From b9cb18e46e7042d1dc1475bf054cc5278e422d16 Mon Sep 17 00:00:00 2001 From: bradleysmith23 <74752142+bradleysmith23@users.noreply.github.com> Date: Wed, 13 Dec 2023 08:58:13 -0800 Subject: [PATCH 1/3] Update coreHTTP S3 Download Instructions (#1127) * Update coreHTTP S3 Download Instructions * Revert to 85d531916 * Update comment for S3 Root CA in Upload and Download Multithreaded demos * Wrap changes to 80 characters * Uncrustify: triggered by comment. * Run Github Actions. * Fix broken section link in README * Wrap README text on 90 characters * Uncrustify: triggered by comment. * Run Github Actions --------- Co-authored-by: GitHub Action --- .../HTTP_S3_Download/README.md | 172 +++++++++++------- .../HTTP_S3_Download/demo_config.h | 8 +- .../demo_config.h | 8 +- .../HTTP_S3_Upload/demo_config.h | 8 +- 4 files changed, 113 insertions(+), 83 deletions(-) diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/README.md b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/README.md index 4cbc2c1a352..df5690ae3d8 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/README.md +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/README.md @@ -1,13 +1,19 @@ -# Configure HTTP S3 Download Demo using SigV4 Library. +# Configure HTTP S3 Download Demo using SigV4 Library Following steps needs to be followed to configure HTTP S3 Download Demo to use SigV4 library for authenticating the requests sent to AWS S3. -### Prerequisites +## Prerequisites -1. You will need an AWS Account with S3 access before beginning. You must be familiar with AWS IoT and IAM to perform steps using the AWS CLI. You must install and configure the AWS CLI in order to follow the steps. - For information on AWS S3 please see: https://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html - For AWS CLI installation information please see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html - For AWS CLI configuration information please see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html +1. You will need an AWS Account with S3 access before beginning. You must be familiar with +AWS IoT and IAM to perform steps using the AWS CLI. You must install and configure the AWS +CLI in order to follow the steps. + + * For information on AWS S3 please refer to the +[Welcome Guide](https://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html) + + * [AWS CLI Installation guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) + + * [AWS CLI Configuration Guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) ```sh aws configure @@ -15,36 +21,58 @@ Following steps needs to be followed to configure HTTP S3 Download Demo to use S ### Detailed Steps -#### 1. Create an AWS IoT thing: +#### 1. Create an AWS IoT thing -You may utilize an already existing AWS IoT Thing or create a new one in the IoT Core section of the AWS Management Console UI. +You may utilize an already existing AWS IoT Thing or create a new one in the IoT Core +section of the AWS Management Console UI. + +You may also use the AWS CLI with the following command to create a Thing, +keeping track of its name: -You may also use the AWS CLI with the following command to create a Thing, keeping track of its name: ```sh aws iot create-thing --thing-name device_thing_name ``` -#### 2. Register a certificate: +#### 2. Register a certificate -If your AWS IoT Thing already has a certificate attached to it, then that certificate's ARN can be used in [step 5](#5. attach-a-policy). Otherwise, you can create a certificate and attach it to the thing through IoT Core in the AWS Management Console UI. By doing any of these, you may skip to [step 3](#3-configure-an-iam-role). +If your AWS IoT Thing already has a certificate attached to it, then that certificate's +ARN can be used in [step 5](#5-attach-a-policy). Otherwise, you can create a certificate +and attach it to the thing through IoT Core in the AWS Management Console UI. By doing +any of these, you may skip to [step 3](#3-configure-an-iam-role). -It is also possible to sign the Thing's certificate using your own Certificate Authority (CA) certificate, and register both certificates with AWS IoT before your device can authenticate to AWS IoT. If you do not already have a CA certificate, you can use OpenSSL to create a CA certificate, as described in [Use Your Own Certificate](https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html). To register your CA certificate with AWS IoT, follow the steps on [Registering Your CA Certificate](https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html#register-CA-cert). +It is also possible to sign the Thing's certificate using your own Certificate Authority +(CA) certificate, and register both certificates with AWS IoT before your device can +authenticate to AWS IoT. If you do not already have a CA certificate, you can use OpenSSL +to create a CA certificate, as described in +[Use Your Own Certificate](https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html). +To register your CA certificate with AWS IoT, follow the steps on +[Registering Your CA Certificate](https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html#register-CA-cert). -You then have to create a device certificate signed by the CA certificate and register it with AWS IoT, which you can do by following the steps on [Creating a Device Certificate Using Your CA Certificate](https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html#create-device-cert). Save the certificate and the corresponding key pair; you will use them when you request a security token later. Also, remember the password you provide when you create the certificate. +You then have to create a device certificate signed by the CA certificate and register it +with AWS IoT, which you can do by following the steps on +[Creating a Device Certificate Using Your CA Certificate](https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html#create-device-cert). +Save the certificate and the corresponding key pair; you will use them when you request a +security token later. Also, remember the password you provide when you create the + certificate. -Run the following command in the AWS CLI to attach the device certificate to your thing so that you can use thing attributes in policy variables. +Run the following command in the AWS CLI to attach the device certificate to your thing +so that you can use thing attributes in policy variables. ```sh aws iot attach-thing-principal --thing-name device_thing_name --principal ``` -#### 3. Configure an IAM role: +#### 3. Configure an IAM role -Next, configure an IAM role in your AWS account that will be assumed by the credentials provider on behalf of your device. You are required to associate two policies with the role: a trust policy that controls who can assume the role, and an access policy that controls which actions can be performed on which resources by assuming the role. +Next, configure an IAM role in your AWS account that will be assumed by the credentials +provider on behalf of your device. You are required to associate two policies with the +role: a trust policy that controls who can assume the role, and an access policy that +controls which actions can be performed on which resources by assuming the role. -The following trust policy grants the credentials provider permission to assume the role. Put it in a text document and save the document with the name, trustpolicyforiot.json. +The following trust policy grants the credentials provider permission to assume the role. +Put it in a text document and save the document with the name, trustpolicyforiot.json. -``` +```json { "Version": "2012-10-17", "Statement": { @@ -54,13 +82,20 @@ The following trust policy grants the credentials provider permission to assume } } ``` -Run the following command in the AWS CLI to create an IAM role with the preceding trust policy. + +Run the following command in the AWS CLI to create an IAM role with the preceding trust +policy. ```sh aws iam create-role --role-name s3-access-role --assume-role-policy-document file://trustpolicyforiot.json ``` -The following s3 access policy allows you to perform actions on S3. Put the following policy in a text document and save the document with the name `accesspolicyfors3.json`. -``` + +The following s3 access policy allows you to perform actions on S3. Put the +following policy in a text document and save the document with the name +`accesspolicyfors3.json`. Make Sure to replace "BUCKET_NAME" with the name +of the S3 bucket you are using for this demo. + +```json { "Version": "2012-10-17", "Statement": { @@ -72,19 +107,29 @@ The following s3 access policy allows you to perform actions on S3. Put the foll } } ``` + Run the following command in the AWS CLI to create the access policy. + ```sh aws iam create-policy --policy-name accesspolicyfors3 --policy-document file://accesspolicyfors3.json ``` + Finally, run the following command in the AWS CLI to attach the access policy to your role. + ```sh aws iam attach-role-policy --role-name s3-access-role --policy-arn arn:aws:iam:::policy/accesspolicyfors3 ``` Configure the PassRole permissions -The IAM role that you have created must be passed to AWS IoT to create a role alias, as described in Step 4. The IAM user who performs the operation requires `iam:PassRole` permission to authorize this action. You also should add permission for the `iam:GetRole` action to allow the IAM user to retrieve information about the specified role. Create the following policy to grant `iam:PassRole` and `iam:GetRole` permissions. Name this policy `passrolepermission.json`. -``` +The IAM role that you have created must be passed to AWS IoT to create a role alias, as +described in Step 4. The IAM user who performs the operation requires `iam:PassRole` +permission to authorize this action. You also should add permission for the `iam:GetRole` +action to allow the IAM user to retrieve information about the specified role. Create the +following policy to grant `iam:PassRole` and `iam:GetRole` permissions. Name this policy +`passrolepermission.json`. + +```json { "Version": "2012-10-17", "Statement": { @@ -99,33 +144,51 @@ The IAM role that you have created must be passed to AWS IoT to create a role al ``` Run the following command in the AWS CLI to create the policy in your AWS account. + ```sh aws iam create-policy --policy-name passrolepermission --policy-document file://passrolepermission.json ``` Now, run the following command to attach the policy to the IAM user. + ```sh aws iam attach-user-policy --policy-arn arn:aws:iam:::policy/passrolepermission --user-name ``` -#### 4. Create a role alias: +#### 4. Create a role alias + +Now that you have configured the IAM role, you will create a role alias with AWS IoT. +You must provide the following pieces of information when creating a role alias: + +RoleAlias: This is the primary key of the role alias data model and hence a mandatory +attribute. It is a string; the minimum length is 1 character, and the maximum length is +128 characters. -Now that you have configured the IAM role, you will create a role alias with AWS IoT. You must provide the following pieces of information when creating a role alias: +RoleArn: This is the +[Amazon Resource Name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + of the IAM role you have created. This is also a mandatory attribute. -RoleAlias: This is the primary key of the role alias data model and hence a mandatory attribute. It is a string; the minimum length is 1 character, and the maximum length is 128 characters. +CredentialDurationSeconds: This is an optional attribute specifying the validity +(in seconds) of the security token. The minimum value is 900 seconds (15 minutes), +and the maximum value is 43,200 seconds (12 hours); the default value is 3,600 seconds, +if not specified. -RoleArn: This is the [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the IAM role you have created. This is also a mandatory attribute. +**Note**: The credentialDurationSeconds value must be less than or equal to the + maximum session duration of the IAM role that the role alias references, + otherwise the request will be rejected by the credentials provider. -CredentialDurationSeconds: This is an optional attribute specifying the validity (in seconds) of the security token. The minimum value is 900 seconds (15 minutes), and the maximum value is 3,600 seconds (60 minutes); the default value is 3,600 seconds, if not specified. +Run the following command in the AWS CLI to create a role alias. Use the credentials of +the user to whom you have given the iam:PassRole permission. -Run the following command in the AWS CLI to create a role alias. Use the credentials of the user to whom you have given the iam:PassRole permission. ```sh aws iot create-role-alias --role-alias name-s3-access-role-alias --role-arn arn:aws:iam:::role/s3-access-role --credential-duration-seconds 3600 ``` -#### 5. Attach a policy: +#### 5. Attach a policy + You created and registered a certificate with AWS IoT earlier for successful authentication of your device. Now, you need to create and attach a policy to the certificate to authorize the request for the security token. -``` + +```json { "Version": "2012-10-17", "Statement": [ @@ -137,47 +200,46 @@ You created and registered a certificate with AWS IoT earlier for successful aut ] } ``` + Run the following command in the AWS CLI to create the policy in your AWS IoT database. + ```sh aws iot create-policy --policy-name Thing_Policy_Name --policy-document file://thingpolicy.json ``` + Use the following command to attach the policy with the certificate you registered earlier. + ```sh aws iot attach-policy --policy-name Thing_Policy_Name --target ``` -#### 6. Request a security token: - -Make an HTTPS request to the credentials provider to fetch a security token. You have to supply the following information: +#### 6. Obtain the Credentials Provider Endpoint -Certificate and key pair: Because this is an HTTP request over TLS mutual authentication, you have to provide the certificate and the corresponding key pair to your client while making the request. Use the same certificate and key pair that you used during certificate registration with AWS IoT. - -RoleAlias: Provide the role alias (in this example, Thermostat-dynamodb-access-role-alias) to be assumed in the request. - -ThingName: Provide the thing name that you created earlier in the AWS IoT thing registry database. This is passed as a header with the name, x-amzn-iot-thingname. Note that the thing name is mandatory only if you have thing attributes as policy variables in AWS IoT or IAM policies. - -Run the following command in the AWS CLI to obtain your AWS account-specific endpoint for the credentials provider. See the [DescribeEndpoint API documentation](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEndpoint.html) for further details. +Run the following command in the AWS CLI to obtain your AWS account-specific +endpoint for the credentials provider. See the +[DescribeEndpoint API documentation](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEndpoint.html) +for further details. ```sh aws iot describe-endpoint --endpoint-type iot:CredentialProvider ``` + The following is sample output of the describe-endpoint command. It contains