Laukik Hase
d7090b4d52
https_server: Add config option to min. cert. auth mode
...
- Added a config option to set the minimum Certificate Verification
mode to Optional
- When this option is enabled, the peer (the client) certificate
is checked by the server, however the handshake continues even if
verification failed.
- By default, the peer certificate is not checked and ignored by the server.
Closes https://github.com/espressif/esp-idf/issues/8664
2022-03-29 08:57:36 +00:00
Aditya Patwardhan
4c58685c00
esp_https_server: Enable secure element support.
...
Closes https://github.com/espressif/esp-idf/issues/8286
2022-03-27 14:35:25 +05:30
Mahavir Jain
102f8e961f
esp-tls: use SOC capability macros instead of target names
2022-03-22 02:06:30 +00:00
Mahavir Jain
93987e6b79
Merge branch 'fix/remove_test_cert_files_from_mbedtls_port_directory' into 'master'
...
mbedtls: Remove certs.c and certs.h from port directory
Closes IDF-4709
See merge request espressif/esp-idf!17485
2022-03-18 16:47:53 +08:00
Aditya Patwardhan
f31d8dd295
mbedtls: Remove certs.c and certs.h from port directory
2022-03-15 17:16:07 +05:30
Anton Maklakov
e27f1331e4
components: correct printf() placeholder for time_t
...
Using C99 %jd, https://en.cppreference.com/w/c/chrono/time_t
2022-03-14 14:05:47 +07:00
Aditya Patwardhan
8f67af174e
Merge branch 'contrib/github_pr_8462' into 'master'
...
Add WolfSSL esp_tls TLS1.3 configuration option (GitHub PR)
Closes IDFGH-6838 and IDFGH-6683
See merge request espressif/esp-idf!17324
2022-03-08 10:57:05 +08:00
Alexander Klassen
a46776ad02
Add WolfSSL esp_tls TLS1.3 configuration option
...
Closes https://github.com/espressif/esp-idf/issues/8313
2022-03-07 09:44:23 +00:00
Sudeep Mohanty
a9fda54d39
esp_hw_support/esp_system: Re-evaluate header inclusions and include directories
...
This commit updates the visibility of various header files and cleans up
some unnecessary inclusions. Also, this commit removes certain header
include paths which were maintained for backward compatibility.
2022-03-07 11:18:08 +05:30
Laukik Hase
f5feb7813e
mbedtls: Fix build errors related to TLS 1.3
...
- Kconfig: Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled
- esp-tls (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
60b167f2d6
mbedtls-3.1 update: Removed the `MBEDTLS_PRIVATE` from multiple files
...
after they have been again made public in mbedtls-3.1
*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
3b71bd7326
mbedtls-3.0: Fixed ESP32 build issues
...
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr
mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required
mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module
mbedtls-3.0: Fixed ESP32-H2 build issues
ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices
- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3
ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2
- Tests:
- example_test_protocols 1/2
ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example
- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3
Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0
mbedtls-3 update:
...
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
2022-03-03 01:37:10 +05:30
Mahavir Jain
8e94cf2bb1
Add http_parser (new component) dependency
2022-01-11 10:26:25 +05:30
Mahavir Jain
201e0b39a7
esp-tls: remove redundant snippet from CMakeList
2022-01-04 15:41:06 +05:30
Mahavir Jain
c26500cd5a
esp-tls: mark esp_tls_conn_delete API as deprecated
...
It is recommended to use `esp_tls_conn_destroy` API instead
2022-01-04 15:40:07 +05:30
Jakob Hasse
16514f93f0
refactor (test_utils)!: separate file for memory check functions
...
Memory check (leaks and heap tracing) functions for unit tests
now have a separate file now and are renamed for more consistency.
BREAKING CHANGE: renamed memory check function names which may be used
in unit tests outside IDF.
2021-12-08 11:06:00 +08:00
Roland Dobai
766aa57084
Build & config: Remove leftover files from the unsupported "make" build system
2021-11-11 15:32:36 +01:00
Mahavir Jain
8c9a3da695
mbedtls: disable Diffie-Hellman key exchange modes by default
...
