Commit graph

87 commits

Author SHA1 Message Date
Konstantin Kondrashov
7761b0f28b aes/sha/mpi: Bugfix a use of shared registers.
This commit resolves a blocking in esp_aes_block function.

Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.

Fix some related issue with shared using of AES SHA RSA accelerators.

Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
2018-11-19 20:57:01 +08:00
Ivan Grokhotkov
8de29499ce mbedtls: Add bounds check before length read
This is part of the patch for CVE-2018-9989.
Cherry-picked from 740b218386
Ref. https://github.com/espressif/esp-idf/issues/1860
2018-04-19 12:58:48 +08:00
Ivan Grokhotkov
ffab6084f0 mbedtls: Prevent arithmetic overflow on bounds check
Part of the patch for CVE-2018-9989.
Cherry-picked from 5224a7544c.
Ref. https://github.com/espressif/esp-idf/issues/1860
2018-04-19 12:58:48 +08:00
Ivan Grokhotkov
f58c664e2b mbedtls: Add bounds check before signature length read
Part of the patch for CVE-2018-9988.
Cherry-picked from a1098f81c2
Ref. https://github.com/espressif/esp-idf/issues/1860
2018-04-19 12:58:47 +08:00
Ivan Grokhotkov
b42ba1b0a5 mbedtls: Prevent arithmetic overflow on bounds check
Part of the patch for CVE-2018-9988.
Cherry-pick of 027f84c69f
Ref. https://github.com/espressif/esp-idf/issues/1860
2018-04-19 12:58:47 +08:00
Ivan Grokhotkov
67ba85650d mbedtls: Prevent bounds check bypass through overflow in PSK identity parsing
This is a patch for CVE-2017-18187.
Cherry-picked from 83c9f495ff
Ref. https://github.com/espressif/esp-idf/issues/1730
2018-04-19 12:58:47 +08:00
Ivan Grokhotkov
0a97cb62ef mbedtls: disable support for RSASSA-PSS signatures
This is a workaround for CVE-2018-0487.
Ref. https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Ref. https://github.com/espressif/esp-idf/issues/1730
2018-04-19 12:58:47 +08:00
Ivan Grokhotkov
594e1b5e44 mbedtls: disable truncated HMAC
This is a workaround for CVE-2018-0488.
Ref. https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Ref. https://github.com/espressif/esp-idf/issues/1730
2018-04-19 12:26:41 +08:00
Paul Reimer
8388e1be54 Add #include guards and __cplusplus guards to esp_debug.h
Merges https://github.com/espressif/esp-idf/pull/1358
2017-12-27 16:54:16 +08:00
Ivan Grokhotkov
744896bde2 Merge branch 'bugfix/hardware_mpi_sign' into 'master'
hwcrypto mpi: Fix losing sign when multiplying by -1 (github PR)

Contribution from github: https://github.com/espressif/esp-idf/pull/1181/

See merge request !1471
2017-11-07 19:30:31 +08:00
Alexey Skalozub
5405255928 Fix losing sign when multiplying by -1 2017-10-28 03:47:00 +03:00
Andreas Pokorny
2a1906cf50 Ensure that C++ and C compilers get the same preprocessor setup
CPPFLAGS is applied for both languages while CFLAGS only for C

Signed-off-by: Andreas Pokorny <andreas.pokorny@siemens.com>
2017-10-26 13:04:41 +02:00
Angus Gratton
c503a01388 mbedtls: Rename net to net_sockets (in line with 2.4.0 API change) 2017-09-07 18:02:39 +10:00
Angus Gratton
3a08ec7b3d mbedtls: Re-apply: MBEDTLS_SHA512_ALT also replaces mbedtls_sha512_process()
IDF-specific patch.
2017-09-07 18:02:26 +10:00
Angus Gratton
3142997830 mbedtls: Re-apply ECP memory leak fix
Fix not yet submitted upstream.

