8000 extmod/modssl_mbedtls: Add cert time validation. · micropython/micropython@431ad8b · GitHub
[go: up one dir, main page]
Skip to content

Commit 431ad8b

Browse files
CarglglzCarglglz
committed
extmod/modssl_mbedtls: Add cert time validation.
This enables cert time validation in unix and esp32 port. In esp32 port MBEDTLS_PLATFORM_TIME_ALT macro is needed due to esp32 using EPOCH 1/1/2000 to get current time in seconds which is not what mbedtls expects. MBEDTLS_PLATFORM_TIME_ALT gives the option to define an alternative function to get current time. Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
1 parent 606b0ba commit 431ad8b

File tree

7 files changed

+45
-0
lines changed

7 files changed

+45
-0
lines changed

extmod/modssl_mbedtls.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,10 +49,15 @@
4949
#ifdef MICROPY_SSL_MBEDTLS_EXTRAS
5050
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
5151
#include "mbedtls/build_info.h"
52+
#include "mbedtls/platform_time.h"
5253
#else
5354
#include "mbedtls/version.h"
5455
#endif
5556
#endif
57+
#ifdef MICROPY_MBEDTLS_PLATFORM_TIME_ALT
58+
#include "mbedtls/mbedtls_config.h"
59+
#endif
60+
5661

5762
#define MP_STREAM_POLL_RDWR (MP_STREAM_POLL_RD | MP_STREAM_POLL_WR)
5863

@@ -183,6 +188,9 @@ STATIC mp_obj_t ssl_context_make_new(const mp_obj_type_t *type_in, size_t n_args
183188
// Debug level (0-4) 1=warning, 2=info, 3=debug, 4=verbose
184189
mbedtls_debug_set_threshold(3);
185190
#endif
191+
#ifdef MICROPY_MBEDTLS_PLATFORM_TIME_ALT
192+
mbedtls_platform_set_time(platform_mbedtls_time);
193+
#endif
186194

187195
const byte seed[] = "upy";
188196
int ret = mbedtls_ctr_drbg_seed(&self->ctr_drbg, mbedtls_entropy_func, &self->entropy, seed, sizeof(seed));

ports/esp32/boards/sdkconfig.base

< 10000 button data-component="IconButton" type="button" class="prc-Button-ButtonBase-c50BI ml-1 flex-shrink-0 prc-Button-IconButton-szpyj" data-loading="false" data-no-visuals="true" data-size="medium" data-variant="invisible" aria-describedby=":R1qdlmlab:-loading-announcement" aria-labelledby=":R2dlmlab:">
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,9 @@ CONFIG_LWIP_PPP_CHAP_SUPPORT=y
4848
# SSL
4949
# Use 4kiB output buffer instead of default 16kiB
5050
CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
51+
CONFIG_MBEDTLS_HAVE_TIME_DATE=y
52+
CONFIG_MBEDTLS_PLATFORM_TIME_ALT=y
53+
CONFIG_MBEDTLS_HAVE_TIME=y
5154

5255
# ULP coprocessor support
5356
# Only on: ESP32, ESP32S2, ESP32S3

ports/esp32/esp32_common.cmake

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,8 @@ list(APPEND MICROPY_SOURCE_PORT
5959
mphalport.c
6060
fatfs_port.c
6161
help.c
62+
modtime.c
63+
mbedtls/mbedtls_port.c
6264
machine_bitstream.c
6365
machine_timer.c
6466
machine_pin.c

ports/esp32/mbedtls/mbedtls_config.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
// Time mbedtls_platform
2+
#define MBEDTLS_HAVE_ASM
3+
4+
time_t platform_mbedtls_time(time_t *timer);

ports/esp32/mbedtls/mbedtls_port.c

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
#include <py/mpconfig.h>
2+
3+
#ifdef MICROPY_SSL_MBEDTLS
4+
5+
#include <time.h>
6+
#include <sys/time.h>
7+
#include "shared/timeutils/timeutils.h"
8+
9+
10+
#ifdef MICROPY_MBEDTLS_PLATFORM_TIME_ALT
11+
12+
#include "mbedtls/platform_time.h"
13+
14+
time_t platform_mbedtls_time(time_t *timer) {
15+
// mbedtls_time requires time in seconds from EPOCH 1970
16+
17+
struct timeval tv;
18+
gettimeofday(&tv, NULL);
19+
20+
return tv.tv_sec + TIMEUTILS_SECONDS_1970_TO_2000;
21+
}
22+
23+
#endif
24+
#endif

ports/esp32/mpconfigport.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,7 @@
138138
#define MICROPY_SSL_MBEDTLS (1)
139139
#define MICROPY_PY_SSL_FINALISER (1)
140140
#define MICROPY_PY_WEBSOCKET (1)
141+
#define MICROPY_MBEDTLS_PLATFORM_TIME_ALT (1)
141142
#define MICROPY_PY_WEBREPL (1)
142143
#define MICROPY_PY_ONEWIRE (1)
143144
#define MICROPY_PY_SOCKET_EVENTS (MICROPY_PY_WEBREPL)

ports/unix/mbedtls/mbedtls_config.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,9 @@
3232
// Enable mbedtls modules
3333
#define MBEDTLS_HAVEGE_C
3434
#define MBEDTLS_TIMING_C
35+
#define MBEDTLS_HAVE_TIME
36+
#define MBEDTLS_HAVE_TIME_DATE
37+
3538

3639
// Include common mbedtls configuration.
3740
#include "extmod/mbedtls/mbedtls_config_common.h"

0 commit comments

Comments
 (0)
0