the endpointAddress. -``` + +```json { "endpointAddress": ".credentials.iot.us-east-1.amazonaws.com" } ``` -#### 7. Copy and paste the output to `demo_config.h` for macros `democonfigIOT_CREDENTIAL_PROVIDER_ENDPOINT`. +Next, copy this endpoint to the macro below in `demo_config.h`. + ```c #define democonfigIOT_CREDENTIAL_PROVIDER_ENDPOINT ".credentials.iot.us-east-1.amazonaws.com" - -#define CLIENT_CERT_PATH "path of the client certificate downloaded when setting up the device certificate in AWS IoT Account Setup" - -#define CLIENT_PRIVATE_KEY_PATH "path of the private key downloaded when setting up the device certificate in AWS IoT Account Setup" ``` -#### 8. After the following the above steps, configure the below macros in `demo_config.h`. +#### 7. After the following the above steps, configure the below macros in `demo_config.h` + ```c #define democonfigIOT_THING_NAME "Name of IOT Thing that you provided in STEP 1" #define democonfigIOT_CREDENTIAL_PROVIDER_ROLE "Name of ROLE ALIAS that you provided in STEP 4" @@ -185,17 +247,3 @@ The following is sample output of the describe-endpoint command. It contains the #define democonfigS3_BUCKET_REGION "Region where Bucket is located" #define democonfigS3_OBJECT_NAME "Name of object that needs to be downloaded from AWS S3" ``` - -### Parameters - -#### device_thing_name -The name of the AWS IoT thing for your device registered with AWS IoT core. - -#### thing_name-s3-access-role-alias -The name for the role alias for S3. - -#### Thing_Policy_Name -The name of the policy attached to the device certificate in [step 5](#5-attach-a-policy). - -#### BUCKET_NAME -The name of the S3 bucket from which the demo will download. diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/demo_config.h b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/demo_config.h index f5695422aef..0906102b514 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/demo_config.h @@ -79,13 +79,7 @@ extern void vLoggingPrintf( const char * pcFormatString, /** * @brief Server's root CA certificate for TLS authentication with S3. * - * The Baltimore Cybertrust root CA certificate is often used for authentication - * with S3. It can be found at: - * https://baltimore-cybertrust-root.chain-demos.digicert.com/info/index.html. - * - * S3 has started migrating certificates to Amazon Trust Services. If - * authentication errors persist, re-attempt the connection with an Amazon root - * CA certificate: https://www.amazontrust.com/repository. + * The CA can be found at https://www.amazontrust.com/repository. * * @note This certificate should be PEM-encoded. * diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download_Multithreaded/demo_config.h b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download_Multithreaded/demo_config.h index 0013f75c74a..00e40e13c9e 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download_Multithreaded/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download_Multithreaded/demo_config.h @@ -79,13 +79,7 @@ extern void vLoggingPrintf( const char * pcFormatString, /** * @brief Server's root CA certificate for TLS authentication with S3. * - * The Baltimore Cybertrust root CA certificate is often used for authentication - * with S3. It can be found at: - * https://baltimore-cybertrust-root.chain-demos.digicert.com/info/index.html. - * - * S3 has started migrating certificates to Amazon Trust Services. If - * authentication errors persist, re-attempt the connection with an Amazon root - * CA certificate: https://www.amazontrust.com/repository. + * The CA can be found at https://www.amazontrust.com/repository. * * @note This certificate should be PEM-encoded. * diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Upload/demo_config.h b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Upload/demo_config.h index a2d034fc16f..3bc1d594b3b 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Upload/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Upload/demo_config.h @@ -79,13 +79,7 @@ extern void vLoggingPrintf( const char * pcFormatString, /** * @brief Server's root CA certificate for TLS authentication with S3. * - * The Baltimore Cybertrust root CA certificate is often used for authentication - * with S3. It can be found at: - * https://baltimore-cybertrust-root.chain-demos.digicert.com/info/index.html. - * - * S3 has started migrating certificates to Amazon Trust Services. If - * authentication errors persist, re-attempt the connection with an Amazon root - * CA certificate: https://www.amazontrust.com/repository. + * The CA can be found at https://www.amazontrust.com/repository. * * @note This certificate should be PEM-encoded. * From 4bad7a6ba4599e4df63faddd81334db66e3a7f11 Mon Sep 17 00:00:00 2001 From: chinglee-iot <61685396+chinglee-iot@users.noreply.github.com> Date: Sat, 16 Dec 2023 03:35:09 +0800 Subject: [PATCH 2/3] Update cellular interface submodule pointer (#1141) --- .../Common/MutualAuthMQTTExample.c | 9 ++++----- FreeRTOS-Plus/Source/FreeRTOS-Cellular-Interface | 2 +- FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/bg96 | 2 +- FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/hl7802 | 2 +- FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/sara-r4 | 2 +- .../FreeRTOS+TCP/plus_tcp_hooks_winsim.c | 6 ++++++ manifest.yml | 8 ++++---- 7 files changed, 18 insertions(+), 13 deletions(-) diff --git a/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/Common/MutualAuthMQTTExample.c b/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/Common/MutualAuthMQTTExample.c index 9d06bf8995b..e79d5bfa707 100644 --- a/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/Common/MutualAuthMQTTExample.c +++ b/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/Common/MutualAuthMQTTExample.c @@ -213,11 +213,6 @@ */ #define mqttexampleTRANSPORT_SEND_RECV_TIMEOUT_MS ( 5000U ) -/** - * @brief Transport timeout in milliseconds for transport send and receive. - */ -#define mqttexampleTRANSPORT_SEND_RECV_TIMEOUT_MS ( 200U ) - /** * @brief The length of the outgoing publish records array used by the coreMQTT * library to track QoS > 0 packet ACKS for outgoing publishes. @@ -404,6 +399,10 @@ static MQTTStatus_t prvProcessLoopWithTimeout( MQTTContext_t * pMqttContext, /*-----------------------------------------------------------*/ +extern UBaseType_t uxRand(); + +/*-----------------------------------------------------------*/ + /** * @brief Static buffer used to hold MQTT messages being sent and received. */ diff --git a/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Interface b/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Interface index e5862bdaf6b..4675955e0eb 160000 --- a/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Interface +++ b/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Interface @@ -1 +1 @@ -Subproject commit e5862bdaf6b643840491af8ffeb0a0a366eff665 +Subproject commit 4675955e0eb792b602666bf52a901650768c6d7e diff --git a/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/bg96 b/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/bg96 index c33a3628e01..6761849664d 160000 --- a/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/bg96 +++ b/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/bg96 @@ -1 +1 @@ -Subproject commit c33a3628e015f88df24b21160ba9dbdabc781da1 +Subproject commit 6761849664d2a0c7490c1f226b6f424a1a9c4662 diff --git a/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/hl7802 b/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/hl7802 index 6893670f0f4..7d6393a00a0 160000 --- a/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/hl7802 +++ b/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/hl7802 @@ -1 +1 @@ -Subproject commit 6893670f0f4a46c459b2b6e9e4381c53fc92b1b0 +Subproject commit 7d6393a00a0dc64cbaa6cf360c9f01552e34a966 diff --git a/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/sara-r4 b/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/sara-r4 index a2d84ffe95e..f536afea36a 160000 --- a/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/sara-r4 +++ b/FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/sara-r4 @@ -1 +1 @@ -Subproject commit a2d84ffe95e5eea0f98e53c305b7cef38b3ff6b6 +Subproject commit f536afea36a60b4a159a6646dfff0bb0867c3d03 diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/plus_tcp_hooks_winsim.c b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/plus_tcp_hooks_winsim.c index d3790851aec..9ca4ce30edd 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/plus_tcp_hooks_winsim.c +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/plus_tcp_hooks_winsim.c @@ -51,6 +51,10 @@ /*-----------------------------------------------------------*/ +extern UBaseType_t uxRand(); + +/*-----------------------------------------------------------*/ + #if ( ipconfigUSE_LLMNR != 0 ) || ( ipconfigUSE_NBNS != 0 ) || ( ipconfigDHCP_REGISTER_HOSTNAME == 1 ) const char * pcApplicationHostnameHook( void ) @@ -209,6 +213,8 @@ void vPlatformInitIpStack( void ) NetworkInterface_t * pxInterface ); pxLibslirp_FillInterfaceDescriptor( 0, &( xInterfaces[ 0 ] ) ); #else + extern NetworkInterface_t * pxWinPcap_FillInterfaceDescriptor( BaseType_t xEMACIndex, + NetworkInterface_t * pxInterface ); pxWinPcap_FillInterfaceDescriptor( 0, &( xInterfaces[ 0 ] ) ); #endif diff --git a/manifest.yml b/manifest.yml index 95ba2cbf4cb..a373d523800 100644 --- a/manifest.yml +++ b/manifest.yml @@ -145,28 +145,28 @@ dependencies: path: "FreeRTOS/Demo/ThirdParty/Partner-Supported-Demos" - name: "FreeRTOS-Cellular-Interface" - version: "e5862bd" + version: "4675955" repository: type: "git" url: "https://github.com/FreeRTOS/FreeRTOS-Cellular-Interface.git" path: "FreeRTOS-Plus/Source/FreeRTOS-Cellular-Interface" - name: "Lab-FreeRTOS-Cellular-Interface-Reference-Quectel-BG96" - version: "c33a362" + version: "6761849" repository: type: "git" url: "https://github.com/FreeRTOS/Lab-FreeRTOS-Cellular-Interface-Reference-Quectel-BG96.git" path: "FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/bg96" - name: "Lab-FreeRTOS-Cellular-Interface-Reference-Sierra-Wireless-HL7802" - version: "6893670" + version: "7d6393a" repository: type: "git" url: "https://github.com/FreeRTOS/Lab-FreeRTOS-Cellular-Interface-Reference-Sierra-Wireless-HL7802.git" path: "FreeRTOS-Plus/Source/FreeRTOS-Cellular-Modules/hl7802" - name: "Lab-FreeRTOS-Cellular-Interface-Reference-ublox-SARA-R4" - version: "a2d84ff" + version: "f536afe" repository: type: "git" url: "https://github.com/FreeRTOS/Lab-FreeRTOS-Cellular-Interface-Reference-ublox-SARA-R4.git" From 6b513cb1a2c6c1a02cd5a9d867c978644f7130ea Mon Sep 17 00:00:00 2001 From: Soren Ptak Date: Fri, 15 Dec 2023 15:30:39 -0500 Subject: [PATCH 3/3] Use MbedTLS 3.5.1 and Add TLS 1.3 Support to WinSim Demos (#1135) * Bump up to MBed-TLS V3.5.1, make changes to Visual Studio Projects to account for this. * Update MBedTLS Transport files to call psa_crypto_init() if the MBEDTLS_PSA_CRYPTO_C is set. * Add WIN32_LEAN_AND_MEAN to the corePKCS11_MQTT_Mutual_Auth_Windows_Simulator demo. Add in a check for MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET when making a TLS handshake. * Change transport interface files from using void * to mbedtls_pk_context * instead per changes in the MbedTLS API. * Changes to Fleet Provisioning Demo and Demo Setup to use ECDSA keys * Remove non-32 bit configs from various VisualStudio Projects. Enforce all projects using WIN32_LEAN_AND_MEAN as well as winsock2.h --- .github/.cSpellWords.txt | 8 +- .github/scripts/core_checker.py | 5 +- .github/workflows/ci.yml | 1 + .../Device_Defender_Demo.vcxproj | 100 +- .../DemoTasks/ShadowDemoMainExample.c | 2 +- .../Device_Shadow_Demo.vcxproj | 100 +- .../DemoSetup/convert_credentials_to_der.py | 22 +- .../DemoSetup/demo_cleanup.py | 10 +- .../DemoSetup/demo_setup.py | 148 +- .../DemoSetup/generate_credentials.py | 199 +++ .../FleetProvisioningDemoExample.c | 25 +- .../fleet_provisioning_demo.vcxproj | 108 +- .../pkcs11_operations.c | 6 +- .../Jobs_Demo/Jobs_Demo.vcxproj | 100 +- .../code_signature_verification_mbedtls.c | 2 +- .../Ota_Over_Http_Demo.vcxproj | 102 +- .../Ota_Over_Mqtt_Demo.vcxproj | 102 +- .../Ota_Over_Mqtt_Demo/demo_config.h | 4 +- .../mqtt_mutual_auth_demo_with_bg96.vcxproj | 2 +- .../mqtt_mutual_auth_demo_with_hl7802.vcxproj | 2 +- ...mqtt_mutual_auth_demo_with_sara_r4.vcxproj | 100 +- .../WIN32.vcxproj | 162 -- .../WIN32.vcxproj.filters | 101 -- .../IPv6_Multi_WinSim_demo/WIN32.vcxproj | 2 +- ...TOS_Plus_WolfSSL_Windows_Simulator.vcxproj | 134 +- .../CoreHTTP_Mutual_Auth.vcxproj | 93 +- .../HTTP_Plaintext/CoreHTTP_Plaintext.vcxproj | 93 +- .../CoreHTTP_S3_Download.vcxproj | 93 +- .../HTTP_S3_Download/demo_config.h | 2 +- ...CoreHTTP_S3_Download_Multithreaded.vcxproj | 93 +- .../HTTP_S3_Upload/CoreHTTP_S3_Upload.vcxproj | 93 +- .../DemoTasks/BasicTLSMQTTExample.c | 7 +- .../MQTT_Basic_TLS/MQTT_Basic_TLS.vcxproj | 4 +- .../MQTT_Keep_Alive/MQTT_Keep_Alive.vcxproj | 2 +- .../MQTT_Multitask/MQTT_Multitask.vcxproj | 2 +- .../MQTT_Mutual_Auth/MQTT_Mutual_Auth.vcxproj | 6 +- .../MQTT_Mutual_Auth_wolfSSL.vcxproj | 4 +- .../MQTT_Plain_Text/MQTT_Plain_Text.vcxproj | 4 +- .../MQTT_Serializer/MQTT_Serializer.vcxproj | 136 +- .../corePKCS11_MQTT_Mutual_Auth.vcxproj | 2 +- ...orePKCS11_MQTT_Mutual_Auth.vcxproj.filters | 2 +- .../CorePKCS11_Demos.vcxproj | 4 +- .../coreSNTP_Demo.vcxproj | 2 +- .../mbedtls_bio_tcp_sockets_wrapper.c | 1 + .../network_transport/mbedtls_pk_pkcs11.c | 267 ++-- .../network_transport/mbedtls_rng_pkcs11.c | 9 +- .../network_transport/transport_mbedtls.c | 81 +- .../network_transport/transport_mbedtls.h | 57 +- .../transport_mbedtls_pkcs11.c | 103 +- .../transport_mbedtls_pkcs11.h | 30 +- FreeRTOS-Plus/Source/corePKCS11 | 2 +- FreeRTOS-Plus/ThirdParty/mbedtls | 2 +- .../ThirdParty/winpcap/include/ip6_misc.h | 10 +- .../FreeRTOS+TCP/FreeRTOS+TCP.vcxproj | 6 +- .../FreeRTOS+TCP/plus_tcp_hooks_winsim.c | 2 + .../FreeRTOS-Kernel/FreeRTOS-Kernel.vcxproj | 4 +- .../FreeRTOS-Kernel/FreeRTOSConfig.h | 2 +- .../FreeRTOS-Kernel/freertos_hooks_winsim.c | 12 +- .../FreeRTOS-Kernel/runtime_stats_winsim.c | 9 +- .../Logging/Logging.vcxproj | 4 +- .../MbedTLS/MbedTLS.vcxproj | 55 +- .../MbedTLS/MbedTLS.vcxproj.filters | 563 ++++--- ...onfig_v3.2.1.h => mbedtls_config_v3.5.1.h} | 1374 ++++++++++++----- .../corePKCS11/corePKCS11.vcxproj | 4 +- .../WIN32.vcxproj | 2 +- FreeRTOS/Demo/WIN32-MSVC/FreeRTOSConfig.h | 6 + FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj | 2 +- .../Demo/WIN32-MSVC/WIN32.vcxproj.filters | 3 - FreeRTOS/Demo/WIN32-MSVC/main.c | 6 + .../Trace_Recorder_Configuration/trcConfig.h | 652 ++++---- manifest.yml | 4 +- 71 files changed, 2547 insertions(+), 2914 deletions(-) create mode 100755 FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/generate_credentials.py delete mode 100644 FreeRTOS-Plus/Demo/FreeRTOS_Plus_CLI_with_Trace_Windows_Simulator/WIN32.vcxproj delete mode 100644 FreeRTOS-Plus/Demo/FreeRTOS_Plus_CLI_with_Trace_Windows_Simulator/WIN32.vcxproj.filters rename FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/{mbedtls_config_v3.2.1.h => mbedtls_config_v3.5.1.h} (69%) diff --git a/.github/.cSpellWords.txt b/.github/.cSpellWords.txt index 1da07d067c9..5a860c80edf 100644 --- a/.github/.cSpellWords.txt +++ b/.github/.cSpellWords.txt @@ -1,4 +1,3 @@ - A AADLENR AAIC @@ -100,6 +99,7 @@ AEEVT AEIE AERR AESCCM +AESCE AESCMAC AESNI AESR @@ -1567,6 +1567,7 @@ FERR FESETERR FESR FFCR +FFDH FFDHE FFDR FFER @@ -2233,6 +2234,7 @@ JKJKJKJK JKKKKKKK JNCH JOFR +JPAKE JSQR JSWSTRT JTAG @@ -5271,6 +5273,7 @@ addif addiu adge aeevt +aesce aesni alldevs ambig @@ -5592,6 +5595,7 @@ lusecs lxip macaddrhr macaddrlr +maes maxiosz maxnpacks mbar @@ -5641,6 +5645,7 @@ movne movs movw movx +mpclmul mpcr mqdes mqttexample @@ -5650,6 +5655,7 @@ mret mrru mrseq mrsne +msse mspgcc msplim msreq diff --git a/.github/scripts/core_checker.py b/.github/scripts/core_checker.py index a348e6c804d..c8067ae8f31 100755 --- a/.github/scripts/core_checker.py +++ b/.github/scripts/core_checker.py @@ -258,7 +258,7 @@ FREERTOS_IGNORED_PATTERNS = [ r'.