(Previously applied in ffefeef5ea)
2017-09-07 18:02:26 +10:00
Angus Gratton
736db688a8 mbedtls: Re-apply MBEDTLS_BIGNUM_ALT & related macros for custom bignum functions
(IDF-specific patch.)
2017-09-07 18:02:26 +10:00
Angus Gratton
ae382b3bfa mbedtls: Update to 2.6.0 release (without IDF-specific patches) 2017-09-07 18:02:26 +10:00
Angus Gratton
8ce09c2c1c mbedtls: Don't assign ctx->fd until connect() or bind() has succeeded
Avoid leaking closed file descriptors via ctx->fd

Reported: https://esp32.com/viewtopic.php?f=13&t=2910&sid=8568b1fd93a4c8d5760628a638efc48b#p13620
2017-09-05 11:08:35 +10:00
Angus Gratton
0ea4cd67dd mbedtls: Remove "unsafe" warning, enable AES by default & make SHA/MPI optional 2017-08-25 16:08:03 +10:00
Angus Gratton
2624e10055 esp32 hwcrypto: Use AES registers directly 2017-08-25 16:08:03 +10:00
Angus Gratton
99c663a6e9 mbedtls tests: utility tests for APB corruption
Used when running mbedTLS self-tests to verify DPORT protection is working correctly.
2017-08-25 16:08:03 +10:00
Angus Gratton
7be002ec0f hwcrypto bignum/MPI: Batch safe DPORT reads to improve performance 2017-08-25 16:08:02 +10:00
Ivan Grokhotkov
08287852ab esp32: add protection for DPORT registers of RSA 2017-08-25 16:08:02 +10:00
Ivan Grokhotkov
87a0ec77b5 Merge branch 'bugfix/mbedtls_config_mismatch' into 'master'
mbedtls: Add a shim header to account for including "mbedtls/config.h" directly in program

See merge request !1125
2017-08-24 14:40:39 +08:00
Ivan Grokhotkov
08e787dc4d mbedtls: remove duplicate Kconfig options 2017-08-22 15:12:35 +08:00
Angus Gratton
2c0ff0c1e1 mbedtls: Add a shim header to account for including "mbedtls/config.h" directly in program
Previously this resulted in a config mismatch between default config and esp_config.h

Closes https://github.com/espressif/esp-idf/issues/711
2017-08-21 12:37:53 +10:00
Angus Gratton
66ad84d318 mbedtls: Add more config options to disable Elliptic Curve features
Can save up to an additional 20KB when not using EC in TLS, or disable
unwanted features as needed.
2017-08-18 17:44:33 +10:00
Angus Gratton
c0f65f6680 mbedtls: Expose compile-time config, disable some things by default
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
  (ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
  implications if using DER formatted certificates, RSA ciphersuites only,
  etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
2017-08-18 17:15:08 +10:00
Angus Gratton
ffefeef5ea mbedtls: Fix memory leak in initial ECDH exchange if OOM/failure occurs
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and ecp_precompute_comb() fails (which can happen due to OOM), then the new array of points T was leaked.
2017-07-12 16:34:26 +08:00
Angus Gratton
fd9d889e62 mbedtls unit tests: Allow for longer timeout using software SHA
Hardware SHA runs SHA operations faster than software...
2017-07-06 15:54:01 +08:00
Angus Gratton
c35aa1d9a2 mbedtls: Temporarily disable hardware acceleration in dual-core mode
Temporary fix, until DPORT bugs in crypto accelerators are completely fixed.
2017-07-05 12:03:00 +08:00
Tian Hao
26a3cb93c7 component/soc : move dport access header files to soc
1. move dport access header files to soc
2. reduce dport register write protection. Only protect read operation
2017-05-09 18:06:00 +08:00
Tian Hao
f7e8856520 component/esp32 : fix dualcore bug
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
2017-05-08 21:53:43 +08:00
Michael Kellner
a523aa3ef5 mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets
Since mbedtls_net_errno is reset by fcntl, it is reset after calling
net_would_block, so the call to mbedtls_net_errno in mbedtls_net_recv
and mbedtls_net_send will always get back 0. This change propagates
the value returned by mbedtls_net_errno up through net_would_block,
to allow the correct error value to be used and avoid a redundant
call to mbedtls_net_errno.

Merges PR #511 https://github.com/espressif/esp-idf/pull/511
2017-04-21 10:46:34 +10:00
Ivan Grokhotkov
829800f272 Merge branch 'bugfix/mbedtls_non_blocking_sockets' into 'master'
mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets

Previous code read non-blocking status via fcntl first, which resets errno.

