espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
49,628 Commits 24 Branches 183 Tags
e9ea55bea2a6d01437cf6e8fd4a8d3a60460bfc0
Commit Graph

130 Commits

Author SHA1 Message Date
harshal.patil e9ea55bea2 feat(mbedtls/ecdsa): Introduce PSA ECDSA driver 2026-01-19 09:14:37 +05:30
Laukik Hase 89f555d698 feat(esp_tee): Migrate TEE attestation to the PSA interface 2026-01-16 12:28:57 +05:30
Mahavir Jain 5b4d3c1cc5 Merge branch 'contrib/github_pr_18121' into 'master' 
Set CMake CACHE variables for mbedtls correctly (GitHub PR)

Closes IDFGH-17095

See merge request espressif/esp-idf!45090
 2026-01-14 15:42:26 +05:30
Ferdinand Bachmann 56c3be2604 fix(cmake): Set CACHE variables correctly 
The syntax for setting cache variables is actually
set(<variable> <value> CACHE <type> <docstring>) and not
set(<variable> CACHE <type> <value>).

The previous code silently set the variables to the empty string.
 2026-01-13 15:52:35 +01:00
Ashish Sharma 3d5775e22b feat: adds PSA MD5 driver support 2026-01-07 10:41:33 +08:00
Mahavir Jain ad2a692c0b Merge branch 'fix/coap_dtls_build' into 'master' 
fix(mbedtls): DTLS build issue due to missing timing APIs

See merge request espressif/esp-idf!44790
 2026-01-06 10:22:02 +05:30
Mahavir Jain cf6dff90de fix(mbedtls): DTLS build issue due to missing timing APIs 2026-01-05 12:32:58 +05:30
harshal.patil e91d50ed1e fix(mbedtls): Support partial hardware AES-GCM and s/w fallback for non-AES ciphers 
- Support software-fallback for unsupported hardware AES lengths
 2026-01-03 12:17:50 +05:30
Mahavir Jain a6375c0db4 fix(mbedtls): misc updates post PSA crypto migration 2025-12-30 09:31:49 +05:30
Ashish Sharma 7310184949 feat: migrates mbedtls to PSA APIs 2025-12-30 09:31:49 +05:30
Ashish Sharma 69ea28c886 feat: add Kconfig option for mbedTLS 4.x 2025-12-01 14:05:05 +08:00
harshal.patil a6de2c79ed fix(mbedtls/port): Align AES and SHA DMA buffers to 16 when SPIRAM encryption is enabled 
- Targets that support GDMA and MSPI encryption module need data and addresses aligned to 16
 2025-11-06 12:28:19 +05:30
Roland Dobai a0b589c147 Merge branch 'feat/cmakev2' into 'master' 
feat(cmakev2): introduce cmake-based build system v2

See merge request espressif/esp-idf!42691
 2025-11-04 02:53:36 +01:00
Frantisek Hrbata 070590986a fix(mbedtls/cmake): handle lwip dependency in cmakev2 
Currently, the lwip is linked to mbedtls if CONFIG_LWIP_ENABLE is set.
This approach works in cmakev1 because only the configuration for
BUILD_COMPONENTS is available during component evaluation. However, this
is not the case in cmakev2, where the configuration for all components
is available. This means that even if CONFIG_LWIP_ENABLE is set, it does
not guarantee that the lwip component is included in the build. For
cmakev2, modify the check to use a generator expression to ensure that
lwip is linked to mbedtls only if lwip is actually included in the
build.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
 2025-10-30 17:17:49 +08:00
Ashish Sharma acf89924c8 feat(esp_http): migrate esp_http to PSA API 2025-10-26 10:13:14 +08:00
harshal.patil 8992f08bef feat(mbedtls/aes): Add config to support AES block and DMA modes during runtime 
- Dynamically switch the AES operation modes based on the buffer operating length
- Shorter AES and SHA operations can now run faster and concurrently as well

