espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-29 18:27:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/mbedtls-2.28.0_v4.3' into 'release/v4.3'

Browse Source 
mbedtls: Upgrading to v2.28.0 (v4.3)

See merge request espressif/esp-idf!17005
This commit is contained in:
Mahavir Jain
2022-02-03 04:12:10 +00:00
parent c6278acdf2 bdd329ff02
commit fea5bdce86
16 changed files with 449 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
components/mbedtls/Kconfig
View File

@ -102,7 +102,7 @@ menu "mbedTLS"
default n
select MBEDTLS_ASYMMETRIC_CONTENT_LEN
# Dynamic buffer feature is not supported with DTLS
depends on !MBEDTLS_SSL_PROTO_DTLS
depends on !MBEDTLS_SSL_PROTO_DTLS && !MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
help
Using dynamic TX/RX buffer. After enabling this option, mbedTLS will
allocate TX buffer when need to send data and then free it if all data
@ -178,6 +178,111 @@ menu "mbedTLS"
default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG
default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE
menu "mbedTLS v2.28.x related"
config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
bool "Variable SSL buffer length"
default n
help
This enables the SSL buffer to be resized automatically
based on the negotiated maximum fragment length in each direction.
config MBEDTLS_ECDH_LEGACY_CONTEXT
bool "Use a backward compatible ECDH context (Experimental)"
default y
depends on MBEDTLS_ECDH_C && MBEDTLS_ECP_RESTARTABLE
help
Use the legacy ECDH context format.
Define this option only if you enable MBEDTLS_ECP_RESTARTABLE or if you
want to access ECDH context fields directly.
config MBEDTLS_X509_TRUSTED_CERT_CALLBACK
bool "Enable trusted certificate callbacks"
default n
help
Enables users to configure the set of trusted certificates
through a callback instead of a linked list.
See mbedTLS documentation for required API and more details.
config MBEDTLS_SSL_CONTEXT_SERIALIZATION
bool "Enable serialization of the TLS context structures"
default n
help
Enable serialization of the TLS context structures
This is a local optimization in handling a single, potentially long-lived connection.
See mbedTLS documentation for required API and more details.
Disabling this option will save some code size.
config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
bool "Keep peer certificate after handshake completion"
default y
depends on !MBEDTLS_DYNAMIC_FREE_PEER_CERT
help
Keep the peer's certificate after completion of the handshake.
Disabling this option will save about 4kB of heap and some code size.
See mbedTLS documentation for required API and more details.
menu "DTLS-based configurations"
visible if MBEDTLS_SSL_PROTO_DTLS
config MBEDTLS_SSL_DTLS_CONNECTION_ID
bool "Support for the DTLS Connection ID extension"
depends on MBEDTLS_SSL_PROTO_DTLS
default n
help
Enable support for the DTLS Connection ID extension which allows to
identify DTLS connections across changes in the underlying transport.
The Connection ID extension is still in draft state.
Refer: version draft-ietf-tls-dtls-connection-id-05
config MBEDTLS_SSL_CID_IN_LEN_MAX
int "Maximum length of CIDs used for incoming DTLS messages"
default 32
range 0 32
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
help
Maximum length of CIDs used for incoming DTLS messages
config MBEDTLS_SSL_CID_OUT_LEN_MAX
int "Maximum length of CIDs used for outgoing DTLS messages"
default 32
range 0 32
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
help
Maximum length of CIDs used for outgoing DTLS messages
config MBEDTLS_SSL_CID_PADDING_GRANULARITY
int "Record plaintext padding (for DTLS 1.2)"
default 16
range 0 32
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
help
Controls the use of record plaintext padding when
using the Connection ID extension in DTLS 1.2.
The padding will always be chosen so that the length of the
padded plaintext is a multiple of the value of this option.
Notes:
A value of 1 means that no padding will be used for outgoing records.
On systems lacking division instructions, a power of two should be preferred.
config MBEDTLS_SSL_DTLS_SRTP
bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)"
depends on MBEDTLS_SSL_PROTO_DTLS
default n
help
Enable support for negotiation of DTLS-SRTP (RFC 5764) through the use_srtp extension.
See mbedTLS documentation for required API and more details.
Disabling this option will save some code size.
endmenu
endmenu
menu "Certificate Bundle"
@ -220,10 +325,6 @@ menu "mbedTLS"
relative to the project root directory.
endmenu
config MBEDTLS_ECP_RESTARTABLE
bool "Enable mbedTLS ecp restartable"
default n

