From 594cec54bdff8b80e5f73a05013f4bf49bcae39c Mon Sep 17 00:00:00 2001 From: Mathias Bredholt Date: Fri, 8 Nov 2019 11:15:05 -0500 Subject: [PATCH 1/7] Removed relative path for lwip/arpa/inet.h The relative path breaks compatibility with arduino-esp32 as the path doesn't exist in arduino-esp32. https://github.com/espressif/arduino-esp32/pull/3425 Closes https://github.com/espressif/esp-idf/pull/4308 --- components/lwip/port/esp32/include/arpa/inet.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/lwip/port/esp32/include/arpa/inet.h b/components/lwip/port/esp32/include/arpa/inet.h index 90428f687d..94c6c17ed5 100644 --- a/components/lwip/port/esp32/include/arpa/inet.h +++ b/components/lwip/port/esp32/include/arpa/inet.h @@ -15,6 +15,6 @@ #ifndef INET_H_ #define INET_H_ -#include "../../../lwip/src/include/lwip/inet.h" +#include "lwip/inet.h" #endif /* INET_H_ */ From 5f6fd238b6fed8cb5e0acbd147e8c707b3a469b8 Mon Sep 17 00:00:00 2001 From: Aidan Cyr Date: Fri, 29 Nov 2019 14:17:51 +1100 Subject: [PATCH 2/7] fix: esp_http_client and esp_https_ota can follow 307 Redirects Closes https://github.com/espressif/esp-idf/pull/4431 --- components/esp_http_client/esp_http_client.c | 1 + components/esp_http_client/include/esp_http_client.h | 1 + components/esp_https_ota/src/esp_https_ota.c | 3 ++- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c index 517e95b962..0f8d2a2e89 100644 --- a/components/esp_http_client/esp_http_client.c +++ b/components/esp_http_client/esp_http_client.c @@ -657,6 +657,7 @@ static esp_err_t esp_http_check_response(esp_http_client_handle_t client) switch (client->response->status_code) { case HttpStatus_MovedPermanently: case HttpStatus_Found: + case HttpStatus_TemporaryRedirect: esp_http_client_set_redirection(client); client->redirect_counter ++; client->process_again = 1; diff --git a/components/esp_http_client/include/esp_http_client.h b/components/esp_http_client/include/esp_http_client.h index 2f35fc9754..e26849ecaf 100644 --- a/components/esp_http_client/include/esp_http_client.h +++ b/components/esp_http_client/include/esp_http_client.h @@ -131,6 +131,7 @@ typedef enum { /* 3xx - Redirection */ HttpStatus_MovedPermanently = 301, HttpStatus_Found = 302, + HttpStatus_TemporaryRedirect = 307, /* 4xx - Client Error */ HttpStatus_Unauthorized = 401 diff --git a/components/esp_https_ota/src/esp_https_ota.c b/components/esp_https_ota/src/esp_https_ota.c index a6c993e0c2..c5c80c5517 100644 --- a/components/esp_https_ota/src/esp_https_ota.c +++ b/components/esp_https_ota/src/esp_https_ota.c @@ -47,6 +47,7 @@ static bool process_again(int status_code) switch (status_code) { case HttpStatus_MovedPermanently: case HttpStatus_Found: + case HttpStatus_TemporaryRedirect: case HttpStatus_Unauthorized: return true; default: @@ -58,7 +59,7 @@ static bool process_again(int status_code) static esp_err_t _http_handle_response_code(esp_http_client_handle_t http_client, int status_code) { esp_err_t err; - if (status_code == HttpStatus_MovedPermanently || status_code == HttpStatus_Found) { + if (status_code == HttpStatus_MovedPermanently || status_code == HttpStatus_Found || status_code == HttpStatus_TemporaryRedirect) { err = esp_http_client_set_redirection(http_client); if (err != ESP_OK) { ESP_LOGE(TAG, "URL redirection Failed"); From 6fdc8d7f928aae3fa47182b78d669c18874934c7 Mon Sep 17 00:00:00 2001 From: Axel Lin Date: Fri, 6 Dec 2019 15:08:41 +0800 Subject: [PATCH 3/7] esp_http_client: fix memory leak in esp_http_client_set_username/password Fix memory in case username/password was set before calling esp_http_client_set_username/password. Closes https://github.com/espressif/esp-idf/issues/4444 Fixes: 9fd16c6a5ff7 ("fixes : set_url discards username and password") Signed-off-by: Axel Lin --- components/esp_http_client/esp_http_client.