alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-11 21:10:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
45,331 Commits 21 Branches 167 Tags
ee3de247e211206a19d7cd562cbbd7147d4dcad5
Commit Graph

784 Commits

Author SHA1 Message Date
Harshal Patil
78faa2535c Merge branch 'feat/support_key_manager_esp32c5' into 'master' 
Support key manager esp32c5

Closes IDF-12626, IDF-12628, IDF-12629, IDF-8621, IDF-9007, IDF-12855, IDF-9070, IDF-7902, and IDF-7548

See merge request espressif/esp-idf!38894
 2025-07-01 11:36:19 +05:30
harshal.patil
ffefa9902d test(mbedtls): Extend the mbedtls ecdsa tests 2025-06-27 15:15:26 +05:30
harshal.patil
a7af364112 fix(esp_security): Power up MPI memory registers when enabling MPI 
Co-authored-by: Li HongXi <lihongxi@espressif.com>
 2025-06-27 15:15:26 +05:30
Ashish Sharma
cabb5009f2 feat(esp_crt): adds support for cross signed root certificates 2025-06-26 16:01:11 +08:00
Alexey Lapshin
74e26f8d29 fix(mbedtls): suppress -Wunterminated-string-initialization 2025-06-25 18:00:39 +07:00
Alexey Lapshin
86ca6ef829 fix(build): fix -Wanalyzer-undefined-behavior-ptrdiff warnings 2025-06-25 18:00:39 +07:00
Ashish Sharma
78af627857 fix(mbedtls): handle NULL ctx in ds rsa sign 2025-06-18 17:03:37 +08:00
harshal.patil
6fe38c7efd fix(mbedtls): re-include Comodo AAA Services root 2025-06-16 15:55:39 +05:30
Mahavir Jain
03433aad49 fix(mbedtls): re-include Starfield Class 2 CA 
Some of the endpoints (e.g., httpbin.org) is still relying on the
Starfield Class 2 CA in the chain. Added this root certificate as
a temporary exception and shall be removed in future.
 2025-06-16 15:55:36 +05:30
Mahavir Jain
a8bf745f23 Merge branch 'feat/adding_different_strategy_to_perform_tls_using_dynamic_feature' into 'master' 
Add configuration to control dynamic buffer strategy in mbedtls

Closes IDF-12591

See merge request espressif/esp-idf!39469
 2025-06-12 09:52:35 +05:30
Harshal Patil
c85075dc12 Merge branch 'update/update_cmn_crt_authorities_csv' into 'master' 
Update common cert authorities csv

See merge request espressif/esp-idf!39564
 2025-06-09 12:08:03 +05:30
Aditya Patwardhan
8d0527d7bf Merge branch 'feat/support_sha512_for_esp32c5' into 'master' 
Support SHA 512 for ESP32-C5

See merge request espressif/esp-idf!39421
 2025-06-09 09:42:37 +05:30
Espressif BOT
da1842ea0f change(mbedtls/crt_bundle): Update esp_cmn_crt_bundle certificates 2025-06-08 13:35:51 +05:30
harshal.patil
85ec4df4db change(mbedlts/port): Remove deprecated header files 2025-06-06 14:52:03 +05:30
harshal.patil
fe78370ec9 feat(mbedtls/sha): New API for setting SHA mode 2025-06-06 14:51:44 +05:30
hrushikesh.bhosale
5928a87aa7 feat(mbedtls): Add configuration to control dynamic buffer strategy in mbedtls 
Problem:
1. In low-memory scenarios, the dynamic buffer feature can fail due to memory fragmentation.
2. It requires a contiguous 16KB heap chunk, but continuous allocation and deallocation of
the RX buffer can lead to fragmentation.
3. If another component allocates memory between these operations, it can break up the
available 16KB block, causing allocation failure.

Solution:
1. Introduce configurable strategy for using dynamic buffers in TLS connections.
2. For example, convert RX buffers to static after the TLS handshake.
3. Allow users to select the strategy via a new field in the esp_http_client_cfg_t structure.
4. The strategy can be controlled independently for each TLS session.
 2025-06-05 12:43:47 +05:30
Ashish Sharma
2ef09a7952 fix(esp_tls): fix failing build with TLS1.3 only and dynamic buffer 2025-06-02 09:14:03 +08:00
harshal.patil
65642866bc change(mbedtls/esp_crt_bundle): Remove deprecated certs for the major release version (v6.0) 2025-05-28 23:16:47 +05:30
Espressif BOT
e6d92ab49c change(mbedtls/crt_bundle): Update esp_crt_bundle certificates 2025-05-28 23:16:47 +05:30
Mahavir Jain
619996f74a Merge branch 'bugfix/fix_tls1_3_server_failing_handshake' into 'master' 
fix(mbedtls): Fix failing handshake when running HTTPS Server with TLS1.3

Closes IDFGH-15325 and IDF-13113

See merge request espressif/esp-idf!39318
 2025-05-28 13:16:49 +05:30
Ashish Sharma
dbb846c348 fix(mbedtls): Fixes failing TLS 1.3 server handshake 
Closes https://github.com/espressif/esp-idf/issues/15984
 2025-05-26 17:16:21 +08:00
Espressif BOT
e08ed84287 change(mbedtls/crt_bundle): Update esp_cmn_crt_bundle certificates 2025-05-26 13:19:57 +05:30
Harshal Patil
fe40cc8f8b Merge branch 'fix/suppress_cert_bundle_serial_number_warning' into 'master' 
fix(mbedtls/esp_crt_bundle): Suppress non-negative serial number warning

