From 51fc67f5fa4df1e6b9c53760cb5064dd7180fcc9 Mon Sep 17 00:00:00 2001
From: Laukik Hase <laukik.hase@espressif.com>
Date: Mon, 17 Jan 2022 16:47:32 +0530
Subject: [PATCH] ci: Fix issues for build stage - Fixed logs expecting
 different format specifier - Updated ignore list for check_public_header test
 - Updated functions ported from mbedTLS - Fix for make-system build errors

---
 components/mbedtls/component.mk               |  2 ++
 .../esp_crypto_shared_gdma.c                  | 20 ++++---------
 .../port/dynamic/esp_mbedtls_dynamic_impl.c   |  8 +++---
 .../port/dynamic/esp_mbedtls_dynamic_impl.h   |  4 +--
 components/mbedtls/port/dynamic/esp_ssl_tls.c | 28 ++++++++-----------
 .../mbedtls/port/esp_ds/esp_rsa_sign_alt.c    |  6 ++--
 components/mbedtls/port/sha/esp_sha.c         | 20 ++++---------
 tools/ci/check_public_headers_exceptions.txt  |  1 +
 8 files changed, 35 insertions(+), 54 deletions(-)

diff --git a/components/mbedtls/component.mk b/components/mbedtls/component.mk
index 97565b0983..ddf5cc2973 100644
--- a/components/mbedtls/component.mk
+++ b/components/mbedtls/component.mk
@@ -5,6 +5,8 @@
 
 COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include esp_crt_bundle/include
 
+COMPONENT_PRIV_INCLUDEDIRS := mbedtls/library
+
 COMPONENT_SRCDIRS := mbedtls/library port port/$(IDF_TARGET) port/sha port/sha/parallel_engine port/aes port/aes/block port/md esp_crt_bundle
 
 COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o
diff --git a/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c b/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c
index 30ec888dd7..83026a6274 100644
--- a/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c
+++ b/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c
@@ -1,16 +1,8 @@
-// Copyright 2021 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #include "esp_crypto_shared_gdma.h"
 
@@ -93,7 +85,7 @@ static esp_err_t crypto_shared_gdma_init(void)
     return ESP_OK;
 
 err:
-    ESP_LOGE(TAG, "Failed to acquire DMA channel, Err=0x%X", ret);
+    ESP_LOGE(TAG, "Failed to acquire DMA channel, Err=%d", ret);
     tx_channel = NULL;
     rx_channel = NULL;
 
diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
index 58c814ecd2..e7f9a4a401 100644
--- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
+++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
@@ -258,12 +258,12 @@ int esp_mbedtls_add_tx_buffer(mbedtls_ssl_context *ssl, size_t buffer_len)
 
     esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + buffer_len);
     if (!esp_buf) {
-        ESP_LOGE(TAG, "alloc(%d bytes) failed", SSL_BUF_HEAD_OFFSET_SIZE + buffer_len);
+        ESP_LOGE(TAG, "alloc(%zu bytes) failed", SSL_BUF_HEAD_OFFSET_SIZE + buffer_len);
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto exit;
     }
 
-    ESP_LOGV(TAG, "add out buffer %d bytes @ %p", buffer_len, esp_buf->buf);
+    ESP_LOGV(TAG, "add out buffer %zu bytes @ %p", buffer_len, esp_buf->buf);
 
     esp_mbedtls_init_ssl_buf(esp_buf, buffer_len);
     init_tx_buffer(ssl, esp_buf->buf);
@@ -342,13 +342,13 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
     ssl->in_hdr = msg_head;
     ssl->in_len = msg_head + 3;
 
-    if ((ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_hdr_len(ssl))) != 0) {
+    if ((ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl))) != 0) {
         if (ret == MBEDTLS_ERR_SSL_TIMEOUT) {
             ESP_LOGD(TAG, "mbedtls_ssl_fetch_input reads data times out");
         } else if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
             ESP_LOGD(TAG, "mbedtls_ssl_fetch_input wants to read more data");
         } else {
-            ESP_LOGE(TAG, "mbedtls_ssl_fetch_input error=-0x%x", -ret);
+            ESP_LOGE(TAG, "mbedtls_ssl_fetch_input error=%d", -ret);
         }
 
         goto exit;
diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
index a32f4e5b01..5dac6dd188 100644
--- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
+++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
@@ -26,7 +26,7 @@
     TRACE_CHECK(_fn, "state"); \
  \
     if ((_ret = _fn) != 0) { \
-        ESP_LOGV(TAG, "\"%s\" result is -0x%x", # _fn, -_ret); \
+        ESP_LOGV(TAG, "\"%s\" result is %d", # _fn, -_ret); \
         TRACE_CHECK(_fn, "fail"); \
         return _ret; \
     } \
@@ -46,7 +46,7 @@ struct esp_mbedtls_ssl_buf {
     unsigned char buf[];
 };
 