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c index 0f8d2a2e89..25b9a5e005 100644 --- a/components/esp_http_client/esp_http_client.c +++ b/components/esp_http_client/esp_http_client.c @@ -300,12 +300,10 @@ esp_err_t esp_http_client_set_username(esp_http_client_handle_t client, const ch ESP_LOGE(TAG, "client must not be NULL"); return ESP_ERR_INVALID_ARG; } - if (username == NULL && client->connection_info.username != NULL) { + if (client->connection_info.username != NULL) { free(client->connection_info.username); - client->connection_info.username = NULL; - } else if (username != NULL) { - client->connection_info.username = strdup(username); } + client->connection_info.username = username ? strdup(username) : NULL; return ESP_OK; } @@ -325,13 +323,11 @@ esp_err_t esp_http_client_set_password(esp_http_client_handle_t client, char *pa ESP_LOGE(TAG, "client must not be NULL"); return ESP_ERR_INVALID_ARG; } - if (password == NULL && client->connection_info.password != NULL) { + if (client->connection_info.password != NULL) { memset(client->connection_info.password, 0, strlen(client->connection_info.password)); free(client->connection_info.password); - client->connection_info.password = NULL; - } else if (password != NULL) { - client->connection_info.password = strdup(password); } + client->connection_info.password = password ? strdup(password) : NULL; return ESP_OK; } From 489c815eb8ff77ded121671f639c88654f694e4a Mon Sep 17 00:00:00 2001 From: Axel Lin Date: Fri, 6 Dec 2019 15:13:10 +0800 Subject: [PATCH 4/7] esp_http_client: add esp_http_client_set_authtype function Since currently there are APIs to set url/username/password, it would be good to also allow setting authtype. Link: https://github.com/espressif/esp-idf/issues/4444 Closes https://github.com/espressif/esp-idf/pull/4454 Signed-off-by: Axel Lin --- components/esp_http_client/esp_http_client.c | 10 ++++++++++ components/esp_http_client/include/esp_http_client.h | 12 ++++++++++++ 2 files changed, 22 insertions(+) diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c index 25b9a5e005..3c6b08c648 100644 --- a/components/esp_http_client/esp_http_client.c +++ b/components/esp_http_client/esp_http_client.c @@ -331,6 +331,16 @@ esp_err_t esp_http_client_set_password(esp_http_client_handle_t client, char *pa return ESP_OK; } +esp_err_t esp_http_client_set_authtype(esp_http_client_handle_t client, esp_http_client_auth_type_t auth_type) +{ + if (client == NULL) { + ESP_LOGE(TAG, "client must not be NULL"); + return ESP_ERR_INVALID_ARG; + } + client->connection_info.auth_type = auth_type; + return ESP_OK; +} + static esp_err_t _set_config(esp_http_client_handle_t client, const esp_http_client_config_t *config) { client->connection_info.method = config->method; diff --git a/components/esp_http_client/include/esp_http_client.h b/components/esp_http_client/include/esp_http_client.h index e26849ecaf..8d9243a0ba 100644 --- a/components/esp_http_client/include/esp_http_client.h +++ b/components/esp_http_client/include/esp_http_client.h @@ -307,6 +307,18 @@ esp_err_t esp_http_client_get_password(esp_http_client_handle_t client, char **v */ esp_err_t esp_http_client_set_password(esp_http_client_handle_t client, char *password); +/** + * @brief Set http request auth_type. + * + * @param[in] client The esp_http_client handle + * @param[in] auth_type The esp_http_client auth type + * + * @return + * - ESP_OK + * - ESP_ERR_INVALID_ARG + */ +esp_err_t esp_http_client_set_authtype(esp_http_client_handle_t client, esp_http_client_auth_type_t auth_type); + /** * @brief Set http request method * From a737fd4865a4f2d96ab108ead1ca63b1776dfdb5 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Sat, 7 Dec 2019 22:52:35 +0530 Subject: [PATCH 5/7] Fix issue with timer usage in FreeRTOS tests --- components/freertos/test/test_task_suspend_resume.