Using these ciphers can constitute a security risk if the server
uses a weak prime for the key exchange.
Footprint impact:
Roughly 3K saved in text+rodata in default https_request example
2021-11-02 15:52:09 +08:00
John Ohl
27d66c0e33
Encoding base64 with wolfSSL should produce the same result as esp_crypto_bas64_encode_mbedtls and not encode in PEM format /w new lines
...
Closes https://github.com/espressif/esp-idf/pull/7676
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-10-17 00:01:23 +08:00
Laukik Hase
1d2b2b5879
feature: Added user callback for esp_https_server
...
- Can be used to get connection or client information (SSL context)
- E.g. Client certificate, Socket FD, Connection state, etc.
- Added example callback for getting client certificate information in 'https_server/simple' example
Closes https://github.com/espressif/esp-idf/issues/7479
2021-10-11 09:41:01 +05:30
Mahavir Jain
8b4c0e71a9
Merge branch 'feature/mbedtls_session_ticket_support' into 'master'
...
Feature/mbedtls session ticket support
Closes IDFGH-5288 and IDF-3242
See merge request espressif/esp-idf!14496
2021-09-17 09:59:02 +00:00
Aditya Patwardhan
b4e4b9f20d
Added support for client session tickets in esp-tls (with mbedtls)
...
* client session tickets for individual tls connections are supported
* reorganize the esp-tls error codes.
* Update esp_err_to_name.c
* Fix styling
2021-09-15 22:19:04 +05:30
Daniel Bahrdt
7e886ca9ed
Implement server session ticket support with mbedtls
...
Closes https://github.com/espressif/esp-idf/pull/7048
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-09-15 22:19:04 +05:30
Aditya Patwardhan
c6c2ea975f
Fix esp_mbedtls_write API
...
Fix esp_wolfssl_write API
Closes https://github.com/espressif/esp-idf/issues/7461
2021-09-15 21:40:54 +05:30
Sachin Billore
667017d517
ESP32S3 support for ESP-MQTT SSL Mutual Authentication with Digital Signature
...
Closes IDF-3859
2021-09-06 11:17:30 +05:30
Shu Chen
6fce2930d0
esp32h2: enable more components to support esp32h2
...
Involved components:
* app_trace
* esp-tls
* esp_adc_cal
* esp_pm
* esp_serial_slave_link
* esp_timer
* freertos
* idf_test
* log
* mbedtls
* newlib
* perfmon
* spi_flash
* spiffs
* ulp
* unity
* vfs
2021-07-01 19:53:11 +08:00
Aditya Patwardhan
0e01a22264
esp_tls_wolfssl: Improved error messages
2021-06-28 14:51:41 +05:30
Aditya Patwardhan
4af1176d15
esp_tls_mbedtls: Improved the error messages.
...
The error message string for error codes is printedwhen log level is set to debug
2021-06-28 14:51:41 +05:30
Jan Brudny
967e057906
esp-tls, esp_http_client and esp_http_server: update copyright notice
2021-05-31 20:06:09 +08:00
David Cermak
f68d7d7023
esp_tls: Renamed public API to indicate the Plain TCP connection
...
Also added parameter checks if used from as a public API
and updated the `is_plein_tcp` description that it's possible to connect
directly using plain tcp transport with the new API.
2021-05-25 10:55:50 +02:00
David Cermak
f249ddd9ae
esp_transport: Use tcp_connect from esp_tls for plain TCP
...
so we don't have to allocate esp_tls structure (~2KB) to save heap when using plain TCP connection
Closes https://github.com/espressif/esp-idf/issues/6940
2021-05-25 07:04:02 +02:00
Jiri Schiebel
c01e259a98
esp_tls: esp_tls_connect: Reduce input params to err_handle
...
Pass only the error_handle instead of instead of the full config structure
2021-05-25 07:04:02 +02:00
Aditya Patwardhan
1abdfee3b7
secure_element: Update esp-cryptoauthlib submodule latest version.
...
*This updates the cryptoauthlib version in the esp-cryptoauthlib to cryptoauthlib-v3.3.1
2021-05-24 07:28:20 +00:00
Axel Lin
52442be9e1
esp-tls: Fix setsockopt for TCP_KEEPIDLE
...
