Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
4596 commits 10 branches 75 tags 114 MiB
Commit graph

53 commits

Author SHA1 Message Date
Ivan Grokhotkov
0a97cb62ef mbedtls: disable support for RSASSA-PSS signatures 
This is a workaround for CVE-2018-0487.
Ref. https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Ref. https://github.com/espressif/esp-idf/issues/1730
 2018-04-19 12:58:47 +08:00
Ivan Grokhotkov
594e1b5e44 mbedtls: disable truncated HMAC 
This is a workaround for CVE-2018-0488.
Ref. https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Ref. https://github.com/espressif/esp-idf/issues/1730
 2018-04-19 12:26:41 +08:00
Paul Reimer
8388e1be54 Add #include guards and __cplusplus guards to esp_debug.h 
Merges https://github.com/espressif/esp-idf/pull/1358
 2017-12-27 16:54:16 +08:00
Alexey Skalozub
5405255928 Fix losing sign when multiplying by -1 2017-10-28 03:47:00 +03:00
Angus Gratton
c503a01388 mbedtls: Rename net to net_sockets (in line with 2.4.0 API change) 2017-09-07 18:02:39 +10:00
Angus Gratton
ae382b3bfa mbedtls: Update to 2.6.0 release (without IDF-specific patches) 2017-09-07 18:02:26 +10:00
Angus Gratton
8ce09c2c1c mbedtls: Don't assign ctx->fd until connect() or bind() has succeeded 
Avoid leaking closed file descriptors via ctx->fd

Reported: https://esp32.com/viewtopic.php?f=13&t=2910&sid=8568b1fd93a4c8d5760628a638efc48b#p13620
 2017-09-05 11:08:35 +10:00
Angus Gratton
2624e10055 esp32 hwcrypto: Use AES registers directly 2017-08-25 16:08:03 +10:00
Angus Gratton
7be002ec0f hwcrypto bignum/MPI: Batch safe DPORT reads to improve performance 2017-08-25 16:08:02 +10:00
Ivan Grokhotkov
08287852ab esp32: add protection for DPORT registers of RSA 2017-08-25 16:08:02 +10:00
Angus Gratton
2c0ff0c1e1 mbedtls: Add a shim header to account for including "mbedtls/config.h" directly in program 
Previously this resulted in a config mismatch between default config and esp_config.h

Closes https://github.com/espressif/esp-idf/issues/711
 2017-08-21 12:37:53 +10:00
Angus Gratton
66ad84d318 mbedtls: Add more config options to disable Elliptic Curve features 
Can save up to an additional 20KB when not using EC in TLS, or disable
unwanted features as needed.
 2017-08-18 17:44:33 +10:00
Angus Gratton
c0f65f6680 mbedtls: Expose compile-time config, disable some things by default 
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
  (ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
  implications if using DER formatted certificates, RSA ciphersuites only,
  etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
 2017-08-18 17:15:08 +10:00
Tian Hao
26a3cb93c7 component/soc : move dport access header files to soc 
1. move dport access header files to soc
2. reduce dport register write protection. Only protect read operation
 2017-05-09 18:06:00 +08:00
Tian Hao
f7e8856520 component/esp32 : fix dualcore bug 
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
 2017-05-08 21:53:43 +08:00
Michael Kellner
a523aa3ef5 mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets 
Since mbedtls_net_errno is reset by fcntl, it is reset after calling
net_would_block, so the call to mbedtls_net_errno in mbedtls_net_recv
and mbedtls_net_send will always get back 0. This change propagates
the value returned by mbedtls_net_errno up through net_would_block,
to allow the correct error value to be used and avoid a redundant
call to mbedtls_net_errno.

Merges PR #511 https://github.com/espressif/esp-idf/pull/511
 2017-04-21 10:46:34 +10:00
Ivan Grokhotkov
829800f272 Merge branch 'bugfix/mbedtls_non_blocking_sockets' into 'master' 
mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets

Previous code read non-blocking status via fcntl first, which resets errno.

