diff --git a/lib/mbedtls_config/crt_bundle.c b/lib/mbedtls_config/crt_bundle.c index 678b7a5e2f4c..b0994e22ab9b 100644 --- a/lib/mbedtls_config/crt_bundle.c +++ b/lib/mbedtls_config/crt_bundle.c @@ -19,7 +19,8 @@ #include "py/runtime.h" #include "py/mperrno.h" -#include "lib/mbedtls/include/mbedtls/x509_crt.h" +#include "mbedtls/version.h" +#include "mbedtls/x509_crt.h" #include "lib/mbedtls_config/crt_bundle.h" #define BUNDLE_HEADER_OFFSET 2 @@ -55,6 +56,10 @@ static crt_bundle_t s_crt_bundle; static int crt_check_signature(mbedtls_x509_crt *child, const uint8_t *pub_key_buf, size_t pub_key_len); +#if MBEDTLS_VERSION_MAJOR < 3 +#define MBEDTLS_PRIVATE(x) x +#endif + static int crt_check_signature(mbedtls_x509_crt *child, const uint8_t *pub_key_buf, size_t pub_key_len) { int ret = 0; mbedtls_x509_crt parent; @@ -70,21 +75,22 @@ static int crt_check_signature(mbedtls_x509_crt *child, const uint8_t *pub_key_b // Fast check to avoid expensive computations when not necessary - if (!mbedtls_pk_can_do(&parent.pk, child->sig_pk)) { + if (!mbedtls_pk_can_do(&parent.pk, child->MBEDTLS_PRIVATE(sig_pk))) { LOGE(TAG, "Simple compare failed"); ret = -1; goto cleanup; } - md_info = mbedtls_md_info_from_type(child->sig_md); + md_info = mbedtls_md_info_from_type(child->MBEDTLS_PRIVATE(sig_md)); if ((ret = mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash)) != 0) { LOGE(TAG, "Internal mbedTLS error %X", ret); goto cleanup; } - if ((ret = mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent.pk, - child->sig_md, hash, mbedtls_md_get_size(md_info), - child->sig.p, child->sig.len)) != 0) { + if ((ret = mbedtls_pk_verify_ext( + child->MBEDTLS_PRIVATE(sig_pk), child->MBEDTLS_PRIVATE(sig_opts), &parent.pk, + child->MBEDTLS_PRIVATE(sig_md), hash, mbedtls_md_get_size(md_info), + child->MBEDTLS_PRIVATE(sig).p, child->MBEDTLS_PRIVATE(sig).len)) != 0) { LOGE(TAG, "PK verify failed with error %X", ret); goto cleanup; diff --git a/lib/mbedtls_errors/mp_mbedtls_errors.c b/lib/mbedtls_errors/mp_mbedtls_errors.c index fabbb15e4eb6..7c005c256db8 100644 --- a/lib/mbedtls_errors/mp_mbedtls_errors.c +++ b/lib/mbedtls_errors/mp_mbedtls_errors.c @@ -154,8 +154,12 @@ #endif #if defined(MBEDTLS_PADLOCK_C) +#if defined(MBEDTLS_PADLOCK_FILE) +#include MBEDTLS_PADLOCK_FILE +#else #include "mbedtls/padlock.h" #endif +#endif #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) #include "mbedtls/pem.h" @@ -235,7 +239,9 @@ static const struct ssl_errs mbedtls_high_level_error_tab[] = { { -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED), "CIPHER_FULL_BLOCK_EXPECTED" }, { -(MBEDTLS_ERR_CIPHER_AUTH_FAILED), "CIPHER_AUTH_FAILED" }, { -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT), "CIPHER_INVALID_CONTEXT" }, +#if defined(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED), "CIPHER_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) @@ -261,7 +267,9 @@ static const struct ssl_errs mbedtls_high_level_error_tab[] = { { -(MBEDTLS_ERR_ECP_RANDOM_FAILED), "ECP_RANDOM_FAILED" }, { -(MBEDTLS_ERR_ECP_INVALID_KEY), "ECP_INVALID_KEY" }, { -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH), "ECP_SIG_LEN_MISMATCH" }, +#if defined(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED), "ECP_HW_ACCEL_FAILED" }, +#endif { -(MBEDTLS_ERR_ECP_IN_PROGRESS), "ECP_IN_PROGRESS" }, #endif /* MBEDTLS_ECP_C */ @@ -270,7 +278,9 @@ static const struct ssl_errs mbedtls_high_level_error_tab[] = { { -(MBEDTLS_ERR_MD_BAD_INPUT_DATA), "MD_BAD_INPUT_DATA" }, { -(MBEDTLS_ERR_MD_ALLOC_FAILED), "MD_ALLOC_FAILED" }, { -(MBEDTLS_ERR_MD_FILE_IO_ERROR), "MD_FILE_IO_ERROR" }, +#if defined(MBEDTLS_ERR_MD_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED), "MD_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) @@ -300,7 +310,9 @@ static const struct ssl_errs mbedtls_high_level_error_tab[] = { { -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE), "PK_UNKNOWN_NAMED_CURVE" }, { -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE), "PK_FEATURE_UNAVAILABLE" }, { -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH), "PK_SIG_LEN_MISMATCH" }, +#if defined(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED), "PK_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_PKCS12_C) @@ -327,8 +339,12 @@ static const struct ssl_errs mbedtls_high_level_error_tab[] = { { -(MBEDTLS_ERR_RSA_VERIFY_FAILED), "RSA_VERIFY_FAILED" }, { -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE), "RSA_OUTPUT_TOO_LARGE" }, { -(MBEDTLS_ERR_RSA_RNG_FAILED), "RSA_RNG_FAILED" }, +#if defined(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) { -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION), "RSA_UNSUPPORTED_OPERATION" }, +#endif +#if defined(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED), "RSA_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) @@ -337,35 +353,75 @@ static const struct ssl_errs mbedtls_high_level_error_tab[] = { { -(MBEDTLS_ERR_SSL_INVALID_MAC), "SSL_INVALID_MAC" }, { -(MBEDTLS_ERR_SSL_INVALID_RECORD), "SSL_INVALID_RECORD" }, { -(MBEDTLS_ERR_SSL_CONN_EOF), "SSL_CONN_EOF" }, +#if defined(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER) { -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER), "SSL_UNKNOWN_CIPHER" }, +#endif +#if defined(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN) { -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN), "SSL_NO_CIPHER_CHOSEN" }, +#endif { -(MBEDTLS_ERR_SSL_NO_RNG), "SSL_NO_RNG" }, { -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE), "SSL_NO_CLIENT_CERTIFICATE" }, +#if defined(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE) { -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE), "SSL_CERTIFICATE_TOO_LARGE" }, +#endif +#if defined(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED) { -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED), "SSL_CERTIFICATE_REQUIRED" }, +#endif { -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED), "SSL_PRIVATE_KEY_REQUIRED" }, { -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED), "SSL_CA_CHAIN_REQUIRED" }, { -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE), "SSL_UNEXPECTED_MESSAGE" }, +#if defined(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED) { -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED), "SSL_PEER_VERIFY_FAILED" }, +#endif { -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY), "SSL_PEER_CLOSE_NOTIFY" }, +#if defined(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO) { -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO), "SSL_BAD_HS_CLIENT_HELLO" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO) { -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO), "SSL_BAD_HS_SERVER_HELLO" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE) { -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE), "SSL_BAD_HS_CERTIFICATE" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST) { -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST), "SSL_BAD_HS_CERTIFICATE_REQUEST" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE) { -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE), "SSL_BAD_HS_SERVER_KEY_EXCHANGE" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE) { -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE), "SSL_BAD_HS_SERVER_HELLO_DONE" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE) { -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE), "SSL_BAD_HS_CLIENT_KEY_EXCHANGE" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP) { -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP), "SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS) { -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS), "SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY) { -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY), "SSL_BAD_HS_CERTIFICATE_VERIFY" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC) { -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC), "SSL_BAD_HS_CHANGE_CIPHER_SPEC" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_FINISHED) { -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED), "SSL_BAD_HS_FINISHED" }, +#endif { -(MBEDTLS_ERR_SSL_ALLOC_FAILED), "SSL_ALLOC_FAILED" }, { -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED), "SSL_HW_ACCEL_FAILED" }, { -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH), "SSL_HW_ACCEL_FALLTHROUGH" }, +#if defined(MBEDTLS_ERR_SSL_COMPRESSION_FAILED) { -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED), "SSL_COMPRESSION_FAILED" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION) { -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION), "SSL_BAD_HS_PROTOCOL_VERSION" }, +#endif +#if defined(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET) { -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET), "SSL_BAD_HS_NEW_SESSION_TICKET" }, +#endif { -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED), "SSL_SESSION_TICKET_EXPIRED" }, { -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH), "SSL_PK_TYPE_MISMATCH" }, { -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY), "SSL_UNKNOWN_IDENTITY" }, @@ -374,14 +430,18 @@ static const struct ssl_errs mbedtls_high_level_error_tab[] = { { -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO), "SSL_WAITING_SERVER_HELLO_RENEGO" }, { -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED), "SSL_HELLO_VERIFY_REQUIRED" }, { -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL), "SSL_BUFFER_TOO_SMALL" }, +#if defined(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) { -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE), "SSL_NO_USABLE_CIPHERSUITE" }, +#endif { -(MBEDTLS_ERR_SSL_WANT_READ), "SSL_WANT_READ" }, { -(MBEDTLS_ERR_SSL_WANT_WRITE), "SSL_WANT_WRITE" }, { -(MBEDTLS_ERR_SSL_TIMEOUT), "SSL_TIMEOUT" }, { -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT), "SSL_CLIENT_RECONNECT" }, { -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD), "SSL_UNEXPECTED_RECORD" }, { -(MBEDTLS_ERR_SSL_NON_FATAL), "SSL_NON_FATAL" }, +#if defined(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) { -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH), "SSL_INVALID_VERIFY_HASH" }, +#endif { -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING), "SSL_CONTINUE_PROCESSING" }, { -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS), "SSL_ASYNC_IN_PROGRESS" }, { -(MBEDTLS_ERR_SSL_EARLY_MESSAGE), "SSL_EARLY_MESSAGE" }, @@ -424,8 +484,12 @@ static const struct ssl_errs mbedtls_low_level_error_tab[] = { { -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH), "AES_INVALID_KEY_LENGTH" }, { -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH), "AES_INVALID_INPUT_LENGTH" }, { -(MBEDTLS_ERR_AES_BAD_INPUT_DATA), "AES_BAD_INPUT_DATA" }, +#if