Improvements in Mbed TLS for ESP32 (#2473)

***NO_CI***

Author: josesimoes

CMake/Modules/FindESP32_IDF.cmake

@@ -45,6 +45,8 @@ list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/log/includ
 list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/hal/include)
 list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/heap)
 list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/heap/include)
+list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/mbedtls/port/include)
+list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/mbedtls/mbedtls/include)
 list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/nvs_flash/include)
 list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/newlib/platform_include)
 list(APPEND ESP32_IDF_INCLUDE_DIRS ${esp32_idf_SOURCE_DIR}/components/wpa_supplicant/include/esp_supplicant)

src/PAL/COM/sockets/ssl/mbedTLS/ssl_generic_init_internal.cpp

@@ -169,6 +169,10 @@ bool ssl_generic_init_internal(
     // configure random generator
     mbedtls_ssl_conf_rng(context->conf, mbedtls_ctr_drbg_random, context->ctr_drbg);
 
+#if defined(PLATFORM_ESP32) && defined(CONFIG_MBEDTLS_DEBUG)
+    mbedtls_esp_enable_debug_log(context->conf, CONFIG_MBEDTLS_DEBUG_LEVEL);
+#endif
+
     // CA root certs from store, if available
     if (g_TargetConfiguration.CertificateStore->Count > 0)
     {

targets/ESP32/_IDF/sdkconfig.debug_nopsram_ble.esp32

@@ -938,7 +938,7 @@ CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y
 CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
-# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set
+CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
 # CONFIG_MBEDTLS_DEBUG is not set
 
 #
@@ -947,7 +947,7 @@ CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
 # CONFIG_MBEDTLS_CERTIFICATE_BUNDLE is not set
 # end of Certificate Bundle
 
-CONFIG_MBEDTLS_ECP_RESTARTABLE=y
+# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set
 CONFIG_MBEDTLS_CMAC_C=y
 CONFIG_MBEDTLS_HARDWARE_AES=y
 CONFIG_MBEDTLS_HARDWARE_MPI=y

targets/ESP32/_IDF/sdkconfig.default

@@ -709,8 +709,10 @@ CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y
 CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
-# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set
+CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
 # CONFIG_MBEDTLS_DEBUG is not set
+CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y
+# CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set
 
 #
 # Certificate Bundle
@@ -722,7 +724,7 @@ CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
 # CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set
 # end of Certificate Bundle
 
-CONFIG_MBEDTLS_ECP_RESTARTABLE=y
+# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set
 CONFIG_MBEDTLS_CMAC_C=y
 CONFIG_MBEDTLS_HARDWARE_AES=y
 CONFIG_MBEDTLS_AES_USE_INTERRUPT=y

targets/ESP32/_IDF/sdkconfig.default.esp32

@@ -804,8 +804,9 @@ CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y
 CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
-# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set
-# CONFIG_MBEDTLS_DEBUG is not set
+CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
+CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y
+# CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set
 
 #
 # Certificate Bundle
@@ -817,7 +818,7 @@ CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
 # CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set
 # end of Certificate Bundle
 
-CONFIG_MBEDTLS_ECP_RESTARTABLE=y
+# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set
 CONFIG_MBEDTLS_CMAC_C=y
 CONFIG_MBEDTLS_HARDWARE_AES=y
 CONFIG_MBEDTLS_AES_USE_INTERRUPT=y

targets/ESP32/_IDF/sdkconfig.default.esp32c3

@@ -377,7 +377,7 @@ CONFIG_ESP_MINIMAL_SHARED_STACK_SIZE=2048
 CONFIG_ESP_CONSOLE_UART_DEFAULT=y
 # CONFIG_ESP_CONSOLE_UART_CUSTOM is not set
 # CONFIG_ESP_CONSOLE_NONE is not set
-CONFIG_ESP_CONSOLE_SECONDARY_USB_SERIAL_JTAG is not set
+# CONFIG_ESP_CONSOLE_SECONDARY_USB_SERIAL_JTAG is not set
 CONFIG_ESP_CONSOLE_UART=y
 CONFIG_ESP_CONSOLE_MULTIPLE_UART=y
 CONFIG_ESP_CONSOLE_UART_NUM=0
@@ -840,7 +840,9 @@ CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
 CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
-# CONFIG_MBEDTLS_DEBUG=y
+CONFIG_MBEDTLS_DEBUG=y
+CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y
+# CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set
 
 #
 # Certificate Bundle

targets/ESP32/_IDF/sdkconfig.default.esp32s2

@@ -811,8 +811,10 @@ CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y
 CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
-# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set
+CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
 # CONFIG_MBEDTLS_DEBUG is not set
+CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y
+# CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set
 
 #
 # Certificate Bundle
@@ -824,7 +826,7 @@ CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
 # CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set
 # end of Certificate Bundle
 
-CONFIG_MBEDTLS_ECP_RESTARTABLE=y
+# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set
 CONFIG_MBEDTLS_CMAC_C=y
 CONFIG_MBEDTLS_HARDWARE_AES=y
 CONFIG_MBEDTLS_AES_USE_INTERRUPT=y

targets/ESP32/_IDF/sdkconfig.default_ble.esp32

@@ -807,8 +807,10 @@ CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y
 CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
-# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set
+CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
 # CONFIG_MBEDTLS_DEBUG is not set
+CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y
+# CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set
 
 #
 # Certificate Bundle
@@ -820,7 +822,7 @@ CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
 # CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set
 # end of Certificate Bundle
 
-CONFIG_MBEDTLS_ECP_RESTARTABLE=y
+# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set
 CONFIG_MBEDTLS_CMAC_C=y
 CONFIG_MBEDTLS_HARDWARE_AES=y
 CONFIG_MBEDTLS_AES_USE_INTERRUPT=y

targets/ESP32/_IDF/sdkconfig.default_ble_rev3.esp32

@@ -806,8 +806,10 @@ CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y
 CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
-# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set
+CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
 # CONFIG_MBEDTLS_DEBUG is not set
+CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y
+# CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set
 
 #
 # Certificate Bundle
@@ -819,7 +821,7 @@ CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
 # CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set
 # end of Certificate Bundle
 
-CONFIG_MBEDTLS_ECP_RESTARTABLE=y
+# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set
 CONFIG_MBEDTLS_CMAC_C=y
 CONFIG_MBEDTLS_HARDWARE_AES=y
 CONFIG_MBEDTLS_AES_USE_INTERRUPT=y

targets/ESP32/_IDF/sdkconfig.default_nopsram.esp32

@@ -781,8 +781,10 @@ CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y
 CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
-# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set
+CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
 # CONFIG_MBEDTLS_DEBUG is not set
+CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y
+# CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set
 
 #
 # Certificate Bundle
@@ -794,7 +796,7 @@ CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
 # CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set
 # end of Certificate Bundle
 
-CONFIG_MBEDTLS_ECP_RESTARTABLE=y
+# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set
 CONFIG_MBEDTLS_CMAC_C=y
 CONFIG_MBEDTLS_HARDWARE_AES=y
 CONFIG_MBEDTLS_AES_USE_INTERRUPT=y