8000 extmod/modssl_mbedtls: Add cert time validation. · micropython/micropython@d85c05e · GitHub
[go: up one dir, main page]
Skip to content

Commit d85c05e

Browse files
CarglglzCarglglz
committed
extmod/modssl_mbedtls: Add cert time validation.
This enables cert time validation in unix and esp32 port. In esp32 port MBEDTLS_PLATFORM_TIME_ALT macro is needed due to esp32 using EPOCH 1/1/2000 to get current time in seconds which is not what mbedtls expects. MBEDTLS_PLATFORM_TIME_ALT gives the option to define an alternative function to get current time. Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
1 parent 12a8487 commit d85c05e

File tree

7 files changed

+45
-0
lines changed
  • unix/mbedtls

    • 7 files changed

    +45
    -0
    lines changed

    extmod/modssl_mbedtls.c

    Lines changed: 8 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -49,10 +49,15 @@
    4949
    #ifdef MICROPY_SSL_MBEDTLS_EXTRAS
    5050
    #if MBEDTLS_VERSION_NUMBER >= 0x03000000
    5151
    #include "mbedtls/build_info.h"
    52+
    #include "mbedtls/platform_time.h"
    5253
    #else
    5354
    #include "mbedtls/version.h"
    5455
    #endif
    5556
    #endif
    57+
    #ifdef MICROPY_MBEDTLS_PLATFORM_TIME_ALT
    58+
    #include "mbedtls/mbedtls_config.h"
    59+
    #endif
    60+
    5661

    5762
    #define MP_STREAM_POLL_RDWR (MP_STREAM_POLL_RD | MP_STREAM_POLL_WR)
    5863

    @@ -183,6 +188,9 @@ STATIC mp_obj_t ssl_context_make_new(const mp_obj_type_t *type_in, size_t n_args
    183188
    // Debug level (0-4) 1=warning, 2=info, 3=debug, 4=verbose
    184189
    mbedtls_debug_set_threshold(3);
    185190
    #endif
    191+
    #ifdef MICROPY_MBEDTLS_PLATFORM_TIME_ALT
    192+
    mbedtls_platform_set_time(platform_mbedtls_time);
    193+
    #endif
    186194

    187195
    const byte seed[] = "upy";
    188196
    int ret = mbedtls_ctr_drbg_seed(&self->ctr_drbg, mbedtls_entropy_func, &self->entropy, seed, sizeof(seed));

    ports/esp32/boards/sdkconfig.base

    Lines changed: 3 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -48,6 +48,9 @@ CONFIG_LWIP_PPP_CHAP_SUPPORT=y
    4848
    # SSL
    4949
    # Use 4kiB output buffer instead of default 16kiB
    5050
    CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
    51+
    CONFIG_MBEDTLS_HAVE_TIME_DATE=y
    52+
    CONFIG_MBEDTLS_PLATFORM_TIME_ALT=y
    53+
    CONFIG_MBEDTLS_HAVE_TIME=y
    5154

    5255
    # ULP coprocessor support
    5356
    # Only on: ESP32, ESP32S2, ESP32S3

    ports/esp32/esp32_common.cmake

    Lines changed: 2 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -59,6 +59,8 @@ list(APPEND MICROPY_SOURCE_PORT
    5959
    mphalport.c
    6060
    fatfs_port.c
    6161
    help.c
    62+
    modtime.c
    63+
    mbedtls/mbedtls_port.c
    6264
    machine_bitstream.c
    6365
    machine_timer.c
    6466
    machine_pin.c

    ports/esp32/mbedtls/mbedtls_config.h

    Lines changed: 4 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -0,0 +1,4 @@
    1+
    // Time mbedtls_platform
    2+
    #define MBEDTLS_HAVE_ASM
    3+
    4+
    time_t platform_mbedtls_time(time_t *timer);

    ports/esp32/mbedtls/mbedtls_port.c

    Lines changed: 24 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -0,0 +1,24 @@
    1+
    #include <py/mpconfig.h>
    2+
    3+
    #ifdef MICROPY_SSL_MBEDTLS
    4+
    5+
    #include <time.h>
    6+
    #include <sys/time.h>
    7+
    #include "shared/timeutils/timeutils.h"
    8+
    9+
    10+
    #ifdef MICROPY_MBEDTLS_PLATFORM_TIME_ALT
    11+
    12+
    #include "mbedtls/platform_time.h"
    13+
    14+
    time_t platform_mbedtls_time(time_t *timer) {
    15+
    // mbedtls_time requires time in seconds from EPOCH 1970
    16+
    17+
    struct timeval tv;
    18+
    gettimeofday(&tv, NULL);
    19+
    20+
    return tv.tv_sec + TIMEUTILS_SECONDS_1970_TO_2000;
    21+
    }
    22+
    23+
    #endif
    24+
    #endif

    ports/esp32/mpconfigport.h

    Lines changed: 1 addition & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -138,6 +138,7 @@
    138138
    #define MICROPY_SSL_MBEDTLS (1)
    139139
    #define MICROPY_PY_SSL_FINALISER (1)
    140140
    #define MICROPY_PY_WEBSOCKET (1)
    141+
    #define MICROPY_MBEDTLS_PLATFORM_TIME_ALT (1)
    141142
    #define MICROPY_PY_WEBREPL (1)
    142143
    #define MICROPY_PY_ONEWIRE (1)
    143144
    #define MICROPY_PY_PLATFORM (1)

    ports/unix/mbedtls/mbedtls_config.h

    Lines changed: 3 additions & 0 deletions
    Original file line numberDiff line numberDiff line change
    @@ -32,6 +32,9 @@
    3232
    // Enable mbedtls modules
    3333
    #define MBEDTLS_HAVEGE_C
    3434
    #define MBEDTLS_TIMING_C
    35+
    #define MBEDTLS_HAVE_TIME
    36+
    #define MBEDTLS_HAVE_TIME_DATE
    37+
    3538

    3639
    // Include common mbedtls configuration.
    3740
    #include "extmod/mbedtls/mbedtls_config_common.h"

    0 commit comments

    Comments
     (0)
    0