From 5a0324ad898b33a597c2f97919397184ab100c75 Mon Sep 17 00:00:00 2001 From: Harshit Malpani Date: Fri, 12 Jul 2024 12:23:45 +0530 Subject: [PATCH 1/2] fix: Fixed build errors with TLS 1.3 only configuration --- components/mbedtls/Kconfig | 2 +- .../esp_http_client/sdkconfig.ci.tls13_only | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 examples/protocols/esp_http_client/sdkconfig.ci.tls13_only diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index bf208f1321..08dfe046a5 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -795,7 +795,7 @@ menu "mbedTLS" config MBEDTLS_SSL_RENEGOTIATION bool "Support TLS renegotiation" - depends on MBEDTLS_TLS_ENABLED + depends on MBEDTLS_TLS_ENABLED && MBEDTLS_SSL_PROTO_TLS1_2 default y help The two main uses of renegotiation are (1) refresh keys on long-lived diff --git a/examples/protocols/esp_http_client/sdkconfig.ci.tls13_only b/examples/protocols/esp_http_client/sdkconfig.ci.tls13_only new file mode 100644 index 0000000000..9b2a9ba558 --- /dev/null +++ b/examples/protocols/esp_http_client/sdkconfig.ci.tls13_only @@ -0,0 +1,14 @@ +CONFIG_EXAMPLE_CONNECT_ETHERNET=y +CONFIG_EXAMPLE_CONNECT_WIFI=n +CONFIG_EXAMPLE_USE_INTERNAL_ETHERNET=y +CONFIG_EXAMPLE_ETH_PHY_IP101=y +CONFIG_EXAMPLE_ETH_MDC_GPIO=23 +CONFIG_EXAMPLE_ETH_MDIO_GPIO=18 +CONFIG_EXAMPLE_ETH_PHY_RST_GPIO=5 +CONFIG_EXAMPLE_ETH_PHY_ADDR=1 +CONFIG_EXAMPLE_CONNECT_IPV6=y +CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH=y +CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH=y +CONFIG_EXAMPLE_HTTP_ENDPOINT="httpbin.espressif.cn" +CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y From 8d0c4ee711e695e5a36a9423a1b95c40fedf99a6 Mon Sep 17 00:00:00 2001 From: Harshit Malpani Date: Fri, 12 Jul 2024 17:07:49 +0530 Subject: [PATCH 2/2] fix(wpa_supplicant): Fix build errors for exclusive TLSv1.3 mbedtls config Co-authored-by: Sarvesh Bodakhe --- .../wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c index 42b846a802..ff3699b497 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c @@ -201,6 +201,7 @@ static int set_ca_cert(tls_context_t *tls, const unsigned char *cacert, size_t c #ifdef CONFIG_SUITEB192 static uint16_t tls_sig_algs_for_suiteb[] = { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), @@ -211,6 +212,7 @@ static uint16_t tls_sig_algs_for_suiteb[] = { MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), #endif #endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_TLS_SIG_NONE }; @@ -235,6 +237,7 @@ static void tls_set_suiteb_config(tls_context_t *tls) #endif static uint16_t tls_sig_algs_for_eap[] = { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), @@ -263,6 +266,7 @@ static uint16_t tls_sig_algs_for_eap[] = { MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA1 ), #endif #endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_TLS_SIG_NONE };