diff --git a/.devcontainer/All/Dockerfile.All b/.devcontainer/All/Dockerfile.All index 45df720ec3..1be69669a8 100644 --- a/.devcontainer/All/Dockerfile.All +++ b/.devcontainer/All/Dockerfile.All @@ -1 +1 @@ -FROM ghcr.io/nanoframework/dev-container-all:v2.48 +FROM ghcr.io/nanoframework/dev-container-all:v2.49 diff --git a/.devcontainer/All/Dockerfile.All.SRC b/.devcontainer/All/Dockerfile.All.SRC index c6834ad358..047502e3f7 100644 --- a/.devcontainer/All/Dockerfile.All.SRC +++ b/.devcontainer/All/Dockerfile.All.SRC @@ -78,7 +78,7 @@ RUN git clone --branch v6.4.0_rel --recursive https://github.com/eclipse-threadx && git clone --branch v6.3.0_rel --recursive https://github.com/eclipse-threadx/netxduo.git --depth 1 ./sources/NetxDuo # Clone dependent repos (mbedtls, fatfs and littlefs) -RUN git clone --branch mbedtls-2.28.5 https://github.com/ARMmbed/mbedtls.git --depth 1 ./sources/mbedtls \ +RUN git clone --branch mbedtls-3.5.2 https://github.com/ARMmbed/mbedtls.git --depth 1 ./sources/mbedtls \ && git clone --branch R0.15 https://github.com/abbrev/fatfs.git --depth 1 ./sources/fatfs \ && git clone --branch v2.9.3 https://github.com/littlefs-project/littlefs --depth 1 ./sources/littlefs diff --git a/.devcontainer/All/scripts/git-pull-repos.sh b/.devcontainer/All/scripts/git-pull-repos.sh index 47a50dbe29..5645d49e10 100644 --- a/.devcontainer/All/scripts/git-pull-repos.sh +++ b/.devcontainer/All/scripts/git-pull-repos.sh @@ -15,7 +15,7 @@ git svn clone http://svn.code.sf.net/p/chibios/code/branches/stable_21.11.x -rHE cd /sources/ChibiOs-Contrib git pull origin chibios-21.11.x cd /sources/mbedtls -git pull origin mbedtls-2.28.5 +git pull origin mbedtls-3.5.2 cd /sources/fatfs git pull origin R0.15 cd /sources/FreeRTOS @@ -32,4 +32,4 @@ cd /sources/SimpleLinkCC13 git pull origin 4.20.01.04 cd /sources/TI_SysConfig git pull origin 1.5.0 -echo "All repos pulled and up to date" \ No newline at end of file +echo "All repos pulled and up to date" diff --git a/.devcontainer/AzureRTOS/Dockerfile.AzureRTOS b/.devcontainer/AzureRTOS/Dockerfile.AzureRTOS index 2b556fb89a..8ba64c629c 100644 --- a/.devcontainer/AzureRTOS/Dockerfile.AzureRTOS +++ b/.devcontainer/AzureRTOS/Dockerfile.AzureRTOS @@ -1 +1 @@ -FROM ghcr.io/nanoframework/dev-container-azure-rtos:v1.27 +FROM ghcr.io/nanoframework/dev-container-azure-rtos:v1.28 diff --git a/.devcontainer/AzureRTOS/Dockerfile.AzureRTOS.SRC b/.devcontainer/AzureRTOS/Dockerfile.AzureRTOS.SRC index 17e43ed915..881daa3467 100644 --- a/.devcontainer/AzureRTOS/Dockerfile.AzureRTOS.SRC +++ b/.devcontainer/AzureRTOS/Dockerfile.AzureRTOS.SRC @@ -67,7 +67,7 @@ RUN git clone --branch v6.4.0_rel --recursive https://github.com/eclipse-threadx && git clone --branch v6.4.0_rel --recursive https://github.com/eclipse-threadx/netxduo.git --depth 1 ./sources/NetxDuo # Clone dependent repos (mbedtls, fatfs and littlefs) -RUN git clone --branch mbedtls-2.28.5 https://github.com/ARMmbed/mbedtls.git --depth 1 ./sources/mbedtls \ +RUN git clone --branch mbedtls-3.5.2 https://github.com/ARMmbed/mbedtls.git --depth 1 ./sources/mbedtls \ && git clone --branch R0.15 https://github.com/abbrev/fatfs.git --depth 1 ./sources/fatfs \ && git clone --branch v2.9.3 https://github.com/littlefs-project/littlefs --depth 1 ./sources/littlefs diff --git a/.devcontainer/ChibiOS/Dockerfile.ChibiOS b/.devcontainer/ChibiOS/Dockerfile.ChibiOS index d8bc229553..56fa1ea096 100644 --- a/.devcontainer/ChibiOS/Dockerfile.ChibiOS +++ b/.devcontainer/ChibiOS/Dockerfile.ChibiOS @@ -1 +1 @@ -FROM ghcr.io/nanoframework/dev-container-chibios:v1.28 +FROM ghcr.io/nanoframework/dev-container-chibios:v1.29 diff --git a/.devcontainer/ChibiOS/Dockerfile.ChibiOS.SRC b/.devcontainer/ChibiOS/Dockerfile.ChibiOS.SRC index 2aaebce201..b5f3e03dcd 100644 --- a/.devcontainer/ChibiOS/Dockerfile.ChibiOS.SRC +++ b/.devcontainer/ChibiOS/Dockerfile.ChibiOS.SRC @@ -65,7 +65,7 @@ RUN git clone --branch nf-build https://github.com/nanoframework/STM32CubeL4.git && git clone --branch chibios-21.11.x https://github.com/ChibiOS/ChibiOS-Contrib.git --depth 1 ./sources/ChibiOs-Contrib # Clone dependent repos (mbedtls, fatfs and littlefs etc.) -RUN git clone --branch mbedtls-2.28.5 https://github.com/ARMmbed/mbedtls.git --depth 1 ./sources/mbedtls \ +RUN git clone --branch mbedtls-3.5.2 https://github.com/ARMmbed/mbedtls.git --depth 1 ./sources/mbedtls \ && git clone --branch R0.15 https://github.com/abbrev/fatfs.git --depth 1 ./sources/fatfs \ && git clone --branch v2.9.3 https://github.com/littlefs-project/littlefs --depth 1 ./sources/littlefs \ && git clone --branch STABLE-2_1_3_RELEASE https://github.com/lwip-tcpip/lwip.git --depth 1 ./sources/lwip diff --git a/.devcontainer/FreeRTOS-NXP/Dockerfile.FreeRTOS-NXP b/.devcontainer/FreeRTOS-NXP/Dockerfile.FreeRTOS-NXP index 6d7262c824..6389087fb1 100644 --- a/.devcontainer/FreeRTOS-NXP/Dockerfile.FreeRTOS-NXP +++ b/.devcontainer/FreeRTOS-NXP/Dockerfile.FreeRTOS-NXP @@ -1 +1 @@ -FROM ghcr.io/nanoframework/dev-container-freertos-nxp:v1.01 +FROM