*\.git.*', - r'.*mbedtls_config\.h.*', + r'.*mbedtls_config*', r'.*CMSIS.*', r'.*/Nordic_Code/*', r'.*/Nuvoton_Code/*', @@ -328,9 +328,6 @@ 'cspell.config.yaml', '.cproject', '.project', - 'fyi-another-way-to-ignore-file.txt', - 'mbedtls_config.h', - 'mbedtls_config_v3.2.1.h', 'requirements.txt', 'run-cbmc-proofs.py', '.editorconfig', diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e64341a7ed1..92398c94160 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -158,6 +158,7 @@ jobs: - env: stepName: Install Dependencies run: | + # ${{ env.stepName }} echo -e "::group::${{ env.stepName }}" git submodule update --init --checkout --recursive --depth 1 sudo apt-get update diff --git a/FreeRTOS-Plus/Demo/AWS/Device_Defender_Windows_Simulator/Device_Defender_Demo/Device_Defender_Demo.vcxproj b/FreeRTOS-Plus/Demo/AWS/Device_Defender_Windows_Simulator/Device_Defender_Demo/Device_Defender_Demo.vcxproj index dde4faef1c7..872babac07a 100644 --- a/FreeRTOS-Plus/Demo/AWS/Device_Defender_Windows_Simulator/Device_Defender_Demo/Device_Defender_Demo.vcxproj +++ b/FreeRTOS-Plus/Demo/AWS/Device_Defender_Windows_Simulator/Device_Defender_Demo/Device_Defender_Demo.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -33,27 +21,6 @@ Unicode x86 - - Application - false - v142 - true - Unicode - x86 - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -62,85 +29,20 @@ - - - - - - - - - true - - false - - - true - - - false - Level3 true - WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\AWS\device-defender\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - true - WIN32;NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\AWS\device-defender\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - - - - Level3 - true - _DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\AWS\device-defender\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - true - NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="medtls_config_v3.2.1.h";%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";%(PreprocessorDefinitions) true .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\AWS\device-defender\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) Console - true - true true diff --git a/FreeRTOS-Plus/Demo/AWS/Device_Shadow_Windows_Simulator/Device_Shadow_Demo/DemoTasks/ShadowDemoMainExample.c b/FreeRTOS-Plus/Demo/AWS/Device_Shadow_Windows_Simulator/Device_Shadow_Demo/DemoTasks/ShadowDemoMainExample.c index e401b85b6d3..18451d9a269 100644 --- a/FreeRTOS-Plus/Demo/AWS/Device_Shadow_Windows_Simulator/Device_Shadow_Demo/DemoTasks/ShadowDemoMainExample.c +++ b/FreeRTOS-Plus/Demo/AWS/Device_Shadow_Windows_Simulator/Device_Shadow_Demo/DemoTasks/ShadowDemoMainExample.c @@ -390,7 +390,7 @@ static BaseType_t prvWaitForDeleteResponse( MQTTContext_t * pxMQTTContext ) /* Event callback will set #xDeleteResponseReceived when receiving an * incoming publish on either `/delete/accepted` or `/delete/rejected` * Shadow topics. */ - xMQTTStatus = MQTT_ProcessLoop( pxMQTTContext, MQTT_PROCESS_LOOP_TIMEOUT_MS ); + xMQTTStatus = MQTT_ProcessLoop( pxMQTTContext ); } if( ( xMQTTStatus != MQTTSuccess ) || ( xDeleteResponseReceived != pdTRUE ) ) diff --git a/FreeRTOS-Plus/Demo/AWS/Device_Shadow_Windows_Simulator/Device_Shadow_Demo/Device_Shadow_Demo.vcxproj b/FreeRTOS-Plus/Demo/AWS/Device_Shadow_Windows_Simulator/Device_Shadow_Demo/Device_Shadow_Demo.vcxproj index 2266eaa7670..41e2e81fe05 100644 --- a/FreeRTOS-Plus/Demo/AWS/Device_Shadow_Windows_Simulator/Device_Shadow_Demo/Device_Shadow_Demo.vcxproj +++ b/FreeRTOS-Plus/Demo/AWS/Device_Shadow_Windows_Simulator/Device_Shadow_Demo/Device_Shadow_Demo.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -33,27 +21,6 @@ Unicode x86 - - Application - false - v142 - true - Unicode - x86 - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -62,85 +29,20 @@ - - - - - - - - - true - - false - - - true - - - false - Level3 true - WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\device-shadow\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - true - WIN32;NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\device-shadow\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - - - - Level3 - true - _DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\device-shadow\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - true - NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";%(PreprocessorDefinitions) true .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\device-shadow\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;%(AdditionalIncludeDirectories) Console - true - true true diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/convert_credentials_to_der.py b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/convert_credentials_to_der.py index d52dfef5afd..b696df0138c 100755 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/convert_credentials_to_der.py +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/convert_credentials_to_der.py @@ -6,11 +6,16 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization -KEY_OUT_NAME = f"{os.getcwd()}\\corePKCS11_Claim_Key.dat" -CERT_OUT_NAME = f"{os.getcwd()}\\corePKCS11_Claim_Certificate.dat" - +# Get the absolute path of this script script_file_dir_abs_path = os.path.abspath(os.path.dirname(__file__)) +# Get the parent directory, as that is where the demo expects the keys to be placed +parent_abs_path = os.path.abspath(os.path.join(script_file_dir_abs_path, os.pardir)) + +KEY_OUT_NAME = os.path.join(parent_abs_path, 'corePKCS11_Claim_Key.dat') +CERT_OUT_NAME = os.path.join(parent_abs_path, 'corePKCS11_Claim_Certificate.dat') + + def convert_pem_to_der(cert_pem, key_pem): # Convert certificate from PEM to DER key = serialization.load_pem_private_key( @@ -22,19 +27,16 @@ def convert_pem_to_der(cert_pem, key_pem): ) with open(f"{KEY_OUT_NAME}", "wb") as key_out: key_out.write(key_der) - print( - f"Successfully converted key PEM to DER. Output file named: {KEY_OUT_NAME}" - ) + + print(f"Successfully converted key PEM to DER. Output file named:\n\t{KEY_OUT_NAME}") cert = x509.load_pem_x509_certificate( bytes(cert_pem, "utf-8"), default_backend()) + with open(f"{CERT_OUT_NAME}", "wb") as cert_out: cert_out.write(cert.public_bytes(serialization.Encoding.DER)) - print( - f"Successfully converted certificate PEM to DER. Output file named: {CERT_OUT_NAME}" - ) - + print(f"Successfully converted certificate PEM to DER. Output file named:\n\t{CERT_OUT_NAME}") def main(args): with open(args.cert_file, "r") as cert: diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_cleanup.py b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_cleanup.py index fc96943617a..ea16caac210 100755 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_cleanup.py +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_cleanup.py @@ -5,12 +5,12 @@ import botocore import argparse -KEY_OUT_NAME = f"{os.getcwd()}\\corePKCS11_Claim_Key.dat" -CERT_OUT_NAME = f"{os.getcwd()}\\corePKCS11_Claim_Certificate.dat" +KEY_OUT_NAME = os.path.join(os.getcwd(), "corePKCS11_Claim_Key.dat") +CERT_OUT_NAME = os.path.join(os.getcwd(), "corePKCS11_Claim_Certificate.dat") -THING_PRIVATE_KEY_NAME = f"{os.getcwd()}\\corePKCS11_Key.dat" -THING_PUBLIC_KEY_NAME = f"{os.getcwd()}\\corePKCS11_PubKey.dat" -THING_CERT_NAME = f"{os.getcwd()}\\corePKCS11_Certificate.dat" +THING_PRIVATE_KEY_NAME = os.path.join(os.getcwd(), "corePKCS11_Key.dat") +THING_PUBLIC_KEY_NAME = os.path.join(os.getcwd(), "corePKCS11_PubKey.dat") +THING_CERT_NAME = os.path.join(os.getcwd(), "corePKCS11_Certificate.dat") RESOURCE_STACK_NAME = "FPDemoStack" diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_setup.py b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_setup.py index fc95524148c..ad4886703bb 100755 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_setup.py +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_setup.py @@ -4,17 +4,98 @@ import argparse import boto3 import botocore +import random +import datetime +import subprocess +from cryptography import x509 +from cryptography.x509.oid import NameOID +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import serialization, hashes +from cryptography.hazmat.primitives.asymmetric import ec + +from generate_credentials import generate_priv_keys_and_certs from convert_credentials_to_der import convert_pem_to_der -KEY_OUT_NAME = f"{os.getcwd()}\\corePKCS11_Claim_Key.dat" -CERT_OUT_NAME = f"{os.getcwd()}\\corePKCS11_Claim_Certificate.dat" - RESOURCE_STACK_NAME = "FPDemoStack" script_file_dir_abs_path = os.path.abspath(os.path.dirname(__file__)) cf = boto3.client("cloudformation") iot = boto3.client("iot") +# Generate IoT credentials in DER format and save them in the demo directory +def create_credentials(): + print("Creating Certs and Credentials for the Fleet Provisioning Demo...") + # Verify that the stack exists (create_resources has been ran before somewhere) + stack_response = get_stack() + if stack_response == "STACK_NOT_FOUND": + raise Exception( + f"CloudFormation stack \"{RESOURCE_STACK_NAME}\" not found.") + elif stack_response["StackStatus"] != "CREATE_COMPLETE": + print("Error: Stack was not successfully created. View the stack in the CloudFormation console here:") + stack_link = convert_cf_arn_to_link(stack_response["StackId"]) + raise Exception( + "Stack was not successfully created. View the stack in the CloudFormation console here:\n" + stack_link) + + # Generate an ECDSA CA cert, and a ECDSA Cert and key to use for device provisioning + root_ca_cert, claim_cert = generate_priv_keys_and_certs(write_der_keys=True) + + if ( root_ca_cert is None ) or ( claim_cert is None ): + raise Exception(f"Failed to generate needed ECDSA Keypairs and Certificates") + + ca_cert_response = iot.register_ca_certificate( + caCertificate=root_ca_cert, + setAsActive=True, + allowAutoRegistration=True, + certificateMode='SNI_ONLY' + ) + + if "certificateArn" not in ca_cert_response.keys(): + raise Exception( "Failed to register the generated ECDSA CA Certificate" ) + else: + print("\nRegistered CA Cert\n\tARN:{0}\n\tCertID:{1}" + .format( + ca_cert_response["certificateArn"], + ca_cert_response["certificateId"] + ) + ) + + claim_cert_response = iot.register_certificate( + certificatePem=claim_cert, + caCertificatePem=root_ca_cert, + status='ACTIVE' + ) + + if "certificateArn" not in claim_cert_response.keys(): + raise Exception( + "Failed to register the generate CA Certificate" + ) + else: + print("\nRegistered Claim Cert\n\tARN:{0}\n\tCertID:{1}" + .format( + claim_cert_response["certificateArn"], + claim_cert_response["certificateId"] + ) + ) + + iot.attach_policy(policyName="CF_FleetProvisioningDemoClaimPolicy", + target=claim_cert_response["certificateArn"]) + +# Set the necessary fields in demo_config.h +def update_demo_config(): + print("Updating the demo config for the Fleet Provisioning Demo...") + endpoint = iot.describe_endpoint(endpointType='iot:Data-ATS') + + template_file = open(f"{script_file_dir_abs_path}/demo_config.templ", 'r') + file_text = template_file.read() + file_text = file_text.replace( + "", "\"" + endpoint["endpointAddress"] + "\"") + + header_file = open(f"{script_file_dir_abs_path}/../demo_config.h", "w") + header_file.write(file_text) + header_file.close() + template_file.close() + print("Successfully updated demo_config.h") + # Convert a CloudFormation arn into a link to the resource def convert_cf_arn_to_link(arn): region = arn.split(":")[3] @@ -43,8 +124,11 @@ def create_resources(): stack_response["StackStatus"]) print() if stack_response["StackStatus"] != "CREATE_COMPLETE": - raise Exception("Fleet Provisioning resource stack failed to create successfully. You may need to delete the stack and retry." - + "\nView the stack in the CloudFormation console here:\n" + convert_cf_arn_to_link(stack_response["StackId"])) + raise Exception( + "Fleet Provisioning resource stack failed to create successfully. " + + "You may need to delete the stack and retry. " + + "\nView the stack in the CloudFormation console here:\n " + + convert_cf_arn_to_link(stack_response["StackId"])) else: # Read the cloudformation template file contained in the same directory cf_template_file = open(f"{script_file_dir_abs_path}/cloudformation_template.json", "r") @@ -70,43 +154,6 @@ def create_resources(): "Error: Stack creation failed. You may need to delete_all and try again.") raise -# Generate IoT credentials in DER format and save them in the demo directory - - -def create_credentials(): - # Verify that the stack exists (create_resources has been ran before somewhere) - stack_response = get_stack() - if stack_response == "STACK_NOT_FOUND": - raise Exception( - f"CloudFormation stack \"{RESOURCE_STACK_NAME}\" not found.") - elif stack_response["StackStatus"] != "CREATE_COMPLETE": - print("Error: Stack was not successfully created. View the stack in the CloudFormation console here:") - stack_link = convert_cf_arn_to_link(stack_response["StackId"]) - raise Exception( - "Stack was not successfully created. View the stack in the CloudFormation console here:\n" + stack_link) - else: - credentials = iot.create_keys_and_certificate(setAsActive=True) - iot.attach_policy(policyName="CF_FleetProvisioningDemoClaimPolicy", - target=credentials["certificateArn"]) - convert_pem_to_der( - credentials["certificatePem"], credentials["keyPair"]["PrivateKey"]) - - -# Set the necessary fields in demo_config.h -def update_demo_config(): - endpoint = iot.describe_endpoint(endpointType='iot:Data-ATS') - - template_file = open(f"{script_file_dir_abs_path}/demo_config.templ", 'r') - file_text = template_file.read() - file_text = file_text.replace( - "", "\"" + endpoint["endpointAddress"] + "\"") - - header_file = open(f"{script_file_dir_abs_path}/../demo_config.h", "w") - header_file.write(file_text) - header_file.close() - template_file.close() - print("Successfully updated demo_config.h") - # Get arguments def get_args(): parser = argparse.ArgumentParser(description="Fleet Provisioning Demo setup script.") @@ -116,16 +163,29 @@ def get_args(): # Parse arguments and execute appropriate functions def main(): + # Check arguments and go appropriately args = get_args(); print("\nThis script will set up the AWS resources required for the Fleet Provisioning demo.") print("It may take several minutes for the resources to be provisioned.") if args.force or input("Are you sure you want to do this? (y/n) ") == "y": - print() + print("\n---------------------- Start Create Cloud Stack Resources ----------------------\n") create_resources() + print("\n----------------------- End Create Cloud Stack Resources -----------------------\n") + + print("\n-------------------------- Start Creating Credentials --------------------------\n") create_credentials() + print("\n--------------------------- End Creating Credentials ---------------------------\n") + + print("\n--------------------------- Start Update Demo Config ---------------------------\n") update_demo_config() - print("\nFleet Provisioning demo setup complete. Ensure that all generated files (key, certificate, demo_config.h) are in the same folder as \"fleet_provisioning_demo.sln\".") + print("\n---------------------------- End Update Demo Config ----------------------------\n") + + print( + "Fleet Provisioning demo setup complete. Ensure that all generated files " + + "(key, certificate, demo_config.h) are in the same folder as " + + "\"fleet_provisioning_demo.sln\"." + ) if __name__ == "__main__": diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/generate_credentials.py b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/generate_credentials.py new file mode 100755 index 00000000000..ec04e0a80fe --- /dev/null +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/generate_credentials.py @@ -0,0 +1,199 @@ +#!