diff --git a/components/mbedtls/include/mbedtls/aes.h b/components/mbedtls/include/mbedtls/aes.h index a36e825a2..f5e1600b3 100644 --- a/components/mbedtls/include/mbedtls/aes.h +++ b/components/mbedtls/include/mbedtls/aes.h @@ -276,7 +276,27 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, #endif #else /* MBEDTLS_AES_ALT */ -#include "aes_alt.h" +#include "port/aes_alt.h" + +typedef AES_CTX mbedtls_aes_context; + +#define mbedtls_aes_init aes_init +#define mbedtls_aes_free aes_free +#define mbedtls_aes_setkey_enc aes_setkey_enc +#define mbedtls_aes_setkey_dec aes_setkey_dec +#define mbedtls_aes_crypt_ecb aes_crypt_ecb +#if defined(MBEDTLS_CIPHER_MODE_CBC) +#define mbedtls_aes_crypt_cbc aes_crypt_cbc +#endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) +#define mbedtls_aes_crypt_cfb128 aes_crypt_cfb128 +#define mbedtls_aes_crypt_cfb8 aes_crypt_cfb8 +#endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) +#define mbedtls_aes_crypt_ctr aes_crypt_ctr +#endif +#define mbedtls_aes_encrypt aes_encrypt +#define mbedtls_aes_decrypt aes_decrypt #endif /* MBEDTLS_AES_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/bignum.h b/components/mbedtls/include/mbedtls/bignum.h index aa51556a5..d062a7511 100644 --- a/components/mbedtls/include/mbedtls/bignum.h +++ b/components/mbedtls/include/mbedtls/bignum.h @@ -100,6 +100,8 @@ #define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332 #define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 ) +#if !defined(MBEDTLS_BIGNUM_ALT) + /* * Define the base integer type, architecture-wise. * @@ -702,6 +704,54 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#else /* MBEDTLS_BIGNUM_ALT */ +#include "port/bignum_alt.h" + +typedef mpi mbedtls_mpi; + +#define mbedtls_mpi_init mpi_init +#define mbedtls_mpi_free mpi_free +#define mbedtls_mpi_grow mpi_grow +#define mbedtls_mpi_shrink mpi_shrink +#define mbedtls_mpi_copy mpi_copy +#define mbedtls_mpi_swap mpi_swap +#define mbedtls_mpi_safe_cond_assign mpi_safe_cond_assign +#define mbedtls_mpi_safe_cond_swap mpi_safe_cond_swap +#define mbedtls_mpi_lset mpi_lset +#define mbedtls_mpi_get_bit mpi_get_bit +#define mbedtls_mpi_set_bit mpi_set_bit +#define mbedtls_mpi_lsb mpi_lsb +#define mbedtls_mpi_bitlen mpi_bitlen +#define mbedtls_mpi_size mpi_size +#define mbedtls_mpi_read_string mpi_read_string +#define mbedtls_mpi_write_string mpi_write_string +#define mbedtls_mpi_read_binary mpi_read_binary +#define mbedtls_mpi_write_binary mpi_write_binary +#define mbedtls_mpi_shift_l mpi_shift_l +#define mbedtls_mpi_shift_r mpi_shift_r +#define mbedtls_mpi_cmp_abs mpi_cmp_abs +#define mbedtls_mpi_cmp_mpi mpi_cmp_mpi +#define mbedtls_mpi_cmp_int mpi_cmp_int +#define mbedtls_mpi_add_abs mpi_add_abs +#define mbedtls_mpi_sub_abs mpi_sub_abs +#define mbedtls_mpi_add_mpi mpi_add_mpi +#define mbedtls_mpi_sub_mpi mpi_sub_mpi +#define mbedtls_mpi_add_int mpi_add_int +#define mbedtls_mpi_sub_int mpi_sub_int +#define mbedtls_mpi_mul_mpi mpi_mul_mpi +#define mbedtls_mpi_mul_int mpi_mul_int +#define mbedtls_mpi_div_mpi mpi_div_mpi +#define mbedtls_mpi_div_int mpi_div_int +#define mbedtls_mpi_mod_mpi mpi_mod_mpi +#define mbedtls_mpi_mod_int mpi_mod_int +#define mbedtls_mpi_exp_mod mpi_exp_mod +#define mbedtls_mpi_fill_random mpi_fill_random +#define mbedtls_mpi_gcd mpi_gcd +#define mbedtls_mpi_inv_mod mpi_inv_mod +#define mbedtls_mpi_is_prime mpi_is_prime +#define mbedtls_mpi_gen_prime mpi_gen_prime + +#endif /* MBEDTLS_BIGNUM_ALT */ /** * \brief Checkup routine diff --git a/components/mbedtls/include/mbedtls/esp_config.h b/components/mbedtls/include/mbedtls/esp_config.h index 50c3ee2af..614e8018b 100644 --- a/components/mbedtls/include/mbedtls/esp_config.h +++ b/components/mbedtls/include/mbedtls/esp_config.h @@ -225,7 +225,7 @@ * Uncomment a macro to enable alternate implementation of the corresponding * module. */ -//#define MBEDTLS_AES_ALT +#define MBEDTLS_AES_ALT //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT @@ -235,10 +235,11 @@ //#define MBEDTLS_MD4_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT +#define MBEDTLS_SHA1_ALT +#define MBEDTLS_SHA256_ALT +#define MBEDTLS_SHA512_ALT +#define MBEDTLS_BIGNUM_ALT /** * \def MBEDTLS_MD2_PROCESS_ALT * @@ -297,7 +298,7 @@ * * Uncomment this macro to store the AES tables in ROM. */ -//#define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_AES_ROM_TABLES /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY @@ -373,10 +374,10 @@ * * Enable padding modes in the cipher layer. */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS +//#define MBEDTLS_CIPHER_PADDING_PKCS7 +//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +//#define MBEDTLS_CIPHER_PADDING_ZEROS /** * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES @@ -414,18 +415,18 @@ * * Comment macros to disable the curve and functions for it */ -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +//#define MBEDTLS_ECP_DP_BP256R1_ENABLED +//#define MBEDTLS_ECP_DP_BP384R1_ENABLED +//#define MBEDTLS_ECP_DP_BP512R1_ENABLED +//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM @@ -436,7 +437,7 @@ * * Comment this macro to disable NIST curves optimisation. */ -#define MBEDTLS_ECP_NIST_OPTIM +//#define MBEDTLS_ECP_NIST_OPTIM /** * \def MBEDTLS_ECDSA_DETERMINISTIC @@ -450,7 +451,7 @@ * * Comment this macro to disable deterministic ECDSA. */ -#define MBEDTLS_ECDSA_DETERMINISTIC +//#define MBEDTLS_ECDSA_DETERMINISTIC /** * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED @@ -472,7 +473,7 @@ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -496,7 +497,7 @@ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -516,7 +517,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED @@ -595,7 +596,7 @@ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -620,7 +621,7 @@ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -644,7 +645,7 @@ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -668,7 +669,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -692,7 +693,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -945,7 +946,7 @@ * * Comment this macro to disable support for Encrypt-then-MAC */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * @@ -963,7 +964,7 @@ * * Comment this macro to disable support for Extended Master Secret. */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET /** * \def MBEDTLS_SSL_FALLBACK_SCSV @@ -980,7 +981,7 @@ * * Comment this macro to disable support for FALLBACK_SCSV */ -#define MBEDTLS_SSL_FALLBACK_SCSV +//#define MBEDTLS_SSL_FALLBACK_SCSV /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL @@ -1017,7 +1018,7 @@ * * Comment this to disable support for renegotiation. */ -#define MBEDTLS_SSL_RENEGOTIATION +//#define MBEDTLS_SSL_RENEGOTIATION /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO @@ -1046,7 +1047,7 @@ * * Comment this macro to disable support for the max_fragment_length extension */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH /** * \def MBEDTLS_SSL_PROTO_SSL3 @@ -1058,7 +1059,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -#define MBEDTLS_SSL_PROTO_SSL3 +//#define MBEDTLS_SSL_PROTO_SSL3 /** * \def MBEDTLS_SSL_PROTO_TLS1 @@ -1109,7 +1110,7 @@ * * Comment this macro to disable support for DTLS */ -#define MBEDTLS_SSL_PROTO_DTLS +//#define MBEDTLS_SSL_PROTO_DTLS /** * \def MBEDTLS_SSL_ALPN @@ -1118,7 +1119,7 @@ * * Comment this macro to disable support for ALPN. */ -#define MBEDTLS_SSL_ALPN +//#define