2060 Commits

Author SHA1 Message Date
david-cermak 43f12ca7f8 Merge pull request #1094 from david-cermak/bump/tls_v0.2
[tls_cxx]: 0.1.0 -> 0.2.0 (mbedtls-v4/PSA support)
tls_cxx-v0.2.0
2026-07-03 15:14:00 +02:00
David Cermak 7850b6ed7a bump(tls_cxx): 0.1.0 -> 0.2.0
0.2.0
Bug Fixes
- Add support for mbedtls psa api (884d8fe6)
- Remove unnnecessary warning ignore (f8d2ed2e)
- Enable mbedtls cookie support (479122b2)
2026-07-03 13:51:44 +02:00
David Čermák f4ae0c85d9 Merge branch 'component/esp_dns_dos_fix' into 'main'
fix(dns): harden DNS response parsing against DoS and OOB reads (BBP#494)

See merge request cermak/esp-protocols!4
esp_dns-v1.0.1
2026-07-02 22:24:49 +08:00
Abhik Roy 9185077ffd bump(dns): 1.0.0 -> 1.0.1
1.0.1
Bug Fixes
- harden DNS response parsing against DoS and OOB reads (BBP#494) (39283bb)
- Fix http event handler to accept default case (4fbd86b)
2026-07-02 22:20:57 +10:00
Abhik Roy 39283bb1bb fix(dns): harden DNS response parsing against DoS and OOB reads (BBP#494)
Fix ESP-IDF-ESP_DNS-DOS-001 by making esp_dns response parsing
strictly bounds-safe. A malicious DNS response could previously cause
an infinite loop or read past the end of the receive buffer.