/usr/bin/env python + +import os +import argparse +import random +import datetime +import subprocess +from cryptography import x509 +from cryptography.x509.oid import NameOID +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import serialization, hashes +from cryptography.hazmat.primitives.asymmetric import ec + +# Helper scripts from this directory +from convert_credentials_to_der import convert_pem_to_der + +script_file_dir_abs_path = os.path.abspath(os.path.dirname(__file__)) + +# File names for generated credentials +ROOT_CA_PRIV_KEY_FILE = f"{script_file_dir_abs_path}{os.sep}ECDSA_root_priv_key.pem" +ROOT_CA_PUB_KEY_FILE = f"{script_file_dir_abs_path}{os.sep}ECDSA_root_pub_key.pem" +ROOT_CA_CERT_FILE = f"{script_file_dir_abs_path}{os.sep}ECDSA_root_ca_cert.pem" + +CLAIM_PRIV_KEY_FILE = f"{script_file_dir_abs_path}{os.sep}ECDSA_claim_priv_key.pem" +CLAIM_PUB_KEY_FILE = f"{script_file_dir_abs_path}{os.sep}ECDSA_claim_pub_key.pem" +CLAIM_CERT_FILE = f"{script_file_dir_abs_path}{os.sep}ECDSA_claim_device_cert.pem" + +# Use the current date and time to create a unique subject name +now = datetime.datetime.now() +dt_string = now.strftime("%d_%m_%Y_%H_%M_%S") + +# Default values for the CA cert +subject = issuer = x509.Name([ + x509.NameAttribute(NameOID.COUNTRY_NAME, "US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "FP_State"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "FP_Locality"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "FP_Organization"), + x509.NameAttribute(NameOID.COMMON_NAME, f'FP_CN_{dt_string}'), +]) + +# Simple check of the generated keys. +# Documentation says if the operations fail an exception is thrown. +# https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.ECDSA +def validate_keys(private_key, public_key): + # Verify the generated keys work correctly by signing a message and then verifying it + data = b"TEST DATA TO SIGN" + + # Sign the above message using the private key + signature = private_key.sign( + data, + ec.ECDSA(hashes.SHA256()) + ) + + # Verify the signature using the public key + public_key.verify( + signature, + data, + ec.ECDSA(hashes.SHA256()) + ) + + +def generate_priv_keys_and_certs(write_der_keys): + print("Generating ECDSA Root Keys\n") + # Generate an ECDSA Key Pair + # NOTE: At time of writing corePKCS11 only supports the prime256v1/secp256r1 keys + # If this changes then these keys should be changed to use a better alg. + root_prv_key = ec.generate_private_key( + ec.SECP256R1() + ) + + # Get the related public key + root_pub_key = root_prv_key.public_key() + + validate_keys( + private_key = root_prv_key, + public_key = root_pub_key + ) + + # Now that the public and private key have been validated, create a x509 Cert + root_ca_cert = x509.CertificateBuilder().subject_name( + subject + ).issuer_name( + issuer + ).public_key( + root_pub_key + ).serial_number( + x509.random_serial_number() + ).not_valid_before( + datetime.datetime.now(datetime.timezone.utc) + ).not_valid_after( + # Our certificate will be valid for 14 days + datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=14) + ).add_extension( + x509.BasicConstraints(ca=True, path_length=None), critical=True, + # Sign our certificate with our private key + ).sign(root_prv_key, hashes.SHA256()) + + # Check to make sure the cert generated correctly + isinstance(root_ca_cert, x509.Certificate) + + # Print out the generated ECDSA Keys and Certs + root_pub_key_pem = root_pub_key.public_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PublicFormat.SubjectPublicKeyInfo + ) + + root_prv_key_pem = root_prv_key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption() + ) + + root_ca_cert_pem = root_ca_cert.public_bytes(serialization.Encoding.PEM) + + print("Public Key Pem:\n{0}\n".format(root_pub_key_pem.decode("utf-8"))) + print("Private Key Pem:\n{0}\n".format(root_prv_key_pem.decode("utf-8"))) + print("Root CA Cert Pem:\n{0}\n".format(root_ca_cert_pem.decode("utf-8"))) + + open(ROOT_CA_PRIV_KEY_FILE, "wb").write(root_prv_key_pem) + open(ROOT_CA_PUB_KEY_FILE, "wb").write(root_pub_key_pem) + open(ROOT_CA_CERT_FILE, "wb").write(root_ca_cert_pem) + + print(f"Wrote PEM Encoded Root Private Key to:\n\t{ROOT_CA_PRIV_KEY_FILE}") + print(f"Wrote PEM Encoded Root Public Key to:\n\t{ROOT_CA_PUB_KEY_FILE}") + print(f"Wrote PEM Encoded Root CA Cert to:\n\t{ROOT_CA_CERT_FILE}") + + # Device credential generation + print("\n\nGenerating ECDSA Claim Keys\n") + # Generate a ECDSA Key Pair + claim_prv_key = ec.generate_private_key( + ec.SECP256R1() + ) + + # Get the related public key + claim_pub_key = claim_prv_key.public_key() + + # Simple check of the generated keys + validate_keys( + private_key = claim_prv_key, + public_key = claim_pub_key + ) + + # Now that the public and private key have been validated, create a x509 Cert + claim_cert = x509.CertificateBuilder().subject_name( + subject + ).issuer_name( + issuer + ).public_key( + claim_pub_key + ).serial_number( + x509.random_serial_number() + ).not_valid_before( + datetime.datetime.now(datetime.timezone.utc) + ).not_valid_after( + # Our certificate will be valid for 14 days + datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=14) + ).add_extension( + x509.BasicConstraints(ca=False, path_length=None), critical=True, + # Sign our certificate with the Root private key + ).sign(root_prv_key, hashes.SHA256()) + + # Check to make sure the cert generated correctly + isinstance(claim_cert, x509.Certificate) + + # Serialize the generated ECDSA Keys and Certs + claim_pub_key_pem = claim_pub_key.public_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PublicFormat.SubjectPublicKeyInfo + ) + + claim_prv_key_pem = claim_prv_key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption() + ) + + claim_cert_pem = claim_cert.public_bytes(serialization.Encoding.PEM) + + print("Claim Public Key Pem:\n{0}\n".format(claim_pub_key_pem.decode("utf-8"))) + print("Claim Private Key Pem:\n{0}\n".format(claim_prv_key_pem.decode("utf-8"))) + print("Claim Cert Pem:\n{0}\n".format(claim_cert_pem.decode("utf-8"))) + + open(CLAIM_PRIV_KEY_FILE, "wb").write(claim_pub_key_pem) + open(CLAIM_PUB_KEY_FILE, "wb").write(claim_prv_key_pem) + open(CLAIM_CERT_FILE, "wb").write(claim_cert_pem) + + print(f"Wrote PEM Encoded Claim Private Key to:\n\t{CLAIM_PRIV_KEY_FILE}") + print(f"Wrote PEM Encoded Claim Public Key to:\n\t{CLAIM_PUB_KEY_FILE}") + print(f"Wrote PEM Encoded Claim CA Cert to:\n\t{CLAIM_CERT_FILE}") + + if write_der_keys == True: + print("\nWrite DER Format Version of Claim Private Key and Cert") + # Use the helper function in convert_credentials_to_der to write out DER formatted keys + convert_pem_to_der( + cert_pem = claim_cert_pem.decode("utf-8"), + key_pem = claim_prv_key_pem.decode("utf-8") + ) + + return root_ca_cert_pem.decode("utf-8"), claim_cert_pem.decode("utf-8") diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/FleetProvisioningDemoExample.c b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/FleetProvisioningDemoExample.c index 39e3ebb0190..05ace5c7d8f 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/FleetProvisioningDemoExample.c +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/FleetProvisioningDemoExample.c @@ -124,29 +124,30 @@ * @brief Time in seconds to wait between retries of the demo loop if * demo loop fails. */ -#define fpdemoDELAY_BETWEEN_DEMO_RETRY_ITERATIONS_SECONDS ( 5 ) +#define fpdemoDELAY_BETWEEN_DEMO_RETRY_ITERATIONS_SECONDS ( 10 ) /** * @brief Size of buffer in which to hold the certificate signing request (CSR). */ -#define fpdemoCSR_BUFFER_LENGTH 2048 +#define fpdemoCSR_BUFFER_LENGTH 4096 /** * @brief Size of buffer in which to hold the certificate. */ -#define fpdemoCERT_BUFFER_LENGTH 2048 +#define fpdemoCERT_BUFFER_LENGTH 4096 /** * @brief Size of buffer in which to hold the certificate id. * - * See https://docs.aws.amazon.com/iot/latest/apireference/API_Certificate.html#iot-Type-Certificate-certificateId + * @note Has a maximum length of 64 for more information see the following link + * https://docs.aws.amazon.com/iot/latest/apireference/API_Certificate.html#iot-Type-Certificate-certificateId */ #define fpdemoCERT_ID_BUFFER_LENGTH 64 /** * @brief Size of buffer in which to hold the certificate ownership token. */ -#define fpdemoOWNERSHIP_TOKEN_BUFFER_LENGTH 512 +#define fpdemoOWNERSHIP_TOKEN_BUFFER_LENGTH 1024 /** * @brief Milliseconds per second. @@ -203,7 +204,7 @@ static size_t xThingNameLength; * APIs. When the MQTT publish callback receives an expected Fleet Provisioning * accepted payload, it copies it into this buffer. */ -static uint8_t pucPayloadBuffer[ democonfigNETWORK_BUFFER_SIZE ]; +static uint8_t pucPayloadBuffer[ democonfigNETWORK_BUFFER_SIZE * 2 ]; /** * @brief Length of the payload stored in #pucPayloadBuffer. This is set by the @@ -646,6 +647,12 @@ int prvFleetProvisioningTask( void * pvParameters ) * topics. In this demo we use CBOR encoding for the payloads, * so we use the CBOR variants of the topics. */ xStatus = prvSubscribeToCsrResponseTopics(); + + if( xStatus == true ) + { + /* Subscribe to the RegisterThing response topics. */ + xStatus = prvSubscribeToRegisterThingResponseTopics(); + } } if( xStatus == true ) @@ -727,12 +734,6 @@ int prvFleetProvisioningTask( void * pvParameters ) &xPayloadLength ); } - if( xStatus == true ) - { - /* Subscribe to the RegisterThing response topics. */ - xStatus = prvSubscribeToRegisterThingResponseTopics(); - } - if( xStatus == true ) { /* Publish the RegisterThing request. */ diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj index 9f938a63564..8a8e9d64291 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -33,26 +21,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -61,28 +29,10 @@ - - - - - - - - - $(VC_IncludePath);$(WindowsSDK_IncludePath);.;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\AWS\fleet-provisioning\source\include;..\..\Mqtt_Demo_Helpers;$(IncludePath) - - $(VC_IncludePath);$(WindowsSDK_IncludePath);.;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\AWS\fleet-provisioning\source\include;..\..\Mqtt_Demo_Helpers;$(IncludePath) - - - $(VC_IncludePath);$(WindowsSDK_IncludePath);.;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\AWS\fleet-provisioning\source\include;..\..\Mqtt_Demo_Helpers;$(IncludePath) - - - $(VC_IncludePath);$(WindowsSDK_IncludePath);.;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\AWS\fleet-provisioning\source\include;..\..\Mqtt_Demo_Helpers;$(IncludePath) - false @@ -90,61 +40,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - - - true - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - - - true - - - Console - true - true - true - %(AdditionalDependencies) - - - - - Level3 - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - - - true - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true @@ -152,8 +48,6 @@ Console - true - true true %(AdditionalDependencies) diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c index 1e8037862e2..9d7ee97f666 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c @@ -256,8 +256,10 @@ bool xGenerateKeyAndCsr( CK_SESSION_HANDLE xP11Session, { mbedtls_x509write_csr_set_key( &xReq, &xPrivKey ); - ulMbedtlsRet = mbedtls_x509write_csr_pem( &xReq, ( unsigned char * ) pcCsrBuffer, - xCsrBufferLength, &lMbedCryptoRngCallbackPKCS11, + ulMbedtlsRet = mbedtls_x509write_csr_pem( &xReq, + ( unsigned char * ) pcCsrBuffer, + xCsrBufferLength, + &lMbedCryptoRngCallbackPKCS11, &xP11Session ); } diff --git a/FreeRTOS-Plus/Demo/AWS/Jobs_Windows_Simulator/Jobs_Demo/Jobs_Demo.vcxproj b/FreeRTOS-Plus/Demo/AWS/Jobs_Windows_Simulator/Jobs_Demo/Jobs_Demo.vcxproj index 439268c00e0..95aecf4e96b 100644 --- a/FreeRTOS-Plus/Demo/AWS/Jobs_Windows_Simulator/Jobs_Demo/Jobs_Demo.vcxproj +++ b/FreeRTOS-Plus/Demo/AWS/Jobs_Windows_Simulator/Jobs_Demo/Jobs_Demo.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -33,27 +21,6 @@ Unicode x86 - - Application - false - v142 - true - Unicode - x86 - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -62,85 +29,20 @@ - - - - - - - - - true - - false - - - true - - - false - Level3 true - WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\AWS\jobs\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\network_transport;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - true - WIN32;NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\AWS\jobs\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\network_transport;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - - - - Level3 - true - _DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\AWS\jobs\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\network_transport;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - true - NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";%(PreprocessorDefinitions) true .\;..\..\Mqtt_Demo_Helpers;..\..\..\..\Source\AWS\jobs\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\Application-Protocols\network_transport;%(AdditionalIncludeDirectories) Console - true - true true diff --git a/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Common/Ota_PAL/Win32/Code_Signature_Verification/code_signature_verification_mbedtls.c b/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Common/Ota_PAL/Win32/Code_Signature_Verification/code_signature_verification_mbedtls.c index c769485750a..105b6fef81c 100644 --- a/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Common/Ota_PAL/Win32/Code_Signature_Verification/code_signature_verification_mbedtls.c +++ b/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Common/Ota_PAL/Win32/Code_Signature_Verification/code_signature_verification_mbedtls.c @@ -40,7 +40,7 @@ /* mbedTLS includes. */ #if !defined( MBEDTLS_CONFIG_FILE ) - #include "mbedtls_config_v3.2.1.h" + #include "mbedtls_config_v3.5.1.h" #else #include MBEDTLS_CONFIG_FILE #endif diff --git a/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Http_Demo/Ota_Over_Http_Demo.vcxproj b/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Http_Demo/Ota_Over_Http_Demo.vcxproj index 06d191f1f3a..cfd0151e944 100644 --- a/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Http_Demo/Ota_Over_Http_Demo.vcxproj +++ b/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Http_Demo/Ota_Over_Http_Demo.