MBEDTLS_SSL_ALPN /** * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY @@ -1133,7 +1134,7 @@ * * Comment this to disable anti-replay in DTLS. */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY @@ -1151,7 +1152,7 @@ * * Comment this to disable support for HelloVerifyRequest. */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE @@ -1167,7 +1168,7 @@ * * Comment this to disable support for clients reusing the source port. */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE /** * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT @@ -1178,7 +1179,7 @@ * * Requires: MBEDTLS_SSL_PROTO_DTLS */ -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT +//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT /** * \def MBEDTLS_SSL_SESSION_TICKETS @@ -1192,7 +1193,7 @@ * * Comment this macro to disable support for SSL session tickets */ -#define MBEDTLS_SSL_SESSION_TICKETS +//#define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_EXPORT_KEYS @@ -1202,7 +1203,7 @@ * * Comment this macro to disable support for key export */ -#define MBEDTLS_SSL_EXPORT_KEYS +//#define MBEDTLS_SSL_EXPORT_KEYS /** * \def MBEDTLS_SSL_SERVER_NAME_INDICATION @@ -1222,7 +1223,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ -#define MBEDTLS_SSL_TRUNCATED_HMAC +//#define MBEDTLS_SSL_TRUNCATED_HMAC /** * \def MBEDTLS_THREADING_ALT @@ -1257,7 +1258,7 @@ * * Comment this to disable run-time checking and save ROM space */ -#define MBEDTLS_VERSION_FEATURES +//#define MBEDTLS_VERSION_FEATURES /** * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 @@ -1293,7 +1294,7 @@ * * Comment to skip keyUsage checking for both CA and leaf certificates. */ -#define MBEDTLS_X509_CHECK_KEY_USAGE +//#define MBEDTLS_X509_CHECK_KEY_USAGE /** * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE @@ -1306,7 +1307,7 @@ * * Comment to skip extendedKeyUsage checking for certificates. */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1316,7 +1317,7 @@ * * Comment this macro to disallow using RSASSA-PSS in certificates. */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT /** * \def MBEDTLS_ZLIB_SUPPORT @@ -1458,7 +1459,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_ARC4_C +//#define MBEDTLS_ARC4_C /** * \def MBEDTLS_ASN1_PARSE_C @@ -1523,7 +1524,7 @@ * * Module: library/blowfish.c */ -#define MBEDTLS_BLOWFISH_C +//#define MBEDTLS_BLOWFISH_C /** * \def MBEDTLS_CAMELLIA_C @@ -1578,7 +1579,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_CAMELLIA_C +//#define MBEDTLS_CAMELLIA_C /** * \def MBEDTLS_CCM_C @@ -1592,7 +1593,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ -#define MBEDTLS_CCM_C +//#define MBEDTLS_CCM_C /** * \def MBEDTLS_CERTS_C @@ -1604,7 +1605,7 @@ * * This module is used for testing (ssl_client/server). */ -#define MBEDTLS_CERTS_C +//#define MBEDTLS_CERTS_C /** * \def MBEDTLS_CIPHER_C @@ -1644,7 +1645,7 @@ * * This module provides debugging functions. */ -#define MBEDTLS_DEBUG_C +//#define MBEDTLS_DEBUG_C /** * \def MBEDTLS_DES_C @@ -1670,7 +1671,7 @@ * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. */ -#define MBEDTLS_DES_C +//#define MBEDTLS_DES_C /** * \def MBEDTLS_DHM_C @@ -1684,7 +1685,7 @@ * This module is used by the following key exchanges: * DHE-RSA, DHE-PSK */ -#define MBEDTLS_DHM_C +//#define MBEDTLS_DHM_C /** * \def MBEDTLS_ECDH_C @@ -1700,7 +1701,7 @@ * * Requires: MBEDTLS_ECP_C */ -#define MBEDTLS_ECDH_C +//#define MBEDTLS_ECDH_C /** * \def MBEDTLS_ECDSA_C @@ -1715,7 +1716,7 @@ * * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C */ -#define MBEDTLS_ECDSA_C +//#define MBEDTLS_ECDSA_C /** * \def MBEDTLS_ECJPAKE_C @@ -1748,7 +1749,7 @@ * * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED */ -#define