- skip_dns_name(): use size_t offset to prevent wraparound, and check
  bounds before reading labels and compression pointers
- esp_dns_parse_response(): reject responses shorter than a DNS header,
  track buffer_end, guard pointer arithmetic, and validate answer
  record headers and RR data before memcpy
- TCP/DoT/DoH callers: require a minimum response size and verify the
  RFC 7858 length prefix before parsing
2026-07-02 22:04:59 +10:00
david-cermak 6cbef7f8fc Merge pull request #1080 from imwis/patch-1
Reset last URC processed on consume all
2026-07-02 13:27:29 +02:00
david-cermak 1a6e719104 Merge pull request #1091 from david-cermak/fix/mdns_fuzz_browse
fix(mdns): Fix potential zero instance issue caught by mdns fuzzer
mdns-v1.11.3
2026-07-01 12:04:29 +02:00
David Cermak 8299a22398 bump(mdns): 1.11.2 -> 1.11.3
1.11.3
Features
- Add a structure and APIs for allocating TXT items with given value length (234f9f00)
Bug Fixes
- Fix potential browse null instance crash caught by fuzzer (953c3a78)
- fix deadlock caused by re-acquiring the service lock (88c68330)
- free dropped TXT query results when max results reached (f81720b7)
2026-06-30 15:33:40 +02:00
David Cermak 953c3a7867 fix(mdns): Fix potential browse null instance crash caught by fuzzer 2026-06-30 15:32:35 +02:00
david-cermak 004da13ba4 Merge pull request #1086 from gytxxsy/feat/use-recursive-locks-for-mdns-service
fix(mdns): fix deadlock caused by re-acquiring the service lock
2026-06-30 13:50:26 +02:00
david-cermak 7e1fb1b6c2 Merge pull request #1088 from Siflorite/feat/add_mdns_txt_item_with_len
feat(mdns): Add a structure and APIs for allocating TXT items with given value length
2026-06-30 10:26:44 +02:00
Xu Si Yu 88c6833000 fix(mdns): fix deadlock caused by re-acquiring the service lock 2026-06-30 15:45:55 +08:00
Siflorite 234f9f006d feat(mdns): Add a structure and APIs for allocating TXT items with given value length 2026-06-30 15:34:56 +08:00
david-cermak 8334d7618f Merge pull request #1084 from gytxxsy/fix/free-dropped-TXT-query-results-when-max-results-reached
fix(mdns): free dropped TXT query results when max results reached
2026-06-26 09:34:56 +02:00
Xu Si Yu f81720b78c fix(mdns): free dropped TXT query results when max results reached 2026-06-25 17:51:58 +08:00
david-cermak d7cc5908bc Merge pull request #1081 from david-cermak/bumkp/libsrtp_initial_v2.8.0
[libsrtp] Create initial v2.8.0 release
libsrtp-v2.8.0
2026-06-22 12:09:23 +02:00
David Cermak 6255b400ae bump(libsrtp): Initial version v2.8.0
2.8.0
Features
- add component (libsrtp v2.8.0 + ESP-IDF mbedTLS port) (e5997168)
Bug Fixes
- drop hand-authored CHANGELOG.md (auto-generated by bump commit) (ff81166c)
- address PR #1060 review feedback (04f64489)
Updated
- ci(libsrtp): Add libsrtp into components to publish (ee4fc8e9)
2026-06-22 11:56:52 +02:00
David Cermak ee4fc8e912 ci(libsrtp): Add libsrtp into components to publish
Also resets component's metadata to trigger bump commit
2026-06-22 11:42:20 +02:00
Vikram Dattu ff81166cc7 fix(libsrtp): drop hand-authored CHANGELOG.md (auto-generated by bump commit)
Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
2026-06-22 06:58:32 +02:00
Vikram Dattu 04f6448913 fix(libsrtp): address PR #1060 review feedback
- config.h: drop three duplicate macro defines (HAVE_STDINT_H,
  HAVE_SYS_TYPES_H, ERR_REPORTING_STDOUT)
- crypto_kernel.c: gate AES-ICM-192 on SOC_AES_SUPPORT_AES_192 instead
  of unconditional #if 0; ESP32 (only SoC with hw AES-192) now enables
  the cipher, other SoCs continue to skip it since mbedtls_aes_setkey
  returns PLATFORM_FEATURE_UNSUPPORTED for 192-bit keys there
- examples/get_started/README.md: fix link, repo migrated from
  idf-extra-components to esp-protocols
- LICENSE: prepend dual-license header (Apache-2.0 wrapper +
  BSD-3-Clause bundled libsrtp), keep Apache full text below
2026-06-22 06:58:32 +02:00
Vikram Dattu e5997168d9 feat(libsrtp): add component (libsrtp v2.8.0 + ESP-IDF mbedTLS port)
Adds libsrtp — an ESP-IDF wrapper around cisco/libsrtp pinned at v2.8.0
(commit 24b3bf8). Crypto routes through ESP-IDF's mbedTLS, so AES
protect/unprotect goes through the chip's on-chip AES peripheral by
default (CONFIG_MBEDTLS_HARDWARE_AES=y on esp32 / s2 / s3 / c3 / c5 /
c6 / p4). Pairs with libwebsockets and (upcoming) usrsctp for the
WebRTC transport stack.

The wrapper bundles cisco/libsrtp as a git submodule and compiles its
sources directly into the IDF component archive — no internal libsrtp2.a
dance. One small port-side delta in port/crypto_kernel.c opts out of
the AES-ICM-192 cipher registration when GCM is enabled (saves binary
size; AES-CM-128 + AES-GCM cover all WebRTC SRTP suites in use).

Naming + version follow cisco's release line. Component is named
'libsrtp' (registry: espressif/libsrtp) tracking whichever 2.x release
is current upstream — v2.8.0 today. The IDF version constraint
(>=5.4,<6) reflects the fact that libsrtp v2.x's mbedTLS adapters
predate the mbedTLS 4 / TF-PSA-Crypto split shipped by IDF v6; bump
when the component tracks a release that speaks mbedTLS 4.

Supported SRTP profiles via the mbedTLS backend:
  AEAD: AEAD_AES_128_GCM, AEAD_AES_256_GCM
  SRTP: AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32

Tests included:
  test_apps/         — embedded Unity smoke (esp32 + esp32c3 via
                       .build-test-rules)
  host_test/         — IDF Linux-target binary, AES-GCM-128 protect/
                       unprotect roundtrip; aborts on the first libsrtp
                       failure with EXPECT() for boolean assertions
  examples/get_started/ — minimal init/shutdown sanity app

License: Apache-2.0 (port glue) AND BSD-3-Clause (bundled cisco/libsrtp).