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -32,26 +20,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -60,89 +28,21 @@ - - - - - - - - - true RTOSDemo - - false - RTOSDemo - - - true - RTOSDemo - - - false - RTOSDemo - Level3 false - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;__little_endian__=1;_DEBUG;_CONSOLE;WIN32;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - ..\Common\HTTP_Utils;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\Common\coreMQTT_Agent_Interface\include;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\ota\source\include;..\..\..\..\Source\AWS\ota\source\portable\os;..\..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\Common\Ota_PAL\Win32\Code_Signature_Verification;..\Common\Ota_PAL\Win32;..\Common\subscription-manager;.\;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - false - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;__little_endian__=1;WIN32;NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - ..\Common\HTTP_Utils;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\Common\coreMQTT_Agent_Interface\include;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\ota\source\include;..\..\..\..\Source\AWS\ota\source\portable\os;..\..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\Common\Ota_PAL\Win32\Code_Signature_Verification;..\Common\Ota_PAL\Win32;..\Common\subscription-manager;.\;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - - - - Level3 - false - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;__little_endian__=1;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) - true - ..\Common\HTTP_Utils;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\Common\coreMQTT_Agent_Interface\include;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\ota\source\include;..\..\..\..\Source\AWS\ota\source\portable\os;..\..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\Common\Ota_PAL\Win32\Code_Signature_Verification;..\Common\Ota_PAL\Win32;..\Common\subscription-manager;.\;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - false - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;__little_endian__=1;NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) + MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;WIN32_LEAN_AND_MEAN;__little_endian__=1;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";%(PreprocessorDefinitions) true ..\Common\HTTP_Utils;..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\Common\coreMQTT_Agent_Interface\include;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\ota\source\include;..\..\..\..\Source\AWS\ota\source\portable\os;..\..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\Common\Ota_PAL\Win32\Code_Signature_Verification;..\Common\Ota_PAL\Win32;..\Common\subscription-manager;.\;%(AdditionalIncludeDirectories) Console - true - true true diff --git a/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Mqtt_Demo/Ota_Over_Mqtt_Demo.vcxproj b/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Mqtt_Demo/Ota_Over_Mqtt_Demo.vcxproj index 8a310744de9..c40dbd588d5 100644 --- a/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Mqtt_Demo/Ota_Over_Mqtt_Demo.vcxproj +++ b/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Mqtt_Demo/Ota_Over_Mqtt_Demo.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -33,26 +21,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -61,89 +29,21 @@ - - - - - - - - - true RTOSDemo - - false - RTOSDemo - - - true - RTOSDemo - - - false - RTOSDemo - Level3 false - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;__little_endian__=1;_DEBUG;_CONSOLE;WIN32;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h" - true - ..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\Common\coreMQTT_Agent_Interface\include;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\ota\source\include;..\..\..\..\Source\AWS\ota\source\portable\os;..\..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\Common\Ota_PAL\Win32\Code_Signature_Verification;..\Common\Ota_PAL\Win32;..\Common\subscription-manager;.\;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - false - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;__little_endian__=1;WIN32;NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h" - true - ..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\Common\coreMQTT_Agent_Interface\include;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\ota\source\include;..\..\..\..\Source\AWS\ota\source\portable\os;..\..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\Common\Ota_PAL\Win32\Code_Signature_Verification;..\Common\Ota_PAL\Win32;..\Common\subscription-manager;.\;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - - - - Level3 - false - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;__little_endian__=1;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h" - true - ..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\Common\coreMQTT_Agent_Interface\include;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\ota\source\include;..\..\..\..\Source\AWS\ota\source\portable\os;..\..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\Common\Ota_PAL\Win32\Code_Signature_Verification;..\Common\Ota_PAL\Win32;..\Common\subscription-manager;.\;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - true - false - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;__little_endian__=1;NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h" + MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;WIN32;WIN32_LEAN_AND_MEAN;__little_endian__=1;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h" true ..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\..\Source\Application-Protocols\network_transport;..\..\..\Common\coreMQTT_Agent_Interface\include;..\..\..\..\ThirdParty\tinycbor\src;..\..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\..\Source\coreJSON\source\include;..\..\..\..\Source\AWS\ota\source\include;..\..\..\..\Source\AWS\ota\source\portable\os;..\..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\Common\Ota_PAL\Win32\Code_Signature_Verification;..\Common\Ota_PAL\Win32;..\Common\subscription-manager;.\;%(AdditionalIncludeDirectories) Console - true - true true diff --git a/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Mqtt_Demo/demo_config.h b/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Mqtt_Demo/demo_config.h index e8c38fe495f..99c071bf4a5 100644 --- a/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Mqtt_Demo/demo_config.h +++ b/FreeRTOS-Plus/Demo/AWS/Ota_Windows_Simulator/Ota_Over_Mqtt_Demo/demo_config.h @@ -43,11 +43,11 @@ /* Logging configuration for the Demo. */ #ifndef LIBRARY_LOG_NAME #define LIBRARY_LOG_NAME "OTADemo" -#endif +#endif /* LIBRARY_LOG_NAME */ #ifndef LIBRARY_LOG_LEVEL #define LIBRARY_LOG_LEVEL LOG_DEBUG -#endif +#endif /* LIBRARY_LOG_LEVEL */ /* Prototype for the function used to print to console on Windows simulator * of FreeRTOS. diff --git a/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_BG96/mqtt_mutual_auth_demo_with_bg96.vcxproj b/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_BG96/mqtt_mutual_auth_demo_with_bg96.vcxproj index 7165f64978d..8f2a1b80c15 100644 --- a/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_BG96/mqtt_mutual_auth_demo_with_bg96.vcxproj +++ b/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_BG96/mqtt_mutual_auth_demo_with_bg96.vcxproj @@ -36,7 +36,7 @@ Level3 true - WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\common;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\private;..\..\..\Source\FreeRTOS-Cellular-Interface\source\interface diff --git a/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_HL7802/mqtt_mutual_auth_demo_with_hl7802.vcxproj b/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_HL7802/mqtt_mutual_auth_demo_with_hl7802.vcxproj index bd4b9c0e43c..5d5775ec3c2 100644 --- a/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_HL7802/mqtt_mutual_auth_demo_with_hl7802.vcxproj +++ b/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_HL7802/mqtt_mutual_auth_demo_with_hl7802.vcxproj @@ -37,7 +37,7 @@ Level3 true - WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\common;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\private;..\..\..\Source\FreeRTOS-Cellular-Interface\source\interface diff --git a/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_SARA_R4/mqtt_mutual_auth_demo_with_sara_r4.vcxproj b/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_SARA_R4/mqtt_mutual_auth_demo_with_sara_r4.vcxproj index d54a6c9e2d6..c1fc78bd0bb 100644 --- a/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_SARA_R4/mqtt_mutual_auth_demo_with_sara_r4.vcxproj +++ b/FreeRTOS-Plus/Demo/FreeRTOS_Cellular_Interface_Windows_Simulator/MQTT_Mutual_Auth_Demo_with_SARA_R4/mqtt_mutual_auth_demo_with_sara_r4.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -32,26 +20,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -60,90 +28,24 @@ - - - - - - - - - true - - false - - - true - - - false - Level3 true - WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) - true - .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\common;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\private;..\..\..\Source\FreeRTOS-Cellular-Interface\source\interface - - - Console - true - Bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - true - true - true - WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\common;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\private;..\..\..\Source\FreeRTOS-Cellular-Interface\source\interface Console - true - true true Bcrypt.lib;%(AdditionalDependencies) - - - Level3 - true - _DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) - true - .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\common;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\private;..\..\..\Source\FreeRTOS-Cellular-Interface\source\interface - - - Console - true - - - - - Level3 - true - true - true - NDEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) - true - .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\common;..\..\..\Source\FreeRTOS-Cellular-Interface\source\include\private;..\..\..\Source\FreeRTOS-Cellular-Interface\source\interface - - - Console - true - true - true - - diff --git a/FreeRTOS-Plus/Demo/FreeRTOS_Plus_CLI_with_Trace_Windows_Simulator/WIN32.vcxproj b/FreeRTOS-Plus/Demo/FreeRTOS_Plus_CLI_with_Trace_Windows_Simulator/WIN32.vcxproj deleted file mode 100644 index 9fd48a71d3b..00000000000 --- a/FreeRTOS-Plus/Demo/FreeRTOS_Plus_CLI_with_Trace_Windows_Simulator/WIN32.vcxproj +++ /dev/null @@ -1,162 +0,0 @@ - - - - - Debug - Win32 - - - Release - Win32 - - - - {C686325E-3261-42F7-AEB1-DDE5280E1CEB} - RTOSDemo - - - - Application - false - MultiByte - v142 - - - Application - false - MultiByte - v142 - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30319.1 - .\Debug\ - .\Debug\ - true - .\Release\ - .\Release\ - false - - - - .\Debug/WIN32.tlb - - - - - Disabled - ..\..\Source\FreeRTOS-Plus-Trace\Include;..\..\..\FreeRTOS\Source\include;..\..\..\FreeRTOS\Source\portable\MSVC-MingW;..\..\Source\FreeRTOS-Plus-CLI;.\Trace_Recorder_Configuration;.;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) - true - EnableFastChecks - MultiThreadedDebug - .\Debug/WIN32.pch - .\Debug/ - .\Debug/ - .\Debug/ - Level4 - true - false - EditAndContinue - - - _DEBUG;%(PreprocessorDefinitions) - 0x0c09 - - - .\Debug/RTOSDemo.exe - true - true - .\Debug/WIN32.pdb - Console - MachineX86 - %(AdditionalDependencies) - - - - - true - .\Debug/WIN32.bsc - - - - - .\Release/WIN32.tlb - - - - - MaxSpeed - OnlyExplicitInline - _WINSOCKAPI_;WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) - true - MultiThreaded - true - .\Release/WIN32.pch - .\Release/ - .\Release/ - .\Release/ - Level3 - true - ..\Common\Utils;..\Common\ethernet\lwip-1.4.0\ports\win32\WinPCap;..\Common\ethernet\lwip-1.4.0\src\include\ipv4;..\Common\ethernet\lwip-1.4.0\src\include;..\..\Source\include;..\..\Source\portable\MSVC-MingW;..\Common\ethernet\lwip-1.4.0\ports\win32\include;..\Common\Include;.\lwIP_Apps;.;%(AdditionalIncludeDirectories) - - - NDEBUG;%(PreprocessorDefinitions) - 0x0c09 - - - .\Release/RTOSDemo.exe - true - .\Release/WIN32.pdb - Console - MachineX86 - ..\Common\ethernet\lwip-1.4.0\ports\win32\WinPCap - wpcap.lib;%(AdditionalDependencies) - - - true - .\Release/WIN32.bsc - - - - - - - - - - - - - - - - - - %(AdditionalIncludeDirectories) - %(PreprocessorDefinitions) - %(PreprocessorDefinitions) - - - - - - - - - - - - - diff --git a/FreeRTOS-Plus/Demo/FreeRTOS_Plus_CLI_with_Trace_Windows_Simulator/WIN32.vcxproj.filters b/FreeRTOS-Plus/Demo/FreeRTOS_Plus_CLI_with_Trace_Windows_Simulator/WIN32.vcxproj.filters deleted file mode 100644 index a238741cc1f..00000000000 --- a/FreeRTOS-Plus/Demo/FreeRTOS_Plus_CLI_with_Trace_Windows_Simulator/WIN32.vcxproj.filters +++ /dev/null @@ -1,101 +0,0 @@ - - - - - {38712199-cebf-4124-bf15-398f7c3419ea} - ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe - - - {34567deb-d5ab-4a56-8640-0aaec609521a} - cpp;c;cxx;rc;def;r;odl;idl;hpj;bat - - - {af3445a1-4908-4170-89ed-39345d90d30c} - - - {f32be356-4763-4cae-9020-974a2638cb08} - *.c - - - {88f409e6-d396-4ac5-94bd-7a99c914be46} - - - {e5ad4ec7-23dc-4295-8add-2acaee488f5a} - - - {629e761f-e8a8-430e-b44e-f38d83292b54} - - - {19ff1a34-36de-4c48-9d10-3fb1fa0d1fa4} - - - - - {fd43c0ed-fdbc-437f-a5a3-c50399690bd7} - - - {91dffc7b-279b-44f6-a2b2-f5d2e132a85d} - - - - - Demo App Source - - - FreeRTOS\Source\Portable - - - FreeRTOS\Source\Portable - - - FreeRTOS\Source - - - FreeRTOS\Source - - - FreeRTOS\Source - - - FreeRTOS\Source - - - Demo App Source - - - Demo App Source - - - Demo App Source - - - FreeRTOS+\FreeRTOS+CLI - - - FreeRTOS+\FreeRTOS+Trace - - - FreeRTOS+\FreeRTOS+Trace - - - FreeRTOS+\FreeRTOS+Trace - - - FreeRTOS\Source - - - FreeRTOS\Source - - - - - FreeRTOS\Configuration Files - - - Demo App Source\Trace Recorder Configuration - - - Demo App Source\Trace Recorder Configuration - - - \ No newline at end of file diff --git a/FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_IPv6_Demo/IPv6_Multi_WinSim_demo/WIN32.vcxproj b/FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_IPv6_Demo/IPv6_Multi_WinSim_demo/WIN32.vcxproj index a9b3fe21200..20657cfb905 100644 --- a/FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_IPv6_Demo/IPv6_Multi_WinSim_demo/WIN32.vcxproj +++ b/FreeRTOS-Plus/Demo/FreeRTOS_Plus_TCP_IPv6_Demo/IPv6_Multi_WinSim_demo/WIN32.vcxproj @@ -56,7 +56,7 @@ $(DEMO_COMMON_SOURCE_DIR)\logging\include; .; ..