fix(esp-tls): address MR review comments for SE PSA driver

- esp_tls_mbedtls: require cert when PSA-backed server/client key is set
- esp_tls_mbedtls: drop redundant pk_init/x509_crt_init (calloc handles it)
- psa SE driver: copy callbacks/opaque_key by value (no lifetime coupling)
- psa SE driver: replace atomic CAS with simple null check on register
- psa SE driver: use sig_len from sign callback with bounds validation
- psa SE driver: validate pubkey_len returned by export_pubkey callback
- psa SE driver: check hash sub-alg in RSA PKCS1V15 branch of validate_request
- psa SE driver: align secure_element_register_callbacks doc with value-copy impl
- esp_https_server: initialize server_key in HTTPD_SSL_CONFIG_DEFAULT
- mbedtls: move SECURE_ELEMENT_DRIVER_ENABLED to esp_config.h for parity
  with ESP_ECDSA_DRIVER_ENABLED; drop target_compile_definitions
- docs: fix esp_tls_cfg_t -> esp_http_client_config_t cross-reference
- docs: check psa_import_key() status in ESP-TLS PSA example
- hints/error_output: point at CONFIG_MBEDTLS_SECURE_ELEMENT_DRIVER_ENABLED
This commit is contained in:
Aditya Patwardhan
2026-05-22 13:41:08 +05:30
parent 4196734d1a
commit 08b567ef3b
14 changed files with 100 additions and 66 deletions

View File

@@ -219,6 +219,7 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
HTTPD_SSL_CONFIG_CLIENT_AUTH_OPTIONAL_INIT \
.prvtkey_pem = NULL, \
.prvtkey_len = 0, \
.server_key = NULL, \
.use_ecdsa_peripheral = false, \
.ecdsa_key_efuse_blk = 0, \
.ecdsa_key_efuse_blk_high = 0, \