-#define SSL_BUF_HEAD_OFFSET_SIZE offsetof(struct esp_mbedtls_ssl_buf, buf)
+#define SSL_BUF_HEAD_OFFSET_SIZE ((int)offsetof(struct esp_mbedtls_ssl_buf, buf))
 
 void esp_mbedtls_free_buf(unsigned char *buf);
 
diff --git a/components/mbedtls/port/dynamic/esp_ssl_tls.c b/components/mbedtls/port/dynamic/esp_ssl_tls.c
index 94ce4bf160..e64bc2e8c2 100644
--- a/components/mbedtls/port/dynamic/esp_ssl_tls.c
+++ b/components/mbedtls/port/dynamic/esp_ssl_tls.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -39,22 +39,11 @@ static int rx_done(mbedtls_ssl_context *ssl)
         return 1;
     }
 
-    ESP_LOGD(TAG, "RX left %d bytes", ssl->in_msglen);
+    ESP_LOGD(TAG, "RX left %zu bytes", ssl->in_msglen);
 
     return 0;
 }
 
-static void ssl_transform_init( mbedtls_ssl_transform *transform )
-{
-    memset( transform, 0, sizeof(mbedtls_ssl_transform) );
-
-    mbedtls_cipher_init( &transform->cipher_ctx_enc );
-    mbedtls_cipher_init( &transform->cipher_ctx_dec );
-
-    mbedtls_md_init( &transform->md_ctx_enc );
-    mbedtls_md_init( &transform->md_ctx_dec );
-}
-
 static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
                                        const unsigned char *buf, size_t len )
 {
@@ -98,7 +87,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
     handshake->update_checksum = ssl_update_checksum_start;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs );
 #endif
 
@@ -116,13 +105,18 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
 #endif
 #endif
 
-#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+#if defined(MBEDTLS_SSL_ECP_RESTARTABLE)
     mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
 #endif
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
 #endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    mbedtls_pk_init( &handshake->peer_pubkey );
+#endif
 }
 
 static int ssl_handshake_init( mbedtls_ssl_context *ssl )
@@ -174,7 +168,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
 
     /* Initialize structures */
     mbedtls_ssl_session_init( ssl->session_negotiate );
-    ssl_transform_init( ssl->transform_negotiate );
+    mbedtls_ssl_transform_init( ssl->transform_negotiate );
     ssl_handshake_params_init( ssl->handshake );
 
     return( 0 );
@@ -219,7 +213,7 @@ int __wrap_mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t
         ESP_LOGD(TAG, "fail, the connection indicated an EOF");
         return 0;
     } else if (ret < 0) {
-        ESP_LOGD(TAG, "fail, error=-0x%x", -ret);
+        ESP_LOGD(TAG, "fail, error=%d", -ret);
         return ret;
     }
     ESP_LOGD(TAG, "end");
diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
index b0914cf01e..1dc1f6dd54 100644
--- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
+++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
@@ -228,7 +228,7 @@ int esp_ds_rsa_sign( void *ctx,
     }
 
     if ((ret = (rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, ((s_ds_data->rsa_length + 1) * FACTOR_KEYLEN_IN_BYTES), sig ))) != 0) {
-        ESP_LOGE(TAG, "Error in pkcs1_v15 encoding, returned %02x", ret);
+        ESP_LOGE(TAG, "Error in pkcs1_v15 encoding, returned %d", ret);
         heap_caps_free(signature);
         return -1;
     }
@@ -242,14 +242,14 @@ int esp_ds_rsa_sign( void *ctx,
                              s_esp_ds_hmac_key_id,
                              &esp_ds_ctx);
     if (ds_r != ESP_OK) {
-        ESP_LOGE(TAG, "Error in esp_ds_start_sign, returned %02x ", ds_r);
+        ESP_LOGE(TAG, "Error in esp_ds_start_sign, returned %d ", ds_r);
         heap_caps_free(signature);
         return -1;
     }
 
     ds_r = esp_ds_finish_sign((void *)signature, esp_ds_ctx);
     if (ds_r != ESP_OK) {
-        ESP_LOGE(TAG, "Error in esp_ds_finish sign, returned %02X ", ds_r);
+        ESP_LOGE(TAG, "Error in esp_ds_finish sign, returned %d ", ds_r);
         heap_caps_free(signature);
         return -1;
     }
diff --git a/components/mbedtls/port/sha/esp_sha.c b/components/mbedtls/port/sha/esp_sha.c
index 82a7ac1d0d..aa4fc23b17 100644
--- a/components/mbedtls/port/sha/esp_sha.c
+++ b/components/mbedtls/port/sha/esp_sha.c
@@ -1,16 +1,8 @@
-// Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #include <string.h>
 #include <stdio.h>
@@ -100,6 +92,6 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
     }
 #endif //SOC_SHA_SUPPORT_SHA512
 
-    ESP_LOGE(TAG, "SHA type %d not supported", sha_type);
+    ESP_LOGE(TAG, "SHA type %d not supported", (int)sha_type);
     abort();
 }
diff --git a/tools/ci/check_public_headers_exceptions.txt b/tools/ci/check_public_headers_exceptions.txt
index 152543ff6e..a5b267fc37 100644
--- a/tools/ci/check_public_headers_exceptions.txt
+++ b/tools/ci/check_public_headers_exceptions.txt
@@ -46,6 +46,7 @@ components/wpa_supplicant/esp_supplicant/include/
 
 components/mbedtls/port/include/
 components/mbedtls/mbedtls/include/mbedtls/
+components/mbedtls/mbedtls/include/psa/
 
 components/coap/
 components/nghttp/