\common\Logging\windows - WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;ipconfigUSE_PCAP=1;_NO_CRT_STDIO_INLINE;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;ipconfigUSE_PCAP=1;_NO_CRT_STDIO_INLINE;%(PreprocessorDefinitions) false EnableFastChecks MultiThreadedDLL diff --git a/FreeRTOS-Plus/Demo/FreeRTOS_Plus_WolfSSL_Windows_Simulator/FreeRTOS_Plus_WolfSSL_Windows_Simulator.vcxproj b/FreeRTOS-Plus/Demo/FreeRTOS_Plus_WolfSSL_Windows_Simulator/FreeRTOS_Plus_WolfSSL_Windows_Simulator.vcxproj index 30167b9a7b3..60fdd042087 100644 --- a/FreeRTOS-Plus/Demo/FreeRTOS_Plus_WolfSSL_Windows_Simulator/FreeRTOS_Plus_WolfSSL_Windows_Simulator.vcxproj +++ b/FreeRTOS-Plus/Demo/FreeRTOS_Plus_WolfSSL_Windows_Simulator/FreeRTOS_Plus_WolfSSL_Windows_Simulator.vcxproj @@ -5,26 +5,10 @@ Debug_with_Libslirp Win32 - - Debug_with_Libslirp - x64 - Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -46,32 +30,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -83,18 +41,6 @@ - - - - - - - - - - - - true @@ -102,23 +48,11 @@ true - - false - - - true - - - true - - - false - Level3 true - WOLFSSL_USER_SETTINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;WOLFSSL_IGNORE_FILE_WARN + WIN32;WIN32_LEAN_AND_MEAN;WOLFSSL_USER_SETTINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;WOLFSSL_IGNORE_FILE_WARN true ..\..\ThirdParty\WolfSSL;.;%(AdditionalIncludeDirectories) @@ -147,72 +81,6 @@ xcopy /y /d "..\..\ThirdParty\glib\build\subprojects\proxy-libintl\intl-8.dll" " xcopy /y /d "..\..\ThirdParty\glib\build\subprojects\pcre2-10.42\pcre2-8-0.dll" "$(OutDir)" - - - Level3 - true - true - true - WOLFSSL_USER_SETTINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;WOLFSSL_IGNORE_FILE_WARN - true - ..\..\ThirdParty\WolfSSL;.;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - - - - Level3 - true - WOLFSSL_USER_SETTINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;WOLFSSL_IGNORE_FILE_WARN - true - ..\..\ThirdParty\WolfSSL;.;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - WOLFSSL_USER_SETTINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;WOLFSSL_IGNORE_FILE_WARN - true - ..\..\ThirdParty\WolfSSL;.;%(AdditionalIncludeDirectories) - - - Console - true - Bcrypt.lib;Iphlpapi.lib;Ws2_32.lib;%(AdditionalDependencies) - - - xcopy /y /d "..\..\ThirdParty\glib\build\glib\glib-2.0-0.dll" "$(OutDir)" -xcopy /y /d "..\..\ThirdParty\glib\build\subprojects\proxy-libintl\intl-8.dll" "$(OutDir)" -xcopy /y /d "..\..\ThirdParty\glib\build\subprojects\pcre2-10.42\pcre2-8-0.dll" "$(OutDir)" - - - - - Level3 - true - true - true - WOLFSSL_USER_SETTINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;WOLFSSL_IGNORE_FILE_WARN - true - ..\..\ThirdParty\WolfSSL;.;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_Mutual_Auth/CoreHTTP_Mutual_Auth.vcxproj b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_Mutual_Auth/CoreHTTP_Mutual_Auth.vcxproj index 29d2f954b7b..39f1f2d0762 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_Mutual_Auth/CoreHTTP_Mutual_Auth.vcxproj +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_Mutual_Auth/CoreHTTP_Mutual_Auth.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -32,26 +20,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -60,15 +28,6 @@ - - - - - - - - - false @@ -77,62 +36,12 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - true - true - %(AdditionalDependencies) - - - - - Level3 - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) Console - true - true true %(AdditionalDependencies) diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_Plaintext/CoreHTTP_Plaintext.vcxproj b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_Plaintext/CoreHTTP_Plaintext.vcxproj index 3694c5f200b..e9ecc0813e6 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_Plaintext/CoreHTTP_Plaintext.vcxproj +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_Plaintext/CoreHTTP_Plaintext.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -32,26 +20,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -60,15 +28,6 @@ - - - - - - - - - false @@ -77,62 +36,12 @@ Level3 true - _CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - true - true - %(AdditionalDependencies) - - - - - Level3 - true - _CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - _CRT_SECURE_NO_WARNINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + _CRT_SECURE_NO_WARNINGS;WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) Console - true - true true %(AdditionalDependencies) diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/CoreHTTP_S3_Download.vcxproj b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/CoreHTTP_S3_Download.vcxproj index 29d4ecc5f15..98073796411 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/CoreHTTP_S3_Download.vcxproj +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/CoreHTTP_S3_Download.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -32,26 +20,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -60,15 +28,6 @@ - - - - - - - - - false @@ -77,62 +36,12 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\coreJSON\source\include;..\..\..\Source\AWS\sigv4\source\include;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\coreJSON\source\include;..\..\..\Source\AWS\sigv4\source\include;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - true - true - %(AdditionalDependencies) - - - - - Level3 - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\coreJSON\source\include;..\..\..\Source\AWS\sigv4\source\include;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\coreJSON\source\include;..\..\..\Source\AWS\sigv4\source\include;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) Console - true - true true %(AdditionalDependencies) diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/demo_config.h b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/demo_config.h index 0906102b514..6cb0f0c0320 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/demo_config.h +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download/demo_config.h @@ -201,7 +201,7 @@ extern void vLoggingPrintf( const char * pcFormatString, /** * @brief Transport timeout in milliseconds for transport send and receive. */ -#define democonfigTRANSPORT_SEND_RECV_TIMEOUT_MS ( 5000 ) +#define democonfigTRANSPORT_SEND_RECV_TIMEOUT_MS ( 10000 ) /** * @brief The length in bytes of the user buffer. diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download_Multithreaded/CoreHTTP_S3_Download_Multithreaded.vcxproj b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download_Multithreaded/CoreHTTP_S3_Download_Multithreaded.vcxproj index 4f370d56f73..d8bd532ea97 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download_Multithreaded/CoreHTTP_S3_Download_Multithreaded.vcxproj +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Download_Multithreaded/CoreHTTP_S3_Download_Multithreaded.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -32,26 +20,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -60,15 +28,6 @@ - - - - - - - - - false @@ -77,62 +36,12 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - true - true - %(AdditionalDependencies) - - - - - Level3 - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) Console - true - true true %(AdditionalDependencies) diff --git a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Upload/CoreHTTP_S3_Upload.vcxproj b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Upload/CoreHTTP_S3_Upload.vcxproj index 41621afdf84..ffbda9c2312 100644 --- a/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Upload/CoreHTTP_S3_Upload.vcxproj +++ b/FreeRTOS-Plus/Demo/coreHTTP_Windows_Simulator/HTTP_S3_Upload/CoreHTTP_S3_Upload.vcxproj @@ -5,18 +5,6 @@ Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -32,26 +20,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -60,15 +28,6 @@ - - - - - - - - - false @@ -77,62 +36,12 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - true - true - %(AdditionalDependencies) - - - - - Level3 - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - %(AdditionalDependencies) - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) Console - true - true true %(AdditionalDependencies) diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/DemoTasks/BasicTLSMQTTExample.c b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/DemoTasks/BasicTLSMQTTExample.c index 06470c3f28f..5f119afd810 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/DemoTasks/BasicTLSMQTTExample.c +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/DemoTasks/BasicTLSMQTTExample.c @@ -125,7 +125,7 @@ /** * @brief Timeout for receiving CONNACK packet in milliseconds. */ -#define mqttexampleCONNACK_RECV_TIMEOUT_MS ( 1000U ) +#define mqttexampleCONNACK_RECV_TIMEOUT_MS ( 2000U ) /** * @brief The prefix to the topic(s) subscribe(d) to and publish(ed) to in the example. @@ -160,7 +160,7 @@ * @brief Timeout for MQTT_ProcessLoop in milliseconds. * Refer to FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/readme.txt for more details. */ -#define mqttexamplePROCESS_LOOP_TIMEOUT_MS ( 2000U ) +#define mqttexamplePROCESS_LOOP_TIMEOUT_MS ( 5000U ) /** * @brief The keep-alive timeout period reported to the broker while establishing @@ -443,11 +443,12 @@ void vStartSimpleMQTTDemo( void ) * state or call the MQTT_ProcessLoop() API function. Using an agent task * also enables multiple application tasks to more easily share a single * MQTT connection. */ + xTaskCreate( prvMQTTDemoTask, /* Function that implements the task. */ "DemoTask", /* Text name for the task - only used for debugging. */ democonfigDEMO_STACKSIZE, /* Size of stack (in words, not bytes) to allocate for the task. */ NULL, /* Task parameter - not used in this case. */ - tskIDLE_PRIORITY, /* Task priority, must be between 0 and configMAX_PRIORITIES - 1. */ + tskIDLE_PRIORITY + 1, /* Task priority, must be between 0 and configMAX_PRIORITIES - 1. */ NULL ); /* Used to pass out a handle to the created task - not used in this case. */ } /*-----------------------------------------------------------*/ diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/MQTT_Basic_TLS.vcxproj b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/MQTT_Basic_TLS.vcxproj index 6e76bf58b36..730f72e709f 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/MQTT_Basic_TLS.vcxproj +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Basic_TLS/MQTT_Basic_TLS.vcxproj @@ -52,7 +52,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) @@ -65,7 +65,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Keep_Alive/MQTT_Keep_Alive.vcxproj b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Keep_Alive/MQTT_Keep_Alive.vcxproj index 2d707888559..7853aa7e3d9 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Keep_Alive/MQTT_Keep_Alive.vcxproj +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Keep_Alive/MQTT_Keep_Alive.vcxproj @@ -43,7 +43,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/MQTT_Multitask.vcxproj b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/MQTT_Multitask.vcxproj index 7ffb99eedcc..f549609f906 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/MQTT_Multitask.vcxproj +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Multitask/MQTT_Multitask.vcxproj @@ -36,7 +36,7 @@ Level3 true - MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MQTT_AGENT_DO_NOT_USE_CUSTOM_CONFIG;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Application-Protocols\coreMQTT-Agent\source\include;..\..\..\Demo\Common\coreMQTT_Agent_Interface\include;.\subscription-manager;%(AdditionalIncludeDirectories) diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/MQTT_Mutual_Auth.vcxproj b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/MQTT_Mutual_Auth.vcxproj index d2e74c88550..9ad54e38868 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/MQTT_Mutual_Auth.vcxproj +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth/MQTT_Mutual_Auth.vcxproj @@ -52,9 +52,9 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true - .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) + .\;..\..\..\VisualStudio_StaticProjects\MbedTLS;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) Console @@ -65,7 +65,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth_wolfSSL/MQTT_Mutual_Auth_wolfSSL.vcxproj b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth_wolfSSL/MQTT_Mutual_Auth_wolfSSL.vcxproj index d91c84e5623..ab1b3d2517b 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth_wolfSSL/MQTT_Mutual_Auth_wolfSSL.vcxproj +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Mutual_Auth_wolfSSL/MQTT_Mutual_Auth_wolfSSL.vcxproj @@ -60,7 +60,7 @@ Disabled .\;..\Common;..\..\..\..\FreeRTOS-Plus\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\FreeRTOS-Plus\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\FreeRTOS-Plus\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\wolfSSL_freertos;..\..\..\ThirdParty\wolfSSL;%(AdditionalIncludeDirectories) - WOLFSSL_USER_SETTINGS;WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) + WOLFSSL_USER_SETTINGS;WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";%(PreprocessorDefinitions) false EnableFastChecks MultiThreadedDLL @@ -109,7 +109,7 @@ Disabled .\;..\Common;..\..\..\..\FreeRTOS-Plus\Source\Application-Protocols\coreMQTT\source\include;..\..\..\..\FreeRTOS-Plus\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\..\FreeRTOS-Plus\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\wolfSSL_freertos;..\..\..\ThirdParty\wolfSSL;%(AdditionalIncludeDirectories) - WOLFSSL_USER_SETTINGS;WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";%(PreprocessorDefinitions) + WOLFSSL_USER_SETTINGS;WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";%(PreprocessorDefinitions) false EnableFastChecks MultiThreadedDLL diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Plain_Text/MQTT_Plain_Text.vcxproj b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Plain_Text/MQTT_Plain_Text.vcxproj index 95a16ea3e7a..78c30175778 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Plain_Text/MQTT_Plain_Text.vcxproj +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Plain_Text/MQTT_Plain_Text.vcxproj @@ -52,7 +52,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) @@ -65,7 +65,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;%(AdditionalIncludeDirectories) diff --git a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Serializer/MQTT_Serializer.vcxproj b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Serializer/MQTT_Serializer.vcxproj index d2ed2f7d27a..c056dba81a7 100644 --- a/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Serializer/MQTT_Serializer.vcxproj +++ b/FreeRTOS-Plus/Demo/coreMQTT_Windows_Simulator/MQTT_Serializer/MQTT_Serializer.vcxproj @@ -5,26 +5,10 @@ Debug_with_Libslirp Win32 - - Debug_with_Libslirp - x64 - Debug Win32 - - Release - Win32 - - - Debug - x64 - - - Release - x64 - 16.0 @@ -46,32 +30,6 @@ v142 Unicode - - Application - false - v142 - true - Unicode - - - Application - true - v142 - Unicode - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - @@ -83,18 +41,6 @@ - - - - - - - - - - - - true @@ -102,23 +48,11 @@ true - - false - - - true - - - true - - - false - Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) @@ -131,7 +65,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) @@ -146,72 +80,6 @@ xcopy /y /d "..\..\..\ThirdParty\glib\build\subprojects\proxy-libintl\intl-8.dll xcopy /y /d "..\..\..\ThirdParty\glib\build\subprojects\pcre2-10.42\pcre2-8-0.dll" "$(OutDir)" - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - - - - Level3 - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS - true - .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - - - - - Level3 - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS - true - .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - Iphlpapi.lib;Ws2_32.lib;%(AdditionalDependencies) - - - xcopy /y /d "..\..\..\ThirdParty\glib\build\glib\glib-2.0-0.dll" "$(OutDir)" -xcopy /y /d "..