Draft
Conversation
Port otp_crypto to the PSA Crypto API used by mbedtls 4.x. - Replace deprecated low-level mbedtls APIs with PSA equivalents for hash, HMAC, cipher, and AEAD operations - Guard legacy mbedtls 2/3 code paths with version checks - Update CMake to detect mbedtls 4 and set HAVE_PSA_CRYPTO - Keep ESP32 JIT config outside mbedtls version guards Signed-off-by: Peter M <petermm@gmail.com>
Avoid including mbedtls/pkcs5.h when building against mbedtls 4, where that header is not available. Keep the existing PKCS5-based pbkdf2_hmac implementation for mbedtls 2/3, but switch the mbedtls 4 path to the PSA key derivation API so crypto:pbkdf2_hmac/5 remains available. Also reject zero iterations in PBKDF2 with a clear error message, and update the feature/NIF guards so pbkdf2_hmac stays registered on both legacy and mbedtls 4 builds. Signed-off-by: Peter M <petermm@gmail.com>
Improve PSA crypto resource management and memory safety: - Normalize do_psa_init() across all PSA-backed NIFs so every entry point initializes PSA consistently - Destroy PSA key handles immediately after finalization instead of deferring to GC, reducing key material residency time - Abort PSA operations and destroy keys on update failure to avoid dangling handles - Replace free() with secure_free() for all scratch buffers that may contain sensitive data (plaintext, key material) Signed-off-by: Peter M <petermm@gmail.com>
Declare the PSA output buffer size variables before any goto-based cleanup path can skip their initialization. This fixes Clang -Wsometimes-uninitialized failures in crypto_one_time/4-5 and crypto_update/2 when cleanup frees scratch buffers after early exits. Signed-off-by: Peter M <petermm@gmail.com>
Allocate at least 1 byte when the computed size is zero to avoid undefined malloc(0) behaviour on embedded libc implementations that may legally return NULL for zero-length allocations. This aligns the one-shot cipher and handle_iodata paths with the streaming cipher code that already guards against this case. Signed-off-by: Peter M <petermm@gmail.com> Amp-Thread-ID: https://ampcode.com/threads/T-019d2a7c-9760-707a-b24e-f6f6475a8608 Co-authored-by: Amp <amp@ampcode.com>
- Reset key attributes after psa_import_key in one-shot cipher path to match all other PSA import sites - Use secure_free for all crypto-adjacent buffers (sign/verify data, signature buffers, MAC data, AEAD AAD and combined buffers) to prevent sensitive data from lingering in freed memory - Reject AEAD decryption without a tag early with a clear error instead of letting it fail deep in PSA - Add finalized flag to MAC state so repeated mac_final/mac_update calls after finalization raise a clear error instead of a generic PSA failure - Document that ssl:nif_conf_rng is a no-op on mbedtls 4.x where PSA handles randomness internally Signed-off-by: Peter M <petermm@gmail.com>
petermm
force-pushed
the
esp-idf-6-support
branch
from
71df667 to
0d32039
Compare
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Signed-off-by: Peter M <petermm@gmail.com>
Signed-off-by: Peter M <petermm@gmail.com>
https://docs.espressif.com/projects/esp-idf/en/v6.0-beta1/esp32/migration-guides/release-6.x/6.0/system.html#power-management Signed-off-by: Peter M <petermm@gmail.com>
Signed-off-by: Peter M <petermm@gmail.com>
Signed-off-by: Peter M <petermm@gmail.com>
petermm
force-pushed
the
esp-idf-6-support
branch
2 times, most recently
from
63aa625 to
b221c12
Compare
Signed-off-by: Peter M <petermm@gmail.com>
petermm
force-pushed
the
esp-idf-6-support
branch
from
b221c12 to
3dcfb1e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Needs mbedtls4 to land first - but as can be seen it's basically the new esp_sleep_get_wakeup_causes() API, and that's it.
https://docs.espressif.com/projects/esp-idf/en/v6.0-beta1/esp32/migration-guides/release-6.x/6.0/system.html#power-management
These changes are made under both the "Apache 2.0" and the "GNU Lesser General
Public License 2.1 or later" license terms (dual license).
SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later