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/freertos/test/test_task_suspend_resume.c b/components/freertos/test/test_task_suspend_resume.c index 5dfb77b740..8fba220a2c 100644 --- a/components/freertos/test/test_task_suspend_resume.c +++ b/components/freertos/test/test_task_suspend_resume.c @@ -124,7 +124,6 @@ void IRAM_ATTR timer_group0_isr(void *vp_arg) { // Clear interrupt timer_group_clr_intr_status_in_isr(TIMER_GROUP_0, TIMER_0); - timer_group_clr_intr_status_in_isr(TIMER_GROUP_0, TIMER_1); timer_isr_fired = true; TaskHandle_t handle = vp_arg; @@ -170,6 +169,7 @@ static void test_resume_task_from_isr(int target_core) vTaskDelay(1); + timer_deinit(TIMER_GROUP_0, TIMER_0); TEST_ASSERT_TRUE(timer_isr_fired); TEST_ASSERT_TRUE(resumed); } From 8e28226935e13b3593db13cf501f3d60b32b2050 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 9 Dec 2019 12:32:11 +0530 Subject: [PATCH 6/7] Disable few test cases for ESP32S2BETA These test cases will be fixed in subsequent MR --- components/freertos/test/test_freertos_mutex.c | 2 +- components/freertos/test/test_thread_local.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/freertos/test/test_freertos_mutex.c b/components/freertos/test/test_freertos_mutex.c index 51697984e7..11c761dded 100644 --- a/components/freertos/test/test_freertos_mutex.c +++ b/components/freertos/test/test_freertos_mutex.c @@ -12,7 +12,7 @@ static void mutex_release_task(void* arg) TEST_FAIL_MESSAGE("should not be reached"); } -TEST_CASE("mutex released not by owner causes an assert", "[freertos][reset=abort,SW_CPU_RESET]") +TEST_CASE_ESP32("mutex released not by owner causes an assert", "[freertos][reset=abort,SW_CPU_RESET]") { SemaphoreHandle_t mutex = xSemaphoreCreateMutex(); xSemaphoreTake(mutex, portMAX_DELAY); diff --git a/components/freertos/test/test_thread_local.c b/components/freertos/test/test_thread_local.c index 79ed8bb7b8..cda1a25f02 100644 --- a/components/freertos/test/test_thread_local.c +++ b/components/freertos/test/test_thread_local.c @@ -86,7 +86,7 @@ static void task_test_tls(void *arg) } } -TEST_CASE("TLS test", "[freertos]") +TEST_CASE_ESP32("TLS test", "[freertos]") { const size_t stack_size = 3072; StackType_t s_stack[stack_size]; /* with 8KB test task stack (default) this test still has ~3KB headroom */ From 4ee78f84968bbff345c8f7ce73bc97976aa1aac1 Mon Sep 17 00:00:00 2001 From: Ryan Kurte Date: Thu, 5 Dec 2019 17:30:17 +1300 Subject: [PATCH 7/7] added KConfig option to allow loading CA certs with unsupported extensions Close https://github.com/espressif/esp-idf/pull/4445 --- components/mbedtls/Kconfig | 12 ++++++++++++ .../mbedtls/port/include/mbedtls/esp_config.h | 19 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index f9dd804731..3aaa3dead6 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -601,4 +601,16 @@ menu "mbedTLS" # end of Elliptic Curve options + menuconfig MBEDTLS_SECURITY_RISKS + bool "Show configurations with potential security risks" + default n + + config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT + bool "X.509 CRT parsing with unsupported critical extensions" + depends on MBEDTLS_SECURITY_RISKS + default n + help + Allow the X.509 certificate parser to load certificates + with unsupported critical extensions + endmenu # mbedTLS diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index d971ab8db4..f702ae1d59 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -2214,6 +2214,25 @@ */ #define MBEDTLS_X509_CRT_WRITE_C +/** + * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION + * + * Alow the X509 parser to not break-off when parsing an X509 certificate + * and encountering an unknown critical extension. + * + * Module: library/x509_crt.c + * + * Requires: MBEDTLS_X509_CRT_PARSE_C + * + * This module is supports loading of certificates with extensions that + * may not be supported by mbedtls. + */ +#ifdef CONFIG_MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT +#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +#else +#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +#endif + /** * \def MBEDTLS_X509_CSR_WRITE_C *