2
components/mbedtls/component.mk
View File

@ -5,6 +5,8 @@
COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include esp_crt_bundle/include
COMPONENT_PRIV_INCLUDEDIRS := mbedtls/library
COMPONENT_SRCDIRS := mbedtls/library port port/$(IDF_TARGET) port/sha port/sha/parallel_engine port/aes port/aes/block port/md esp_crt_bundle
COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o

2
components/mbedtls/mbedtls

Submodule components/mbedtls/mbedtls updated: dc406b82b2...8b0e35f2ad

20
components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c
View File

@ -1,16 +1,8 @@
// Copyright 2021 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "esp_crypto_shared_gdma.h"
@ -106,7 +98,7 @@ static esp_err_t crypto_shared_gdma_init(void)
return ESP_OK;
err:
ESP_LOGE(TAG, "Failed to acquire DMA channel, Err=0x%X", ret);
ESP_LOGE(TAG, "Failed to acquire DMA channel, Err=%d", ret);
tx_channel = NULL;
rx_channel = NULL;

50
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
View File

@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include "esp_mbedtls_dynamic_impl.h"
@ -266,12 +258,12 @@ int esp_mbedtls_add_tx_buffer(mbedtls_ssl_context *ssl, size_t buffer_len)
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + buffer_len);
if (!esp_buf) {
ESP_LOGE(TAG, "alloc(%d bytes) failed", SSL_BUF_HEAD_OFFSET_SIZE + buffer_len);
ESP_LOGE(TAG, "alloc(%zu bytes) failed", SSL_BUF_HEAD_OFFSET_SIZE + buffer_len);
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
ESP_LOGV(TAG, "add out buffer %d bytes @ %p", buffer_len, esp_buf->buf);
ESP_LOGV(TAG, "add out buffer %zu bytes @ %p", buffer_len, esp_buf->buf);
esp_mbedtls_init_ssl_buf(esp_buf, buffer_len);
init_tx_buffer(ssl, esp_buf->buf);
@ -350,13 +342,13 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
ssl->in_hdr = msg_head;
ssl->in_len = msg_head + 3;
if ((ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_hdr_len(ssl))) != 0) {
if ((ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl))) != 0) {
if (ret == MBEDTLS_ERR_SSL_TIMEOUT) {
ESP_LOGD(TAG, "mbedtls_ssl_fetch_input reads data times out");
} else if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
ESP_LOGD(TAG, "mbedtls_ssl_fetch_input wants to read more data");
} else {
ESP_LOGE(TAG, "mbedtls_ssl_fetch_input error=-0x%x", -ret);
ESP_LOGE(TAG, "mbedtls_ssl_fetch_input error=%d", -ret);
}
goto exit;
@ -531,27 +523,3 @@ void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
}
}
#endif /* CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT */
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT
void esp_mbedtls_free_peer_cert(mbedtls_ssl_context *ssl)
{
if (ssl->session_negotiate->peer_cert) {
mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
mbedtls_free( ssl->session_negotiate->peer_cert );
ssl->session_negotiate->peer_cert = NULL;
}
}
bool esp_mbedtls_ssl_is_rsa(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->transform_negotiate->ciphersuite_info;
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
return true;
} else {
return false;
}
}
#endif

