Add checks to validate client_verify_data pointer and length before
processing in handle_session_command1. Prevents NULL pointer dereference
when client omits verifier data in Session_Command1, which could cause
device crash during provisioning (remote DoS attack).
Change default values for protocomm security configuration options to improve
security:
- CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0 now defaults to 'n'
- CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1 now defaults to 'n'
This reduces code size by default and encourages use of more secure protocomm
implementations.
Projects using these security versions must explicitly enable them in their
configuration.
Using same IV in AES-GCM across multiple invocation of
encryption/decryption operations can pose a security risk. It can help
to reveal co-relation between different plaintexts.
This commit introduces a change to use part of IV as a monotonic
counter, which must be incremented after every AES-GCM invocation
on both the client and the device side.
Concept of patch version for a security scheme has been introduced here
which can help to differentiate a protocol behavior for the provisioning
entity. The security patch version will be available in the JSON
response for `proto-ver` endpoint request with the field
`sec_patch_ver`.
Please refer to documentation for more details on the changes required
on the provisioning entity side (e.g., PhoneApps).
fix(nt/bluedroid): Split the device name set functions
feat(bt/bluedroid): added APIs to get/set device name on BT GAP side
change(bt/common): Marked some APIs in device module as deprecated
1. esp_bt_dev_set_device_name
2. esp_bt_dev_get_device_name
change(bt/bluedroid): use BT GAP APIs to set/get device name in bluetooth classic examples
change(bt/bluedroid): use BT/BLE GAP APIs to set/get device name in coexist examples
Only pull in direct dependencies for the test apps, reducing build time
as well making it possible for CI to determine if the test should run or not
when dependencies are changed.
Using @brief for file description wrongly associates the documentation to an API.
Correct way to add file description is to use `@file` and then `@brief`. Corrected the same.
- Also added missing doc for esp_srp_handle_t
This commit adds a new feature to generate a salt and verifier pair for a given username and
password during the provisioning process. This is useful in scenarios where the pairing pin is
randomly generated and shown via some interface such as a display or console.
- Uses the provided username and password to generate a salt and verifier pair
- Adds support for dev mode where the pin/password can still be read from flash
* All components which won't build (yet) on Linux are excluded.
This enables switching to Linux in an application without
explicitly setting COMPONENTS to main in the main
CMakeLists.txt.
* ESP Timer provides headers for Linux now
* automatically disabling LWIP in Kconfig if it is not available
doc(linux): brought section
"Component Linux/Mock Support Overview" up to date
Ashish Sharma
Rahul Tank
C.S.M
Mahavir Jain
WanqQixiang
Wang Meng Yang
Marek Fiala
gongyantao
Marius Vikhammer
Shen Meng Jing
Chen Jichang
igor.udot
gaoxu
hrushikesh.bhosale
Ivan Grokhotkov
shreeyash
wanlei
zhiweijian
laokaiyao
Laukik Hase
Jin Cheng
Vikram Dattu
darshan
Zim Kalinowski
Jakob Hasse
Niklas Kaaf
liqigan
Armando
KonstantinKondrashov
isha.pardikar@espressif.com