defined(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) { -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE), "AES_FEATURE_UNAVAILABLE" }, +#endif +#if defined(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED), "AES_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_ARC4_C) @@ -435,8 +499,12 @@ static const struct ssl_errs mbedtls_low_level_error_tab[] = { #if defined(MBEDTLS_ARIA_C) { -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA), "ARIA_BAD_INPUT_DATA" }, { -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH), "ARIA_INVALID_INPUT_LENGTH" }, +#if defined(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) { -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE), "ARIA_FEATURE_UNAVAILABLE" }, +#endif +#if defined(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED), "ARIA_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_ARIA_C */ #if defined(MBEDTLS_ASN1_PARSE_C) @@ -480,13 +548,17 @@ static const struct ssl_errs mbedtls_low_level_error_tab[] = { #if defined(MBEDTLS_CCM_C) { -(MBEDTLS_ERR_CCM_BAD_INPUT), "CCM_BAD_INPUT" }, { -(MBEDTLS_ERR_CCM_AUTH_FAILED), "CCM_AUTH_FAILED" }, +#if defined(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED), "CCM_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHA20_C) { -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA), "CHACHA20_BAD_INPUT_DATA" }, { -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE), "CHACHA20_FEATURE_UNAVAILABLE" }, +#if defined(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED), "CHACHA20_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_CHACHA20_C */ #if defined(MBEDTLS_CHACHAPOLY_C) @@ -495,7 +567,9 @@ static const struct ssl_errs mbedtls_low_level_error_tab[] = { #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CMAC_C) +#if defined(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED), "CMAC_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) @@ -525,7 +599,9 @@ static const struct ssl_errs mbedtls_low_level_error_tab[] = { #if defined(MBEDTLS_GCM_C) { -(MBEDTLS_ERR_GCM_AUTH_FAILED), "GCM_AUTH_FAILED" }, +#if defined(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED), "GCM_HW_ACCEL_FAILED" }, +#endif { -(MBEDTLS_ERR_GCM_BAD_INPUT), "GCM_BAD_INPUT" }, #endif /* MBEDTLS_GCM_C */ @@ -549,7 +625,9 @@ static const struct ssl_errs mbedtls_low_level_error_tab[] = { #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) +#if defined(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED), "MD5_HW_ACCEL_FAILED" }, +#endif #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_NET_C) @@ -593,17 +671,23 @@ static const struct ssl_errs mbedtls_low_level_error_tab[] = { #endif /* MBEDTLS_RIPEMD160_C */ #if defined(MBEDTLS_SHA1_C) +#if defined(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED), "SHA1_HW_ACCEL_FAILED" }, +#endif { -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA), "SHA1_BAD_INPUT_DATA" }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED), "SHA256_HW_ACCEL_FAILED" }, +#endif { -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA), "SHA256_BAD_INPUT_DATA" }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) { -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED), "SHA512_HW_ACCEL_FAILED" }, +#endif { -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA), "SHA512_BAD_INPUT_DATA" }, #endif /* MBEDTLS_SHA512_C */ diff --git a/ports/espressif/Makefile b/ports/espressif/Makefile index eaa8e0eec90a..52145d21b79e 100644 --- a/ports/espressif/Makefile +++ b/ports/espressif/Makefile @@ -146,6 +146,7 @@ CFLAGS += \ -DHAVE_CONFIG_H \ -DESP_PLATFORM=1 \ -DMBEDTLS_CONFIG_FILE=\"mbedtls/esp_config.h\" \ + -DMBEDTLS_PADLOCK_FILE=\"ports/espressif/esp-idf/components/mbedtls/mbedtls/library/padlock.h\" \ -DUNITY_INCLUDE_CONFIG_H -DWITH_POSIX # Make our canary value match FreeRTOS's @@ -285,6 +286,8 @@ SRC_C += \ peripherals/i2c.c \ peripherals/$(IDF_TARGET)/pins.c +SRC_C += lib/mbedtls_config/crt_bundle.c + SRC_C += $(wildcard common-hal/espidf/*.c) ifneq ($(CIRCUITPY_ESP_USB_SERIAL_JTAG),0) diff --git a/ports/espressif/boards/espressif_esp32_eye/mpconfigboard.mk b/ports/espressif/boards/espressif_esp32_eye/mpconfigboard.mk index 069d35972f0c..7330569a4053 100644 --- a/ports/espressif/boards/espressif_esp32_eye/mpconfigboard.mk +++ b/ports/espressif/boards/espressif_esp32_eye/mpconfigboard.mk @@ -10,3 +10,8 @@ CIRCUITPY_ESP_FLASH_FREQ = 80m CIRCUITPY_ESP_PSRAM_SIZE = 8MB CIRCUITPY_ESP_PSRAM_MODE = qio CIRCUITPY_ESP_PSRAM_FREQ = 40m + +CIRCUITPY_NEOPIXEL_WRITE = 0 +CIRCUITPY_PS2IO = 0 +CIRCUITPY_ROTARYIO = 0 +CIRCUITPY_TOUCHIO = 0 diff --git a/ports/espressif/common-hal/socketpool/Socket.c b/ports/espressif/common-hal/socketpool/Socket.c index 509d1400c8a1..fb0aed2697cc 100644 --- a/ports/espressif/common-hal/socketpool/Socket.c +++ b/ports/espressif/common-hal/socketpool/Socket.c @@ -32,7 +32,7 @@ #include "py/runtime.h" #include "shared-bindings/socketpool/SocketPool.h" #include "shared-bindings/ssl/SSLSocket.h" -#include "common-hal/ssl/SSLSocket.h" +#include "shared-module/ssl/SSLSocket.h" #include "supervisor/port.h" #include "supervisor/shared/tick.h" #include "supervisor/workflow.h" diff --git a/ports/espressif/common-hal/socketpool/Socket.h b/ports/espressif/common-hal/socketpool/Socket.h index 4c86c9b379d4..956551e456d4 100644 --- a/ports/espressif/common-hal/socketpool/Socket.h +++ b/ports/espressif/common-hal/socketpool/Socket.h @@ -29,7 +29,6 @@ #include "py/obj.h" #include "common-hal/socketpool/SocketPool.h" -#include "common-hal/ssl/SSLContext.h" #include "components/esp-tls/esp_tls.h" #include "components/lwip/lwip/src/include/lwip/sockets.h" diff --git a/ports/espressif/common-hal/ssl/SSLContext.c b/ports/espressif/common-hal/ssl/SSLContext.c deleted file mode 100644 index fd41549e755b..000000000000 --- a/ports/espressif/common-hal/ssl/SSLContext.