This commit resolves a blocking in esp_aes_block function.
Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.
Fix some related issue with shared using of AES SHA RSA accelerators.
Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
(ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
implications if using DER formatted certificates, RSA ciphersuites only,
etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and ecp_precompute_comb() fails (which can happen due to OOM), then the new array of points T was leaked.
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
Since mbedtls_net_errno is reset by fcntl, it is reset after calling
net_would_block, so the call to mbedtls_net_errno in mbedtls_net_recv
and mbedtls_net_send will always get back 0. This change propagates
the value returned by mbedtls_net_errno up through net_would_block,
to allow the correct error value to be used and avoid a redundant
call to mbedtls_net_errno.
Merges PR #511https://github.com/espressif/esp-idf/pull/511
Add dynamic interrupt allocation mechanism
This adds:
- Dynamic allocation of interrupts. Pass it the features of the interrupt you want, it'll set you up with an int.
- Shared interrupts. Enables multiple peripheral drivers to use the same interrupt.
- Marking what interrupts are fully executable from IRAM; if an int isn't marked like that it will get disabled once flash cache gets disabled.
Also:
- Modifies driver to be in line with these changes
See merge request !254
SHA acceleration integrated to mbedTLS incl. TLS sessions
Uses hardware SHA acceleration where available, fails over to software where not available.
Ref TW7112
See merge request !232
Refs:
http://esp32.com/viewtopic.php?f=13&t=550http://esp32.com/viewtopic.php?f=13&t=551
rmt.c should include stdlib.h for malloc, esp_bignum,c &
https_request_main.c for abort().
FreeRTOSConfig.h is only including stdlib if
CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION is set. However, it is
included for abort() so needs to be included whenever
CONFIG_FREERTOS_ASSERT_FAIL_ABORT is set.
This change includes unconditionally in FreeRTOSConfig.h. This is to
avoid this kind of bug where compiler errors are dependent on config. I
suggest we don't change this to be more selective until we have 'make
randomconfig' style tests in CI.
