espressif/ESP8266_RTOS_SDK
1
0
Fork 0
mirror of https://github.com/espressif/ESP8266_RTOS_SDK.git synced 2025-06-15 18:58:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(ssl): Add config for mbedTLS RSA bits

Browse Source 
Add ERROR information for users.
This commit is contained in:
Dong Heng
2018-10-29 16:20:07 +08:00
parent 37f6a717d3
commit 9355e427d1
3 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
components/ssl/Kconfig
View File

@ -39,6 +39,25 @@ config MBEDTLS_SSL_MAX_CONTENT_LEN
handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
(-0x7200). (-0x7200).
choice MBEDTLS_RSA_BITLEN_MIN
prompt "RSA minimum bit length"
default MBEDTLS_RSA_BITLEN_2048
help
mbedTLS's minimum bit length is 2048, but some customers's key RSA bits is 1024.
With the option users can configurate the value to make mbedTLS support 1024 bits RSA key.
config MBEDTLS_RSA_BITLEN_1024
bool "1024(not safe)"
config MBEDTLS_RSA_BITLEN_2048
bool "2048"
endchoice
config MBEDTLS_RSA_BITLEN_MIN
int
default 1024 if MBEDTLS_RSA_BITLEN_1024
default 2048 if MBEDTLS_RSA_BITLEN_2048
config MBEDTLS_DEBUG config MBEDTLS_DEBUG
bool "Enable mbedTLS debugging" bool "Enable mbedTLS debugging"
default n default n

7
components/ssl/mbedtls/mbedtls/library/x509_crt.c
View File

@ -96,7 +96,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
0xFFFFFFF, /* Any PK alg */ 0xFFFFFFF, /* Any PK alg */
0xFFFFFFF, /* Any curve */ 0xFFFFFFF, /* Any curve */
2048, MBEDTLS_RSA_BITLEN_MIN,
}; };
/* /*
@ -121,7 +121,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
#else #else
0, 0,
#endif #endif
2048, MBEDTLS_RSA_BITLEN_MIN,
}; };
/* /*
@ -185,6 +185,9 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
return( 0 ); return( 0 );
MBEDTLS_DEBUGF("ERROR: Certification RSA bit length is %d and should be >= %d",
mbedtls_pk_get_bitlen(pk), MBEDTLS_RSA_BITLEN_MIN);
return( -1 ); return( -1 );
} }
#endif #endif

8
components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h
View File

@ -2967,6 +2967,14 @@
#include MBEDTLS_USER_CONFIG_FILE #include MBEDTLS_USER_CONFIG_FILE
#endif #endif
#ifdef CONFIG_MBEDTLS_RSA_BITLEN_MIN
#define MBEDTLS_RSA_BITLEN_MIN CONFIG_MBEDTLS_RSA_BITLEN_MIN
#else
#define MBEDTLS_RSA_BITLEN_MIN 2048
#endif
#define MBEDTLS_DEBUGF(_fmt, ...) printf(_fmt "\r\n", ##__VA_ARGS__)
#include "mbedtls/check_config.h" #include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */ #endif /* MBEDTLS_CONFIG_H */