\..\..\ThirdParty\glib\build\subprojects\proxy-libintl\intl-8.dll" "$(OutDir)" -xcopy /y /d "..\..\..\ThirdParty\glib\build\subprojects\pcre2-10.42\pcre2-8-0.dll" "$(OutDir)" - - - - - Level3 - true - true - true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - .\;..\Common;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Application-Protocols\coreMQTT\source\include;..\..\..\Source\Application-Protocols\coreMQTT\source\interface;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) - - - Console - true - true - true - - diff --git a/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj b/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj index 28fd247deb1..233b17f6b80 100644 --- a/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj +++ b/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj @@ -39,7 +39,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .;..\Common;DemoTasks\include;..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include;..\..\..\Source\Application-Protocols\network_transport;..\..\..\Source\Utilities\backoff_algorithm\source\include;%(AdditionalIncludeDirectories) true diff --git a/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters b/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters index 1b7b4aaf707..5671bff6c7d 100644 --- a/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters +++ b/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters @@ -112,4 +112,4 @@ Config - \ No newline at end of file + diff --git a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/CorePKCS11_Demos.vcxproj b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/CorePKCS11_Demos.vcxproj index def4754e706..32431e717a7 100644 --- a/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/CorePKCS11_Demos.vcxproj +++ b/FreeRTOS-Plus/Demo/corePKCS11_Windows_Simulator/CorePKCS11_Demos.vcxproj @@ -49,7 +49,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .;examples;%(AdditionalIncludeDirectories) @@ -63,7 +63,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .;examples;%(AdditionalIncludeDirectories) diff --git a/FreeRTOS-Plus/Demo/coreSNTP_Windows_Simulator/coreSNTP_Demo.vcxproj b/FreeRTOS-Plus/Demo/coreSNTP_Windows_Simulator/coreSNTP_Demo.vcxproj index 44b1932b442..be3afcf4d8d 100644 --- a/FreeRTOS-Plus/Demo/coreSNTP_Windows_Simulator/coreSNTP_Demo.vcxproj +++ b/FreeRTOS-Plus/Demo/coreSNTP_Windows_Simulator/coreSNTP_Demo.vcxproj @@ -39,7 +39,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_bio_tcp_sockets_wrapper.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_bio_tcp_sockets_wrapper.c index f3f577b2165..f246465502c 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_bio_tcp_sockets_wrapper.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_bio_tcp_sockets_wrapper.c @@ -35,6 +35,7 @@ #else #include MBEDTLS_CONFIG_FILE #endif + #include "threading_alt.h" #include "mbedtls/entropy.h" #include "mbedtls/ssl.h" diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c index 373a831c5ee..d7fae482ebc 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c @@ -40,7 +40,22 @@ #include /* Mbedtls Includes */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS + #define MBEDTLS_ALLOW_PRIVATE_ACCESS +#endif /* MBEDTLS_ALLOW_PRIVATE_ACCESS */ + +/* MBedTLS Includes */ +#if !defined( MBEDTLS_CONFIG_FILE ) + #include "mbedtls/mbedtls_config.h" +#else + #include MBEDTLS_CONFIG_FILE +#endif + +#ifdef MBEDTLS_PSA_CRYPTO_C + /* MbedTLS PSA Includes */ + #include "psa/crypto.h" + #include "psa/crypto_values.h" +#endif /* MBEDTLS_PSA_CRYPTO_C */ #include "mbedtls/pk.h" #include "mbedtls/asn1.h" @@ -53,6 +68,9 @@ #include "core_pkcs11_config.h" #include "core_pkcs11.h" +/* PKCS11 Includes */ +#include "pkcs11t.h" + /*-----------------------------------------------------------*/ typedef struct P11PkCtx @@ -92,7 +110,7 @@ static void * p11_ecdsa_ctx_alloc( void ); * @param xPkHandle The CK_OBJECT_HANDLE for the target private key. * @return CKR_OK on success */ -static CK_RV p11_ecdsa_ctx_init( void * pvCtx, +static CK_RV p11_ecdsa_ctx_init( mbedtls_pk_context * pxMbedtlsPkCtx, CK_FUNCTION_LIST_PTR pxFunctionList, CK_SESSION_HANDLE xSessionHandle, CK_OBJECT_HANDLE xPkHandle ); @@ -119,7 +137,7 @@ static void p11_ecdsa_ctx_free( void * pvCtx ); * @return 0 on success * @return A negative number on failure */ -static int p11_ecdsa_sign( void * pvCtx, +static int p11_ecdsa_sign( mbedtls_pk_context * pk, mbedtls_md_type_t xMdAlg, const unsigned char * pucHash, size_t xHashLen, @@ -135,7 +153,7 @@ static int p11_ecdsa_sign( void * pvCtx, * @param pvCtx Void pointer to the relevant P11EcDsaCtx_t. * @return size_t Bit length of the key. */ -static size_t p11_ecdsa_get_bitlen( const void * pvCtx ); +static size_t p11_ecdsa_get_bitlen( const mbedtls_pk_context * pxMbedtlsPkCtx ); /** * @brief Returns true if the pk context can perform the given pk operation. @@ -148,7 +166,7 @@ static int p11_ecdsa_can_do( mbedtls_pk_type_t xType ); /** * @brief Perform an ECDSA verify operation with the given pk context. * - * Validates that the signature given in the pucSig and xSigLen arguments + * @note Validates that the signature given in the pucSig and xSigLen arguments * matches the hash given in pucHash and xSigLen for the P11EcDsaCtx_t * specified in pvCtx. * @@ -160,7 +178,7 @@ static int p11_ecdsa_can_do( mbedtls_pk_type_t xType ); * @param xSigLen Length of the signature given in pucSig * @return 0 on success */ -static int p11_ecdsa_verify( void * pvCtx, +static int p11_ecdsa_verify( mbedtls_pk_context * pxMbedtlsPkCtx, mbedtls_md_type_t xMdAlg, const unsigned char * pucHash, size_t xHashLen, @@ -168,11 +186,11 @@ static int p11_ecdsa_verify( void * pvCtx, size_t xSigLen ); static int p11_ecdsa_check_pair( const void * pvPub, - const void * pvPrv, + const mbedtls_pk_context * pxMbedtlsPkCtx, int ( * lFRng )( void *, unsigned char *, size_t ), void * pvPRng ); -static void p11_ecdsa_debug( const void * pvCtx, +static void p11_ecdsa_debug( const mbedtls_pk_context * pxMbedtlsPkCtx, mbedtls_pk_debug_item * pxItems ); static int prvEcdsaSigToASN1InPlace( unsigned char * pucSig, @@ -213,18 +231,18 @@ mbedtls_pk_info_t mbedtls_pkcs11_pk_ecdsa = /*-----------------------------------------------------------*/ -static size_t p11_rsa_get_bitlen( const void * pvCtx ); +static size_t p11_rsa_get_bitlen( const mbedtls_pk_context * ctx ); static int p11_rsa_can_do( mbedtls_pk_type_t xType ); -static int p11_rsa_verify( void * pvCtx, +static int p11_rsa_verify( mbedtls_pk_context * pxMbedtlsPkCtx, mbedtls_md_type_t xMdAlg, const unsigned char * pucHash, size_t xHashLen, const unsigned char * pucSig, size_t xSigLen ); -static int p11_rsa_sign( void * ctx, +static int p11_rsa_sign( mbedtls_pk_context * pk, mbedtls_md_type_t md_alg, const unsigned char * hash, size_t hash_len, @@ -235,20 +253,20 @@ static int p11_rsa_sign( void * ctx, void * p_rng ); static int p11_rsa_check_pair( const void * pvPub, - const void * pvPrv, + const mbedtls_pk_context * pxMbedtlsPkCtx, int ( * lFRng )( void *, unsigned char *, size_t ), void * pvPRng ); static void * p11_rsa_ctx_alloc( void ); -static CK_RV p11_rsa_ctx_init( void * pvCtx, +static CK_RV p11_rsa_ctx_init( mbedtls_pk_context * pk, CK_FUNCTION_LIST_PTR pxFunctionList, CK_SESSION_HANDLE xSessionHandle, CK_OBJECT_HANDLE xPkHandle ); static void p11_rsa_ctx_free( void * pvCtx ); -static void p11_rsa_debug( const void * pvCtx, +static void p11_rsa_debug( const mbedtls_pk_context * pxMbedtlsPkCtx, mbedtls_pk_debug_item * pxItems ); /*-----------------------------------------------------------*/ @@ -422,13 +440,13 @@ static void p11_ecdsa_ctx_free( void * pvCtx ) /*-----------------------------------------------------------*/ -static CK_RV p11_ecdsa_ctx_init( void * pvCtx, +static CK_RV p11_ecdsa_ctx_init( mbedtls_pk_context * pk, CK_FUNCTION_LIST_PTR pxFunctionList, CK_SESSION_HANDLE xSessionHandle, CK_OBJECT_HANDLE xPkHandle ) { CK_RV xResult = CKR_OK; - P11EcDsaCtx_t * pxP11EcDsaCtx = ( P11EcDsaCtx_t * ) pvCtx; + P11EcDsaCtx_t * pxP11EcDsaCtx = ( P11EcDsaCtx_t * ) pk; mbedtls_ecdsa_context * pxMbedEcDsaCtx = NULL; configASSERT( pxFunctionList != NULL ); @@ -441,95 +459,98 @@ static CK_RV p11_ecdsa_ctx_init( void * pvCtx, } else { + LogError( ( "Received a NULL mbedtls_pk_context" ) ); xResult = CKR_FUNCTION_FAILED; } - /* Initialize public EC parameter data from attributes */ - - CK_ATTRIBUTE pxAttrs[ 2 ] = - { - { .type = CKA_EC_PARAMS, .ulValueLen = 0, .pValue = NULL }, - { .type = CKA_EC_POINT, .ulValueLen = 0, .pValue = NULL } - }; - - /* Determine necessary size */ - xResult = pxFunctionList->C_GetAttributeValue( xSessionHandle, - xPkHandle, - pxAttrs, - sizeof( pxAttrs ) / sizeof( CK_ATTRIBUTE ) ); - if( xResult == CKR_OK ) { - if( pxAttrs[ 0 ].ulValueLen > 0 ) + /* Initialize public EC parameter data from attributes */ + CK_ATTRIBUTE pxAttrs[ 2 ] = { - pxAttrs[ 0 ].pValue = pvPortMalloc( pxAttrs[ 0 ].ulValueLen ); - } - - if( pxAttrs[ 1 ].ulValueLen > 0 ) - { - pxAttrs[ 1 ].pValue = pvPortMalloc( pxAttrs[ 1 ].ulValueLen ); - } + { .type = CKA_EC_PARAMS, .ulValueLen = 0, .pValue = NULL }, + { .type = CKA_EC_POINT, .ulValueLen = 0, .pValue = NULL } + }; + /* Determine necessary size */ xResult = pxFunctionList->C_GetAttributeValue( xSessionHandle, xPkHandle, pxAttrs, - 2 ); - } + sizeof( pxAttrs ) / sizeof( CK_ATTRIBUTE ) ); - /* Parse EC Group */ - if( xResult == CKR_OK ) - { - /*TODO: Parse the ECParameters object */ - int lResult = mbedtls_ecp_group_load( &( pxMbedEcDsaCtx->grp ), MBEDTLS_ECP_DP_SECP256R1 ); - - if( lResult != 0 ) + if( xResult == CKR_OK ) { - xResult = CKR_FUNCTION_FAILED; + if( pxAttrs[ 0 ].ulValueLen > 0 ) + { + pxAttrs[ 0 ].pValue = pvPortMalloc( pxAttrs[ 0 ].ulValueLen ); + } + + if( pxAttrs[ 1 ].ulValueLen > 0 ) + { + pxAttrs[ 1 ].pValue = pvPortMalloc( pxAttrs[ 1 ].ulValueLen ); + } + + xResult = pxFunctionList->C_GetAttributeValue( xSessionHandle, + xPkHandle, + pxAttrs, + 2 ); } - } - /* Parse ECPoint */ - if( xResult == CKR_OK ) - { - unsigned char * pucIterator = pxAttrs[ 1 ].pValue; - size_t uxLen = pxAttrs[ 1 ].ulValueLen; - int lResult = 0; + /* Parse EC Group */ + if( xResult == CKR_OK ) + { + /*TODO: Parse the ECParameters object */ + int lResult = mbedtls_ecp_group_load( &( pxMbedEcDsaCtx->grp ), MBEDTLS_ECP_DP_SECP256R1 ); - lResult = mbedtls_asn1_get_tag( &pucIterator, &( pucIterator[ uxLen ] ), &uxLen, MBEDTLS_ASN1_OCTET_STRING ); + if( lResult != 0 ) + { + xResult = CKR_FUNCTION_FAILED; + } + } - if( lResult != 0 ) + /* Parse ECPoint */ + if( xResult == CKR_OK ) { - xResult = CKR_GENERAL_ERROR; + unsigned char * pucIterator = pxAttrs[ 1 ].pValue; + size_t uxLen = pxAttrs[ 1 ].ulValueLen; + int lResult = 0; + + lResult = mbedtls_asn1_get_tag( &pucIterator, &( pucIterator[ uxLen ] ), &uxLen, MBEDTLS_ASN1_OCTET_STRING ); + + if( lResult != 0 ) + { + xResult = CKR_GENERAL_ERROR; + } + else + { + lResult = mbedtls_ecp_point_read_binary( &( pxMbedEcDsaCtx->grp ), + &( pxMbedEcDsaCtx->Q ), + pucIterator, + uxLen ); + } + + if( lResult != 0 ) + { + xResult = CKR_GENERAL_ERROR; + } } - else + + if( pxAttrs[ 0 ].pValue != NULL ) { - lResult = mbedtls_ecp_point_read_binary( &( pxMbedEcDsaCtx->grp ), - &( pxMbedEcDsaCtx->Q ), - pucIterator, - uxLen ); + vPortFree( pxAttrs[ 0 ].pValue ); } - if( lResult != 0 ) + if( pxAttrs[ 1 ].pValue != NULL ) { - xResult = CKR_GENERAL_ERROR; + vPortFree( pxAttrs[ 1 ].pValue ); } - } - - if( pxAttrs[ 0 ].pValue != NULL ) - { - vPortFree( pxAttrs[ 0 ].pValue ); - } - if( pxAttrs[ 1 ].pValue != NULL ) - { - vPortFree( pxAttrs[ 1 ].pValue ); - } - - if( xResult == CKR_OK ) - { - pxP11EcDsaCtx->xP11PkCtx.pxFunctionList = pxFunctionList; - pxP11EcDsaCtx->xP11PkCtx.xSessionHandle = xSessionHandle; - pxP11EcDsaCtx->xP11PkCtx.xPkHandle = xPkHandle; + if( xResult == CKR_OK ) + { + pxP11EcDsaCtx->xP11PkCtx.pxFunctionList = pxFunctionList; + pxP11EcDsaCtx->xP11PkCtx.xSessionHandle = xSessionHandle; + pxP11EcDsaCtx->xP11PkCtx.xPkHandle = xPkHandle; + } } return xResult; @@ -656,7 +677,7 @@ static int prvEcdsaSigToASN1InPlace( unsigned char * pucSig, /*-----------------------------------------------------------*/ -static int p11_ecdsa_sign( void * pvCtx, +static int p11_ecdsa_sign( mbedtls_pk_context * pk, mbedtls_md_type_t xMdAlg, const unsigned char * pucHash, size_t xHashLen, @@ -668,7 +689,7 @@ static int p11_ecdsa_sign( void * pvCtx, { CK_RV xResult = CKR_OK; int32_t lFinalResult = 0; - const P11EcDsaCtx_t * pxEcDsaCtx = NULL; + const P11EcDsaCtx_t * pxEcDsaCtx = ( P11EcDsaCtx_t * ) pk->pk_ctx; const P11PkCtx_t * pxP11Ctx = NULL; unsigned char pucHashCopy[ MBEDTLS_MD_MAX_SIZE ]; @@ -690,9 +711,8 @@ static int p11_ecdsa_sign( void * pvCtx, configASSERT( pucHash != NULL ); configASSERT( xHashLen > 0 ); - if( pvCtx != NULL ) + if( pxEcDsaCtx != NULL ) { - pxEcDsaCtx = ( P11EcDsaCtx_t * ) pvCtx; pxP11Ctx = &( pxEcDsaCtx->xP11PkCtx ); } else @@ -739,13 +759,11 @@ static int p11_ecdsa_sign( void * pvCtx, /*-----------------------------------------------------------*/ -static size_t p11_ecdsa_get_bitlen( const void * pvCtx ) +static size_t p11_ecdsa_get_bitlen( const mbedtls_pk_context * pxMbedtlsPkCtx ) { - P11EcDsaCtx_t * pxEcDsaCtx = ( P11EcDsaCtx_t * ) pvCtx; - configASSERT( mbedtls_ecdsa_info.get_bitlen ); - return mbedtls_ecdsa_info.get_bitlen( &( pxEcDsaCtx->xMbedEcDsaCtx ) ); + return mbedtls_ecdsa_info.get_bitlen( ( mbedtls_pk_context * ) pxMbedtlsPkCtx ); } /*-----------------------------------------------------------*/ @@ -757,18 +775,16 @@ static int p11_ecdsa_can_do( mbedtls_pk_type_t xType ) /*-----------------------------------------------------------*/ -static int p11_ecdsa_verify( void * pvCtx, +static int p11_ecdsa_verify( mbedtls_pk_context * pxMbedtlsPkCtx, mbedtls_md_type_t xMdAlg, const unsigned char * pucHash, size_t xHashLen, const unsigned char * pucSig, size_t xSigLen ) { - P11EcDsaCtx_t * pxEcDsaCtx = ( P11EcDsaCtx_t * ) pvCtx; - configASSERT( mbedtls_ecdsa_info.verify_func ); - return mbedtls_ecdsa_info.verify_func( &( pxEcDsaCtx->xMbedEcDsaCtx ), + return mbedtls_ecdsa_info.verify_func( pxMbedtlsPkCtx, xMdAlg, pucHash, xHashLen, pucSig, xSigLen ); @@ -777,14 +793,15 @@ static int p11_ecdsa_verify( void * pvCtx, /*-----------------------------------------------------------*/ static int p11_ecdsa_check_pair( const void * pvPub, - const void * pvPrv, + const mbedtls_pk_context * pxMbedtlsPkCtx, int ( * lFRng )( void *, unsigned char *, size_t ), void * pvPRng ) { + P11EcDsaCtx_t * pxP11PrvKey = ( P11EcDsaCtx_t * ) pxMbedtlsPkCtx->pk_ctx; + mbedtls_ecp_keypair * pxPubKey = ( mbedtls_ecp_keypair * ) pvPub; - mbedtls_ecp_keypair * pxPrvKey = ( mbedtls_ecp_keypair * ) pvPrv; + mbedtls_ecp_keypair * pxPrvKey = &( pxP11PrvKey->xMbedEcDsaCtx ); - P11EcDsaCtx_t * pxP11PrvKey = ( P11EcDsaCtx_t * ) pvPrv; int lResult = 0; ( void ) lFRng; @@ -832,7 +849,7 @@ static int p11_ecdsa_check_pair( const void * pvPub, }; unsigned char pucTestSignature[ MBEDTLS_ECDSA_MAX_SIG_LEN( 256 ) ] = { 0 }; size_t uxSigLen = 0; - lResult = p11_ecdsa_sign( ( void * ) ( void * ) pvPrv, MBEDTLS_MD_SHA256, + lResult = p11_ecdsa_sign( pxMbedtlsPkCtx, MBEDTLS_MD_SHA256, pucTestHash, sizeof( pucTestHash ), pucTestSignature, sizeof( pucTestSignature ), &uxSigLen, NULL, NULL ); @@ -850,48 +867,44 @@ static int p11_ecdsa_check_pair( const