Merge branch 'feature/mbedtls-3.1' into 'master'

Update to mbedtls-3.1 Closes IDF-3723 See merge request espressif/esp-idf!16656
2022-03-03 11:27:48 +08:00
parent cdc00140d0 72f12a0c8c
commit 035d7df1a0
93 changed files with 3200 additions and 1662 deletions
--- a/examples/bluetooth/blufi/main/blufi_security.c
+++ b/examples/bluetooth/blufi/main/blufi_security.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Unlicense OR CC0-1.0
 */
@@ -103,7 +103,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
        }
        free(blufi_sec->dh_param);
        blufi_sec->dh_param = NULL;
-        ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.P ), blufi_sec->self_public_key, blufi_sec->dhm.len, myrand, NULL);
+        ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ), blufi_sec->self_public_key, mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ), myrand, NULL);
        if (ret) {
            BLUFI_ERROR("%s make public failed %d\n", __func__, ret);
            btc_blufi_report_error(ESP_BLUFI_MAKE_PUBLIC_ERROR);
@@ -116,13 +116,19 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
                &blufi_sec->share_len,
                NULL, NULL);

-        mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
+        ret = mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
+
+        if (ret) {
+            BLUFI_ERROR("%s mbedtls_md5 failed %d\n", __func__, ret);
+            btc_blufi_report_error(ESP_BLUFI_CALC_MD5_ERROR);
+            return;
+        }

        mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, 128);

        /* alloc output data */
        *output_data = &blufi_sec->self_public_key[0];
-        *output_len = blufi_sec->dhm.len;
+        *output_len = mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) );
        *need_free = false;

    }
--- a/examples/bluetooth/esp_ble_mesh/aligenie_demo/main/aligenie_demo.c
+++ b/examples/bluetooth/esp_ble_mesh/aligenie_demo/main/aligenie_demo.c
@@ -1,7 +1,7 @@
 /*
 * AliGenie - Example
 *
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Unlicense OR CC0-1.0
 */
@@ -1282,7 +1282,7 @@ void config_triples(void)
    ESP_LOGI(TAG, "authvalue_string: %s", authvalue_string);

    uint8_t sha256_out[32] = {0};
-    mbedtls_sha256_ret((const unsigned char *)authvalue_string, strlen(authvalue_string), sha256_out, 0);
+    mbedtls_sha256((const unsigned char *)authvalue_string, strlen(authvalue_string), sha256_out, 0);
    memcpy(static_val, sha256_out, 16);
    provision.static_val = static_val;

--- a/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib
+++ b/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib
--- a/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c
+++ b/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c
@@ -1,25 +1,15 @@
-/**
+/*
 * atecc608a_ecdsa example
 *
- * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
- * Additions Copyright (C) Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
+ * SPDX-FileCopyrightText: 2006-2016 ARM Limited, All Rights Reserved
 *
+ * SPDX-License-Identifier: Apache-2.0
 *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD
 */

 /* This is mbedtls boilerplate for library configuration */
-#include "mbedtls/config.h"
+#include "mbedtls/mbedtls_config.h"

 /* System Includes*/
 #include <stdio.h>
@@ -146,7 +136,7 @@ static int atca_ecdsa_test(void)
 #endif

    ESP_LOGI(TAG, " Generating ECDSA Signature...");
-    ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
+    ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, MBEDTLS_MPI_MAX_SIZE, &olen,
        mbedtls_ctr_drbg_random, &ctr_drbg);
    if (ret != 0) {
        ESP_LOGI(TAG, " failed ! mbedtls_pk_sign returned -0x%04x", -ret);
--- a/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c
+++ b/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c
@@ -5,21 +5,11 @@
 *
 * Adapted from the ssl_client1 example in mbedtls.
 *
- * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
- * Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
+ * SPDX-FileCopyrightText: The Mbed TLS Contributors
 *
+ * SPDX-License-Identifier: Apache-2.0
 *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD
 */
 #include <string.h>
 #include <stdlib.h>
@@ -46,7 +36,6 @@
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/error.h"
-#include "mbedtls/certs.h"
 #include "esp_crt_bundle.h"


--- a/examples/protocols/https_server/simple/example_test.py
+++ b/examples/protocols/https_server/simple/example_test.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 #
-# SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: Apache-2.0

 import http.client
@@ -121,7 +121,7 @@ def test_examples_protocol_https_server_simple(env, extra_data):  # type: (tiny_
    CLIENT_CERT_FILE = 'client_cert.pem'
    CLIENT_KEY_FILE = 'client_key.pem'

-    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
    ssl_context.verify_mode = ssl.CERT_REQUIRED
    ssl_context.check_hostname = False
    ssl_context.load_verify_locations(cadata=server_cert_pem)
--- a/examples/protocols/smtp_client/main/smtp_client_example_main.c
+++ b/examples/protocols/smtp_client/main/smtp_client_example_main.c
@@ -1,25 +1,14 @@
-/**
+/*
 * SMTP email client
 *
 * Adapted from the `ssl_mail_client` example in mbedtls.
 *
- * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
- * Additions Copyright (C) Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
+ * SPDX-FileCopyrightText: The Mbed TLS Contributors
 *
+ * SPDX-License-Identifier: Apache-2.0
 *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD
 */
-
 #include <string.h>
 #include <stdlib.h>
 #include "freertos/FreeRTOS.h"
@@ -37,7 +26,6 @@
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/error.h"
-#include "mbedtls/certs.h"
 #include <mbedtls/base64.h>
 #include <sys/param.h>

--- a/examples/storage/spiffsgen/main/spiffsgen_example_main.c
+++ b/examples/storage/spiffsgen/main/spiffsgen_example_main.c
@@ -1,12 +1,9 @@
 /* SPIFFS Image Generation on Build Example
-
-   This example code is in the Public Domain (or CC0 licensed, at your option.)
-
-   Unless required by applicable law or agreed to in writing, this
-   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-   CONDITIONS OF ANY KIND, either express or implied.
-*/
-
+ *
+ * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Unlicense or CC0-1.0
+ */
 #include <stdio.h>
 #include <string.h>
 #include <sys/unistd.h>
@@ -57,16 +54,16 @@ static void compute_alice_txt_md5(void)
    unsigned char digest[MD5_MAX_LEN];

    mbedtls_md5_init(&ctx);
-    mbedtls_md5_starts_ret(&ctx);
+    mbedtls_md5_starts(&ctx);

    size_t read;

    do {
        read = fread((void*) buf, 1, sizeof(buf), f);
-        mbedtls_md5_update_ret(&ctx, (unsigned const char*) buf, read);
+        mbedtls_md5_update(&ctx, (unsigned const char*) buf, read);
    } while(read == sizeof(buf));

-    mbedtls_md5_finish_ret(&ctx, digest);
+    mbedtls_md5_finish(&ctx, digest);

    // Create a string of the digest
    char digest_str[MD5_MAX_LEN * 2];