12
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -26,7 +26,7 @@
TRACE_CHECK(_fn, "state"); \
\
if ((_ret = _fn) != 0) { \
ESP_LOGV(TAG, "\"%s\" result is -0x%x", # _fn, -_ret); \
ESP_LOGV(TAG, "\"%s\" result is %d", # _fn, -_ret); \
TRACE_CHECK(_fn, "fail"); \
return _ret; \
} \
@ -46,7 +46,7 @@ struct esp_mbedtls_ssl_buf {
unsigned char buf[];
};
#define SSL_BUF_HEAD_OFFSET_SIZE offsetof(struct esp_mbedtls_ssl_buf, buf)
#define SSL_BUF_HEAD_OFFSET_SIZE ((int)offsetof(struct esp_mbedtls_ssl_buf, buf))
void esp_mbedtls_free_buf(unsigned char *buf);
@ -86,10 +86,4 @@ void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl);
void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl);
#endif
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT
void esp_mbedtls_free_peer_cert(mbedtls_ssl_context *ssl);
bool esp_mbedtls_ssl_is_rsa(mbedtls_ssl_context *ssl);
#endif
#endif /* _DYNAMIC_IMPL_H_ */

37
components/mbedtls/port/dynamic/esp_ssl_cli.c
View File

@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <sys/param.h>
#include <stdbool.h>
#include "esp_mbedtls_dynamic_impl.h"
@ -72,19 +64,6 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
if (!ssl->keep_current_message) {
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
}
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT
/**
* If current ciphersuite is RSA, we should free peer'
* certificate at step MBEDTLS_SSL_CLIENT_KEY_EXCHANGE.
*
* And if it is other kinds of ciphersuite, we can free
* peer certificate here.
*/
if (esp_mbedtls_ssl_is_rsa(ssl) == false) {
esp_mbedtls_free_peer_cert(ssl);
}
#endif
}
break;
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
@ -133,12 +112,6 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
} else {
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT
if (esp_mbedtls_ssl_is_rsa(ssl) == true) {
esp_mbedtls_free_peer_cert(ssl);
}
#endif
}
break;
case MBEDTLS_SSL_CERTIFICATE_VERIFY:

22
components/mbedtls/port/dynamic/esp_ssl_srv.c
View File

@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <sys/param.h>
#include "esp_mbedtls_dynamic_impl.h"
@ -136,10 +128,6 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
} else {
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT
esp_mbedtls_free_peer_cert(ssl);
#endif
}
break;
case MBEDTLS_SSL_CLIENT_FINISHED:

28
components/mbedtls/port/dynamic/esp_ssl_tls.c
View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -39,22 +39,11 @@ static int rx_done(mbedtls_ssl_context *ssl)
return 1;
}
ESP_LOGD(TAG, "RX left %d bytes", ssl->in_msglen);
ESP_LOGD(TAG, "RX left %zu bytes", ssl->in_msglen);
return 0;
}
static void ssl_transform_init( mbedtls_ssl_transform *transform )
{
memset( transform, 0, sizeof(mbedtls_ssl_transform) );
mbedtls_cipher_init( &transform->cipher_ctx_enc );
mbedtls_cipher_init( &transform->cipher_ctx_dec );
mbedtls_md_init( &transform->md_ctx_enc );
mbedtls_md_init( &transform->md_ctx_dec );
}
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
@ -98,7 +87,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
handshake->update_checksum = ssl_update_checksum_start;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs );
#endif
@ -116,13 +105,18 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
#endif
#endif
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE)
mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_pk_init( &handshake->peer_pubkey );
#endif
}
static int ssl_handshake_init( mbedtls_ssl_context *ssl )
@ -174,7 +168,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
/* Initialize structures */
mbedtls_ssl_session_init( ssl->session_negotiate );
ssl_transform_init( ssl->transform_negotiate );
mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake );
return( 0 );
@ -219,7 +213,7 @@ int __wrap_mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t
ESP_LOGD(TAG, "fail, the connection indicated an EOF");
return 0;
} else if (ret < 0) {
ESP_LOGD(TAG, "fail, error=-0x%x", -ret);
ESP_LOGD(TAG, "fail, error=%d", -ret);
return ret;
}
ESP_LOGD(TAG, "end");

11
components/mbedtls/port/esp_bignum.c
View File

@ -458,7 +458,18 @@ cleanup:
return ret;
}
int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
{
mbedtls_mpi _B;
mbedtls_mpi_uint p[1];
_B.s = 1;
_B.n = 1;
_B.p = p;
p[0] = b;
return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
}
/* Deal with the case when X & Y are too long for the hardware unit, by splitting one operand
into two halves.