(Previously prepared as espressif/idf-extra-components#753; relocated to
esp-protocols where it naturally sits alongside libwebsockets and the
other transport-stack components.)
2026-06-22 06:58:32 +02:00
Wis Chu 311611fe42 Reset last URC processed on consume all
CONSUME_ALL discards the current buffer, so the URC processed offset must be reset before processing the next buffer. Otherwise, new_data_size can underflow when the next buffer is smaller.
2026-06-21 11:08:29 +08:00
Suren Gabrielyan 67f205bb8e Merge pull request #1018 from gabsuren/fix/ws_close_on_auto_reconnect_on_close
fix(websocket): Fix stale CLOSE_FRAME_SENT_BIT blocking PINGs after reconnect
2026-06-19 11:21:10 +04:00
surengab 183bd5c714 fix(websocket): fix CLOSE_FRAME_SENT_BIT stale on failed send with close_reconnect 2026-06-18 14:11:04 +04:00
Richard Allen be97cd0a41 fix(websocket): Fix close function with auto-reconnect-on-close
If auto-reconnect-on-close is configured, just close the current
connection. Do not try to stop the client.
2026-06-18 14:11:04 +04:00
David Čermák 0cdbf7e222 Merge branch 'fix/modem_bbp493' into 'main'
fix(modem): Truncate C-API out buffer len to API_STR_MAX

See merge request cermak/esp-protocols!2
modem-v2.0.2
2026-06-18 00:14:53 +08:00
David Cermak 7457b8d15d bump(modem): 2.0.1 -> 2.0.2
2.0.2
Features
- Add Delay after netif stop prior sending disconnect to CMUX virtual terminals (55f670ab)
- Add support for reset pin (d5e09178, #1065)
- Add end2end host tests with host modem_sim (cd3eb4a2)
- add idf build system v2 support (2e52e77f)
Bug Fixes
- Truncate C-API out buffer len to API_STR_MAX (c6c0b985)
- Fix URC handling: unbouded size, stale last urc (9cbf1d19)
- Prevent UART read -1/int leak to size_t (9176fa6e)
- Fix netif destructor UAF (5be5f6a2)
- Minor fixes per code review (ac832bb8)
- Remove optional_deps variable (unused) (783d23a5)
- Run test in CI, add batch mode (89008876)
- Harden AT library against command injection (6a684bfc)
2026-06-17 17:40:53 +02:00
David Cermak 68040f06d1 ci(modem): Do not use IDF master for host tests (yet)
Will be added after port layers updated
2026-06-17 17:39:46 +02:00
David Cermak c6c0b98536 fix(modem): Truncate C-API out buffer len to API_STR_MAX
And document the use of C-API and min buffer requirements
2026-06-17 17:38:26 +02:00
David Čermák 4fb97b209f Merge branch 'fix/mdns_bbp495' into 'main'
fix(mdns): Fix mdns infinite recursion