ghcr.io/nanoframework/dev-container-freertos-nxp:v1.02 diff --git a/.devcontainer/FreeRTOS-NXP/Dockerfile.FreeRTOS-NXP.SRC b/.devcontainer/FreeRTOS-NXP/Dockerfile.FreeRTOS-NXP.SRC index a9ea4281fe..da9053fddc 100644 --- a/.devcontainer/FreeRTOS-NXP/Dockerfile.FreeRTOS-NXP.SRC +++ b/.devcontainer/FreeRTOS-NXP/Dockerfile.FreeRTOS-NXP.SRC @@ -55,7 +55,7 @@ RUN apt-get update \ RUN mkdir -p /usr/local/bin/gcc # Clone libs mbedtls and fatfs etc. -RUN git clone --branch mbedtls-2.28.5 https://github.com/ARMmbed/mbedtls.git --depth 1 ./sources/mbedtls \ +RUN git clone --branch mbedtls-3.5.2 https://github.com/ARMmbed/mbedtls.git --depth 1 ./sources/mbedtls \ && git clone --branch R0.15 https://github.com/abbrev/fatfs.git --depth 1 ./sources/fatfs \ && git clone --branch STABLE-2_1_3_RELEASE https://github.com/lwip-tcpip/lwip.git --depth 1 ./sources/lwip diff --git a/CMake/Modules/FindNF_Network.cmake b/CMake/Modules/FindNF_Network.cmake index 0f503862cb..05a35187b2 100644 --- a/CMake/Modules/FindNF_Network.cmake +++ b/CMake/Modules/FindNF_Network.cmake @@ -450,6 +450,23 @@ else() endforeach() + # unset this warning as error, which is required for these source files + # OK to remove after this issue is fixed upstream https://github.com/Mbed-TLS/mbedtls/issues/9425 + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_accept_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_add_cert_auth_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_close_socket_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_connect_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_decode_private_key_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_exit_context_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_generic.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_generic_init_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_initialize_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_parse_certificate_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_available_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_read_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_uninitialize_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + set_source_files_properties(${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/ssl_write_internal.cpp PROPERTIES COMPILE_FLAGS -Wno-undef) + endif() if(Use_Networking_Extra_Driver) diff --git a/CMake/binutils.ChibiOS.cmake b/CMake/binutils.ChibiOS.cmake index 9b563cfb40..632328c602 100644 --- a/CMake/binutils.ChibiOS.cmake +++ b/CMake/binutils.ChibiOS.cmake @@ -213,6 +213,7 @@ macro(nf_add_platform_dependencies target) # security provider is MbedTLS if(USE_SECURITY_MBEDTLS_OPTION) add_dependencies(NF_Network nano::NF_Network) + target_compile_definitions(NF_Network PUBLIC -DMBEDTLS_CONFIG_FILE=\"${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h\") endif() endif() @@ -263,7 +264,7 @@ macro(nf_add_platform_include_directories target) # need to add extra include directories for MbedTLS target_include_directories( - mbedcrypto PUBLIC + mbedcrypto PRIVATE ${CHIBIOS_HAL_INCLUDE_DIRS} ${CHIBIOS_INCLUDE_DIRS} ${ChibiOSnfOverlay_INCLUDE_DIRS} @@ -331,10 +332,11 @@ macro(nf_add_platform_sources target) if(USE_SECURITY_MBEDTLS_OPTION) target_link_libraries(${target}.elf - mbedtls + mbedtls ) add_dependencies(NF_Network mbedtls) + endif() endif() diff --git a/CMake/binutils.common.cmake b/CMake/binutils.common.cmake index c0533b969b..8c89c57e64 100644 --- a/CMake/binutils.common.cmake +++ b/CMake/binutils.common.cmake @@ -572,6 +572,11 @@ macro(nf_setup_target_build_common) nf_add_platform_packages(TARGET ${NANOCLR_PROJECT_NAME}) nf_add_platform_dependencies(${NANOCLR_PROJECT_NAME}) + if(API_nanoFramework.System.Security.Cryptography) + # need to add MbedTLS configuration file + target_sources(NF_NativeAssemblies PRIVATE ${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h) + endif() + nf_add_common_sources(TARGET ${NANOCLR_PROJECT_NAME} EXTRA_LIBRARIES ${CLR_EXTRA_LIBRARIES}) nf_add_platform_sources(${NANOCLR_PROJECT_NAME}) @@ -585,11 +590,14 @@ macro(nf_setup_target_build_common) if(USE_SECURITY_MBEDTLS_OPTION AND NOT RTOS_ESP32_CHECK) # MbedTLS requires setting a compiler definition in order to pass a config file - target_compile_definitions(mbedcrypto PUBLIC "-DMBEDTLS_CONFIG_FILE=\"${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h\"") - - # need to add extra include directories for MbedTLS - target_include_directories( - mbedcrypto PUBLIC + target_compile_definitions(mbedtls PUBLIC -DMBEDTLS_CONFIG_FILE=\"${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h\") + target_compile_definitions(mbedcrypto PUBLIC -DMBEDTLS_CONFIG_FILE=\"${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h\") + target_compile_definitions(mbedx509 PUBLIC -DMBEDTLS_CONFIG_FILE=\"${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h\") + target_compile_definitions(p256m PUBLIC -DMBEDTLS_CONFIG_FILE=\"${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h\") + target_compile_definitions(everest