MBEDTLS_ECP_C +//#define MBEDTLS_ECP_C /** * \def MBEDTLS_ENTROPY_C @@ -1774,7 +1775,7 @@ * * This module enables mbedtls_strerror(). */ -#define MBEDTLS_ERROR_C +//#define MBEDTLS_ERROR_C /** * \def MBEDTLS_GCM_C @@ -1788,7 +1789,7 @@ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ -#define MBEDTLS_GCM_C +//#define MBEDTLS_GCM_C //764 Byte /** * \def MBEDTLS_HAVEGE_C @@ -1825,7 +1826,7 @@ * * Uncomment to enable the HMAC_DRBG random number geerator. */ -#define MBEDTLS_HMAC_DRBG_C +//#define MBEDTLS_HMAC_DRBG_C /** * \def MBEDTLS_MD_C @@ -1940,7 +1941,7 @@ * * This modules adds support for the VIA PadLock on x86. */ -#define MBEDTLS_PADLOCK_C +//#define MBEDTLS_PADLOCK_C /** * \def MBEDTLS_PEM_PARSE_C @@ -2032,7 +2033,7 @@ * * This module adds support for the PKCS#5 functions. */ -#define MBEDTLS_PKCS5_C +//#define MBEDTLS_PKCS5_C /** * \def MBEDTLS_PKCS11_C @@ -2063,7 +2064,7 @@ * * This module enables PKCS#12 functions. */ -#define MBEDTLS_PKCS12_C +//#define MBEDTLS_PKCS12_C /** * \def MBEDTLS_PLATFORM_C @@ -2083,7 +2084,7 @@ * * This module enables abstraction of common (libc) functions. */ -#define MBEDTLS_PLATFORM_C +//#define MBEDTLS_PLATFORM_C /** * \def MBEDTLS_RIPEMD160_C @@ -2094,7 +2095,7 @@ * Caller: library/mbedtls_md.c * */ -#define MBEDTLS_RIPEMD160_C +//#define MBEDTLS_RIPEMD160_C /** * \def MBEDTLS_RSA_C @@ -2172,7 +2173,7 @@ * * Requires: MBEDTLS_SSL_CACHE_C */ -#define MBEDTLS_SSL_CACHE_C +//#define MBEDTLS_SSL_CACHE_C /** * \def MBEDTLS_SSL_COOKIE_C @@ -2182,7 +2183,7 @@ * Module: library/ssl_cookie.c * Caller: */ -#define MBEDTLS_SSL_COOKIE_C +//#define MBEDTLS_SSL_COOKIE_C /** * \def MBEDTLS_SSL_TICKET_C @@ -2194,7 +2195,7 @@ * * Requires: MBEDTLS_CIPHER_C */ -#define MBEDTLS_SSL_TICKET_C +//#define MBEDTLS_SSL_TICKET_C /** * \def MBEDTLS_SSL_CLI_C @@ -2465,7 +2466,8 @@ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ /* SSL options */ -//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ +extern unsigned int max_content_len; +#define MBEDTLS_SSL_MAX_CONTENT_LEN max_content_len /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ diff --git a/components/mbedtls/include/mbedtls/sha1.h b/components/mbedtls/include/mbedtls/sha1.h index 7a67c6c1f..2d85a59f7 100644 --- a/components/mbedtls/include/mbedtls/sha1.h +++ b/components/mbedtls/include/mbedtls/sha1.h @@ -106,7 +106,17 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6 #endif #else /* MBEDTLS_SHA1_ALT */ -#include "sha1_alt.h" +#include "port/sha1_alt.h" + +typedef SHA1_CTX mbedtls_sha1_context; + +#define mbedtls_sha1_init sha1_init +#define mbedtls_sha1_starts sha1_starts +#define mbedtls_sha1_clone sha1_clone +#define mbedtls_sha1_update sha1_update +#define mbedtls_sha1_finish sha1_finish +#define mbedtls_sha1_free sha1_free +#define mbedtls_sha1_process sha1_process #endif /* MBEDTLS_SHA1_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/sha256.h b/components/mbedtls/include/mbedtls/sha256.h index f8041adf0..4ab444e8d 100644 --- a/components/mbedtls/include/mbedtls/sha256.h +++ b/components/mbedtls/include/mbedtls/sha256.h @@ -109,7 +109,17 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da #endif #else /* MBEDTLS_SHA256_ALT */ -#include "sha256_alt.h" +#include "port/sha256_alt.h" + +typedef SHA256_CTX mbedtls_sha256_context; + +#define mbedtls_sha256_init sha256_init +#define mbedtls_sha256_clone sha256_clone +#define mbedtls_sha256_starts sha256_starts +#define mbedtls_sha256_update sha256_update +#define mbedtls_sha256_finish sha256_finish +#define mbedtls_sha256_free sha256_free +#define mbedtls_sha256_process sha256_process #endif /* MBEDTLS_SHA256_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/mbedtls/sha512.h