6
components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
View File

@ -224,7 +224,7 @@ int esp_ds_rsa_sign( void *ctx,
}
if ((ret = (rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, ((s_ds_data->rsa_length + 1) * FACTOR_KEYLEN_IN_BYTES), sig ))) != 0) {
ESP_LOGE(TAG, "Error in pkcs1_v15 encoding, returned %02x", ret);
ESP_LOGE(TAG, "Error in pkcs1_v15 encoding, returned %d", ret);
heap_caps_free(signature);
return -1;
}
@ -238,14 +238,14 @@ int esp_ds_rsa_sign( void *ctx,
s_esp_ds_hmac_key_id,
&esp_ds_ctx);
if (ds_r != ESP_OK) {
ESP_LOGE(TAG, "Error in esp_ds_start_sign, returned %02x ", ds_r);
ESP_LOGE(TAG, "Error in esp_ds_start_sign, returned %d ", ds_r);
heap_caps_free(signature);
return -1;
}
ds_r = esp_ds_finish_sign((void *)signature, esp_ds_ctx);
if (ds_r != ESP_OK) {
ESP_LOGE(TAG, "Error in esp_ds_finish sign, returned %02X ", ds_r);
ESP_LOGE(TAG, "Error in esp_ds_finish sign, returned %d ", ds_r);
heap_caps_free(signature);
return -1;
}

