feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'contrib/github_pr_10328' into 'master'

Browse Source 
Improve certificate logging (GitHub PR)

Closes IDFGH-8911

See merge request espressif/esp-idf!21518
This commit is contained in:
Mahavir Jain
2022-12-09 15:37:08 +08:00
parent 7d7a710b60 260fd5c5a5
commit fbbb937b06
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
components/esp-tls/esp_tls_mbedtls.c
View File

@@ -341,7 +341,7 @@ static esp_err_t set_ca_cert(esp_tls_t *tls, const unsigned char *cacert, size_t
mbedtls_x509_crt_init(tls->cacert_ptr); mbedtls_x509_crt_init(tls->cacert_ptr);
int ret = mbedtls_x509_crt_parse(tls->cacert_ptr, cacert, cacert_len); int ret = mbedtls_x509_crt_parse(tls->cacert_ptr, cacert, cacert_len);
if (ret < 0) { if (ret < 0) {
ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%04X", -ret); ESP_LOGE(TAG, "mbedtls_x509_crt_parse of CA cert returned -0x%04X", -ret);
mbedtls_print_error_msg(ret); mbedtls_print_error_msg(ret);
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
return ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED; return ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED;
@@ -371,7 +371,7 @@ static esp_err_t set_pki_context(esp_tls_t *tls, const esp_tls_pki_t *pki)
ret = mbedtls_x509_crt_parse(pki->public_cert, pki->publiccert_pem_buf, pki->publiccert_pem_bytes); ret = mbedtls_x509_crt_parse(pki->public_cert, pki->publiccert_pem_buf, pki->publiccert_pem_bytes);
if (ret < 0) { if (ret < 0) {
ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%04X", -ret); ESP_LOGE(TAG, "mbedtls_x509_crt_parse of public cert returned -0x%04X", -ret);
mbedtls_print_error_msg(ret); mbedtls_print_error_msg(ret);
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
return ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED; return ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED;
@@ -868,7 +868,7 @@ esp_err_t esp_mbedtls_set_global_ca_store(const unsigned char *cacert_pem_buf, c
} }
ret = mbedtls_x509_crt_parse(global_cacert, cacert_pem_buf, cacert_pem_bytes); ret = mbedtls_x509_crt_parse(global_cacert, cacert_pem_buf, cacert_pem_bytes);
if (ret < 0) { if (ret < 0) {
ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%04X", -ret); ESP_LOGE(TAG, "mbedtls_x509_crt_parse of global CA cert returned -0x%04X", -ret);
mbedtls_print_error_msg(ret); mbedtls_print_error_msg(ret);
mbedtls_x509_crt_free(global_cacert); mbedtls_x509_crt_free(global_cacert);
free(global_cacert); free(global_cacert);
@@ -950,7 +950,7 @@ static esp_err_t esp_set_atecc608a_pki_context(esp_tls_t *tls, const void *pki)
if(cfg->clientcert_buf != NULL) { if(cfg->clientcert_buf != NULL) {
ret = mbedtls_x509_crt_parse(&tls->clientcert, (const unsigned char*)((esp_tls_pki_t *)pki->publiccert_pem_buf), (esp_tls_pki_t *)pki->publiccert_pem_bytes); ret = mbedtls_x509_crt_parse(&tls->clientcert, (const unsigned char*)((esp_tls_pki_t *)pki->publiccert_pem_buf), (esp_tls_pki_t *)pki->publiccert_pem_bytes);
if (ret < 0) { if (ret < 0) {
ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%04X", -ret); ESP_LOGE(TAG, "mbedtls_x509_crt_parse of client cert returned -0x%04X", -ret);
mbedtls_print_error_msg(ret); mbedtls_print_error_msg(ret);
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
return ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED; return ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED;

7
components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
View File

@@ -69,6 +69,7 @@ esp_err_t esp_ds_init_data_ctx(esp_ds_data_ctx_t *ds_data)
return ESP_FAIL; return ESP_FAIL;
} }
s_ds_data = ds_data->esp_ds_data; s_ds_data = ds_data->esp_ds_data;
ESP_LOGD(TAG, "Using DS with key block %u, RSA length %u", ds_data->efuse_key_id, ds_data->rsa_length_bits);
s_esp_ds_hmac_key_id = (hmac_key_id_t) ds_data->efuse_key_id; s_esp_ds_hmac_key_id = (hmac_key_id_t) ds_data->efuse_key_id;
const unsigned rsa_length_int = (ds_data->rsa_length_bits / 32) - 1; const unsigned rsa_length_int = (ds_data->rsa_length_bits / 32) - 1;
@@ -251,7 +252,11 @@ int esp_ds_rsa_sign( void *ctx,
ds_r = esp_ds_finish_sign((void *)signature, esp_ds_ctx); ds_r = esp_ds_finish_sign((void *)signature, esp_ds_ctx);
if (ds_r != ESP_OK) { if (ds_r != ESP_OK) {
ESP_LOGE(TAG, "Error in esp_ds_finish sign, returned %d ", ds_r); if (ds_r == ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST) {
ESP_LOGE(TAG, "Invalid digest in DS data reported by esp_ds_finish_sign");
} else {
ESP_LOGE(TAG, "Error in esp_ds_finish_sign, returned %d ", ds_r);
}
heap_caps_free(signature); heap_caps_free(signature);
return -1; return -1;
} }