* Closes #424 https://github.com/espressif/esp-idf/pull/424
* Merges #425 https://github.com/espressif/esp-idf/pull/425

See merge request !575
2017-03-15 10:39:53 +08:00
Neil Kolban
16e1a2716e mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets
Previous code read non-blocking status via fcntl first, which resets errno.

Closes #424 https://github.com/espressif/esp-idf/pull/424
Merges #425 https://github.com/espressif/esp-idf/pull/425
2017-03-13 15:45:11 +08:00
Angus Gratton
74817c35f3 mbedtls: Enable filesystem support 2017-03-08 09:55:31 +11:00
Angus Gratton
0b7058d8ef mbedTLS: Add generic support for mbedTLS debug output via the esp_log functionality 2017-03-07 10:18:47 +11:00
Anne Jan Brouwer
ec31b39989 Added missing platform.h to mbedtls ssl.h
There was a missing definition of mbedtls_time_t

See for example:
https://travis-ci.org/SHA2017-badge/Firmware/jobs/202459377

Merges #348 https://github.com/espressif/esp-idf/pull/348
2017-03-03 14:59:15 +11:00
Angus Gratton
64e6e7a0ae mbedtls: Use two MPI multiplications when multiply operands too large
Allows RSA4096 via hardware crypto operations.

See github #139 https://github.com/espressif/esp-idf/issues/139
2017-01-31 14:36:26 +11:00
antti
f8b5c29346 esp32: add [ignore] tag to some unit test cases for CI
Add ignore tag on unit test cases that are not supported in CI yet
2017-01-18 17:08:20 +08:00
Ivan Grokhotkov
d6842e537c mbedtls: give SHA test slightly more time to run 2017-01-11 21:30:23 +08:00
Jeroen Domburg
bf57594ebe Merge branch 'feature/intr_alloc' into 'master'
Add dynamic interrupt allocation mechanism

This adds:
- Dynamic allocation of interrupts. Pass it the features of the interrupt you want, it'll set you up with an int.
- Shared interrupts. Enables multiple peripheral drivers to use the same interrupt. 
- Marking what interrupts are fully executable from IRAM; if an int isn't marked like that it will get disabled once flash cache gets disabled.

Also:
- Modifies driver to be in line with these changes

See merge request !254
2016-12-09 14:00:39 +08:00
Liu Han
c1802eaa98 components/mbedtls: add time and time data configuration at menuconfig 2016-12-08 13:33:47 +08:00
Jeroen Domburg
32fa94935d Changes according to merge request 2016-12-08 12:39:33 +08:00
Jeroen Domburg
655fd2986a Add interrupt allocation scheme / interrupt sharing. Also modifies drivers and examples. Also allows interrupts
to be marked specifically as having a handler that's all in IRAM.
2016-12-08 12:39:33 +08:00
Angus Gratton
88b264cfce mbedTLS SHA: Fix cloning of SHA-384 digests
Hardware unit only reads 384 bits of state for SHA-384 LOAD,
which is enough for final digest but not enough if you plan to
resume digest in software.
2016-11-25 19:26:30 +11:00
Angus Gratton
a902e2a9de mbedtls tests: Add additional MPI (bignum), SHA tests 2016-11-25 19:21:49 +11:00
Angus Gratton
d0801fdbab Merge branch 'feature/sha_tls_integration' into 'master'
SHA acceleration integrated to mbedTLS incl. TLS sessions

Uses hardware SHA acceleration where available, fails over to software where not available.

Ref TW7112

See merge request !232
2016-11-25 10:12:29 +08:00
Angus Gratton
79646f41b5 Fixes for stdlib.h inclusion
Refs:
http://esp32.com/viewtopic.php?f=13&t=550
http://esp32.com/viewtopic.php?f=13&t=551

rmt.c should include stdlib.h for malloc, esp_bignum,c &
https_request_main.c for abort().

FreeRTOSConfig.h is only including stdlib if
CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION is set. However, it is
included for abort() so needs to be included whenever
CONFIG_FREERTOS_ASSERT_FAIL_ABORT is set.

This change includes unconditionally in FreeRTOSConfig.h. This is to
avoid this kind of bug where compiler errors are dependent on config. I
suggest we don't change this to be more selective until we have 'make
randomconfig' style tests in CI.
2016-11-24 08:20:21 +11:00