285
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@ -1,12 +1,13 @@
/**
*
* \brief Default mbedTLS configuration options for esp-idf
* \brief Default mbedTLS configuration options for ESP-IDF
*
* This set of compile-time options may be used to enable
* or disable features selectively, and reduce the global
* memory footprint.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -20,8 +21,6 @@
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef ESP_CONFIG_H
@ -310,18 +309,54 @@
*
* \note This option only works with the default software implementation of
* elliptic curve functionality. It is incompatible with
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT.
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
* and MBEDTLS_ECDH_LEGACY_CONTEXT.
*/
#ifdef CONFIG_MBEDTLS_ECP_RESTARTABLE
#define MBEDTLS_ECP_RESTARTABLE
#endif
/**
* \def MBEDTLS_ECDH_LEGACY_CONTEXT
*
* Use a backward compatible ECDH context.
*
* Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
* defined in `ecdh.h`). For most applications, the choice of format makes
* no difference, since all library functions can work with either format,
* except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
* The new format used when this option is disabled is smaller
* (56 bytes on a 32-bit platform). In future versions of the library, it
* will support alternative implementations of ECDH operations.
* The new format is incompatible with applications that access
* context fields directly and with restartable ECP operations.
*
* Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
* want to access ECDH context fields directly. Otherwise you should
* comment out this macro definition.
*
* This option has no effect if #MBEDTLS_ECDH_C is not enabled.
*
* \note This configuration option is experimental. Future versions of the
* library may modify the way the ECDH context layout is configured
* and may modify the layout of the new context type.
*/
#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
#define MBEDTLS_ECDH_LEGACY_CONTEXT
#endif
/**
* \def MBEDTLS_CMAC_C
*
* Enable the CMAC (Cipher-based Message Authentication Code) mode for block
* ciphers.
*
* \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
* implementation of the CMAC algorithm is provided by an alternate
* implementation, that alternate implementation may opt to not support
* AES-192 or 3DES as underlying block ciphers for the CMAC operation.
*
* Module: library/cmac.c
*
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
@ -339,6 +374,7 @@
*
* Comment macros to disable the curve and functions for it
*/
/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#else
@ -394,12 +430,12 @@
#else
#undef MBEDTLS_ECP_DP_BP512R1_ENABLED
#endif
/* Montgomery curves (supporting ECP) */
#ifdef CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#else
#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED
#endif
#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
#undef MBEDTLS_ECP_DP_CURVE448_ENABLED
#endif
@ -427,7 +463,7 @@
* may result in a compromise of the long-term signing key. This is avoided by
* the deterministic variant.
*
* Requires: MBEDTLS_HMAC_DRBG_C
* Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
*
* Comment this macro to disable deterministic ECDSA.
*/
@ -668,7 +704,7 @@
*
* Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
*
* Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
* Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@ -696,7 +732,7 @@
*
* Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
*
* Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
* Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@ -850,6 +886,69 @@
*/
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/**
* \def MBEDTLS_SSL_DTLS_CONNECTION_ID
*
* Enable support for the DTLS Connection ID extension
* (version draft-ietf-tls-dtls-connection-id-05,
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
* which allows to identify DTLS connections across changes
* in the underlying transport.
*
* Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
* `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
* See the corresponding documentation for more information.
*
* \warning The Connection ID extension is still in draft state.
* We make no stability promises for the availability
* or the shape of the API controlled by this option.
*
* The maximum lengths of outgoing and incoming CIDs can be configured
* through the options
* - MBEDTLS_SSL_CID_OUT_LEN_MAX
* - MBEDTLS_SSL_CID_IN_LEN_MAX.
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*
* Uncomment to enable the Connection ID extension.
*/
#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID
#define MBEDTLS_SSL_DTLS_CONNECTION_ID
#else
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
#endif
/**
* \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
*
* Enable serialization of the TLS context structures, through use of the
* functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
*
* This pair of functions allows one side of a connection to serialize the
* context associated with the connection, then free or re-use that context
* while the serialized state is persisted elsewhere, and finally deserialize
* that state to a live context for resuming read/write operations on the
* connection. From a protocol perspective, the state of the connection is
* unaffected, in particular this is entirely transparent to the peer.
*
* Note: this is distinct from TLS session resumption, which is part of the
* protocol and fully visible by the peer. TLS session resumption enables
* establishing new connections associated to a saved session with shorter,
* lighter handshakes, while context serialization is a local optimization in
* handling a single, potentially long-lived connection.
*
* Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
* saved after the handshake to allow for more efficient serialization, so if
* you don't need this feature you'll save RAM by disabling it.
*
* Comment to disable the context serialization APIs.
*/
#ifdef CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION
#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
#else
#undef MBEDTLS_SSL_CONTEXT_SERIALIZATION
#endif
/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
*
* Enable support for Encrypt-then-MAC, RFC 7366.
@ -874,8 +973,8 @@
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
*
* Enable support for Extended Master Secret, aka Session Hash
* (draft-ietf-tls-session-hash-02).
* Enable support for RFC 7627: Session Hash and Extended Master Secret
* Extension.
*
* This was introduced as "the proper fix" to the Triple Handshake familiy of
* attacks, but it is recommended to always use it (even if you disable
@ -897,7 +996,8 @@
/**
* \def MBEDTLS_SSL_FALLBACK_SCSV
*
* Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
* Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
* for Preventing Protocol Downgrade Attacks.
*
* For servers, it is recommended to always enable this, unless you support
