alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-31 13:09:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,579 Commits 22 Branches 172 Tags
f15fce7756c06d7a03482ebc8dde268532cf782d
Commit Graph

576 Commits

Author SHA1 Message Date
Ashish Sharma
5f74ce2d4b feat(mbedtls): update to version 3.6.4 2025-07-04 17:58:56 +08:00
harshal.patil
129ea46203 fix(mbedtls/esp_crt_bundle): Suppress non-negative serial number warning 
Co-authored-by: Mahavir Jain <mahavir.jain@espressif.com>
 2025-05-26 14:11:49 +05:30
Ashish Sharma
fb3ec51bd9 feat(mbedtls): new config to allow weak cert verification 2025-04-02 10:20:10 +05:30
Ashish Sharma
f707fdea34 feat(mbedtls): update to version 3.6.3 2025-04-02 10:06:21 +05:30
Ashish Sharma
57cc0f2805 fix(component/mbedtls): Adds github root cert to cmn_crt_authorities.csv 2025-03-18 14:39:53 +08:00
Aditya Patwardhan
390a6a0719 feat(docs): Update minimizing binary size 
The ESP32-H2 software countermeasure may not be necessary
        for ESP32-H2 v1.2 and above, this commit updates
        the relevant documentation
 2025-01-24 09:13:36 +05:30
Aditya Patwardhan
151b6e9be5 fix(soc): Fixed ECDSA register compatibility 2025-01-24 09:13:35 +05:30
Aditya Patwardhan
09ded7787f fix(hal): Make the ECDSA countermeasure dynamically applicable 
This commit makes the ECDSA countermeasure dynamically applicable
    across different revisions of the ESP32H2 SoC.
 2025-01-24 09:13:24 +05:30
Mahavir Jain
58e5f48368 feat(ecc): enable ECC constant time mode for ESP32-H2 ECO5 2025-01-23 22:10:21 +05:30
harshal.patil
b9fe639725 feat(hal/aes): Enable pseudo rounds function during AES operations 2025-01-17 14:01:43 +05:30
Mahavir Jain
289ffe7887 Merge branch 'feat/mbedtls_size_optimization_v5.1' into 'release/v5.1' 
Fix the increase in build size of mbedtls while upgrading to v3.x (v5.1)

See merge request espressif/esp-idf!34254
 2024-10-28 11:17:17 +08:00
Mahavir Jain
5947ebe427 Merge branch 'feat/move_crt_bundle_dummy_cert_to_rodata_v5.1' into 'release/v5.1' 
Move cert bundle's dummy cert to .rodata to reduce RAM usage (v5.1)

See merge request espressif/esp-idf!34203
 2024-10-28 11:15:46 +08:00
nilesh.kale
29d13fec3e feat(mbedtls): update mbedtls version to 3.6.2 2024-10-22 13:45:19 +05:30
harshal.patil
95311aae84 fix(mbedtls): Fix the increase in build size of mbedtls when upgrading to v3.x 2024-10-17 14:55:16 +05:30
harshal.patil
97c9eae41d feat(mbedtls/esp_crt_bundle): Move dummy cert to .rodata to save 408B from dram 
Co-authored-by: Hanno <h.binder@web.de>
 2024-10-16 16:41:39 +05:30
Mahavir Jain
0c50d91e96 Merge branch 'feature/update_mbedtls_version_to_3.6.1_v5.1' into 'release/v5.1' 
feat(mbedtls): updated mbedtls version to 3.6.1(v5.1)

See merge request espressif/esp-idf!33915
 2024-10-08 12:25:12 +08:00
nilesh.kale
6571b71612 feat(mbedtls): updated mbedtls version to 3.6.1 2024-09-29 22:48:33 +05:30
harshal.patil
9ebd2ed8fe feat(mbedtls): Wrap mbedtls_ecdsa_read_signature to use ECDSA hardware when possible 2024-09-24 16:51:30 +05:30
harshal.patil
f648fca1b9 fix(mbedtls/port): Check signature hash length before using ECDSA hardware 2024-09-24 16:51:20 +05:30
Aditya Patwardhan
9949fb3d2b feat(hal): Add countermeasure for ECDSA generate signature 
The ECDSA peripheral before ECO5 of esp32h2 does not perform the ECDSA
    sign operation in constant time. This allows an attacker to read the
    power signature of the ECDSA sign operation and then calculate the
    ECDSA key stored inside the eFuse. The commit adds a countermeasure
    for this attack. In this case the real ECDSA sign operation is
    masked under dummy ECDSA sign operations to hide its real power
    signature
 2024-09-23 19:32:27 +05:30
Jiang Guang Ming
d4e558f654 feat(mbedtls): bringup rom mbedtls feature to formal 2024-09-19 16:45:01 +08:00
Jiang Guang Ming
b98c1db2b5 feat(mbedtls): support rom mbedtls threading layer 2024-09-10 10:38:24 +08:00
Jiang Guang Ming
3faea4b10c feat(mbedtls): select MBEDTLS_CMAC_C when MBEDTLS_USE_CRYPTO_ROM_IMPL enabled 2024-09-10 10:38:19 +08:00
Jiang Guang Ming
e49ee08d8c feat(mbedtls): support ROM mbedtls v3.6.0 on C2 rev2.0(ECO4) 2024-09-10 10:38:12 +08:00
Richard Allen
f45c9f14c3 change(mbedtls/port): optimize gcm_mult() 
1) pre-shift GCM last4 to use 32-bit shift

On 32-bit architectures like Aarch32, RV32, Xtensa,
shifting a 64-bit variable by 32-bits is free,
since it changes the register representing half of the 64-bit var.
Pre-shift the last4 array to take advantage of this.