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * This file is part of the MicroPython project, http://micropython.org/ - * - * The MIT License (MIT) - * - * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -#include "shared-bindings/ssl/SSLContext.h" -#include "shared-bindings/ssl/SSLSocket.h" - -#include "bindings/espidf/__init__.h" - -#include "components/mbedtls/esp_crt_bundle/include/esp_crt_bundle.h" - -#include "py/runtime.h" -#include "lwip/sockets.h" - -void common_hal_ssl_sslcontext_construct(ssl_sslcontext_obj_t *self) { - -} - -ssl_sslsocket_obj_t *common_hal_ssl_sslcontext_wrap_socket(ssl_sslcontext_obj_t *self, - socketpool_socket_obj_t *socket, bool server_side, const char *server_hostname) { - - if (socket->type != SOCK_STREAM) { - mp_raise_RuntimeError(MP_ERROR_TEXT("Invalid socket for TLS")); - } - - ssl_sslsocket_obj_t *sock = m_new_obj_with_finaliser(ssl_sslsocket_obj_t); - sock->base.type = &ssl_sslsocket_type; - sock->ssl_context = self; - sock->sock = socket; - socket->ssl_socket = sock; - - // Create a copy of the ESP-TLS config object and store the server hostname - // Note that ESP-TLS will use common_name for both SNI and verification - memcpy(&sock->ssl_config, &self->ssl_config, sizeof(self->ssl_config)); - sock->ssl_config.common_name = server_hostname; - - esp_tls_t *tls_handle = esp_tls_init(); - if (tls_handle == NULL) { - mp_raise_espidf_MemoryError(); - } - sock->tls = tls_handle; - - // TODO: do something with the original socket? Don't call a close on the internal LWIP. - - return sock; -} - -void common_hal_ssl_sslcontext_load_verify_locations(ssl_sslcontext_obj_t *self, - const char *cadata) { - self->ssl_config.crt_bundle_attach = NULL; - self->ssl_config.use_global_ca_store = false; - self->ssl_config.cacert_buf = (const unsigned char *)cadata; - self->ssl_config.cacert_bytes = strlen(cadata) + 1; -} - -void common_hal_ssl_sslcontext_set_default_verify_paths(ssl_sslcontext_obj_t *self) { - self->ssl_config.crt_bundle_attach = esp_crt_bundle_attach; - self->ssl_config.use_global_ca_store = true; - self->ssl_config.cacert_buf = NULL; - self->ssl_config.cacert_bytes = 0; -} - -bool common_hal_ssl_sslcontext_get_check_hostname(ssl_sslcontext_obj_t *self) { - return !self->ssl_config.skip_common_name; -} - -void common_hal_ssl_sslcontext_set_check_hostname(ssl_sslcontext_obj_t *self, bool value) { - self->ssl_config.skip_common_name = !value; -} - -void common_hal_ssl_sslcontext_load_cert_chain(ssl_sslcontext_obj_t *self, mp_buffer_info_t *cert_buf, mp_buffer_info_t *key_buf) { - self->ssl_config.clientcert_buf = cert_buf->buf; - self->ssl_config.clientcert_bytes = cert_buf->len + 1; - self->ssl_config.clientkey_buf = key_buf->buf; - self->ssl_config.clientkey_bytes = key_buf->len + 1; -} diff --git a/ports/espressif/common-hal/ssl/SSLContext.h b/ports/espressif/common-hal/ssl/SSLContext.h deleted file mode 100644 index b46ba3cd64ee..000000000000 --- a/ports/espressif/common-hal/ssl/SSLContext.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * This file is part of the MicroPython project, http://micropython.org/ - * - * The MIT License (MIT) - * - * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -#ifndef MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL_SSLCONTEXT_H -#define MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL_SSLCONTEXT_H - -#include "py/obj.h" - -#include "components/esp-tls/esp_tls.h" - -typedef struct { - mp_obj_base_t base; - esp_tls_cfg_t ssl_config; -} ssl_sslcontext_obj_t; - -#endif // MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL_SSL_CONTEXT_H diff --git a/ports/espressif/common-hal/ssl/SSLSocket.c b/ports/espressif/common-hal/ssl/SSLSocket.c deleted file mode 100644 index 68028e774c36..000000000000 --- a/ports/espressif/common-hal/ssl/SSLSocket.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * This file is part of the MicroPython project, http://micropython.org/ - * - * The MIT License (MIT) - * - * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries - * Copyright (c) 2021 Lucian Copeland for Adafruit Industries - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -#include "shared-bindings/ssl/SSLSocket.h" -#include "shared-bindings/socketpool/Socket.h" -#include "shared-bindings/ssl/SSLContext.h" - -#include "bindings/espidf/__init__.h" -#include "shared/runtime/interrupt_char.h" -#include "py/mperrno.h" -#include "py/runtime.h" -#include "supervisor/port.h" -#include "supervisor/shared/tick.h" -#include "lwip/sockets.h" - -ssl_sslsocket_obj_t *common_hal_ssl_sslsocket_accept(ssl_sslsocket_obj_t *self, - uint8_t *ip, uint32_t *port) { - socketpool_socket_obj_t *sock = common_hal_socketpool_socket_accept(self->sock, ip, port); - ssl_sslsocket_obj_t *sslsock = common_hal_ssl_sslcontext_wrap_socket(self->ssl_context, sock, false, NULL); - return