Closes https://github.com/espressif/esp-idf/issues/15914
 2025-09-20 10:55:07 +05:30
Laukik Hase c152663408 feat(esp_tee): Added support for PBKDF2-based (HMAC) ECDSA signing 2025-09-19 12:06:02 +05:30
harshal.patil 55e0730a8d change(esp_hw_support): Move security-related modules to the esp_security component 
- Also adds support to whitelist target specific expected dependency violations
in check_dependencies.py
 2025-08-04 11:43:01 +05:30
Mahavir Jain 8096a2a295 Merge branch 'feat/mbedtls_no_buffer_alloc_on_session_reset' into 'master' 
feat(mbedtls): disable unnecessary buffer allocation in dynamic buffer session reset

See merge request espressif/esp-idf!40126
 2025-07-31 17:53:50 +05:30
Ashish Sharma d9c431268a feat(mbedtls): restructure mbedtls configuration page 2025-07-30 17:47:54 +08:00
Ashish Sharma 6259505f18 feat(mbedtls): disable unnecessary buffer allocation in dynamic buffer session reset 2025-07-30 17:45:16 +08:00
Ashish Sharma 466a365a02 feat(mbedtls): adds support for RSA decryption with DS peripheral 2025-07-07 13:32:06 +08:00
Mahavir Jain 7c792377e9 fix(mbedtls): remove Wunterminated-string-initialization 
- Fixed in upstream release 3.6.4
- Addressed few typos in Kconfig
 2025-07-04 09:59:20 +05:30
Ashish Sharma cabb5009f2 feat(esp_crt): adds support for cross signed root certificates 2025-06-26 16:01:11 +08:00
Alexey Lapshin 74e26f8d29 fix(mbedtls): suppress -Wunterminated-string-initialization 2025-06-25 18:00:39 +07:00
Ashish Sharma 415e0f3c86 feat(mbedtls): add support for dynamic buffer for TLS1.3 
Closes https://github.com/espressif/esp-idf/issues/15448
 2025-04-24 12:05:36 +08:00
Laukik Hase 3fd107aa04 feat(mbedtls): Add support for ECDSA signing with TEE secure storage 2025-04-03 15:35:15 +05:30
harshal.patil 7d8211bf87 feat(mbedtls): Support both SHA block and DMA modes during runtime 
Dynamically switch the SHA operation modes based on the buffer operating length
 2025-02-04 16:49:30 +05:30
harshal.patil 37de702e97 feat(nvs_flash): Enable the usage of mbedtls from ROM for bootloader NVS decryption 
Bootloader NVS decryption uses hardware ROM APIs to decrypt the NVS contents,
but for targets that do not support AES hardware we could benefit by using the
software mbedtls library that is present in the ROM directly.
 2025-01-29 18:51:29 +05:30
Laukik Hase 05e31e5148 feat(esp_tee): Support for ESP-TEE - mbedtls component 2024-12-02 12:20:02 +05:30
harshal.patil 3957e59f1a feat(mbedtls/esp_crt_bundle): Move dummy cert to .rodata to save 408B from dram 
Co-authored-by: Hanno <h.binder@web.de>
 2024-10-16 16:21:28 +05:30
Hanno d8e31eb6d0 feat(mbedtls/esp_crt_bundle): Reduced RAM & stack use of cert bundle 
Closes https://github.com/espressif/esp-idf/pull/13204

Signed-off-by: harshal.patil <harshal.patil@espressif.com>
 2024-10-09 16:08:35 +05:30
Aditya Patwardhan 11128b73f5 feat(hal): Add countermeasure for ECDSA generate signature 
The ECDSA peripheral before ECO5 of esp32h2 does not perform the ECDSA
    sign operation in constant time. This allows an attacker to read the
    power signature of the ECDSA sign operation and then calculate the
    ECDSA key stored inside the eFuse. The commit adds a countermeasure
    for this attack. In this case the real ECDSA sign operation is
    masked under dummy ECDSA sign operations to hide its real power
    signature
 2024-09-23 18:55:43 +08:00
Mahavir Jain f5b55b2967 Merge branch 'fix/ecdsa_verify_check_hash_len' into 'master' 
Wrap some mbedtls' ECDSA verification related APIs

