refactor(tcp_transport): move connection-closed socket polling from ws transport to base transport layer
Closes IDF-15237
See merge request espressif/esp-idf!47003
TEE secure-service handlers had two bugs letting REE bypass
pointer-region validation:
1. valid_addr = instead of valid_addr &= in AEAD encrypt/decrypt
and DS sign handlers, clobbering prior failed checks.
Impact: REE writes to TEE DRAM via DS signature output, or reads
TEE DRAM via AEAD output.
2. data->rsa_length dereferenced before data is validated in DS sign
and DS start_sign handlers.
Fix: use &= for subsequent checks, add early return after initial
data pointer check in DS handlers.
fix(freertos): hide obsolete mutex-owner config and harden assert test
Closes IDFCI-4743, IDFCI-4271, IDFCI-3883, and IDFCI-3594
See merge request espressif/esp-idf!47210
feat(security): add AES, SHA, ECC and RSA support for esp32s31
Closes IDF-14633, IDF-14630, IDF-14631, and IDF-14625
See merge request espressif/esp-idf!47286
fix(http_server/ws_echo_server): Fix ws_echo_server test URI registration race condition
Closes IDFCI-8585, IDFCI-6703, and IDFCI-3484
See merge request espressif/esp-idf!47368
The test_examples_protocol_https_request_rom_impl test on ESP32-C2 with
the ROM mbedTLS implementation hits a public TLS endpoint
(tls13.browserleaks.com / www.howsmyssl.com) for five sequential
sub-tests. CI runs frequently fail mid-test with one of:
* mbedtls_ssl_handshake returned -0x7780
(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - server-side fatal alert)
* esp-tls: [sock=NN] select() timeout
* esp-tls: Failed to open new connection in specified timeout
In a representative log the first three sub-tests succeed and only the
fourth/fifth fail, which is consistent with rate-limiting or transient
server unavailability rather than a device bug. Mark the test as
flaky with up to two reruns (10 s delay) so a single transient remote
failure does not fail the CI job.
Also align this test with the rest of the file by injecting the host
timestamp via NVS (write_time_to_nvs) so the device clock no longer
depends on a previous boot's persisted SNTP result, removing one more
source of CI flakiness on first-boot or after NVS erase.
The test_examples_protocol_https_request_rom_impl test on ESP32-C2 with
the ROM mbedTLS implementation hits a public TLS endpoint
(tls13.browserleaks.com / www.howsmyssl.com) for five sequential
sub-tests. CI runs frequently fail mid-test with one of:
* mbedtls_ssl_handshake returned -0x7780
(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - server-side fatal alert)
* esp-tls: [sock=NN] select() timeout
* esp-tls: Failed to open new connection in specified timeout
In a representative log the first three sub-tests succeed and only the
fourth/fifth fail, which is consistent with rate-limiting or transient
server unavailability rather than a device bug. Mark the test as
flaky with up to two reruns (10 s delay) so a single transient remote
failure does not fail the CI job.
Also align this test with the rest of the file by injecting the host
timestamp via NVS (write_time_to_nvs) so the device clock no longer
depends on a previous boot's persisted SNTP result, removing one more
source of CI flakiness on first-boot or after NVS erase.
- Using PMA, the TEE IRAM is marked as R/X while TEE DRAM is marked as R/W.
Moving the internal memory secure service call table from DRAM to IRAM
makes it immutable.
Suren Gabrielyan
Rahul Tank
He Binglin
zwx
Aditya Patwardhan
Fu Hanxi
Wu Zheng Hui
Hu Rui
igor.udot
Samuel Obuch
yangfeng
Jiang Jiang Jian
Sudeep Mohanty
Mahavir Jain
morris
Chen Chen
Marius Vikhammer
Island
Shu Chen
Armando (Dou Yiwen)
Alexey Gerenkov
Adam Múdry
Espressif BOT
hrushikesh.bhosale
Kapil Gupta
Laukik Hase