sslsock; -} - -bool common_hal_ssl_sslsocket_bind(ssl_sslsocket_obj_t *self, - const char *host, size_t hostlen, uint32_t port) { - return common_hal_socketpool_socket_bind(self->sock, host, hostlen, port); -} - -void common_hal_ssl_sslsocket_close(ssl_sslsocket_obj_t *self) { - common_hal_socketpool_socket_close(self->sock); - esp_tls_conn_destroy(self->tls); - self->tls = NULL; -} - -void common_hal_ssl_sslsocket_connect(ssl_sslsocket_obj_t *self, - const char *host, size_t hostlen, uint32_t port) { - // Yield briefly so that the IDF can clean up memory before we need more. - port_yield(); - int result = esp_tls_conn_new_sync(host, hostlen, port, &self->ssl_config, self->tls); - self->sock->connected = result >= 0; - if (result < 0) { - int esp_tls_code; - int flags; - esp_tls_error_handle_t tls_error_handle; - esp_tls_get_error_handle(self->tls, &tls_error_handle); - esp_err_t err = esp_tls_get_and_clear_last_error(tls_error_handle, &esp_tls_code, &flags); - - if (err == ESP_ERR_MBEDTLS_SSL_SETUP_FAILED) { - mp_raise_espidf_MemoryError(); - } else if (err == ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED) { - mp_raise_OSError_msg_varg(MP_ERROR_TEXT("Failed SSL handshake")); - } else { - mp_raise_OSError_msg_varg(MP_ERROR_TEXT("Unhandled ESP TLS error %d %d %x %d"), esp_tls_code, flags, err, result); - } - } else { - // Connection successful, set the timeout on the underlying socket. We can't rely on the IDF - // to do it because the config structure is only used for TLS connections. Generally, we - // shouldn't hit this timeout because we try to only read available data. However, there is - // always a chance that we try to read something that is used internally. - int fd; - esp_tls_get_conn_sockfd(self->tls, &fd); - struct timeval tv; - tv.tv_sec = 2 * 60; // Two minutes - tv.tv_usec = 0; - setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); - setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); - } -} - -bool common_hal_ssl_sslsocket_get_closed(ssl_sslsocket_obj_t *self) { - return self->tls == NULL && self->sock->num < 0; -} - -bool common_hal_ssl_sslsocket_get_connected(ssl_sslsocket_obj_t *self) { - return self->sock->connected; -} - -bool common_hal_ssl_sslsocket_listen(ssl_sslsocket_obj_t *self, int backlog) { - return common_hal_socketpool_socket_listen(self->sock, backlog); -} - -mp_uint_t common_hal_ssl_sslsocket_recv_into(ssl_sslsocket_obj_t *self, uint8_t *buf, uint32_t len) { - int received = 0; - bool timed_out = false; - int status = 0; - uint64_t start_ticks = supervisor_ticks_ms64(); - int sockfd; - esp_err_t err = esp_tls_get_conn_sockfd(self->tls, &sockfd); - if (err != ESP_OK) { - mp_raise_OSError(MP_EBADF); - } - while (received == 0 && - status >= 0 && - !timed_out && - !mp_hal_is_interrupted()) { - if (self->sock->timeout_ms != (uint)-1 && self->sock->timeout_ms != 0) { - timed_out = self->sock->timeout_ms == 0 || supervisor_ticks_ms64() - start_ticks >= self->sock->timeout_ms; - } - RUN_BACKGROUND_TASKS; - size_t available = esp_tls_get_bytes_avail(self->tls); - if (available == 0) { - // This reads the raw socket buffer and is used for non-TLS connections - // and between encrypted TLS blocks. - status = lwip_ioctl(sockfd, FIONREAD, &available); - } - size_t remaining = len - received; - if (available > remaining) { - available = remaining; - } - if (available > 0) { - status = esp_tls_conn_read(self->tls, (void *)buf + received, available); - if (status == 0) { - // Reading zero when something is available indicates a closed - // connection. (The available bytes could have been TLS internal.) - break; - } - if (status > 0) { - received += status; - } - } - // In non-blocking mode, fail instead of timing out - if (received == 0 && self->sock->timeout_ms == 0) { - mp_raise_OSError(MP_EAGAIN); - } - } - - if (timed_out) { - mp_raise_OSError(ETIMEDOUT); - } - return received; -} - -mp_uint_t common_hal_ssl_sslsocket_send(ssl_sslsocket_obj_t *self, const uint8_t *buf, uint32_t len) { - int sent = -1; - sent = esp_tls_conn_write(self->tls, buf, len); - - if (sent < 0) { - int esp_tls_code; - int flags; - esp_tls_error_handle_t tls_error_handle; - esp_tls_get_error_handle(self->tls, &tls_error_handle); - esp_err_t err = esp_tls_get_and_clear_last_error(tls_error_handle, &esp_tls_code, &flags); - - if (err == ESP_ERR_MBEDTLS_SSL_SETUP_FAILED) { - mp_raise_espidf_MemoryError(); - } else if (err == ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED) { - mp_raise_OSError_msg_varg(MP_ERROR_TEXT("Failed SSL handshake")); - } else { - mp_raise_OSError_msg_varg(MP_ERROR_TEXT("Unhandled ESP TLS error %d %d %x %d"), esp_tls_code, flags, err, sent); - } - } - return sent; -} - -void common_hal_ssl_sslsocket_settimeout(ssl_sslsocket_obj_t *self, uint32_t timeout_ms) { - self->sock->timeout_ms = timeout_ms; -} diff --git a/ports/espressif/common-hal/ssl/SSLSocket.h b/ports/espressif/common-hal/ssl/SSLSocket.h deleted file mode 100644 index 6b65a5622392..000000000000 --- a/ports/espressif/common-hal/ssl/SSLSocket.