* only one version of TLS, or know for sure that none of your clients
@ -911,6 +1011,32 @@
*/
#define MBEDTLS_SSL_FALLBACK_SCSV
/**
* \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
*
* This option controls the availability of the API mbedtls_ssl_get_peer_cert()
* giving access to the peer's certificate after completion of the handshake.
*
* Unless you need mbedtls_ssl_peer_cert() in your application, it is
* recommended to disable this option for reduced RAM usage.
*
* \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
* defined, but always returns \c NULL.
*
* \note This option has no influence on the protection against the
* triple handshake attack. Even if it is disabled, Mbed TLS will
* still ensure that certificates do not change during renegotiation,
* for exaple by keeping a hash of the peer's certificate.
*
* Comment this macro to disable storing the peer's certificate
* after the handshake.
*/
#ifdef CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
#else
#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
#endif
/**
* \def MBEDTLS_SSL_PROTO_TLS1
*
@ -935,6 +1061,9 @@
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* \deprecated This option is deprecated and will be removed in a future
* version of Mbed TLS.
*
* Comment this macro to disable support for SSL 3.0
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_SSL3
@ -1092,6 +1221,41 @@
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
#endif
/**
* \def MBEDTLS_SSL_DTLS_SRTP
*
* Enable support for negotiation of DTLS-SRTP (RFC 5764)
* through the use_srtp extension.
*
* \note This feature provides the minimum functionality required
* to negotiate the use of DTLS-SRTP and to allow the derivation of
* the associated SRTP packet protection key material.
* In particular, the SRTP packet protection itself, as well as the
* demultiplexing of RTP and DTLS packets at the datagram layer
* (see Section 5 of RFC 5764), are not handled by this feature.
* Instead, after successful completion of a handshake negotiating
* the use of DTLS-SRTP, the extended key exporter API
* mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement
* the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
* (this is implemented in the SSL example programs).
* The resulting key should then be passed to an SRTP stack.
*
* Setting this option enables the runtime API
* mbedtls_ssl_conf_dtls_srtp_protection_profiles()
* through which the supported DTLS-SRTP protection
* profiles can be configured. You must call this API at
* runtime if you wish to negotiate the use of DTLS-SRTP.
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*
* Uncomment this to enable support for use_srtp extension.
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_DTLS_SRTP
#else
#undef MBEDTLS_SSL_DTLS_SRTP
#endif
/**
* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
*
@ -1176,6 +1340,21 @@
#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
*
* When this option is enabled, the SSL buffer will be resized automatically
* based on the negotiated maximum fragment length in each direction.
*
* Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
*/
#if defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH && CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
#else
#undef MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
#endif
/**
*
* \def MBEDTLS_VERSION_FEATURES
*
* Allow run-time checking of compile-time enabled features. Thus allowing users
@ -1641,7 +1820,9 @@
* This module is used by the following key exchanges:
* ECDHE-ECDSA
*
* Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
* Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
* and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
* short Weierstrass curve.
*/
#ifdef CONFIG_MBEDTLS_ECDSA_C
#define MBEDTLS_ECDSA_C
@ -1719,11 +1900,11 @@
/**
* \def MBEDTLS_GCM_C
*
* Enable the Galois/Counter Mode (GCM) for AES.
* Enable the Galois/Counter Mode (GCM).
*
* Module: library/gcm.c
*
* Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
* Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
*
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
@ -2323,6 +2504,29 @@
#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#endif
/**
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
*
* If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
* and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
* the set of trusted certificates through a callback instead of a linked
* list.
*
* This is useful for example in environments where a large number of trusted
* certificates is present and storing them in a linked list isn't efficient
* enough, or when the set of trusted certificates changes frequently.
*
* See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
* `mbedtls_ssl_conf_ca_cb()` for more information.
*
* Uncomment to enable trusted certificate callbacks.
*/
#ifdef CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK
#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
#else
#undef MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
#endif
/**
* \def MBEDTLS_X509_CSR_WRITE_C
*
@ -2383,6 +2587,51 @@
*/
#define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN
/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
*
* The maximum length of CIDs used for incoming DTLS messages.
*
*/
#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID
#define MBEDTLS_SSL_CID_IN_LEN_MAX CONFIG_MBEDTLS_SSL_CID_IN_LEN_MAX
#else
#undef MBEDTLS_SSL_CID_IN_LEN_MAX
#endif
/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
*
* The maximum length of CIDs used for outgoing DTLS messages.
*
*/
#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID
#define MBEDTLS_SSL_CID_OUT_LEN_MAX CONFIG_MBEDTLS_SSL_CID_OUT_LEN_MAX
#else
#undef MBEDTLS_SSL_CID_OUT_LEN_MAX
#endif
/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
*
* This option controls the use of record plaintext padding
* when using the Connection ID extension in DTLS 1.2.
*
* The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option.
*
* Note: A value of \c 1 means that no padding will be used
* for outgoing records.
*
* Note: On systems lacking division instructions,
* a power of two should be preferred.
*
*/
#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID
#define MBEDTLS_SSL_CID_PADDING_GRANULARITY CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
#else
#undef MBEDTLS_SSL_CID_PADDING_GRANULARITY
#endif
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
*
* Maximum outgoing fragment length in bytes.
@ -2416,6 +2665,10 @@
* default. At the time of writing, there is no practical attack on the use
* of SHA-1 in handshake signatures, hence this option is turned on by default
* for compatibility with existing peers.
*
* \warning SHA-1 is considered a weak message digest and its use constitutes
* a security risk. If possible, we recommend avoiding dependencies
* on it, and considering stronger message digests instead.
*/
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE

20
components/mbedtls/port/sha/esp_sha.c
View File

@ -1,16 +1,8 @@
// Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdio.h>
@ -100,6 +92,6 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
}
#endif //SOC_SHA_SUPPORT_SHA512
ESP_LOGE(TAG, "SHA type %d not supported", sha_type);
ESP_LOGE(TAG, "SHA type %d not supported", (int)sha_type);
abort();
}

21
components/protocomm/src/security/security1.c
View File

@ -1,16 +1,8 @@
// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <stdio.h>
#include <stdlib.h>
@ -25,6 +17,7 @@
#include <mbedtls/ecdh.h>
#include <mbedtls/error.h>
#include <mbedtls/ssl_internal.h>
#include <mbedtls/constant_time.h>
#include <protocomm_security.h>
#include <protocomm_security1.h>
@ -116,7 +109,7 @@ static esp_err_t handle_session_command1(session_t *cur_session,
hexdump("Dec Client verifier", check_buf, sizeof(check_buf));
/* constant time memcmp */
if (mbedtls_ssl_safer_memcmp(check_buf, cur_session->device_pubkey,
if (mbedtls_ct_memcmp(check_buf, cur_session->device_pubkey,
sizeof(cur_session->device_pubkey)) != 0) {
ESP_LOGE(TAG, "Key mismatch. Close connection");
mbedtls_aes_free(&cur_session->ctx_aes);

6
components/wpa_supplicant/src/crypto/tls_mbedtls.c
View File

@ -74,6 +74,7 @@ struct tls_connection {
tls_context_t *tls;
struct tls_data tls_io_data;
unsigned char randbytes[2 * TLS_RANDOM_LEN];
mbedtls_md_type_t mac;
};
static void tls_mbedtls_cleanup(tls_context_t *tls)
@ -573,6 +574,7 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
if (tls->ssl.handshake) {
os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
TLS_RANDOM_LEN * 2);
conn->mac = tls->ssl.handshake->ciphersuite_info->mac;
}
}
ret = mbedtls_ssl_handshake_step(&tls->ssl);
@ -803,10 +805,10 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN);
wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->session->master, TLS_MASTER_SECRET_LEN);
if (transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
if (conn->mac == MBEDTLS_MD_SHA384) {
ret = tls_prf_sha384(ssl->session->master, TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
} else if (transform->ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
} else if (conn->mac == MBEDTLS_MD_SHA256) {
ret = tls_prf_sha256(ssl->session->master, TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
} else {

1
tools/ci/check_public_headers_exceptions.txt
View File

@ -49,6 +49,7 @@ components/wpa_supplicant/port/
components/mbedtls/port/include/
components/mbedtls/mbedtls/include/mbedtls/
components/mbedtls/mbedtls/include/psa/
components/coap/
components/nghttp/