See merge request cermak/esp-protocols!1
mdns-v1.11.2
2026-06-16 22:11:53 +08:00
David Cermak 8783f5a6b0 bump(mdns): 1.11.1 -> 1.11.2
1.11.2
Bug Fixes
- Fix Unbounded recursion in mDNS name decompression (95c882c7)
- Fix wrong "truncated AAAA" error (fc5e6787)
- Add unit tests for fa84ee6e4 (8d7b9432)
- guard null TXT values in browse TXT comparison (1b4fcb0c)
- plug fuzz harness and browse sync memory leaks (a8c1dad3)
- bounds-copy browse service/proto when parsing packets (429d7b91)
- reject packets shorter than the DNS header (b556327e)
- Add support for fuzzing browses (7ec95d04)
- Fix browse to stage A/AAAA to match PTRs records (26bfcd14, #1064)
- queue browse send and trigger per-family browse on GOT_IP events (26e8dd1e)
2026-06-16 12:31:41 +02:00
David Cermak 95c882c7d7 fix(mdns): Fix Unbounded recursion in mDNS name decompression 2026-06-16 12:03:08 +02:00
david-cermak c6bf2deb2c Merge pull request #1067 from david-cermak/feat/mdns_fuzz_browse
[mdns] Support for fuzzing browses
2026-06-16 11:56:59 +02:00
david-cermak 1c92f54c5e Merge pull request #1075 from thiker5/master
feat(modem): Add Delay after netif stop prior sending disconnect to CMUX
2026-06-12 09:22:46 +02:00
Thiker Shreah 55f670ab69 feat(modem): Add Delay after netif stop prior sending disconnect to CMUX virtual terminals 2026-06-11 15:16:40 +03:00
david-cermak dc5efaebaf Merge pull request #1072 from littleant/patch-1
Fix wrong "truncated AAAA" error
2026-06-11 13:22:07 +02:00
Andreas K fc5e678726 fix(mdns): Fix wrong "truncated AAAA" error 2026-06-09 15:15:18 +02:00
david-cermak 6e90d562df Merge pull request #1071 from david-cermak/bump/lws_4.3.3_2
bump(lws): 4.3.3~1 -> 4.3.3~2
lws-v4.3.3_2
2026-06-09 13:07:24 +02:00
david-cermak b783c4de40 Merge pull request #1068 from david-cermak/feat/modem_reset_pin
feat(modem): Add support for reset pin
2026-06-08 17:27:10 +02:00
Euripedes 0979d853d6 Merge pull request #845 from bryghtlabs-richard/docs/websocketChangelog
docs: fix esp_websocket_client changelog formatting
2026-06-08 16:26:53 +02:00
David Cermak d5e0917848 feat(modem): Add support for reset pin
read_pin() treats both SIM PIN and SIM PUK as pin_ok = false
Added read_pin_state() to return the actual state
Added reset_pin() to use PUK to set a new SIM PIN

Closes https://github.com/espressif/esp-protocols/issues/1065
2026-06-08 10:28:01 +02:00
David Cermak 2c5d36137e bump(lws): 4.3.3~1 -> 4.3.3~2
4.3.3~2
Features
- add Kconfig toggles + bump submodule (23448d54)
2026-06-05 08:57:03 +02:00
David Cermak 8d7b943252 fix(mdns): Add unit tests for fa84ee6e4 2026-06-04 16:20:49 +02:00
David Cermak 1b4fcb0cd4 fix(mdns): guard null TXT values in browse TXT comparison
Key-only TXT records leave value NULL; comparing them with memcmp
triggered UBSan when fuzzed browse responses updated existing results.
2026-06-04 16:20:49 +02:00
David Cermak a8c1dad3ec fix(mdns): plug fuzz harness and browse sync memory leaks
Free browse sync pending lists on packet parse errors, tear down async
searches detached by search_finish in the host unit test, and replace
reassigned browse hostnames without leaking the old allocation.
2026-06-04 16:20:49 +02:00
David Cermak 429d7b91a2 fix(mdns): bounds-copy browse service/proto when parsing packets
browse_init stores service and proto with strlen+1 allocations, but
packet parsing copied MDNS_NAME_BUF_LEN bytes into browse snapshots.
2026-06-04 16:20:49 +02:00
David Cermak b556327e9b fix(mdns): reject packets shorter than the DNS header
Packets with 11 bytes passed the old length check but caused a read
past the RX buffer when loading the additional RR count field.
2026-06-04 16:20:49 +02:00
David Cermak 7ec95d04a5 fix(mdns): Add support for fuzzing browses 2026-06-04 16:20:49 +02:00
david-cermak 1ca844d6d9 Merge pull request #1061 from vikramdattu/feat/libwebsockets/kconfig-options
feat(lws): add Kconfig toggles + bump submodule
2026-06-04 16:20:07 +02:00
david-cermak d145cafbab Merge pull request #1066 from david-cermak/fix/mdns_ooo_browse
fix(mdns): Fix mdns-browse to stage A/AAAA
2026-06-04 16:19:09 +02:00