PUBLIC -DMBEDTLS_CONFIG_FILE=\"${CMAKE_SOURCE_DIR}/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h\") + + # set include directories for MbedTLS + set(MBEDTLS_INCLUDE_DIRECTORIES ${CMAKE_SOURCE_DIR}/src/CLR/Include ${CMAKE_SOURCE_DIR}/src/HAL/Include ${CMAKE_SOURCE_DIR}/src/PAL @@ -600,7 +608,35 @@ macro(nf_setup_target_build_common) ${CMAKE_SOURCE_DIR}/targets/${RTOS}/_include ${TARGET_BASE_LOCATION}/nanoCLR ${TARGET_BASE_LOCATION} + ${CMAKE_BINARY_DIR}/targets/${RTOS}/${TARGET_BOARD} ) + + # need to add extra include directories for MbedTLS + target_include_directories( + mbedtls PRIVATE + ${MBEDTLS_INCLUDE_DIRECTORIES} + ) + + target_include_directories( + mbedcrypto PRIVATE + ${MBEDTLS_INCLUDE_DIRECTORIES} + ) + + target_include_directories( + mbedx509 PRIVATE + ${MBEDTLS_INCLUDE_DIRECTORIES} + ) + + target_include_directories( + p256m PRIVATE + ${MBEDTLS_INCLUDE_DIRECTORIES} + ) + + target_include_directories( + everest PRIVATE + ${MBEDTLS_INCLUDE_DIRECTORIES} + ) + # platform implementation of hardware random provider target_sources(mbedcrypto PRIVATE ${BASE_PATH_FOR_CLASS_LIBRARIES_MODULES}/mbedtls_entropy_hardware_pool.c) @@ -611,6 +647,11 @@ macro(nf_setup_target_build_common) nf_set_compile_definitions(TARGET mbedx509 BUILD_TARGET ${NANOCLR_PROJECT_NAME}) nf_set_compile_definitions(TARGET mbedtls BUILD_TARGET ${NANOCLR_PROJECT_NAME}) + # need to unset several flags for MbedTLS to compile correctly + target_compile_options(mbedtls PRIVATE -Wno-undef -Wno-error=unused-function -Wno-error=discarded-qualifiers -Wno-error=unused-parameter) + target_compile_options(mbedcrypto PRIVATE -Wno-undef -Wno-error=unused-function -Wno-error=discarded-qualifiers -Wno-error=unused-parameter) + target_compile_options(mbedx509 PRIVATE -Wno-undef -Wno-error=unused-function -Wno-error=discarded-qualifiers -Wno-error=unused-parameter) + endif() # set compile definitions @@ -712,7 +753,7 @@ function(nf_add_mbedtls_library) # set tag for currently supported version # WHEN CHANGING THIS MAKE SURE TO UPDATE THE DEV CONTAINERS - set(MBEDTLS_GIT_TAG "mbedtls-2.28.5") + set(MBEDTLS_GIT_TAG "mbedtls-3.5.2") # set options for Mbed TLS option(ENABLE_TESTING "no testing when building Mbed TLS." OFF) @@ -749,9 +790,15 @@ function(nf_add_mbedtls_library) FetchContent_GetProperties(mbedtls) if(NOT mbedtls_POPULATED) # Fetch the content using previously declared details - FetchContent_MakeAvailable(mbedtls) + FetchContent_Populate(mbedtls) endif() + set(MBEDTLS_AS_SUBPROJECT TRUE) + set(DISABLE_PACKAGE_CONFIG_AND_INSTALL OFF) + + # add the MbedTLS library + add_subdirectory(${mbedtls_SOURCE_DIR} MbedTLS_Source) + endfunction() # PLATFORM_INCLUDES with platform and target include paths to be added to lwIP diff --git a/azure-pipelines-nightly.yml b/azure-pipelines-nightly.yml index 0b346bc36f..c77021ae2a 100644 --- a/azure-pipelines-nightly.yml +++ b/azure-pipelines-nightly.yml @@ -293,7 +293,7 @@ jobs: variables: DOTNET_NOLOGO: true # creates a counter and assigns it to the revision variable - REVISION: $[counter('STM32_1_10_0_versioncounter', 0)] + REVISION: $[counter('STM32_1_11_0_versioncounter', 0)] HelperPackageVersion: $[counter('HelperPackageVersioncounter', 0)] TargetPlatform: "stm32" @@ -544,7 +544,7 @@ jobs: variables: DOTNET_NOLOGO: true # creates a counter and assigns it to the revision variable - REVISION: $[counter('ESP32_1_10_0_versioncounter', 0)] + REVISION: $[counter('ESP32_1_11_0_versioncounter', 0)] IDF_PATH: "D:/a/1/s/esp-idf" PIP_CACHE_DIR: $(Pipeline.Workspace)/.pip TargetPlatform: "esp32" @@ -620,7 +620,7 @@ jobs: variables: DOTNET_NOLOGO: true # creates a counter and assigns it to the revision variable - REVISION: $[counter('TI_1_10_0_versioncounter', 0)] + REVISION: $[counter('TI_1_11_0_versioncounter', 0)] HelperPackageVersion: $[counter('HelperPackageVersioncounter', 0)] TargetPlatform: "ti_simplelink" @@ -671,7 +671,7 @@ jobs: variables: # creates a counter and assigns it to the revision variable - REVISION: $[counter('AZURERTOS_1_10_0_versioncounter', 0)] + REVISION: $[counter('AZURERTOS_1_11_0_versioncounter', 0)] HelperPackageVersion: $[counter('HelperPackageVersioncounter', 0)] TargetPlatform: "azure_rtos" diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 6e0ba64234..d28a6b92e1 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -412,7 +412,7 @@ jobs: variables: DOTNET_NOLOGO: true # creates a counter and assigns it to the revision variable - REVISION: $[counter('STM32_1_10_0_versioncounter', 0)] + REVISION: $[counter('STM32_1_11_0_versioncounter', 0)] HelperPackageVersion: $[counter('HelperPackageVersioncounter', 0)] TargetPlatform: "stm32" @@ -562,7 +562,7 @@ jobs: variables: DOTNET_NOLOGO: true # creates a counter and assigns it to the revision variable - REVISION: $[counter('ESP32_1_10_0_versioncounter', 0)] + REVISION: $[counter('ESP32_1_11_0_versioncounter', 0)] IDF_PATH: "D:/a/1/s/esp-idf" PIP_CACHE_DIR: $(Pipeline.Workspace)/.pip TargetPlatform: "esp32" @@ -643,7 +643,7 @@ jobs: variables: DOTNET_NOLOGO: