_t sha256_mbedtls[32] = { 0 }; -#if SOC_SHA_SUPPORT_SHA512 +#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C uint8_t sha512_espsha[64] = { 0 }; uint8_t sha512_mbedtls[64] = { 0 }; #endif @@ -140,16 +143,17 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]") TEST_ASSERT_NOT_NULL(ptr); /* Compare esp_sha() result to the mbedTLS result, should always be the same */ - +#if CONFIG_MBEDTLS_SHA1_C esp_sha(SHA1, ptr, LEN, sha1_espsha); - int r = mbedtls_sha1(ptr, LEN, sha1_mbedtls); + r = mbedtls_sha1(ptr, LEN, sha1_mbedtls); TEST_ASSERT_EQUAL(0, r); +#endif esp_sha(SHA2_256, ptr, LEN, sha256_espsha); r = mbedtls_sha256(ptr, LEN, sha256_mbedtls, 0); TEST_ASSERT_EQUAL(0, r); -#if SOC_SHA_SUPPORT_SHA512 +#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C esp_sha(SHA2_512, ptr, LEN, sha512_espsha); r = mbedtls_sha512(ptr, LEN, sha512_mbedtls, 0); TEST_ASSERT_EQUAL(0, r); @@ -158,11 +162,13 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]") /* munmap() 1MB of flash when the usge of memory-mapped ptr is over */ spi_flash_munmap(handle); +#if CONFIG_MBEDTLS_SHA1_C TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_espsha, sha1_mbedtls, sizeof(sha1_espsha), "SHA1 results should match"); +#endif TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_espsha, sha256_mbedtls, sizeof(sha256_espsha), "SHA256 results should match"); -#if SOC_SHA_SUPPORT_SHA512 +#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_espsha, sha512_mbedtls, sizeof(sha512_espsha), "SHA512 results should match"); #endif }