From 87d3296c37a35caad790cb172d4441fcfb689d22 Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Wed, 9 Mar 2022 18:24:44 +0530 Subject: [PATCH] mbedtls: Disable `MBEDTLS_DYNAMIC_BUFFER` when TLS 1.3 is enabled - Resulted in a crash in the handshake stage when used alongside TLS 1.3 (MBEDTLS_SSL_PROTO_TLS1_3) - Fix build error when MBEDTLS_HARDWARE_SHA=n && MBEDTLS_DYNAMIC_BUFFER=y - Fix build error when TLS 1.3 is enabled with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n --- components/mbedtls/Kconfig | 4 ++-- components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 6d114475c7..f3d144d33a 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -172,10 +172,10 @@ menu "mbedTLS" default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE menu "mbedTLS v3.x related" - + # NOTE: MBEDTLS_DYNAMIC_BUFFER feature is not supported with TLS 1.3 yet. Ref: IDF-4762 config MBEDTLS_SSL_PROTO_TLS1_3 bool "Support TLS 1.3 protocol" - depends on MBEDTLS_TLS_ENABLED + depends on MBEDTLS_TLS_ENABLED && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE && !MBEDTLS_DYNAMIC_BUFFER select MBEDTLS_HKDF_C default n diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h index 0e1bc37f7a..6adda7bb84 100644 --- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h +++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h @@ -8,6 +8,7 @@ #include #include +#include /* ToDo - Remove this once appropriate solution is available. We need to define this for the file as ssl_misc.h uses private structures from mbedtls, which are undefined if the following flag is not defined */