b/components/mbedtls/include/mbedtls/sha512.h index 627694f42..0ebc092f4 100644 --- a/components/mbedtls/include/mbedtls/sha512.h +++ b/components/mbedtls/include/mbedtls/sha512.h @@ -106,7 +106,17 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 #endif #else /* MBEDTLS_SHA512_ALT */ -#include "sha512_alt.h" +#include "port/sha512_alt.h" + +typedef SHA512_CTX mbedtls_sha512_context; + +#define mbedtls_sha512_init sha512_init +#define mbedtls_sha512_clone sha512_clone +#define mbedtls_sha512_starts sha512_starts +#define mbedtls_sha512_update sha512_update +#define mbedtls_sha512_finish sha512_finish +#define mbedtls_sha512_free sha512_free + #endif /* MBEDTLS_SHA512_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/include/port/aes_alt.h b/components/mbedtls/include/port/aes_alt.h index d56c76ce4..a02f32f29 100644 --- a/components/mbedtls/include/port/aes_alt.h +++ b/components/mbedtls/include/port/aes_alt.h @@ -41,6 +41,12 @@ extern "C" { #define ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ +typedef struct{ + bool flag; + uint16 keybites; + uint8 key[32]; +}key_context, KEY_CTX; + /** * \brief AES context structure * @@ -53,7 +59,8 @@ typedef struct { int nr; /*!< number of rounds */ uint32_t *rk; /*!< AES round keys */ - uint32_t buf[68]; /*!< unaligned data */ + KEY_CTX enc; + KEY_CTX dec; }aes_context; typedef aes_context AES_CTX; diff --git a/components/mbedtls/include/port/multi_thread.h b/components/mbedtls/include/port/multi_thread.h new file mode 100644 index 000000000..6732eedde --- /dev/null +++ b/components/mbedtls/include/port/multi_thread.h @@ -0,0 +1,63 @@ +#ifndef _MULTI_THREAD_H_ +#define _MULTI_THREAD_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +enum { + AES_MUTEX = 0, + BIGNUM_MUTEX, + SHA_MUTEX, + + MUTEX_MAX_NUM, +}; + +int multi_thread_init(void); + +void multi_thread_lock(unsigned int num); +void multi_thread_unlock(unsigned int num); + +void multi_thread_take(unsigned int num); +void multi_thread_give(unsigned int num); +bool multi_thread_is_used(num); + +#define MUTEX_LOCK(num) multi_thread_lock(num) +#define MUTEX_UNLOCK(num) multi_thread_unlock(num) + +#define SIG_TAKE(num) multi_thread_take(num) +#define SIG_GIVE(num) multi_thread_give(num) +#define SIG_IS_USED(num) multi_thread_is_used(num) + +#define AES_LOCK() MUTEX_LOCK(AES_MUTEX) +#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX) +#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX) +#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX) +#define SHA1_LOCK() MUTEX_LOCK(SHA_MUTEX) +#define SHA1_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) +#define SHA256_LOCK() MUTEX_LOCK(SHA_MUTEX) +#define SHA256_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) +#define SHA512_LOCK() MUTEX_LOCK(SHA_MUTEX) +#define SHA512_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX) + +#define AES_TAKE() SIG_TAKE(AES_MUTEX) +#define AES_GIVE() SIG_GIVE(AES_MUTEX) +#define AES_IS_USED() SIG_IS_USED(AES_MUTEX) +#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX) +#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX) +#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX) +#define SHA1_TAKE() SIG_TAKE(SHA_MUTEX) +#define SHA1_GIVE() SIG_GIVE(SHA_MUTEX) +#define SHA1_IS_USED() SIG_IS_USED(SHA_MUTEX) +#define SHA256_TAKE() SIG_TAKE(SHA_MUTEX) +#define SHA256_GIVE() SIG_GIVE(SHA_MUTEX) +#define SHA256_IS_USED() SIG_IS_USED(SHA_MUTEX) +#define SHA512_TAKE() SIG_TAKE(SHA_MUTEX) +#define SHA512_GIVE() SIG_GIVE(SHA_MUTEX) +#define SHA512_IS_USED() SIG_IS_USED(SHA_MUTEX) + +#ifdef __cplusplus +} +#endif + +#endif /* multi_thread.h */ diff --git a/components/mbedtls/library/bignum.c b/components/mbedtls/library/bignum.c index 