true # creates a counter and assigns it to the revision variable - REVISION: $[counter('NXP_1_10_0_versioncounter', 0)] + REVISION: $[counter('NXP_1_11_0_versioncounter', 0)] GIT_LFS_SKIP_SMUDGE: 1 TargetPlatform: "freertos" @@ -721,7 +721,7 @@ jobs: variables: DOTNET_NOLOGO: true # creates a counter and assigns it to the revision variable - REVISION: $[counter('TI_1_10_0_versioncounter', 0)] + REVISION: $[counter('TI_1_11_0_versioncounter', 0)] HelperPackageVersion: $[counter('HelperPackageVersioncounter', 0)] TargetPlatform: "ti_simplelink" @@ -792,7 +792,7 @@ jobs: variables: # creates a counter and assigns it to the revision variable - REVISION: $[counter('AZURERTOS_1_10_0_versioncounter', 0)] + REVISION: $[counter('AZURERTOS_1_11_0_versioncounter', 0)] HelperPackageVersion: $[counter('HelperPackageVersioncounter', 0)] TargetPlatform: "azure_rtos" @@ -843,7 +843,7 @@ jobs: value: true # creates a counter and assigns it to the revision variable - name: REVISION - value: $[counter('WIN32_1_10_0_versioncounter', 0)] + value: $[counter('WIN32_1_11_0_versioncounter', 0)] - name: LITTLEFS_PATH value: "D:/a/1/s/littlefs" diff --git a/src/DeviceInterfaces/System.Net/sys_net_native.cpp b/src/DeviceInterfaces/System.Net/sys_net_native.cpp index 79b5f3026b..1be14bfbdd 100644 --- a/src/DeviceInterfaces/System.Net/sys_net_native.cpp +++ b/src/DeviceInterfaces/System.Net/sys_net_native.cpp @@ -347,8 +347,7 @@ const CLR_RT_NativeAssemblyData g_CLR_AssemblyNative_System_Net = "System.Net", 0xD82C1452, method_lookup, - { 100, 2, 0, 1 } + { 100, 2, 0, 11 } }; // clang-format on - diff --git a/src/DeviceInterfaces/System.Net/sys_net_native.h b/src/DeviceInterfaces/System.Net/sys_net_native.h index 7b88164688..819f674081 100644 --- a/src/DeviceInterfaces/System.Net/sys_net_native.h +++ b/src/DeviceInterfaces/System.Net/sys_net_native.h @@ -113,6 +113,16 @@ // WirelessAPConfiguration_ConfigurationOptions_HiddenSSID = 8, // } WirelessAPConfiguration_ConfigurationOptions; +// MOVED TO src\PAL\COM\sockets\ssl\ssl_functions.h for convinience +// typedef enum __nfpack SslProtocols +// { +// SslProtocols_None = 0, +// SslProtocols_Tls = 192, +// SslProtocols_Tls11 = 768, +// SslProtocols_Tls12 = 3072, +// SslProtocols_Tls13 = 12288, +// } SslProtocols; + struct Library_sys_net_native_System_Net_NetworkInformation_NetworkInterface { static const int FIELD___interfaceIndex = 1; diff --git a/src/PAL/COM/sockets/ssl/MbedTLS/mbedtls.h b/src/PAL/COM/sockets/ssl/MbedTLS/mbedtls.h index 5387a2918a..ac4f788bf3 100644 --- a/src/PAL/COM/sockets/ssl/MbedTLS/mbedtls.h +++ b/src/PAL/COM/sockets/ssl/MbedTLS/mbedtls.h @@ -7,31 +7,25 @@ #define MBEDTLS_H #include +#include #ifdef PLATFORM_ESP32 #include #include -#else -#include "nf_mbedtls_config.h" #endif -#include - #ifdef __cplusplus extern "C" { #endif -#include "mbedtls/version.h" -#include "mbedtls/platform.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/error.h" -#if MBEDTLS_VERSION_MAJOR < 3 -#include "mbedtls/certs.h" -#endif +#include +#include +#include +#include +#include +#include +#include typedef struct mbedTLS_NFContext { diff --git a/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h b/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h index 1cced5c905..dcfc800a25 100644 --- a/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h +++ b/src/PAL/COM/sockets/ssl/MbedTLS/nf_mbedtls_config.h @@ -9,7 +9,6 @@ #include #include -#include #include // need to declare this as external to be picked up by Mbed TLS platform_time @@ -28,6 +27,7 @@ extern "C" #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME +#define MBEDTLS_PLATFORM_MS_TIME_ALT #define MBEDTLS_HAVE_TIME_DATE @@ -46,8 +46,9 @@ extern "C" #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN #define MBEDTLS_CIPHER_PADDING_ZEROS -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +// requirements for MBEDTLS_ECDSA_C +// requirements for MBEDTLS_ECP_C #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -61,7 +62,6 @@ extern "C" #define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_ECP_DP_CURVE448_ENABLED - #define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED @@ -77,28 +77,28 @@ extern "C" #define MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_GENPRIME #define MBEDTLS_NO_PLATFORM_ENTROPY +#define MBEDTLS_ENTROPY_FORCE_SHA256 #define MBEDTLS_PK_RSA_ALT_SUPPORT #define MBEDTLS_PKCS1_V15 #define MBEDTLS_PKCS1_V21 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#define MBEDTLS_SSL_FALLBACK_SCSV -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE #define MBEDTLS_SSL_RENEGOTIATION #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1 -#define MBEDTLS_SSL_PROTO_TLS1_1 #define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_PROTO_TLS1_3 +#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED #define MBEDTLS_SSL_PROTO_DTLS #define MBEDTLS_SSL_ALPN #define MBEDTLS_SSL_DTLS_ANTI_REPLAY #define MBEDTLS_SSL_DTLS_HELLO_VERIFY #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT +#define MBEDTLS_SSL_SESSION_TICKETS #define MBEDTLS_SSL_SERVER_NAME_INDICATION -#define MBEDTLS_SSL_TRUNCATED_HMAC -#define MBEDTLS_X509_CHECK_KEY_USAGE -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE #define MBEDTLS_X509_RSASSA_PSS_SUPPORT #define MBEDTLS_CMAC_C @@ -129,7 +129,7 @@ extern "C" #define MBEDTLS_ERROR_C #define MBEDTLS_GCM_C - +#define MBEDTLS_HKDF_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C @@ -153,8 +153,10 @@ extern "C" #define MBEDTLS_RSA_C #define MBEDTLS_SHA1_C +#define MBEDTLS_SHA224_C #define MBEDTLS_SHA256_C #define MBEDTLS_SHA512_C +#define MBEDTLS_SHA384_C #define MBEDTLS_SSL_CACHE_C #define MBEDTLS_SSL_COOKIE_C #define MBEDTLS_SSL_TICKET_C @@ -166,12 +168,13 @@ extern "C" #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C -#define MBEDTLS_X509_CSR_PARSE_C - -#define MBEDTLS_XTEA_C - #define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_USE_PSA_CRYPTO +#define MBEDTLS_PSA_CRYPTO_C +#define MBEDTLS_PSA_CRYPTO_CONFIG +#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + //////////////////////////////////////////////////////////////////////////// // This define depends on the platform having a hardware random generator. // Requires that a function mbedtls_hardware_poll() exits as explained in Mbed TLS documentation. @@ -181,6 +184,4 @@ extern "C" #endif ////////////////////////////////////////////////////////////////////////// -#include - #endif // NF_MBEDTLS_CONFIG_H diff --git a/src/PAL/COM/sockets/ssl/MbedTLS/ssl_decode_private_key_internal.cpp b/src/PAL/COM/sockets/ssl/MbedTLS/ssl_decode_private_key_internal.cpp index cf78e571bb..6c53716f4b 100644 --- a/src/PAL/COM/sockets/ssl/MbedTLS/ssl_decode_private_key_internal.cpp +++ b/src/PAL/COM/sockets/ssl/MbedTLS/ssl_decode_private_key_internal.cpp @@ -8,14 +8,32 @@ extern void SSL_GetCertDateTime_internal(DATE_TIME_INFO *dt, mbedtls_x509_time *mt); -#if defined(PLATFORM_ESP32) && MBEDTLS_VERSION_MAJOR >= 3 -int random(void *a, unsigned char *b, size_t c) +#if defined(PLATFORM_ESP32) +int random(void *ctx, unsigned char *buf, size_t len) { - (void)a; - (void)b; - (void)c; + return mbedtls_ctr_drbg_random(ctx, buf, len); +} +#else + +#include +#include + +int random(void *context, unsigned char *output, size_t output_size) +{ + (void)context; + + // start random generator + rngStart(); + + for (size_t i = 0; i < output_size; i++) + { + // our generator returns 32bits numbers + *output = (uint8_t)rngGenerateRandomNumber(); + + output++; + } - return esp_random(); + return 0; } #endif diff --git a/src/PAL/COM/sockets/ssl/MbedTLS/ssl_generic_init_internal.cpp b/src/PAL/COM/sockets/ssl/MbedTLS/ssl_generic_init_internal.cpp index 586083e145..855532834b 100644 --- a/src/PAL/COM/sockets/ssl/MbedTLS/ssl_generic_init_internal.cpp +++ b/src/PAL/COM/sockets/ssl/MbedTLS/ssl_generic_init_internal.cpp @@ -6,11 +6,8 @@ // #include -#include "mbedtls.h" -#include "mbedtls/debug.h" -#if MBEDTLS_VERSION_MAJOR < 3 -#include -#endif +#include +#include bool ssl_generic_init_internal( int sslMode, @@ -25,10 +22,10 @@ bool ssl_generic_init_internal( bool useDeviceCertificate, bool isServer) { -#if MBEDTLS_VERSION_MAJOR < 3 - int minVersion = MBEDTLS_SSL_MINOR_VERSION_3; - int maxVersion = MBEDTLS_SSL_MINOR_VERSION_1; -#endif + // set default values for min and max protocol versions + // aiming for TLS 1.3 which is the most secure + mbedtls_ssl_protocol_version minVersion = MBEDTLS_SSL_VERSION_TLS1_3; + mbedtls_ssl_protocol_version maxVersion = MBEDTLS_SSL_VERSION_TLS1_3; int sslContexIndex = -1; int authMode = MBEDTLS_SSL_VERIFY_NONE; @@ -52,7 +49,9 @@ bool ssl_generic_init_internal( } if (sslContexIndex == -1) + { return FALSE; + } // create and init MbedTLS nanoFramework context // this needs to be freed in ssl_exit_context_internal @@ -82,15 +81,24 @@ bool ssl_generic_init_internal( endpoint = MBEDTLS_SSL_IS_CLIENT; } - // create and init private key context + // create and init SSL context // this needs to be freed in ssl_exit_context_internal - context->pk = (mbedtls_pk_context *)platform_malloc(sizeof(mbedtls_pk_context)); - if (context->pk == NULL) + context->ssl = (mbedtls_ssl_context *)platform_malloc(sizeof(mbedtls_ssl_context)); + if (context->ssl == NULL) { goto error; } + mbedtls_ssl_init(context->ssl); - mbedtls_pk_init(context->pk); + // create and init SSL configuration + // this needs to be freed in ssl_exit_context_internal + context->conf = (mbedtls_ssl_config *)platform_malloc(sizeof(mbedtls_ssl_config)); + if (context->conf == NULL) + { + goto error; + } + + mbedtls_ssl_config_init(context->conf); // create and init CTR_DRBG // this needs to be freed in ssl_exit_context_internal @@ -101,24 +109,24 @@ bool ssl_generic_init_internal( } mbedtls_ctr_drbg_init(context->ctr_drbg); - // create and init SSL context + // create and init entropy context // this needs to be freed in ssl_exit_context_internal - context->ssl = (mbedtls_ssl_context *)platform_malloc(sizeof(mbedtls_ssl_context)); - if (context->ssl == NULL) + context->entropy = (mbedtls_entropy_context *)platform_malloc(sizeof(mbedtls_entropy_context)); + if (context->entropy == NULL) { goto error; } - mbedtls_ssl_init(context->ssl); + mbedtls_entropy_init(context->entropy); - // create and init SSL configuration + // create and init private key context // this needs to be freed in ssl_exit_context_internal - context->conf = (mbedtls_ssl_config *)platform_malloc(sizeof(mbedtls_ssl_config)); - if (context->conf == NULL) + context->pk = (mbedtls_pk_context *)platform_malloc(sizeof(mbedtls_pk_context)); + if (context->pk == NULL) { goto error; } - mbedtls_ssl_config_init(context->conf); + mbedtls_pk_init(context->pk); // create and init X509 CRT // this needs to be freed in ssl_exit_context_internal @@ -129,15 +137,6 @@ bool ssl_generic_init_internal( } mbedtls_x509_crt_init(context->x509_crt); - // create and init entropy context - // this needs to be freed in ssl_exit_context_internal - context->entropy = (mbedtls_entropy_context *)platform_malloc(sizeof(mbedtls_entropy_context)); - if (context->entropy == NULL) - { - goto error; - } - mbedtls_entropy_init(context->entropy); - // TODO: review if we can add some instance-unique data to the custom argument below if (mbedtls_ctr_drbg_seed(context->ctr_drbg, mbedtls_entropy_func, context->entropy, NULL, 0) != 0) { @@ -155,37 +154,35 @@ bool ssl_generic_init_internal( goto error; } - // figure out the min and max protocol version to support - // sanity check for none, application has to set the supported protocols - if ((SslProtocols)sslMode == SslProtocols_None) + // figure out the min and max protocol version requested + // if none is provided, then set the min/max supported + if ((SslProtocols)sslMode != SslProtocols_None) { - goto error; - } + // find minimum version + if ((sslMode & SslProtocols_Tls) || (sslMode & SslProtocols_Tls11) || (sslMode & SslProtocols_Tls12)) + { + // nothing to do as 1.2 is the minimum supported + minVersion = MBEDTLS_SSL_VERSION_TLS1_2; + } + else if (sslMode & SslProtocols_Tls13) + { + minVersion = MBEDTLS_SSL_VERSION_TLS1_3; + } -#if MBEDTLS_VERSION_MAJOR < 3 - // TLS1.0/1.1/1.2 deprecated in MBEDTLS version 3 - // find minimum version - if (sslMode & (SslProtocols_TLSv11 | SslProtocols_TLSv1)) - { - minVersion = MBEDTLS_SSL_MINOR_VERSION_2; - } - if (sslMode & SslProtocols_TLSv1) - { - minVersion = MBEDTLS_SSL_MINOR_VERSION_1; + // find maximum version + if (sslMode & SslProtocols_Tls13) + { + maxVersion = MBEDTLS_SSL_VERSION_TLS1_3; + } + else + { + // has to be 1.2 + maxVersion = MBEDTLS_SSL_VERSION_TLS1_2; + } } - mbedtls_ssl_conf_min_version(context->conf, MBEDTLS_SSL_MAJOR_VERSION_3, minVersion); - // find maximum version - if (sslMode & (SslProtocols_TLSv12 | SslProtocols_TLSv11)) - { - maxVersion = MBEDTLS_SSL_MINOR_VERSION_2; - } - if (sslMode & SslProtocols_TLSv12) - { - maxVersion = MBEDTLS_SSL_MINOR_VERSION_3; - } - mbedtls_ssl_conf_max_version(context->conf, MBEDTLS_SSL_MAJOR_VERSION_3, maxVersion); -#endif + mbedtls_ssl_conf_max_tls_version(context->conf, maxVersion); + mbedtls_ssl_conf_min_tls_version(context->conf, minVersion); // configure random generator mbedtls_ssl_conf_rng(context->conf, mbedtls_ctr_drbg_random, context->ctr_drbg); @@ -253,7 +250,7 @@ bool ssl_generic_init_internal( pkPasswordLength) < 0) #else pkPasswordLength, - mbedtls_ctr_drbg_random, + mbedtls_ctr_drbg_random, context->ctr_drbg) < 0) #endif { @@ -299,6 +296,8 @@ bool ssl_generic_init_internal( mbedtls_ssl_conf_ca_chain(context->conf, context->x509_crt, NULL); + psa_crypto_init(); + // set certificate verification // the current options provided by Mbed TLS are only verify or don't verify if ((SslVerification)sslVerify == SslVerification_CertificateRequired) diff --git a/src/PAL/COM/sockets/ssl/ssl_functions.h b/src/PAL/COM/sockets/ssl/ssl_functions.h index c046f41521..33f3aa6504 100644 --- a/src/PAL/COM/sockets/ssl/ssl_functions.h +++ b/src/PAL/COM/sockets/ssl/ssl_functions.h @@ -16,10 +16,11 @@ /////////////////////////////////////////////////////////////////////////////////// enum SslProtocols { - SslProtocols_None = 0x00, - SslProtocols_TLSv1 = 0x10, - SslProtocols_TLSv11 = 0x20, - SslProtocols_TLSv12 = 0x40, + SslProtocols_None = 0, + SslProtocols_Tls = 192, + SslProtocols_Tls11 = 768, + SslProtocols_Tls12 = 3072, + SslProtocols_Tls13 = 12288, }; ////////////////////////////////////////////////////////////////////////////////////// diff --git a/targets/ChibiOS/ORGPAL_PALTHREE/nanoCLR/main.c b/targets/ChibiOS/ORGPAL_PALTHREE/nanoCLR/main.c index ecf31788e8..f534e8dd04 100644 --- a/targets/ChibiOS/ORGPAL_PALTHREE/nanoCLR/main.c +++ b/targets/ChibiOS/ORGPAL_PALTHREE/nanoCLR/main.c @@ -23,7 +23,7 @@ extern void hal_lfs_mount(); // need to declare the Receiver thread here osThreadDef(ReceiverThread, osPriorityHigh, 2048, "ReceiverThread"); // declare CLRStartup thread here -osThreadDef(CLRStartupThread, osPriorityNormal, 4096, "CLRStartupThread"); +osThreadDef(CLRStartupThread, osPriorityNormal, 6144, "CLRStartupThread"); #if HAL_USE_SDC // declare SD Card working