From bffe5d2864c743e950190ac181524415a855c43e Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Tue, 28 Nov 2023 22:30:34 +0530
Subject: [PATCH 1/2] fix(mbedtls): move interrupt allocation during
 initialization phase

---
 components/mbedtls/port/aes/dma/esp_aes.c     | 30 +++++++++++--------
 .../port/aes/dma/include/esp_aes_dma_priv.h   | 23 +++++++-------
 components/mbedtls/port/aes/esp_aes_common.c  | 10 +++++--
 3 files changed, 34 insertions(+), 29 deletions(-)

diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c
index 8d4f0719371..4fdc3169224 100644
--- a/components/mbedtls/port/aes/dma/esp_aes.c
+++ b/components/mbedtls/port/aes/dma/esp_aes.c
@@ -169,24 +169,28 @@ static IRAM_ATTR void esp_aes_complete_isr(void *arg)
     }
 }
 
-static esp_err_t esp_aes_isr_initialise( void )
+void esp_aes_intr_alloc(void)
 {
-    aes_hal_interrupt_clear();
-    aes_hal_interrupt_enable(true);
     if (op_complete_sem == NULL) {
-        op_complete_sem = xSemaphoreCreateBinary();
-
-        if (op_complete_sem == NULL) {
-            ESP_LOGE(TAG, "Failed to create intr semaphore");
-            return ESP_FAIL;
-        }
-
         esp_err_t ret = esp_intr_alloc(ETS_AES_INTR_SOURCE, 0, esp_aes_complete_isr, NULL, NULL);
         if (ret != ESP_OK) {
-            return ret;
+            ESP_LOGE(TAG, "Failed to allocate AES interrupt %d", ret);
+            // This should be treated as fatal error as this API would mostly
+            // be invoked within mbedTLS interface. There is no way for the system
+            // to proceed if the AES interrupt allocation fails here.
+            abort();
         }
+        static StaticSemaphore_t op_sem_buf;
+        op_complete_sem = xSemaphoreCreateBinaryStatic(&op_sem_buf);
+        // Static semaphore creation is unlikley to fail but still basic sanity
+        assert(op_complete_sem != NULL);
     }
+}
 
+static esp_err_t esp_aes_isr_initialise( void )
+{
+    aes_hal_interrupt_clear();
+    aes_hal_interrupt_enable(true);
     /* AES is clocked proportionally to CPU clock, take power management lock */
 #ifdef CONFIG_PM_ENABLE
     if (s_pm_cpu_lock == NULL) {
@@ -423,7 +427,7 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
     /* Only use interrupt for long AES operations */
     if (len > AES_DMA_INTR_TRIG_LEN) {
         use_intr = true;
-        if (esp_aes_isr_initialise() == ESP_FAIL) {
+        if (esp_aes_isr_initialise() != ESP_OK) {
             ESP_LOGE(TAG, "ESP-AES ISR initialisation failed");
             ret = -1;
             goto cleanup;
@@ -561,7 +565,7 @@ int esp_aes_process_dma_gcm(esp_aes_context *ctx, const unsigned char *input, un
     /* Only use interrupt for long AES operations */
     if (len > AES_DMA_INTR_TRIG_LEN) {
         use_intr = true;
-        if (esp_aes_isr_initialise() == ESP_FAIL) {
+        if (esp_aes_isr_initialise() != ESP_OK) {
             ESP_LOGE(TAG, "ESP-AES ISR initialisation failed");
             ret = -1;
             goto cleanup;
diff --git a/components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h b/components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h
index 7880f188063..d8ddac8d288 100644
--- a/components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h
+++ b/components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h
@@ -1,16 +1,8 @@
-// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #pragma once
 
@@ -43,6 +35,11 @@ esp_err_t esp_aes_dma_start(const lldesc_t *input, const lldesc_t *output);
  */
 bool esp_aes_dma_done(const lldesc_t *output);
 
+/**
+ * @brief Allocate AES peripheral interrupt handler
+ */
+void esp_aes_intr_alloc(void);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/components/mbedtls/port/aes/esp_aes_common.c b/components/mbedtls/port/aes/esp_aes_common.c
index c0dd78a9684..c49a1e4ee41 100644
--- a/components/mbedtls/port/aes/esp_aes_common.c
+++ b/components/mbedtls/port/aes/esp_aes_common.c
@@ -26,6 +26,7 @@
  *  http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  */
 
+#include "sdkconfig.h"
 #include "aes/esp_aes_internal.h"
 #include "mbedtls/aes.h"
 #include "hal/aes_hal.h"
@@ -35,7 +36,7 @@
 #include <string.h>
 #include "mbedtls/platform.h"
 
-#if SOC_AES_GDMA
+#if SOC_AES_SUPPORT_DMA
 #include "esp_aes_dma_priv.h"
 #endif
 
@@ -51,9 +52,12 @@ bool valid_key_length(const esp_aes_context *ctx)
 }
 
 
-void esp_aes_init( esp_aes_context *ctx )
+void esp_aes_init(esp_aes_context *ctx)
 {
-    bzero( ctx, sizeof( esp_aes_context ) );
+    bzero(ctx, sizeof(esp_aes_context));
+#if SOC_AES_SUPPORT_DMA && CONFIG_MBEDTLS_AES_USE_INTERRUPT
+    esp_aes_intr_alloc();
+#endif
 }
 
 void esp_aes_free( esp_aes_context *ctx )

From 00919c396738a7a99f7a3509b2d80e89c53caa05 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Thu, 30 Nov 2023 11:59:59 +0530
Subject: [PATCH 2/2] fix(mbedtls/aes): fix AES interrupt allocation for
 AES-GCM operations

---
 components/mbedtls/port/aes/esp_aes_gcm.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c
index 8bd5616a755..c8903e2d2ab 100644
--- a/components/mbedtls/port/aes/esp_aes_gcm.c
+++ b/components/mbedtls/port/aes/esp_aes_gcm.c
@@ -25,23 +25,28 @@
  *  http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
  *  http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  */
-
-#include "soc/soc_caps.h"
-
+#include <string.h>
 
 #include "aes/esp_aes.h"
 #include "aes/esp_aes_gcm.h"
 #include "aes/esp_aes_internal.h"
 #include "hal/aes_hal.h"
 
-#include "esp_log.h"
 #include "mbedtls/aes.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/platform.h"
+
 #include "esp_heap_caps.h"
+#include "esp_log.h"
+#include "soc/soc_caps.h"
 #include "soc/soc_memory_layout.h"
 
-#include "mbedtls/error.h"
-#include "mbedtls/platform.h"
-#include <string.h>
+#include "sdkconfig.h"
+
+#if SOC_AES_SUPPORT_DMA
+#include "esp_aes_dma_priv.h"
+#endif
 
 #define ESP_PUT_BE64(a, val)                                    \
     do {                                                        \
@@ -326,6 +331,10 @@ void esp_aes_gcm_init( esp_gcm_context *ctx)
 
     bzero(ctx, sizeof(esp_gcm_context));
 
+#if SOC_AES_SUPPORT_DMA && CONFIG_MBEDTLS_AES_USE_INTERRUPT
+    esp_aes_intr_alloc();
+#endif
+
     ctx->gcm_state = ESP_AES_GCM_STATE_INIT;
 }