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * This file is part of the MicroPython project, http://micropython.org/ - * - * The MIT License (MIT) - * - * Copyright (c) 2021 Lucian Copeland for Adafruit Industries - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -#ifndef MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL_SSLSOCKET_H -#define MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL_SSLSOCKET_H - -#include "py/obj.h" - -#include "common-hal/ssl/SSLContext.h" -#include "common-hal/socketpool/Socket.h" - -#include "components/esp-tls/esp_tls.h" - -typedef struct ssl_sslsocket_obj { - mp_obj_base_t base; - socketpool_socket_obj_t *sock; - esp_tls_t *tls; - ssl_sslcontext_obj_t *ssl_context; - esp_tls_cfg_t ssl_config; -} ssl_sslsocket_obj_t; - -#endif // MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL_SSLSOCKET_H diff --git a/ports/espressif/common-hal/ssl/__init__.c b/ports/espressif/common-hal/ssl/__init__.c deleted file mode 100644 index 61ea32f395a0..000000000000 --- a/ports/espressif/common-hal/ssl/__init__.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * This file is part of the MicroPython project, http://micropython.org/ - * - * The MIT License (MIT) - * - * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -#include "shared-bindings/ssl/__init__.h" -#include "shared-bindings/ssl/SSLContext.h" - -#include "components/mbedtls/esp_crt_bundle/include/esp_crt_bundle.h" - -void common_hal_ssl_create_default_context(ssl_sslcontext_obj_t *self) { - memset(&self->ssl_config, 0, sizeof(esp_tls_cfg_t)); - self->ssl_config.crt_bundle_attach = esp_crt_bundle_attach; -} diff --git a/ports/espressif/common-hal/ssl/__init__.h b/ports/espressif/common-hal/ssl/__init__.h deleted file mode 100644 index 687146f4a706..000000000000 --- a/ports/espressif/common-hal/ssl/__init__.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * This file is part of the MicroPython project, http://micropython.org/ - * - * The MIT License (MIT) - * - * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -#ifndef MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL___INIT___H -#define MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL___INIT___H - - -#endif // MICROPY_INCLUDED_ESPRESSIF_COMMON_HAL_SSL___INIT___H diff --git a/ports/espressif/mpconfigport.mk b/ports/espressif/mpconfigport.mk index 4b385d919d16..22a39ec71aa4 100644 --- a/ports/espressif/mpconfigport.mk +++ b/ports/espressif/mpconfigport.mk @@ -13,6 +13,9 @@ CIRCUITPY_ESP_PSRAM_SIZE ?= 0 # Enable more features CIRCUITPY_FULL_BUILD ?= 1 +# If SSL is enabled, it's mbedtls +CIRCUITPY_SSL_MBEDTLS = 1 + # These modules are implemented in ports//common-hal: CIRCUITPY_ALARM ?= 1 CIRCUITPY_ANALOGBUFIO ?= 1 diff --git a/ports/espressif/supervisor/port.c b/ports/espressif/supervisor/port.c index 14cc1b590238..d122f604f34b 100644 --- a/ports/espressif/supervisor/port.c +++ b/ports/espressif/supervisor/port.c @@ -97,6 +97,10 @@ #include "esp32/rom/efuse.h" #endif +#if CIRCUITPY_SSL +#include "shared-module/ssl/__init__.h" +#endif + #include "esp_log.h" #define TAG "port" @@ -347,6 +351,10 @@ void reset_port(void) { esp_camera_deinit(); #endif + #if CIRCUITPY_SSL + ssl_reset(); + #endif + reset_all_pins(); #if CIRCUITPY_ANALOGIO diff --git a/ports/raspberrypi/Makefile b/ports/raspberrypi/Makefile index 3dc3d26bcb9f..2eb81017b3ed 100644 --- a/ports/raspberrypi/Makefile +++ b/ports/raspberrypi/Makefile @@ -354,7 +354,7 @@ SRC_MBEDTLS := $(addprefix lib/mbedtls/library/, \ x509write_csr.c \ xtea.c \ ) -SRC_C += $(SRC_MBEDTLS) $(TOP)/lib/mbedtls_config/mbedtls_port.c $(TOP)/lib/mbedtls_config/crt_bundle.c +SRC_C += $(SRC_MBEDTLS) lib/mbedtls_config/mbedtls_port.c lib/mbedtls_config/crt_bundle.c CFLAGS += \ -isystem $(TOP)/lib/mbedtls/include \ -DMBEDTLS_CONFIG_FILE='"$(TOP)/lib/mbedtls_config/mbedtls_config.h"' \ diff --git a/ports/raspberrypi/boards/cytron_edu_pico_w/mpconfigboard.mk b/ports/raspberrypi/boards/cytron_edu_pico_w/mpconfigboard.mk index 2a458b0deff9..c3c387f8130e 100644 --- a/ports/raspberrypi/boards/cytron_edu_pico_w/mpconfigboard.mk +++ b/ports/raspberrypi/boards/cytron_edu_pico_w/mpconfigboard.mk @@ -12,7 +12,6 @@ CIRCUITPY__EVE = 1 CIRCUITPY_CYW43 = 1 CIRCUITPY_SSL = 1 -CIRCUITPY_SSL_MBEDTLS = 1 CIRCUITPY_HASHLIB = 1 CIRCUITPY_WEB_WORKFLOW = 1 CIRCUITPY_MDNS = 1 diff --git a/ports/raspberrypi/boards/pajenicko_picopad/mpconfigboard.mk b/ports/raspberrypi/boards/pajenicko_picopad/mpconfigboard.mk index 65ad4bba9139..5f5de1180a73 100644 --- a/ports/raspberrypi/boards/pajenicko_picopad/mpconfigboard.mk +++ b/ports/raspberrypi/boards/pajenicko_picopad/mpconfigboard.mk @@ -17,7 +17,6 @@ CIRCUITPY__EVE = 1 CIRCUITPY_CYW43 = 1 CIRCUITPY_SSL = 1 -CIRCUITPY_SSL_MBEDTLS = 1 CIRCUITPY_HASHLIB = 1 CIRCUITPY_WEB_WORKFLOW = 1 CIRCUITPY_MDNS = 1 diff --git a/ports/raspberrypi/boards/pimoroni_badger2040w/mpconfigboard.mk b/ports/raspberrypi/boards/pimoroni_badger2040w/mpconfigboard.mk index f5d0a3a05a1f..281e70ee8db7 100644 --- a/ports/raspberrypi/boards/pimoroni_badger2040w/mpconfigboard.mk +++ b/ports/raspberrypi/boards/pimoroni_badger2040w/mpconfigboard.mk @@ -13,7 +13,6 @@ CIRCUITPY__EVE = 1 CIRCUITPY_CYW43 = 1 CIRCUITPY_SSL = 1 -CIRCUITPY_SSL_MBEDTLS = 1 CIRCUITPY_HASHLIB = 1 CIRCUITPY_WEB_WORKFLOW = 1 CIRCUITPY_MDNS = 1 diff --git a/ports/raspberrypi/boards/pimoroni_inky_frame_5_7/mpconfigboard.mk b/ports/raspberrypi/boards/pimoroni_inky_frame_5_7/mpconfigboard.mk index 40583e1b965f..96708a983af4 100644 --- a/ports/raspberrypi/boards/pimoroni_inky_frame_5_7/mpconfigboard.mk +++ b/ports/raspberrypi/boards/pimoroni_inky_frame_5_7/mpconfigboard.mk @@ -12,7 +12,6 @@ CIRCUITPY__EVE = 1 CIRCUITPY_CYW43 = 1 CIRCUITPY_SSL = 1 -CIRCUITPY_SSL_MBEDTLS = 1 CIRCUITPY_HASHLIB = 1 CIRCUITPY_WEB_WORKFLOW = 1 CIRCUITPY_MDNS = 1 diff --git a/ports/raspberrypi/boards/pimoroni_inky_frame_7_3/mpconfigboard.mk b/ports/raspberrypi/boards/pimoroni_inky_frame_7_3/mpconfigboard.mk index 00927015c3e3..4206a066d5e3 100644 --- a/ports/raspberrypi/boards/pimoroni_inky_frame_7_3/mpconfigboard.mk +++ b/ports/raspberrypi/boards/pimoroni_inky_frame_7_3/mpconfigboard.mk @@ -12,7 +12,6 @@ CIRCUITPY__EVE = 1 CIRCUITPY_CYW43 = 1 CIRCUITPY_SSL = 1 -CIRCUITPY_SSL_MBEDTLS = 1 CIRCUITPY_HASHLIB = 1 CIRCUITPY_WEB_WORKFLOW = 1 CIRCUITPY_MDNS = 1 diff --git a/ports/raspberrypi/boards/pimoroni_pico_dv_base_w/mpconfigboard.mk b/ports/raspberrypi/boards/pimoroni_pico_dv_base_w/mpconfigboard.mk index b7919a1847a9..a1ab3b2939ec 100644 --- a/ports/raspberrypi/boards/pimoroni_pico_dv_base_w/mpconfigboard.mk +++ b/ports/raspberrypi/boards/pimoroni_pico_dv_base_w/mpconfigboard.mk @@ -12,7 +12,6 @@ CIRCUITPY__EVE = 1 CIRCUITPY_CYW43 = 1 CIRCUITPY_SSL = 1 -CIRCUITPY_SSL_MBEDTLS = 1 CIRCUITPY_HASHLIB = 1 CIRCUITPY_WEB_WORKFLOW = 1 CIRCUITPY_MDNS = 1 diff --git a/ports/raspberrypi/boards/pimoroni_plasma2040w/mpconfigboard.mk b/ports/raspberrypi/boards/pimoroni_plasma2040w/mpconfigboard.mk index 4b5faf6efb79..0f1604173ec9 100644 --- a/ports/raspberrypi/boards/pimoroni_plasma2040w/mpconfigboard.mk +++ b/ports/raspberrypi/boards/pimoroni_plasma2040w/mpconfigboard.mk @@ -12,7 +12,6 @@ CIRCUITPY__EVE = 1 CIRCUITPY_CYW43 = 1 CIRCUITPY_SSL = 1 -CIRCUITPY_SSL_MBEDTLS = 1 CIRCUITPY_HASHLIB = 1 CIRCUITPY_WEB_WORKFLOW = 1 CIRCUITPY_MDNS = 1 diff --git a/ports/raspberrypi/boards/raspberry_pi_pico_w/mpconfigboard.mk b/ports/raspberrypi/boards/raspberry_pi_pico_w/mpconfigboard.mk index f36f98b7c59c..cbe80fd084ea 100644 --- a/ports/raspberrypi/boards/raspberry_pi_pico_w/mpconfigboard.mk +++ b/ports/raspberrypi/boards/raspberry_pi_pico_w/mpconfigboard.mk @@ -12,7 +12,6 @@ CIRCUITPY__EVE = 1 CIRCUITPY_CYW43 = 1 CIRCUITPY_SSL = 1 -CIRCUITPY_SSL_MBEDTLS = 1 CIRCUITPY_HASHLIB = 1 CIRCUITPY_WEB_WORKFLOW = 1 CIRCUITPY_MDNS = 1 diff --git a/ports/raspberrypi/mpconfigport.mk b/ports/raspberrypi/mpconfigport.mk index 7028a26b2b63..e44d75bf05fe 100644 --- a/ports/raspberrypi/mpconfigport.mk +++ b/ports/raspberrypi/mpconfigport.mk @@ -58,3 +58,6 @@ CIRCUITPY_SETTABLE_PROCESSOR_FREQUENCY = 1 # Usually lots of flash space available CIRCUITPY_MESSAGE_COMPRESSION_LEVEL ?= 1 + +# (ssl is selectively enabled but it's always the mbedtls implementation) +CIRCUITPY_SSL_MBEDTLS = 1 diff --git a/ports/raspberrypi/supervisor/port.c b/ports/raspberrypi/supervisor/port.c index 77e7285eb170..9217eff0d1fd 100644 --- a/ports/raspberrypi/supervisor/port.c +++ b/ports/raspberrypi/supervisor/port.c @@ -42,7 +42,7 @@ #include "shared-bindings/pwmio/PWMOut.h" #if CIRCUITPY_SSL -#include "common-hal/ssl/__init__.h" +#include "shared-module/ssl/__init__.h" #endif #if CIRCUITPY_WIFI diff --git a/py/circuitpy_defns.mk b/py/circuitpy_defns.mk index 70a7f49935ca..62acd69ae1a5 100644 --- a/py/circuitpy_defns.mk +++ b/py/circuitpy_defns.mk @@ -516,9 +516,6 @@ SRC_COMMON_HAL_ALL = \ socketpool/__init__.c \ socketpool/SocketPool.c \ socketpool/Socket.c \ - ssl/__init__.c \ - ssl/SSLContext.c \ - ssl/SSLSocket.c \ supervisor/Runtime.c \ supervisor/__init__.c \ usb_host/__init__.c \ @@ -730,6 +727,18 @@ SRC_SHARED_MODULE_ALL += \ touchio/__init__.c endif +ifeq ($(CIRCUITPY_SSL_MBEDTLS),0) +SRC_COMMON_HAL_ALL += \ + ssl/__init__.c \ + ssl/SSLContext.c \ + ssl/SSLSocket.c +else +SRC_SHARED_MODULE_ALL += \ + ssl/__init__.c \ + ssl/SSLContext.c \ + ssl/SSLSocket.c +endif + # If supporting _bleio via HCI, make devices/ble_hci/common-hal/_bleio be includable, # and use C source files in devices/ble_hci/common-hal. ifeq ($(CIRCUITPY_BLEIO_HCI),1) diff --git a/py/makeversionhdr.py b/py/makeversionhdr.py index 430b9bef4be5..edcb994b4f0e 100644 --- a/py/makeversionhdr.py +++ b/py/makeversionhdr.py @@ -119,7 +119,7 @@ def make_version_header(repo_path, filename): #define MICROPY_VERSION_STRING "%s" // Combined version as a 32-bit number for convenience #define MICROPY_VERSION (MICROPY_VERSION_MAJOR << 16 | MICROPY_VERSION_MINOR << 8 | MICROPY_VERSION_MICRO) -#define MICROPY_FULL_VERSION_INFO "Adafruit CircuitPython " MICROPY_GIT_TAG " on " MICROPY_BUILD_DATE "; " MICROPY_HW_BOARD_NAME " with " MICROPY_HW_MCU_NAME +#define MICROPY_FULL_VERSION_INFO "Adafruit CircuitPython " MICROPY_GIT_TAG " on " MICROPY_BUILD_DATE "; " MICROPY_BANNER_MACHINE """ % ( git_tag, git_hash, diff --git a/py/malloc.c b/py/malloc.c index ddf139e38605..ee2a48da0b5f 100644 --- a/py/malloc.c +++ b/py/malloc.c @@ -267,7 +267,7 @@ void m_tracked_free(void *ptr_in) { if (ptr_in == NULL) { return; } - m_tracked_node_t *node = (m_tracked_node_t *)((uint8_t *)ptr_in - sizeof(m_tracked_node_t)); + m_tracked_node_t *node = (m_tracked_node_t *)(void *)((uint8_t *)ptr_in - sizeof(m_tracked_node_t)); #if MICROPY_DEBUG_VERBOSE size_t data_bytes; #if MICROPY_TRACKED_ALLOC_STORE_SIZE diff --git a/shared-bindings/ssl/SSLContext.h b/shared-bindings/ssl/SSLContext.h index 9f40badd8560..73454149c5b3 100644 --- a/shared-bindings/ssl/SSLContext.h +++ b/shared-bindings/ssl/SSLContext.h @@ -27,7 +27,11 @@ #ifndef