4c99e04d6..e438fdddb 100644 --- a/components/mbedtls/library/bignum.c +++ b/components/mbedtls/library/bignum.c @@ -58,6 +58,8 @@ #define mbedtls_free free #endif +#if !defined(MBEDTLS_BIGNUM_ALT) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; @@ -2264,6 +2266,7 @@ cleanup: } #endif /* MBEDTLS_GENPRIME */ +#endif /* MBEDTLS_BIGNUM_ALT */ #if defined(MBEDTLS_SELF_TEST) diff --git a/components/mbedtls/port/aes_alt.c b/components/mbedtls/port/aes_alt.c index 26699d82f..504a2a7db 100644 --- a/components/mbedtls/port/aes_alt.c +++ b/components/mbedtls/port/aes_alt.c @@ -30,6 +30,7 @@ #if defined(ESP_AES_C) #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void aes_zeroize( void *v, size_t n ) { @@ -39,7 +40,11 @@ static void aes_zeroize( void *v, size_t n ) { void aes_init( AES_CTX *ctx ) { memset( ctx, 0, sizeof( AES_CTX ) ); + + AES_LOCK(); + AES_TAKE(); ets_aes_enable(); + AES_UNLOCK(); } void aes_free( AES_CTX *ctx ) @@ -48,7 +53,12 @@ void aes_free( AES_CTX *ctx ) return; aes_zeroize( ctx, sizeof( AES_CTX ) ); - ets_aes_disable(); + + AES_LOCK(); + AES_GIVE(); + if (false == AES_IS_USED()) + ets_aes_disable(); + AES_UNLOCK(); } /* @@ -58,6 +68,7 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; + uint16 keybyte = keybits / 8; switch (keybits){ case 128: keybit = AES128; @@ -70,6 +81,12 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key, break; default : return( ERR_AES_INVALID_KEY_LENGTH ); } + if (ctx->enc.flag == false){ + ctx->enc.flag = true; + ctx->enc.keybites = keybits; + memset(ctx->enc.key, 0, sizeof(ctx->enc.key)); + memcpy(ctx->enc.key, key, keybyte); + } ets_aes_setkey_enc(key, keybit); return 0; } @@ -81,6 +98,7 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, unsigned int keybits ) { enum AES_BITS keybit; + uint16 keybyte = keybits / 8; switch (keybits){ case 128: keybit = AES128; @@ -93,11 +111,32 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key, break; default : return( ERR_AES_INVALID_KEY_LENGTH ); } + if (ctx->dec.flag == false){ + ctx->dec.flag = true; + ctx->dec.keybites = keybits; + memset(ctx->dec.key, 0, sizeof(ctx->dec.key)); + memcpy(ctx->dec.key, key, keybyte); + } ets_aes_setkey_dec(key, keybit); return 0; } +static void aes_process_enable(AES_CTX *ctx, int mode) +{ + if( mode == AES_ENCRYPT ){ + aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybites); + }else{ + aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybites); + } + return; +} + +static void aes_process_disable(AES_CTX *ctx, int mode) +{ + +} + /* * AES-ECB block encryption */ @@ -155,7 +194,10 @@ int aes_crypt_cbc( AES_CTX *ctx, if( length % 16 ) return( ERR_AES_INVALID_INPUT_LENGTH ); - + + AES_LOCK(); + + aes_process_enable(ctx, mode); if( mode == AES_DECRYPT ) { while( length > 0 ) @@ -188,6 +230,10 @@ int aes_crypt_cbc( AES_CTX *ctx, length -= 16; } } + aes_process_disable(ctx, mode); + + AES_UNLOCK(); + return 0; } @@ -204,7 +250,10 @@ int aes_crypt_cfb128( AES_CTX *ctx, { int c; size_t n = *iv_off; - + + AES_LOCK(); + + aes_process_enable(ctx, mode); if( mode == AES_DECRYPT ) { while( length-- ) @@ -233,6 +282,9 @@ int aes_crypt_cfb128( AES_CTX *ctx, } *iv_off = n; + aes_process_disable(ctx, mode); + + AES_UNLOCK(); return 0; } @@ -249,7 +301,10 @@ int aes_crypt_cfb8( AES_CTX *ctx, { unsigned char c; unsigned char ov[17]; - + + AES_LOCK(); + + aes_process_enable(ctx, mode); while( length-- ) { memcpy( ov, iv, 16 ); @@ -265,6 +320,9 @@ int aes_crypt_cfb8( AES_CTX *ctx, memcpy( iv, ov + 1, 16 ); } + aes_process_disable(ctx, mode); + + AES_UNLOCK(); return 0; } @@ -283,6 +341,10 @@ int aes_crypt_ctr( AES_CTX *ctx, int c, i; size_t n = *nc_off; + AES_LOCK(); + + aes_process_enable(ctx, AES_ENCRYPT); + while( length-- ) { if( n == 0 ) { @@ -299,6 +361,10 @@ int aes_crypt_ctr( AES_CTX *ctx, } *nc_off = n; + aes_process_disable(ctx, AES_ENCRYPT); + + AES_UNLOCK(); + return 0; } diff --git a/components/mbedtls/port/bignum_alt.c b/components/mbedtls/port/bignum_alt.c index 88901671c..2da6e7169 100644 --- a/components/mbedtls/port/bignum_alt.c +++ b/components/mbedtls/port/bignum_alt.c @@ -38,6 +38,7 @@ #if defined(ESP_BIGNUM_ALT) #include #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void mpi_zeroize( void *v, size_t n ) { @@ -68,7 +69,10 @@ void mpi_init( mpi *X ) X->s = 1; X->n = 0; X->p = NULL; + BIGNUM_LOCK(); + BIGNUM_TAKE(); ets_bigint_enable(); + BIGNUM_UNLOCK(); } /* @@ -88,7 +92,11 @@ void mpi_free( mpi *X ) X->s = 1; X->n = 0; X->p = NULL; - ets_bigint_disable(); + BIGNUM_LOCK(); + BIGNUM_GIVE(); + if (false == BIGNUM_IS_USED()) + ets_bigint_disable(); + BIGNUM_UNLOCK(); } /* @@ -1035,12 +1043,14 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B ) // for( i++; j > 0; j-- ) mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); + BIGNUM_LOCK(); if (ets_bigint_mult_prepare(A->p, B->p, n)){ ets_bigint_wait_finish(); ets_bigint_mult_getz(X->p, n); } else{ mpi_printf("Baseline multiplication failed\n"); } + BIGNUM_UNLOCK(); X->s = A->s * B->s; @@ -1406,6 +1416,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm, n = N->n; m = ( B->n < n ) ? B->n : n; + BIGNUM_LOCK(); if (ets_bigint_montgomery_mult_prepare(N->p, B->p, d, m, n, false)) { ets_bigint_wait_finish(); @@ -1413,6 +1424,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm, } else{ mpi_printf("Montgomery multiplication failed\n"); } + BIGNUM_UNLOCK(); } diff --git a/components/mbedtls/port/multi_thread.c b/components/mbedtls/port/multi_thread.c new file mode 100644 index 000000000..31cf1ea6d --- /dev/null +++ b/components/mbedtls/port/multi_thread.c @@ -0,0 +1,53 @@ +#include "multi_thread.h" +#include "freertos/FreeRTOS.h" +#include "freertos/semphr.h" + +static xSemaphoreHandle multi_thread_mutex[MUTEX_MAX_NUM]; +static int multi_thread_sig[MUTEX_MAX_NUM]; + +int multi_thread_init(void) +{ + int i; + + for (i = 0; i < MUTEX_MAX_NUM; i++) { + multi_thread_mutex[i] = xSemaphoreCreateMutex(); + if (!multi_thread_mutex[i]) { + goto failed1; + } + multi_thread_sig[i] = 0; + } + + return 0; + +failed1: + for (i--; i >= 0; i--) + vQueueDelete(multi_thread_mutex[i]); + + return -1; +} + +void multi_thread_lock(unsigned int num) +{ + xSemaphoreTake(multi_thread_mutex[num], portMAX_DELAY); +} + +void multi_thread_unlock(unsigned int num) +{ + xSemaphoreGive(multi_thread_mutex[num]); +} + +void multi_thread_take(unsigned int num) +{ + multi_thread_sig[num]++; +} + +void multi_thread_give(unsigned int num) +{ + multi_thread_sig[num]--; +} + +bool multi_thread_is_used(num) +{ + return (multi_thread_sig[num] != 0) ? true : false; +} + diff --git a/components/mbedtls/port/sha1_alt.c b/components/mbedtls/port/sha1_alt.c index 32a970704..b73d03ffa 100644 --- a/components/mbedtls/port/sha1_alt.c +++ b/components/mbedtls/port/sha1_alt.c @@ -27,6 +27,7 @@ #if defined(ESP_SHA1_C) #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void sha1_zeroize( void *v, size_t n ) { @@ -36,7 +37,11 @@ static void sha1_zeroize( void *v, size_t n ) { void sha1_init( SHA1_CTX *ctx ) { memset( ctx, 0, sizeof( SHA1_CTX ) ); + + SHA1_LOCK(); + SHA1_TAKE(); ets_sha_enable(); + SHA1_UNLOCK(); } void sha1_free( SHA1_CTX *ctx ) @@ -45,7 +50,12 @@ void sha1_free( SHA1_CTX *ctx ) return; sha1_zeroize( ctx, sizeof( SHA1_CTX ) ); - ets_sha_disable(); + + SHA1_LOCK(); + SHA1_GIVE(); + if (false == SHA1_IS_USED()) + ets_sha_disable(); + SHA1_UNLOCK(); } void sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src ) @@ -63,7 +73,10 @@ void sha1_process(SHA1_CTX *ctx, const unsigned char data[64]) */ void sha1_starts( SHA1_CTX *ctx ) { + SHA1_LOCK(); ets_sha_init(&ctx->context); + SHA1_UNLOCK(); + ctx->context_type = SHA1; } @@ -72,6 +85,7 @@ void sha1_starts( SHA1_CTX *ctx ) */ void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) { + SHA1_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -81,6 +95,7 @@ void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen ) void sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA1_UNLOCK(); } /* diff --git a/components/mbedtls/port/sha256_alt.c b/components/mbedtls/port/sha256_alt.c index 781cfa7a1..fc8769d1b 100644 --- a/components/mbedtls/port/sha256_alt.c +++ b/components/mbedtls/port/sha256_alt.c @@ -27,6 +27,7 @@ #if defined(ESP_SHA256_C) #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void sha256_zeroize( void *v, size_t n ) { @@ -36,7 +37,11 @@ static void sha256_zeroize( void *v, size_t n ) { void sha256_init( SHA256_CTX *ctx ) { memset( ctx, 0, sizeof( SHA256_CTX ) ); + + SHA256_LOCK(); + SHA256_TAKE(); ets_sha_enable(); + SHA256_UNLOCK(); } void sha256_process(SHA256_CTX *ctx, const unsigned char data[64]) @@ -50,7 +55,12 @@ void sha256_free( SHA256_CTX *ctx ) return; sha256_zeroize( ctx, sizeof( SHA256_CTX ) ); - ets_sha_disable(); + + SHA256_LOCK(); + SHA256_GIVE(); + if (false == SHA256_IS_USED()) + ets_sha_disable(); + SHA256_UNLOCK(); } void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) @@ -63,7 +73,10 @@ void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src ) */ void sha256_starts( SHA256_CTX *ctx, int is224 ) { + SHA256_LOCK(); ets_sha_init(&ctx->context); + SHA256_UNLOCK(); + if( is224 == 0 ) { /* SHA-256 */ @@ -79,6 +92,7 @@ void sha256_starts( SHA256_CTX *ctx, int is224 ) */ void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) { + SHA256_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -88,6 +102,7 @@ void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen ) void sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA256_UNLOCK(); } /* diff --git a/components/mbedtls/port/sha512_alt.c b/components/mbedtls/port/sha512_alt.c index 9884dd8d1..02d315681 100644 --- a/components/mbedtls/port/sha512_alt.c +++ b/components/mbedtls/port/sha512_alt.c @@ -26,6 +26,7 @@ #if defined(ESP_SHA512_C) #include +#include "multi_thread.h" /* Implementation that should never be optimized out by the compiler */ static void sha512_zeroize( void *v, size_t n ) { @@ -35,7 +36,11 @@ static void sha512_zeroize( void *v, size_t n ) { void sha512_init( SHA512_CTX *ctx ) { memset( ctx, 0, sizeof( SHA512_CTX ) ); + + SHA512_LOCK(); + SHA512_TAKE(); ets_sha_enable(); + SHA512_UNLOCK(); } void sha512_free( SHA512_CTX *ctx ) @@ -44,7 +49,12 @@ void sha512_free( SHA512_CTX *ctx ) return; sha512_zeroize( ctx, sizeof( SHA512_CTX ) ); - ets_sha_disable(); + + SHA512_LOCK(); + SHA512_GIVE(); + if (false == SHA512_IS_USED()) + ets_sha_disable(); + SHA512_UNLOCK(); } void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) @@ -57,7 +67,9 @@ void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src ) */ void sha512_starts( SHA512_CTX *ctx, int is384 ) { + SHA512_LOCK(); ets_sha_init(&ctx->context); + SHA512_UNLOCK(); if( is384 == 0 ) { /* SHA-512 */ @@ -75,6 +87,7 @@ void sha512_starts( SHA512_CTX *ctx, int is384 ) */ void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) { + SHA512_LOCK(); ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8); } @@ -84,6 +97,7 @@ void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen ) void sha512_finish( SHA512_CTX *ctx, unsigned char output[64] ) { ets_sha_finish(&ctx->context, ctx->context_type, output); + SHA512_UNLOCK(); } /*