See merge request espressif/esp-idf!33349
 2024-09-20 12:38:10 +08:00
Jiang Guang Ming 5bb93061a3 feat(mbedtls): support rom mbedtls threading layer 2024-09-06 19:27:57 +08:00
harshal.patil c4f60d91f1 feat(mbedtls): Wrap mbedtls_ecdsa_read_signature to use ECDSA hardware when possible 2024-09-05 16:27:58 +05:30
harshal.patil 488b2a741d change(esp_security): Move the crypto locking layer into the security component 2024-08-20 12:35:22 +08:00
Mahavir Jain a2de1ca576 fix(mbedtls): link esp-cryptoauthlib to mbedcrypto library 
If the certificate bundle feature is disabled then the mbedtls
component library becomes interface only component and hence
adding esp-cryptoauthlib as its PRIVATE dependency does not work.

Instead the esp-cryptoauthlib should be added as PRIVATE dependency
for mbedcrypto library (for alternate ECDSA implementation).
 2024-08-09 15:30:35 +05:30
Alexey Lapshin ed6e497c6f feat(build): add COMPILER_STATIC_ANALYZER option 2024-06-18 14:25:37 +08:00
harshal.patil 3eb6487bb5 fix(bootloader_support): Make esp_flash_encrypt.h independent of spi_flash_mmap.h header 2024-05-13 16:54:45 +05:30
harshal.patil 5dfbc47192 fix(mbedtls/crypto_shared_gdma): Enable AXI-DMA enable external memory AES-ECC access 
- When external memory encryption is enabled, set the aes_ecc bit of AXI-DMA to enable memory access
 2024-05-13 16:54:45 +05:30
harshal.patil 70ef80d974 feat(mbedtls/ecdsa): Add support for deterministic ECDSA signature generation 2024-03-29 12:14:11 +05:30
harshal.patil 2abb656ba2 feat(mbedtls/aes): Support AES-DMA operations by satisfying L1 cache alignment requirements 
- Use DMA RX done interrupt status bit while waiting for DMA rx transfer
 2024-03-13 15:22:07 +05:30
harshal.patil 9b15189583 change(mbedtls): replace Cache ROM APIs usage with APIs from esp_cache.h 
- Only APIs used in esp_crypto_shared_gdma and aes have been replaced
- Get dcache line size using cache api instead of Kconfig
 2024-03-13 15:22:07 +05:30
harshal.patil 2c570ed53b change(mbedtls/aes): moved esp_aes_internal.h to be a private header 
- Also enable AES-GCM test in the hal crypto test app for all targets
 2024-03-13 15:22:06 +05:30
harshal.patil c1ed825d3e fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled 2024-01-04 12:20:10 +05:30
Mahavir Jain 5b047057ca feat(mbedtls): add new deprecated cert list and relevant config 
Cert bundle is periodically updated with the upstream Mozilla's NSS
root cert store. Retracted certs are moved to deprecated list now and
an additional config allows to include them in the default bundle. New
config is kept default disabled but can be enabled if one would like
to ensure 100% compatibility w.r.t. cert bundle across IDF minor or
patch releases. In IDF major release the deprecated list shall be reset.
 2023-10-29 12:21:22 +05:30
Mahavir Jain 804ed172dd fix(mbedtls): allow to use built in entropy implementation for linux target 2023-10-26 15:12:42 +05:30
Jiang Guang Ming 37ec1cc592 feat(mbedtls): support C2 mbedtls can use crypto algorithm in ROM 2023-10-23 13:10:44 +08:00
Mahavir Jain 9ca8f3d45b feat(mbedtls): update to 3.5.0 release 
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
 2023-10-11 09:32:32 +00:00