* Closes #424 https://github.com/espressif/esp-idf/pull/424
* Merges #425 https://github.com/espressif/esp-idf/pull/425

See merge request !575
 2017-03-15 10:39:53 +08:00
Neil Kolban
16e1a2716e mbedtls port: Fix detection of EWOULDBLOCK/EAGAIN with non-blocking sockets 
Previous code read non-blocking status via fcntl first, which resets errno.

Closes #424 https://github.com/espressif/esp-idf/pull/424
Merges #425 https://github.com/espressif/esp-idf/pull/425
 2017-03-13 15:45:11 +08:00
Angus Gratton
74817c35f3 mbedtls: Enable filesystem support 2017-03-08 09:55:31 +11:00
Angus Gratton
0b7058d8ef mbedTLS: Add generic support for mbedTLS debug output via the esp_log functionality 2017-03-07 10:18:47 +11:00
Angus Gratton
64e6e7a0ae mbedtls: Use two MPI multiplications when multiply operands too large 
Allows RSA4096 via hardware crypto operations.

See github #139 https://github.com/espressif/esp-idf/issues/139
 2017-01-31 14:36:26 +11:00
Jeroen Domburg
bf57594ebe Merge branch 'feature/intr_alloc' into 'master' 
Add dynamic interrupt allocation mechanism

This adds:
- Dynamic allocation of interrupts. Pass it the features of the interrupt you want, it'll set you up with an int.
- Shared interrupts. Enables multiple peripheral drivers to use the same interrupt. 
- Marking what interrupts are fully executable from IRAM; if an int isn't marked like that it will get disabled once flash cache gets disabled.

Also:
- Modifies driver to be in line with these changes

See merge request !254
 2016-12-09 14:00:39 +08:00
Liu Han
c1802eaa98 components/mbedtls: add time and time data configuration at menuconfig 2016-12-08 13:33:47 +08:00
Jeroen Domburg
655fd2986a Add interrupt allocation scheme / interrupt sharing. Also modifies drivers and examples. Also allows interrupts 
to be marked specifically as having a handler that's all in IRAM.
 2016-12-08 12:39:33 +08:00
Angus Gratton
88b264cfce mbedTLS SHA: Fix cloning of SHA-384 digests 
Hardware unit only reads 384 bits of state for SHA-384 LOAD,
which is enough for final digest but not enough if you plan to
resume digest in software.
 2016-11-25 19:26:30 +11:00
Angus Gratton
d0801fdbab Merge branch 'feature/sha_tls_integration' into 'master' 
SHA acceleration integrated to mbedTLS incl. TLS sessions

Uses hardware SHA acceleration where available, fails over to software where not available.

Ref TW7112

See merge request !232
 2016-11-25 10:12:29 +08:00
Angus Gratton
79646f41b5 Fixes for stdlib.h inclusion 
Refs:
http://esp32.com/viewtopic.php?f=13&t=550
http://esp32.com/viewtopic.php?f=13&t=551

rmt.c should include stdlib.h for malloc, esp_bignum,c &
https_request_main.c for abort().

FreeRTOSConfig.h is only including stdlib if
CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION is set. However, it is
included for abort() so needs to be included whenever
CONFIG_FREERTOS_ASSERT_FAIL_ABORT is set.

This change includes unconditionally in FreeRTOSConfig.h. This is to
avoid this kind of bug where compiler errors are dependent on config. I
suggest we don't change this to be more selective until we have 'make
randomconfig' style tests in CI.
 2016-11-24 08:20:21 +11:00
Angus Gratton
2561b68af8 hwcrypto: Fixes for disabling one hardware unit causing reset of a different unit 
ROM functions reset related units, but this can have problems in a
multithreaded environment.
 2016-11-22 20:42:38 +11:00
Angus Gratton
c48612e516 mbedTLS SHA acceleration: Allow concurrent digest calculation, works with TLS 
SHA hardware allows each of SHA1, SHA256, SHA384&SHA512 to calculate digests
concurrently.

Currently incompatible with AES acceleration due to a hardware reset problem.