Current code applies keep_alive_enable setting to TCP_KEEPIDLE, fix it.
Fixes: 2d25252746
("esp-tls: Rework tcp_connect() to use more subroutines")
Signed-off-by: Axel Lin <axel.lin@gmail.com>
2021-04-06 15:37:16 +08:00
yuanjm
f68e55edb3
esp-tls: Separate timeout_ms conditional judgement from keep alive
2021-03-10 02:19:29 +00:00
yuanjm
c62cbd1254
transport: Support bind socket to specified interface in transport and esp-tls
2021-03-10 02:19:29 +00:00
Aditya Patwardhan
bf513b6f31
Fix esp_tls: Prevent freeing of global ca store after each connection
...
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
yuanjm
da58235a0e
components: Use CONFIG_LWIP_IPV6 to strip IPv6 function in components
2021-02-23 18:26:03 +08:00
David Cermak
eb772e152c
esp_tls: Fix unresolved lwip symbol when complex dependency tree
2021-02-16 09:01:35 +01:00
David Cermak
5cfa545d08
esp-tls: Added _esp_tls_net_init to init fd for both mbedtls/wolfssl
2021-02-16 09:01:35 +01:00
David Cermak
4375f888fa
esp-tls: Fix wolfssl error codes for WANT_READ/WANT_WRITE
...
wolfSSL error codes are mostly positive numbers, but esp-tls potentially
non-block API (read/write) returns ssize_t, i.e. bytes read/written if
>0, errorcode otherwise. To comply with this API we have to conditionate
the wolfssl return codes to negative numbers, preferably the same codes
as mbedTLS codes.
2021-02-16 09:01:35 +01:00
David Cermak
2d25252746
esp-tls: Rework tcp_connect() to use more subroutines
...
Refactored the esp_tcp_connect() functionality to break it down to
* dns-resolution + socket creation
* set configured socket options
* set/reset non-block mode
* the actual connection in non-blocking mode
2021-02-16 09:01:35 +01:00
David Cermak
6b318fe583
esp_tls: Updated connection method to use non-blocking connect
...
For better control over connection timeouts
To be in line with former tcp_transport, as esp-tls is not used for
plain tcp transports
2021-02-16 09:00:43 +01:00
David Cermak
2c28ffffee
tcp_transport/esp_tls: Use common TCP transport to reduce code duplication
...
For high level review of the changes.
2021-02-16 09:00:43 +01:00
David Cermak
391d7bf271
tcp_transport: Add TCP transport connection errors
...
Transport's error_handle is used to capture different types of errors
including esp_err_t from esp-tls and socket/system errors.
This change adds the following error codes for TCP transport:
* connection closed by a FIN flag (clean closure from server)
* DNS resolution problem
* connection timeout
These errors are already defined in esp-tls component and since this
component will be used in the future for both TCP and SSL transport, we
currently report these issues in transport::error_handle::esp_tls_last_error
of standard esp error type (esp_err_t)
Closes https://github.com/espressif/esp-mqtt/issues/182
2021-02-16 09:00:43 +01:00
Aditya Patwardhan
0175c68400
esp_tls: Fix misplaced paranthesis in esp_tls_mbedtls.c
...
Fixes one part of - https://github.com/espressif/esp-idf/issues/6440
2021-02-10 02:07:58 +00:00
Mahavir Jain
f5e51e7c1b
Merge branch 'feature/esp32c3_ds_mbedtls_integration' into 'master'
...
esp32c3/Digital Signature: mbedtls integration through ESP-TLS
Closes IDF-2267
See merge request espressif/esp-idf!12033
2021-01-22 17:06:46 +08:00
yuanjm
044c3e3e74
Modify esp-tls and tcp_transport to support keep alive for tcp and ssl connection
...
Closes IDFGH-4543
2021-01-22 06:56:28 +00:00
Aditya Patwardhan
79c23a1886
esp32c3/Digital Signature: mbedtls integration through ESP-TLS
2021-01-22 11:54:16 +05:30