2) unroll first GCM iteration

The first loop of gcm_mult() is different from
the others. By unrolling it separately from the
others, the other iterations may take advantage
of the zero-overhead loop construct, in addition
to saving a conditional branch in the loop.
 2024-08-21 18:26:31 +05:30
Mahavir Jain
9ff2f9ab2f fix(hal): correct the power up sequence for MPI/ECC peripherals in ESP32-C5 2024-07-03 11:50:10 +05:30
nilesh.kale
e6c6121b38 feat(mbedtls): updated mbedtls version from 3.5.2 to 3.6.0 
This MR updated MbedTLS version to latest version 3.6.0.
 2024-05-15 11:57:14 +05:30
Mahavir Jain
f981039355 Merge branch 'esp32p4/deterministic_ecdsa_support_v5.1' into 'release/v5.1' 
Add operation successful check in ECDSA (v5.1)

See merge request espressif/esp-idf!30181
 2024-05-10 20:36:15 +08:00
harshal.patil
b5347ef02b feat(hal/ecdsa): Add HAL API for operation successful check 2024-04-12 11:14:10 +05:30
Mahavir Jain
7b6622b5b6 feat(mbedtls): add kconfig option for MBEDTLS_ERROR_C 
Disabling this config can reduce footprint for the cases where
mbedtls_strerror() is used and hence the debug strings are getting
pulled into the application image.
 2024-04-11 11:51:53 +08:00
harshal.patil
77ffead00a ci(mbedtls/gcm): Added test to verify software fallback for non-AES cipher GCM operations 2024-03-12 13:35:54 +05:30
harshal.patil
2c85399da0 fix(mbedtls/gcm): Add support for software fallback for non-AES ciphers in a GCM operation 
- Even if the config MBEDTLS_HARDWARE_AES is enabled, we now support fallback
to software implementation of GCM operations when non-AES ciphers are used.
 2024-03-12 13:35:49 +05:30
Mahavir Jain
1b5d4f8d3e Merge branch 'fix/build_failure_when_hardware_gcm_is_disabled_v5.1' into 'release/v5.1' 
fix(mbedtls/gcm): Fix build failure when config `MBEDTLS_HARDWARE_GCM` is disabled (v5.1)

See merge request espressif/esp-idf!29068
 2024-02-28 10:34:51 +08:00
harshal.patil
85e18aa755 fix(mbedtls/gcm): Avoid using GCM hardware when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-16 11:55:02 +05:30
harshal.patil
7e4d273e45 fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled 2024-02-16 11:55:01 +05:30
nilesh.kale
fee1e43f09 feat(mbedtls): updated mbedtls version from 3.5.0 to 3.5.2 
This updates the submodule mbedtls to its latest version 3.5.2.
 2024-02-05 12:50:43 +05:30
jim
35b4151fee mbedtls: Fix enable dynamic mbedtls will occur heap corruption when server support TLS renegotiation 2024-01-24 17:53:09 +08:00
Daniel Mangum
f9569bde37 mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding 
Updates config to define the new MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY
option, which replaced the previously used
MBEDTLS_SSL_CID_PADDING_GRANULARITY. The old option is continuing to be
used as the new one exceeds the maximum length for an option name in
esp-idf.

See https://github.com/Mbed-TLS/mbedtls/pull/4490 for more information.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
 2024-01-02 11:22:10 +05:30
Aditya Patwardhan
25144125d6 fix(mbedtls): Removed redundant menuconfig entry 2023-12-18 11:19:00 +08:00
harshal.patil
e8a5d9ef98 fix(mbedtls/aes): fix AES interrupt allocation for AES-GCM operations 2023-12-11 06:46:24 +00:00
harshal.patil
4c30f2a4a0 fix(mbedtls): move interrupt allocation during initialization phase 2023-12-11 06:46:24 +00:00
Mahavir Jain
bb1376ff5d fix(api-docs): include in the ECDSA APIs for doxygen build 2023-11-20 16:17:11 +05:30
Mahavir Jain
2cd1635b86 fix(ecdsa): remove unused k_mode from the ECDSA HAL/LL API 
For ESP32-H2 case, the hardware k mode is always enforced through
efuse settings (done in startup code).

For ESP32-P4 case, the software k mode is not supported in the peripheral
itself and code was redundant.
 2023-11-20 16:05:15 +05:30
Harshit Malpani
37836b3c62 feat: ECDSA peripheral while performing http connection with mutual auth 2023-11-17 16:24:10 +05:30
Jiang Guang Ming
336bb85806 feat(mbedtls): add new option CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL for mbedtls pytest 2023-10-26 20:26:08 +08:00
Jiang Guang Ming
92b9474a71 feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM 2023-10-26 20:25:53 +08:00
Mahavir Jain
82d2cdcf5a fix(mbedtls): remove deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 
This config has been removed in the upstream mbedTLS starting 3.0
release. Please see mbedTLS changelog for more details.
 2023-10-17 10:03:39 +00:00
Mahavir Jain
bf59005fe1 fix(mbedtls): dynamic buffer feature issue with mbedtls 3.5.0 
Set max TLS version in the SSL context during setup phase. Dynamic
buffer feature overrides the `mbedtls_ssl_setup` API and hence
this change is required per upstream 3.5.0 codebase change.
 2023-10-17 10:03:39 +00:00
Mahavir Jain
e813bbc680 feat(mbedtls): update to 3.5.0 release 
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
 2023-10-17 10:03:39 +00:00
harshal.patil
f6b589e275 feat(esp_hw_support): Added locking mechanism for the ECDSA and ECC peripheral 2023-09-25 14:33:04 +05:30