Ref TW7111.
 2016-11-22 20:42:38 +11:00
Angus Gratton
1d47755588 mbedtls hardware bignum: Use memcpy instead of REG_WRITE/REG_READ in a loop 
Removes memory barriers for better performance, thanks Ivan for pointing
this out.

Manually unrolling the loop further seemed like diminishing returns.
 2016-11-21 18:09:09 +11:00
Angus Gratton
1cc0b3000b mbedtls hardware bignum: Expose ESP-only bignum API in wrapper mbedtls/bignum.h 2016-11-18 17:08:14 +11:00
Angus Gratton
36f29017b6 mbedtls hardware bignum: Support "RSA" interrupt for end of operation 
Allows CPU to do other things which bignum operation is in
progress.
 2016-11-18 15:53:00 +11:00
Angus Gratton
68d370542a mbedtls hardware RSA: Put into menuconfig, squash warnings 
All combinations of enabling/disabling hardware acceleration no longer
show unused warnings.
 2016-11-18 15:50:45 +11:00
Angus Gratton
f87be70d51 mbedtls hardware RSA: Combine methods for calculating M' & r inverse 
Remove redundant gcd calculation, use consistent terminology.
Also remove leftover debugging code
 2016-11-18 14:10:20 +11:00
Dong Heng
6b687b43f4 mbedtls hardware RSA: Fix "mbedtls_mpi_exp_mod" hardware calculations 2016-11-18 14:09:59 +11:00
Angus Gratton
ce7b8059de RSA Accelerator: Remove timing-sensitive optimisations 
Avoid potentially leaking timing information about number of bits set in
MPI values.
 2016-10-12 17:18:24 +11:00
Angus Gratton
9632c8e56c RSA Accelerator: Add mod_exp, refactor to avoid memory allocation & copying 
Not fully working at the moment, mod_exp has a bug.
 2016-10-12 16:19:09 +11:00
Angus Gratton
6b3bc4d8c5 hwcrypto bignum: Implement multiplication modulo 
Fixes case where hardware bignum multiplication fails due to either
operand >2048 bits.
 2016-10-12 15:45:08 +11:00
Angus Gratton
1a6dd44d03 hwcrypto bignum: Use mbedtls_mpi data structures for all bignum data 
Still doesn't solve the problem of multiplying two numbers where one is
>2048 bits, needed for RSA support.
 2016-10-12 15:45:08 +11:00
Angus Gratton
aa75a71917 mbedtls: Add some initial menuconfig options 2016-09-27 10:38:00 +10:00
Jeroen Domburg
4d4c6a3694 Enable SO_REUSEADDR in LWIP 2016-09-18 16:43:48 +08:00
Angus Gratton
67a26d52ac mbedtls: Temporarily disable default hardware crypto SHA & bignum 
Due to limitations referenced in the comments of the changes.
 2016-09-14 17:52:39 +10:00
Angus Gratton
f01cabf71d mbedtls hwcrypto sha512: Fix redirection of function names 2016-09-14 17:52:24 +10:00
Angus Gratton
264b115eb0 mbedtls: Move esp_config.h file to port directory 2016-09-09 14:06:14 +10:00
Angus Gratton
a939c15723 mbedtls networking: Remove WIN32 parts, minor cleanup 2016-09-09 11:24:35 +10:00
Wu Jian Gang
95defc7d32 mbedtls: Use hardware accelerated AES, SHA, bignum 2016-09-08 17:41:43 +08:00
Wu Jian Gang
fc2bfc1f49 mbedtls: just format related files 
method from !46
 2016-09-08 16:46:25 +08:00
liuhan
f4ff32977d components/mbedtls: modify MBEDTLS net feature 
modify get the connection's 'errno' info by calling getsockopt function.
 2016-09-08 16:46:21 +08:00
liuhan
1900c50d3b components/mbedtls: modify hardware encryption feature 
rename "flag" and "keybites" in aes file,
rename "xxx_starts" and add license in sha file.
 2016-09-08 16:45:51 +08:00
liuhan
2d80fada70 components/mbedtls: MBEDTLS Handshake result check 
modify esp_config.h add some feature for support http2.0 protocol, TLS Handshake OK.
 2016-09-08 16:45:44 +08:00