MICROPY_INCLUDED_SHARED_BINDINGS_SSL_SSLCONTEXT_H #define MICROPY_INCLUDED_SHARED_BINDINGS_SSL_SSLCONTEXT_H +#if CIRCUITPY_SSL_MBEDTLS +#include "shared-module/ssl/SSLContext.h" +#else #include "common-hal/ssl/SSLContext.h" +#endif #include "shared-bindings/socketpool/Socket.h" #include "shared-bindings/ssl/SSLSocket.h" diff --git a/shared-bindings/ssl/SSLSocket.h b/shared-bindings/ssl/SSLSocket.h index 0c303e44c799..5971510e5e10 100644 --- a/shared-bindings/ssl/SSLSocket.h +++ b/shared-bindings/ssl/SSLSocket.h @@ -27,7 +27,11 @@ #ifndef MICROPY_INCLUDED_SHARED_BINDINGS_SSL_SSLSOCKET_H #define MICROPY_INCLUDED_SHARED_BINDINGS_SSL_SSLSOCKET_H +#if CIRCUITPY_SSL_MBEDTLS +#include "shared-module/ssl/SSLSocket.h" +#else #include "common-hal/ssl/SSLSocket.h" +#endif extern const mp_obj_type_t ssl_sslsocket_type; diff --git a/shared-bindings/ssl/__init__.h b/shared-bindings/ssl/__init__.h index 64f69c3ed928..2b65d2b8de3d 100644 --- a/shared-bindings/ssl/__init__.h +++ b/shared-bindings/ssl/__init__.h @@ -27,7 +27,11 @@ #ifndef MICROPY_INCLUDED_SHARED_BINDINGS_SSL___INIT___H #define MICROPY_INCLUDED_SHARED_BINDINGS_SSL___INIT___H +#if CIRCUITPY_SSL_MBEDTLS +#include "shared-module/ssl/SSLContext.h" +#else #include "common-hal/ssl/SSLContext.h" +#endif void common_hal_ssl_create_default_context(ssl_sslcontext_obj_t *self); diff --git a/ports/raspberrypi/common-hal/ssl/SSLContext.c b/shared-module/ssl/SSLContext.c similarity index 100% rename from ports/raspberrypi/common-hal/ssl/SSLContext.c rename to shared-module/ssl/SSLContext.c diff --git a/ports/raspberrypi/common-hal/ssl/SSLContext.h b/shared-module/ssl/SSLContext.h similarity index 100% rename from ports/raspberrypi/common-hal/ssl/SSLContext.h rename to shared-module/ssl/SSLContext.h diff --git a/ports/raspberrypi/common-hal/ssl/SSLSocket.c b/shared-module/ssl/SSLSocket.c similarity index 95% rename from ports/raspberrypi/common-hal/ssl/SSLSocket.c rename to shared-module/ssl/SSLSocket.c index c881eb79da35..f7ce48d17d04 100644 --- a/ports/raspberrypi/common-hal/ssl/SSLSocket.c +++ b/shared-module/ssl/SSLSocket.c @@ -40,10 +40,16 @@ #include "py/stream.h" #include "supervisor/shared/tick.h" +#include "mbedtls/version.h" + #if defined(MBEDTLS_ERROR_C) #include "../../lib/mbedtls_errors/mp_mbedtls_errors.c" #endif +#if MBEDTLS_VERSION_MAJOR >= 3 +#include "shared-bindings/os/__init__.h" +#endif + #ifdef MBEDTLS_DEBUG_C #include "mbedtls/debug.h" STATIC void mbedtls_debug(void *ctx, int level, const char *file, int line, const char *str) { @@ -132,6 +138,15 @@ STATIC int _mbedtls_ssl_recv(void *ctx, byte *buf, size_t len) { } +#if MBEDTLS_VERSION_MAJOR >= 3 +static int urandom_adapter(void *unused, unsigned char *buf, size_t n) { + int result = common_hal_os_urandom(buf, n); + if (result) { + return 0; + } + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; +} +#endif ssl_sslsocket_obj_t *common_hal_ssl_sslcontext_wrap_socket(ssl_sslcontext_obj_t *self, socketpool_socket_obj_t *socket, bool server_side, const char *server_hostname) { @@ -205,7 +220,11 @@ ssl_sslsocket_obj_t *common_hal_ssl_sslcontext_wrap_socket(ssl_sslcontext_obj_t mbedtls_ssl_set_bio(&o->ssl, &o->sock, _mbedtls_ssl_send, _mbedtls_ssl_recv, NULL); if (self->cert_buf.buf != NULL) { + #if MBEDTLS_VERSION_MAJOR >= 3 + ret = mbedtls_pk_parse_key(&o->pkey, self->key_buf.buf, self->key_buf.len + 1, NULL, 0, urandom_adapter, NULL); + #else ret = mbedtls_pk_parse_key(&o->pkey, self->key_buf.buf, self->key_buf.len + 1, NULL, 0); + #endif if (ret != 0) { goto cleanup; } @@ -360,5 +379,5 @@ ssl_sslsocket_obj_t *common_hal_ssl_sslsocket_accept(ssl_sslsocket_obj_t *self, } void common_hal_ssl_sslsocket_settimeout(ssl_sslsocket_obj_t *self, uint32_t timeout_ms) { - self->sock->timeout = timeout_ms; + common_hal_socketpool_socket_settimeout(self->sock, timeout_ms); } diff --git a/ports/raspberrypi/common-hal/ssl/SSLSocket.h b/shared-module/ssl/SSLSocket.h similarity index 96% rename from ports/raspberrypi/common-hal/ssl/SSLSocket.h rename to shared-module/ssl/SSLSocket.h index ad4f0f709297..881ee400ff4a 100644 --- a/ports/raspberrypi/common-hal/ssl/SSLSocket.h +++ b/shared-module/ssl/SSLSocket.h @@ -29,7 +29,7 @@ #include "py/obj.h" -#include "common-hal/ssl/SSLContext.h" +#include "shared-module/ssl/SSLContext.h" #include "common-hal/socketpool/Socket.h" #include "mbedtls/platform.h" @@ -39,7 +39,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" -typedef struct { +typedef struct ssl_sslsocket_obj { mp_obj_base_t base; socketpool_socket_obj_t *sock; ssl_sslcontext_obj_t *ssl_context; diff --git a/ports/raspberrypi/common-hal/ssl/__init__.c b/shared-module/ssl/__init__.c similarity index 97% rename from ports/raspberrypi/common-hal/ssl/__init__.c rename to shared-module/ssl/__init__.c index c8cf6793fc14..cff87c8c04b4 100644 --- a/ports/raspberrypi/common-hal/ssl/__init__.c +++ b/shared-module/ssl/__init__.c @@ -25,7 +25,7 @@ * THE SOFTWARE. */ -#include "common-hal/ssl/__init__.h" +#include "shared-module/ssl/__init__.h" #include "shared-bindings/ssl/__init__.h" #include "shared-bindings/ssl/SSLContext.h" #include "lib/mbedtls_config/crt_bundle.h" diff --git a/ports/raspberrypi/common-hal/ssl/__init__.h b/shared-module/ssl/__init__.h similarity index 100% rename from ports/raspberrypi/common-hal/ssl/__init__.h rename to shared-module/ssl/__init__.h