thread here diff --git a/targets/ChibiOS/ST_STM32F769I_DISCOVERY/nanoCLR/main.c b/targets/ChibiOS/ST_STM32F769I_DISCOVERY/nanoCLR/main.c index 75f28bc320..8e5fb77880 100644 --- a/targets/ChibiOS/ST_STM32F769I_DISCOVERY/nanoCLR/main.c +++ b/targets/ChibiOS/ST_STM32F769I_DISCOVERY/nanoCLR/main.c @@ -21,7 +21,7 @@ // need to declare the Receiver thread here osThreadDef(ReceiverThread, osPriorityHigh, 2048, "ReceiverThread"); // declare CLRStartup thread here -osThreadDef(CLRStartupThread, osPriorityNormal, 4096, "CLRStartupThread"); +osThreadDef(CLRStartupThread, osPriorityNormal, 6144, "CLRStartupThread"); #if HAL_USE_SDC // declare SD Card working thread here @@ -97,4 +97,4 @@ int main(void) { osDelay(100); } -} \ No newline at end of file +} diff --git a/targets/ChibiOS/_nanoCLR/mbedtls_entropy_hardware_pool.c b/targets/ChibiOS/_nanoCLR/mbedtls_entropy_hardware_pool.c index 0f5d71e26a..b5adc33c02 100644 --- a/targets/ChibiOS/_nanoCLR/mbedtls_entropy_hardware_pool.c +++ b/targets/ChibiOS/_nanoCLR/mbedtls_entropy_hardware_pool.c @@ -5,7 +5,7 @@ #include #include - +#include int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen); // Get len bytes of entropy from the hardware RNG. @@ -32,3 +32,28 @@ int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t return 0; } + +psa_status_t mbedtls_psa_external_get_random( + mbedtls_psa_external_random_context_t *context, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void)context; + + // start random generator + rngStart(); + + for (size_t i = 0; i < output_size; i++) + { + // our generator returns 32bits numbers + *output = (uint8_t)rngGenerateRandomNumber(); + + output++; + } + + // callers require this to be set + *output_length = output_size; + + return PSA_SUCCESS; +} diff --git a/targets/ESP32/_IDF/esp32/app_main.c b/targets/ESP32/_IDF/esp32/app_main.c index 216b050109..7cda78e1ba 100644 --- a/targets/ESP32/_IDF/esp32/app_main.c +++ b/targets/ESP32/_IDF/esp32/app_main.c @@ -56,7 +56,7 @@ void app_main() // Stop any logging being directed to VS connection, was an issue with Nimble, outputting on Uart0 // TODO : redirect these to debugger controlled from nanoframework.Hardware.Esp32 - // esp_log_set_vprintf(dummyLog); + esp_log_set_vprintf(dummyLog); ESP_ERROR_CHECK(nvs_flash_init()); diff --git a/targets/ESP32/_IDF/sdkconfig.default b/targets/ESP32/_IDF/sdkconfig.default index 885b063a8b..42ff894764 100644 --- a/targets/ESP32/_IDF/sdkconfig.default +++ b/targets/ESP32/_IDF/sdkconfig.default @@ -59,15 +59,17 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP=y diff --git a/targets/ESP32/_IDF/sdkconfig.default.esp32c3 b/targets/ESP32/_IDF/sdkconfig.default.esp32c3 index afcaf6cc89..782d1abfeb 100644 --- a/targets/ESP32/_IDF/sdkconfig.default.esp32c3 +++ b/targets/ESP32/_IDF/sdkconfig.default.esp32c3 @@ -42,16 +42,18 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_ECP_RESTARTABLE=y CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_LITTLEFS_MAX_PARTITIONS=1 CONFIG_LITTLEFS_OBJ_NAME_LEN=256 diff --git a/targets/ESP32/_IDF/sdkconfig.default.esp32c6 b/targets/ESP32/_IDF/sdkconfig.default.esp32c6 index 5bf8999eee..21e724de3d 100644 --- a/targets/ESP32/_IDF/sdkconfig.default.esp32c6 +++ b/targets/ESP32/_IDF/sdkconfig.default.esp32c6 @@ -53,14 +53,16 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_SPI_FLASH_SUPPORT_ISSI_CHIP=y CONFIG_SPI_FLASH_SUPPORT_MXIC_CHIP=y diff --git a/targets/ESP32/_IDF/sdkconfig.default.esp32s2 b/targets/ESP32/_IDF/sdkconfig.default.esp32s2 index b30f6320b6..9dc929efa0 100644 --- a/targets/ESP32/_IDF/sdkconfig.default.esp32s2 +++ b/targets/ESP32/_IDF/sdkconfig.default.esp32s2 @@ -1341,11 +1341,12 @@ CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y CONFIG_MBEDTLS_SSL_RENEGOTIATION=y CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y -# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 is not set CONFIG_MBEDTLS_SSL_PROTO_DTLS=y +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_SSL_ALPN=y -# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set -CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=y +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y # # Symmetric Ciphers @@ -1354,7 +1355,7 @@ CONFIG_MBEDTLS_AES_C=y # CONFIG_MBEDTLS_CAMELLIA_C is not set CONFIG_MBEDTLS_DES_C=y # CONFIG_MBEDTLS_BLOWFISH_C is not set -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_CCM_C=y CONFIG_MBEDTLS_GCM_C=y # CONFIG_MBEDTLS_NIST_KW_C is not set diff --git a/targets/ESP32/_IDF/sdkconfig.default.esp32s3 b/targets/ESP32/_IDF/sdkconfig.default.esp32s3 index 710834f614..f425fbaa8b 100644 --- a/targets/ESP32/_IDF/sdkconfig.default.esp32s3 +++ b/targets/ESP32/_IDF/sdkconfig.default.esp32s3 @@ -62,14 +62,16 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_LITTLEFS_MAX_PARTITIONS=1 CONFIG_LITTLEFS_OBJ_NAME_LEN=256 diff --git a/targets/ESP32/_IDF/sdkconfig.default_ble.esp32s3 b/targets/ESP32/_IDF/sdkconfig.default_ble.esp32s3 index 7058d0bc76..21d3199abd 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_ble.esp32s3 +++ b/targets/ESP32/_IDF/sdkconfig.default_ble.esp32s3 @@ -69,14 +69,16 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_LITTLEFS_MAX_PARTITIONS=1 CONFIG_LITTLEFS_OBJ_NAME_LEN=256 diff --git a/targets/ESP32/_IDF/sdkconfig.default_ble_rev3.esp32 b/targets/ESP32/_IDF/sdkconfig.default_ble_rev3.esp32 index 87e3c9f692..e6387e5585 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_ble_rev3.esp32 +++ b/targets/ESP32/_IDF/sdkconfig.default_ble_rev3.esp32 @@ -71,14 +71,16 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP=y diff --git a/targets/ESP32/_IDF/sdkconfig.default_nopsram.esp32 b/targets/ESP32/_IDF/sdkconfig.default_nopsram.esp32 index ce0bf81c45..50a944da4e 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_nopsram.esp32 +++ b/targets/ESP32/_IDF/sdkconfig.default_nopsram.esp32 @@ -54,15 +54,17 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP=y diff --git a/targets/ESP32/_IDF/sdkconfig.default_nopsram_ble.esp32 b/targets/ESP32/_IDF/sdkconfig.default_nopsram_ble.esp32 index 3df02bd9d9..06131826ee 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_nopsram_ble.esp32 +++ b/targets/ESP32/_IDF/sdkconfig.default_nopsram_ble.esp32 @@ -62,14 +62,16 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_ULP_COPROC_ENABLED=y diff --git a/targets/ESP32/_IDF/sdkconfig.default_nopsram_rev3.esp32 b/targets/ESP32/_IDF/sdkconfig.default_nopsram_rev3.esp32 index c32628d0bb..d4764c454e 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_nopsram_rev3.esp32 +++ b/targets/ESP32/_IDF/sdkconfig.default_nopsram_rev3.esp32 @@ -50,15 +50,17 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP=y diff --git a/targets/ESP32/_IDF/sdkconfig.default_octal_ble.esp32s3 b/targets/ESP32/_IDF/sdkconfig.default_octal_ble.esp32s3 index 4165463bec..669dd14ebe 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_octal_ble.esp32s3 +++ b/targets/ESP32/_IDF/sdkconfig.default_octal_ble.esp32s3 @@ -70,14 +70,16 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_LITTLEFS_MAX_PARTITIONS=1 CONFIG_LITTLEFS_OBJ_NAME_LEN=256 diff --git a/targets/ESP32/_IDF/sdkconfig.default_pico b/targets/ESP32/_IDF/sdkconfig.default_pico index 6c6768127d..2ba644d2a0 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_pico +++ b/targets/ESP32/_IDF/sdkconfig.default_pico @@ -67,10 +67,12 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP=y diff --git a/targets/ESP32/_IDF/sdkconfig.default_pico_ble_rev3 b/targets/ESP32/_IDF/sdkconfig.default_pico_ble_rev3 index a22e09b946..e3a0ea7493 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_pico_ble_rev3 +++ b/targets/ESP32/_IDF/sdkconfig.default_pico_ble_rev3 @@ -72,14 +72,16 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP=y diff --git a/targets/ESP32/_IDF/sdkconfig.default_rev3.esp32 b/targets/ESP32/_IDF/sdkconfig.default_rev3.esp32 index f34af6d148..adcb305f6a 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_rev3.esp32 +++ b/targets/ESP32/_IDF/sdkconfig.default_rev3.esp32 @@ -59,12 +59,16 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_LITTLEFS_MAX_PARTITIONS=1 CONFIG_LITTLEFS_OBJ_NAME_LEN=256 diff --git a/targets/ESP32/_IDF/sdkconfig.default_rev3.esp32c3 b/targets/ESP32/_IDF/sdkconfig.default_rev3.esp32c3 index 93c40ac154..ecb79b899c 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_rev3.esp32c3 +++ b/targets/ESP32/_IDF/sdkconfig.default_rev3.esp32c3 @@ -56,15 +56,17 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_LITTLEFS_MAX_PARTITIONS=1 CONFIG_LITTLEFS_OBJ_NAME_LEN=256 diff --git a/targets/ESP32/_IDF/sdkconfig.default_rev3_ipv6.esp32 b/targets/ESP32/_IDF/sdkconfig.default_rev3_ipv6.esp32 index 0361ee4aee..d28eae50e4 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_rev3_ipv6.esp32 +++ b/targets/ESP32/_IDF/sdkconfig.default_rev3_ipv6.esp32 @@ -51,12 +51,17 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_LITTLEFS_MAX_PARTITIONS=1 CONFIG_LITTLEFS_OBJ_NAME_LEN=256 diff --git a/targets/ESP32/_IDF/sdkconfig.default_rev3_noconsole.esp32c3 b/targets/ESP32/_IDF/sdkconfig.default_rev3_noconsole.esp32c3 index 29375d7f33..e4934e0ed3 100644 --- a/targets/ESP32/_IDF/sdkconfig.default_rev3_noconsole.esp32c3 +++ b/targets/ESP32/_IDF/sdkconfig.default_rev3_noconsole.esp32c3 @@ -51,15 +51,17 @@ CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=y -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_HAVE_TIME_DATE=y -CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n CONFIG_MBEDTLS_DES_C=y -CONFIG_MBEDTLS_XTEA_C=y +CONFIG_MBEDTLS_XTEA_C=n CONFIG_MBEDTLS_PEM_WRITE_C=n CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI=n +CONFIG_MBEDTLS_X509_CSR_PARSE_C=n +CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y +CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y CONFIG_LITTLEFS_MAX_PARTITIONS=1 CONFIG_LITTLEFS_OBJ_NAME_LEN=256 diff --git a/version.json b/version.json index e00070e3db..981fe6bd3c 100644 --- a/version.json +++ b/version.json @@ -1,6 +1,6 @@ { "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "1.10.0", + "version": "1.11.0", "assemblyVersion": { "precision": "revision" },