From 865a72eb8f6b8353c14d3714f7c57fa9f485a64e Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Wed, 7 Dec 2022 14:22:52 +0530
Subject: [PATCH 1/3] mbedtls: added SOC_AES_SUPPORT_AES_192 check in
 esp_aes_gcm_setkey()

---
 components/mbedtls/port/aes/esp_aes_gcm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c
index 81a5bfebd6..b5a9b1ce46 100644
--- a/components/mbedtls/port/aes/esp_aes_gcm.c
+++ b/components/mbedtls/port/aes/esp_aes_gcm.c
@@ -40,6 +40,7 @@
 #include "esp_heap_caps.h"
 #include "soc/soc_memory_layout.h"
 
+#include "mbedtls/error.h"
 #include <string.h>
 
 #define ESP_PUT_BE64(a, val)                                    \
@@ -257,6 +258,11 @@ int esp_aes_gcm_setkey( esp_gcm_context *ctx,
                         const unsigned char *key,
                         unsigned int keybits )
 {
+#if !SOC_AES_SUPPORT_AES_192
+    if (keybits == 192) {
+        return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
+    }
+#endif
     if (keybits != 128 && keybits != 192 && keybits != 256) {
         return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
     }

From 734724ba79c23d7073c16d65639346c593da7176 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Thu, 8 Dec 2022 10:26:25 +0530
Subject: [PATCH 2/3] mbedtls: fix esp_aes_crypt_ctr writing to null stream
 block

---
 components/mbedtls/port/aes/esp_aes_gcm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c
index b5a9b1ce46..3eac994f61 100644
--- a/components/mbedtls/port/aes/esp_aes_gcm.c
+++ b/components/mbedtls/port/aes/esp_aes_gcm.c
@@ -477,6 +477,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx,
 {
     size_t nc_off = 0;
     uint8_t len_block[AES_BLOCK_BYTES] = {0};
+    uint8_t stream[AES_BLOCK_BYTES] = {0};
 
     if ( tag_len > 16 || tag_len < 4 ) {
         return ( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -488,7 +489,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx,
     esp_gcm_ghash(ctx, len_block, AES_BLOCK_BYTES, ctx->ghash);
 
     /* Tag T = GCTR(J0, ) where T is truncated to tag_len */
-    esp_aes_crypt_ctr(&ctx->aes_ctx, tag_len, &nc_off, ctx->ori_j0, 0, ctx->ghash, tag);
+    esp_aes_crypt_ctr(&ctx->aes_ctx, tag_len, &nc_off, ctx->ori_j0, stream, ctx->ghash, tag);
 
     return 0;
 }

From ecdd20228597b7119aed1a52fa76c100e2d0527a Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Tue, 10 Jan 2023 16:24:52 +0530
Subject: [PATCH 3/3] mbedtls/port: added stream_block parameter sanity check

---
 components/mbedtls/port/aes/dma/esp_aes.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c
index 893b0556db..b5e4befd38 100644
--- a/components/mbedtls/port/aes/dma/esp_aes.c
+++ b/components/mbedtls/port/aes/dma/esp_aes.c
@@ -991,6 +991,11 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx,
         return -1;
     }
 
+    if (!stream_block) {
+        ESP_LOGE(TAG, "No stream supplied");
+        return -1;
+    }
+
     if (!nonce_counter) {
         ESP_LOGE(TAG, "No nonce supplied");
         return -1;