Closes IDFCI-2945

See merge request espressif/esp-idf!39381
 2025-05-26 13:19:00 +05:30
harshal.patil
5ae42e6f0b fix(mbedtls/esp_crt_bundle): Suppress non-negative serial number warning 
Co-authored-by: Mahavir Jain <mahavir.jain@espressif.com>
 2025-05-23 09:28:42 +05:30
nilesh.kale
148d31b659 feat: enable support for deterministic mode for esp32h2 2025-05-22 14:55:15 +05:30
nilesh.kale
0fb8c2a9b8 feat: enabled ECDSA-P192 support for ESP32H2 2025-05-22 14:55:03 +05:30
Laukik Hase
12e2df2d74 feat(esp_tee): Support for ESP32-H2 - the rest of the components 2025-05-20 16:31:23 +05:30
harshal.patil
0154c7cfe3 fix(mbedtls): Enable signature verification s/w fallback when ECDSA curve is disabled 2025-05-14 12:31:56 +05:30
Laukik Hase
d116567a66 refactor(esp_tee): Update TEE secure storage interface APIs 2025-05-04 18:03:29 +05:30
Laukik Hase
c9f7bcd452 feat(esp_tee): Support the nvs_flash for the ESP-TEE build 2025-05-04 18:03:28 +05:30
Zhang Xiao Yan
97f904b6fb Merge branch 'docs/fix_some_typos' into 'master' 
docs: Fix some typos

Closes DOC-10600, DOC-10605, DOC-10606, DOC-10607, DOC-10608, and DOC-10671

See merge request espressif/esp-idf!37977
 2025-04-30 18:35:40 +08:00
Shen Meng Jing
62d4115e08 docs: Fix some typos 2025-04-30 18:35:39 +08:00
Aditya Patwardhan
d3e3790fc9 Merge branch 'fix/refactor_source_code_and_comments' into 'master' 
fix(hal): updated API description and added comments

Closes IDF-12618

See merge request espressif/esp-idf!38415
 2025-04-30 18:26:57 +08:00
Mahavir Jain
ff555428d1 Merge branch 'feat/dynamic_buffer_tls1.3' into 'master' 
feat(mbedtls): add support for dynamic buffer for TLS1.3

Closes IDFGH-14708, IDF-12469, IDF-9178, and IDF-1725

See merge request espressif/esp-idf!38258
 2025-04-30 17:52:43 +08:00
nilesh.kale
f19e8e6970 fix: re-enabled ecdsa support for esp32c5-eco2 2025-04-28 20:58:09 +05:30
Ashish Sharma
415e0f3c86 feat(mbedtls): add support for dynamic buffer for TLS1.3 
Closes https://github.com/espressif/esp-idf/issues/15448
 2025-04-24 12:05:36 +08:00
Mahavir Jain
8b239ab605 Merge branch 'fix/remove_mbedtls_logical_dead_code' into 'master' 
fix(mbedtls): remove logical dead code from mbedtls

Closes IDF-12866

See merge request espressif/esp-idf!38498
 2025-04-23 12:21:20 +08:00
harshal.patil
b0d9ccf6e3 fix(mbedtls): Fix config dependencies when ROM mbedtls is used 2025-04-21 13:38:29 +05:30
Ashish Sharma
0de1429834 fix(mbedtls): remove logical dead code from mbedtls 2025-04-17 13:43:48 +08:00
Laukik Hase
4a4d63d36e feat(esp_tee): Protect the ECC peripheral from REE access 2025-04-16 19:19:04 +05:30
Laukik Hase
1c4969bc47 feat(esp_security): Add a TEE-specific crypto lock layer with stub implementations 2025-04-16 19:19:03 +05:30
Mahavir Jain
c8f790078b Merge branch 'feature/enable_ecdsa_support_for_esp32h21' into 'master' 
feat: add ECDSA support for esp32h21

Closes IDF-11496

See merge request espressif/esp-idf!36591
 2025-04-16 17:58:52 +08:00
nilesh.kale
d9f03d7f28 fix(hal): updated API description and added comments 2025-04-15 14:58:53 +05:30
Laukik Hase
1c6405eb9b Merge branch 'fix/esp_tee_coverity_bugs' into 'master' 
fix(security): Fixed coverity warnings related to the `esp_tee` component

Closes IDF-12803, IDF-12804, and IDF-12826

See merge request espressif/esp-idf!38360
 2025-04-14 15:05:27 +08:00
nilesh.kale
aae4bfb6f3 feat: enable ecdsa support for esp32h21 
This commit enabled suppot for ECDSA peripheral in ESP32H21.
 2025-04-14 10:26:46 +05:30
Laukik Hase
13aff0b216 fix(security): Fixed coverity warnings related to the esp_tee component 
- Also, disable the SECP192R1 curve (Mbed TLS config) when TEE Secure Storage
  does not require it
 2025-04-14 10:12:51 +05:30
Ashish Sharma
b62e486247 fix(component/mbedtls): Fix failing cert verification with TLS1.3 and DS peripheral 2025-04-11 18:34:16 +08:00
Laukik Hase
bd314c2460 refactor(esp_tee): Update the SHA clock configuration service call 2025-04-04 10:31:28 +05:30
Laukik Hase
3e95020c59 refactor(esp_security): Introduce dedicated APIs for crypto clock configuration 2025-04-04 10:31:27 +05:30
Laukik Hase
3fd107aa04 feat(mbedtls): Add support for ECDSA signing with TEE secure storage 2025-04-03 15:35:15 +05:30