void * pvPub, /*-----------------------------------------------------------*/ -static void p11_ecdsa_debug( const void * pvCtx, +static void p11_ecdsa_debug( const mbedtls_pk_context * pxMbedtlsPkCtx, mbedtls_pk_debug_item * pxItems ) { - P11EcDsaCtx_t * pxEcDsaCtx = ( P11EcDsaCtx_t * ) pvCtx; - configASSERT( mbedtls_ecdsa_info.debug_func ); - mbedtls_ecdsa_info.debug_func( &( pxEcDsaCtx->xMbedEcDsaCtx ), pxItems ); + mbedtls_ecdsa_info.debug_func( ( mbedtls_pk_context * ) pxMbedtlsPkCtx, pxItems ); } /*-----------------------------------------------------------*/ -static size_t p11_rsa_get_bitlen( const void * pvCtx ) +static size_t p11_rsa_get_bitlen( const mbedtls_pk_context * pxMbedtlsPkCtx ) { - P11RsaCtx_t * pxRsaCtx = ( P11RsaCtx_t * ) pvCtx; + mbedtls_rsa_context * pxRsaCtx = ( mbedtls_rsa_context * ) pxMbedtlsPkCtx->pk_ctx; configASSERT( mbedtls_rsa_info.get_bitlen ); - return mbedtls_rsa_info.get_bitlen( &( pxRsaCtx->xMbedRsaCtx ) ); + return mbedtls_rsa_info.get_bitlen( pxMbedtlsPkCtx ); } /*-----------------------------------------------------------*/ static int p11_rsa_can_do( mbedtls_pk_type_t xType ) { - return( xType == MBEDTLS_PK_RSA ); + return( ( xType == MBEDTLS_PK_RSA ) || ( xType == MBEDTLS_PK_RSASSA_PSS ) ); } /*-----------------------------------------------------------*/ -static int p11_rsa_verify( void * pvCtx, +static int p11_rsa_verify( mbedtls_pk_context * pxMbedtlsPkCtx, mbedtls_md_type_t xMdAlg, const unsigned char * pucHash, size_t xHashLen, const unsigned char * pucSig, size_t xSigLen ) { - P11RsaCtx_t * pxRsaCtx = ( P11RsaCtx_t * ) pvCtx; - configASSERT( mbedtls_rsa_info.verify_func ); - return mbedtls_rsa_info.verify_func( &( pxRsaCtx->xMbedRsaCtx ), + return mbedtls_rsa_info.verify_func( pxMbedtlsPkCtx, xMdAlg, pucHash, xHashLen, pucSig, xSigLen ); @@ -899,7 +912,7 @@ static int p11_rsa_verify( void * pvCtx, /*-----------------------------------------------------------*/ -static int p11_rsa_sign( void * pvCtx, +static int p11_rsa_sign( mbedtls_pk_context * pk, mbedtls_md_type_t xMdAlg, const unsigned char * pucHash, size_t xHashLen, @@ -942,9 +955,9 @@ static int p11_rsa_sign( void * pvCtx, { xResult = CKR_ARGUMENTS_BAD; } - else if( pvCtx != NULL ) + else if( pk != NULL ) { - pxP11RsaCtx = ( P11RsaCtx_t * ) pvCtx; + pxP11RsaCtx = ( P11RsaCtx_t * ) pk->pk_ctx; pxP11Ctx = &( pxP11RsaCtx->xP11PkCtx ); } else @@ -990,16 +1003,16 @@ static int p11_rsa_sign( void * pvCtx, /*-----------------------------------------------------------*/ static int p11_rsa_check_pair( const void * pvPub, - const void * pvPrv, + const mbedtls_pk_context * pxMbedtlsPkCtx, int ( * lFRng )( void *, unsigned char *, size_t ), void * pvPRng ) { - P11RsaCtx_t * pxP11RsaCtx = ( P11RsaCtx_t * ) pvPrv; - configASSERT( mbedtls_rsa_info.check_pair_func ); - return mbedtls_rsa_info.check_pair_func( pvPub, &( pxP11RsaCtx->xMbedRsaCtx ), - lFRng, pvPRng ); + return mbedtls_rsa_info.check_pair_func( pvPub, + pxMbedtlsPkCtx, + lFRng, + pvPRng ); } /*-----------------------------------------------------------*/ @@ -1012,14 +1025,14 @@ static void * p11_rsa_ctx_alloc( void ) if( pvCtx != NULL ) { - P11RsaCtx_t * pxP11Rsa = ( P11RsaCtx_t * ) pvCtx; + P11RsaCtx_t * pxRsaCtx = ( P11RsaCtx_t * ) pvCtx; /* Initialize other fields */ - pxP11Rsa->xP11PkCtx.pxFunctionList = NULL; - pxP11Rsa->xP11PkCtx.xSessionHandle = CK_INVALID_HANDLE; - pxP11Rsa->xP11PkCtx.xPkHandle = CK_INVALID_HANDLE; + pxRsaCtx->xP11PkCtx.pxFunctionList = NULL; + pxRsaCtx->xP11PkCtx.xSessionHandle = CK_INVALID_HANDLE; + pxRsaCtx->xP11PkCtx.xPkHandle = CK_INVALID_HANDLE; - mbedtls_rsa_init( &( pxP11Rsa->xMbedRsaCtx ) ); + mbedtls_rsa_init( &( pxRsaCtx->xMbedRsaCtx ) ); } return pvCtx; @@ -1027,13 +1040,13 @@ static void * p11_rsa_ctx_alloc( void ) /*-----------------------------------------------------------*/ -static CK_RV p11_rsa_ctx_init( void * pvCtx, +static CK_RV p11_rsa_ctx_init( mbedtls_pk_context * pk, CK_FUNCTION_LIST_PTR pxFunctionList, CK_SESSION_HANDLE xSessionHandle, CK_OBJECT_HANDLE xPkHandle ) { CK_RV xResult = CKR_OK; - P11RsaCtx_t * pxP11RsaCtx = ( P11RsaCtx_t * ) pvCtx; + P11RsaCtx_t * pxP11RsaCtx = ( P11RsaCtx_t * ) pk; mbedtls_rsa_context * pxMbedRsaCtx = NULL; configASSERT( pxFunctionList != NULL ); @@ -1094,14 +1107,12 @@ static void p11_rsa_ctx_free( void * pvCtx ) /*-----------------------------------------------------------*/ -static void p11_rsa_debug( const void * pvCtx, +static void p11_rsa_debug( const mbedtls_pk_context * pxMbedtlsPkCtx, mbedtls_pk_debug_item * pxItems ) { - P11RsaCtx_t * pxP11RsaCtx = ( P11RsaCtx_t * ) pvCtx; - configASSERT( mbedtls_rsa_info.debug_func ); - mbedtls_rsa_info.debug_func( &( pxP11RsaCtx->xMbedRsaCtx ), pxItems ); + mbedtls_rsa_info.debug_func( pxMbedtlsPkCtx, pxItems ); } /*-----------------------------------------------------------*/ diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c index 04e877f73db..5dbb1beac71 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c @@ -26,8 +26,13 @@ #include "logging_levels.h" -#define LIBRARY_LOG_NAME "MbedTLSRNGP11" -#define LIBRARY_LOG_LEVEL LOG_ERROR +#ifndef LIBRARY_LOG_NAME + #define LIBRARY_LOG_NAME "MbedTLSRNGP11" +#endif /* LIBRARY_LOG_NAME */ + +#ifndef LIBRARY_LOG_LEVEL + #define LIBRARY_LOG_LEVEL LOG_ERROR +#endif /* LIBRARY_LOG_LEVEL */ #include "logging_stack.h" diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls.c index 0b8008e34c8..a0798e9e444 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls.c @@ -25,15 +25,20 @@ */ /** - * @file tls_freertos.c + * @file transport_mbedtls.c * @brief TLS transport interface implementations. This implementation uses * mbedTLS. */ #include "logging_levels.h" -#define LIBRARY_LOG_NAME "MbedtlsTransport" -#define LIBRARY_LOG_LEVEL LOG_INFO +#ifndef LIBRARY_LOG_NAME + #define LIBRARY_LOG_NAME "MbedtlsTransport" +#endif /* LIBRARY_LOG_NAME */ + +#ifndef LIBRARY_LOG_LEVEL + #define LIBRARY_LOG_LEVEL LOG_INFO +#endif /* LIBRARY_LOG_LEVEL*/ #include "logging_stack.h" @@ -43,7 +48,24 @@ /* FreeRTOS includes. */ #include "FreeRTOS.h" -/* MbedTLS Bio TCP sockets wrapper include. */ +/* MBedTLS Includes */ +#if !defined( MBEDTLS_CONFIG_FILE ) + #include "mbedtls/mbedtls_config.h" +#else + #include MBEDTLS_CONFIG_FILE +#endif + +#ifdef MBEDTLS_PSA_CRYPTO_C + /* MbedTLS PSA Includes */ + #include "psa/crypto.h" + #include "psa/crypto_values.h" +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +#ifdef MBEDTLS_DEBUG_C + #include "mbedtls/debug.h" +#endif /* MBEDTLS_DEBUG_C */ + +/* MBedTLS Bio TCP sockets wrapper include. */ #include "mbedtls_bio_tcp_sockets_wrapper.h" /* TLS transport header. */ @@ -219,6 +241,22 @@ static TlsTransportStatus_t initMbedtls( mbedtls_entropy_context * pEntropyConte /*-----------------------------------------------------------*/ +#ifdef MBEDTLS_DEBUG_C + void mbedtls_string_printf( void * sslContext, + int level, + const char * file, + int line, + const char * str ) + { + if( ( str != NULL ) && ( file != NULL ) ) + { + LogDebug( ( "%s:%d: [%d] %s", file, line, level, str ) ); + } + } +#endif /* MBEDTLS_DEBUG_C */ + +/*-----------------------------------------------------------*/ + static void sslContextInit( SSLContext_t * pSslContext ) { configASSERT( pSslContext != NULL ); @@ -228,6 +266,12 @@ static void sslContextInit( SSLContext_t * pSslContext ) mbedtls_pk_init( &( pSslContext->privKey ) ); mbedtls_x509_crt_init( &( pSslContext->clientCert ) ); mbedtls_ssl_init( &( pSslContext->context ) ); + #ifdef MBEDTLS_DEBUG_C + mbedtls_debug_set_threshold( LIBRARY_LOG_LEVEL + 1U ); + mbedtls_ssl_conf_dbg( &( pSslContext->config ), + mbedtls_string_printf, + NULL ); + #endif /* MBEDTLS_DEBUG_C */ } /*-----------------------------------------------------------*/ @@ -597,6 +641,19 @@ static TlsTransportStatus_t initMbedtls( mbedtls_entropy_context * pEntropyConte returnStatus = TLS_TRANSPORT_INTERNAL_ERROR; } + #ifdef MBEDTLS_PSA_CRYPTO_C + if( returnStatus == TLS_TRANSPORT_SUCCESS ) + { + mbedtlsError = psa_crypto_init(); + + if( mbedtlsError != PSA_SUCCESS ) + { + LogError( ( "Failed to initialize PSA Crypto implementation: %s", ( int ) mbedtlsError ) ); + returnStatus = TLS_TRANSPORT_INTERNAL_ERROR; + } + } + #endif /* MBEDTLS_PSA_CRYPTO_C */ + if( returnStatus == TLS_TRANSPORT_SUCCESS ) { /* Seed the random number generator. */ @@ -809,8 +866,14 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) || + ( tlsStatus == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) ) { + if( tlsStatus == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) + { + LogDebug( ( "Received a MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return code from mbedtls_ssl_read." ) ); + } + LogDebug( ( "Failed to read data. However, a read can be retried on this error. " "mbedTLSError= %s : %s.", mbedtlsHighLevelCodeOrDefault( tlsStatus ), @@ -868,8 +931,14 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) || + ( tlsStatus == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) ) { + if( tlsStatus == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) + { + LogDebug( ( "Received a MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return code from mbedtls_ssl_write." ) ); + } + LogDebug( ( "Failed to send data. However, send can be retried on this error. " "mbedTLSError= %s : %s.", mbedtlsHighLevelCodeOrDefault( tlsStatus ), diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls.h b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls.h index 99e1b66e359..f2f1931709a 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls.h +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls.h @@ -32,6 +32,22 @@ #ifndef USING_MBEDTLS #define USING_MBEDTLS +/* MBed TLS includes. */ +#if !defined( MBEDTLS_CONFIG_FILE ) + #include "mbedtls/mbedtls_config.h" +#else + #include MBEDTLS_CONFIG_FILE +#endif + +#include "mbedtls/build_info.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ssl.h" +#include "mbedtls/threading.h" +#include "mbedtls/x509.h" +#include "mbedtls/error.h" + + /**************************************************/ /******* DO NOT CHANGE the following order ********/ /**************************************************/ @@ -53,9 +69,10 @@ #define LIBRARY_LOG_LEVEL LOG_ERROR #endif -/* Prototype for the function used to print to console on Windows simulator - * of FreeRTOS. - * The function prints to the console before the network is connected; +/** @brief Prototype for the function used to print to console on Windows + * simulator of FreeRTOS. + * + * @note The function prints to the console before the network is connected; * then a UDP port after the network has connected. */ extern void vLoggingPrintf( const char * pcFormatString, ... ); @@ -76,15 +93,6 @@ extern void vLoggingPrintf( const char * pcFormatString, /* Transport interface include. */ #include "transport_interface.h" -/* mbed TLS includes. */ -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ssl.h" -#include "mbedtls/threading.h" -#include "mbedtls/x509.h" -#include "mbedtls/error.h" -#include "mbedtls/build_info.h" - /** * @brief Secured connection context. */ @@ -183,7 +191,7 @@ void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext ); /** * @brief Receives data from an established TLS connection. * - * This is the TLS version of the transport interface's + * @note This is the TLS version of the transport interface's * #TransportRecv_t function. * * @param[in] pNetworkContext The Network context. @@ -201,7 +209,7 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, /** * @brief Sends data over an established TLS connection. * - * This is the TLS version of the transport interface's + * @note This is the TLS version of the transport interface's * #TransportSend_t function. * * @param[in] pNetworkContext The network context. @@ -216,4 +224,25 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, const void * pBuffer, size_t bytesToSend ); + +#ifdef MBEDTLS_DEBUG_C + +/** + * @brief Write an MBedTLS Debug message to the LogDebug() function + * + * @param[in] sslContext Pointer of the SSL Context that is being used + * @param[in] level The severity level of the debug message from MBedTLS + * @param[in] file Name of the file that the debug message is from + * @param[in] line The line number that the debug message is from + * @param[in] str The full string debug message from MBedTLS + * + * @return void + */ + void mbedtls_string_printf( void * sslContext, + int level, + const char * file, + int line, + const char * str ); +#endif /* MBEDTLS_DEBUG_C */ + #endif /* ifndef USING_MBEDTLS */ diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c index 01342eb0cde..8056e95fa70 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c @@ -30,19 +30,38 @@ * mbedTLS. */ +/* Standard includes. */ +#include + #include "logging_levels.h" -#define LIBRARY_LOG_NAME "PkcsTlsTransport" -#define LIBRARY_LOG_LEVEL LOG_INFO +#define LIBRARY_LOG_NAME "PkcsTlsTransport" + +#ifndef LIBRARY_LOG_LEVEL + #define LIBRARY_LOG_LEVEL LOG_INFO +#endif /* LIBRARY_LOG_LEVEL */ #include "logging_stack.h" -#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS + #define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "mbedtls/private_access.h" +#endif /* MBEDTLS_ALLOW_PRIVATE_ACCESS */ -#include "mbedtls/private_access.h" +/* MBedTLS Includes */ +#if !defined( MBEDTLS_CONFIG_FILE ) + #include "mbedtls/mbedtls_config.h" +#else + #include MBEDTLS_CONFIG_FILE +#endif -/* Standard includes. */ -#include +#ifdef MBEDTLS_PSA_CRYPTO_C + /* MbedTLS PSA Includes */ + #include "psa/crypto.h" + #include "psa/crypto_values.h" +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +#include "mbedtls/debug.h" /* FreeRTOS includes. */ #include "FreeRTOS.h" @@ -205,6 +224,22 @@ static int32_t privateKeySigningCallback( void * pvContext, void * pvRng ); +/*-----------------------------------------------------------*/ + +#ifdef MBEDTLS_DEBUG_C + void mbedtls_string_printf( void * sslContext, + int level, + const char * file, + int line, + const char * str ) + { + if( ( str != NULL ) && ( file != NULL ) ) + { + LogDebug( ( "%s:%d: [%d] %s", file, line, level, str ) ); + } + } +#endif /* MBEDTLS_DEBUG_C */ + /*-----------------------------------------------------------*/ static void sslContextInit( SSLContext_t * pSslContext ) @@ -215,6 +250,12 @@ static void sslContextInit( SSLContext_t * pSslContext ) mbedtls_x509_crt_init( &( pSslContext->rootCa ) ); mbedtls_x509_crt_init( &( pSslContext->clientCert ) ); mbedtls_ssl_init( &( pSslContext->context ) ); + #ifdef MBEDTLS_DEBUG_C + mbedtls_debug_set_threshold( LIBRARY_LOG_LEVEL + 1U ); + mbedtls_ssl_conf_dbg( &( pSslContext->config ), + mbedtls_string_printf, + NULL ); + #endif /* MBEDTLS_DEBUG_C */ xInitializePkcs11Session( &( pSslContext->xP11Session ) ); C_GetFunctionList( &( pSslContext->pxP11FunctionList ) ); @@ -274,6 +315,20 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext, returnStatus = TLS_TRANSPORT_INSUFFICIENT_MEMORY; } + #ifdef MBEDTLS_PSA_CRYPTO_C + mbedtlsError = psa_crypto_init(); + + if( mbedtlsError != PSA_SUCCESS ) + { + LogError( ( "Failed to initialize PSA Crypto implementation: %s", ( int ) mbedtlsError ) ); + returnStatus = TLS_TRANSPORT_INVALID_PARAMETER; + } + else + { + LogDebug( ( "Initialized the PSA Crypto Engine" ) ); + } + #endif /* MBEDTLS_PSA_CRYPTO_C */ + if( returnStatus == TLS_TRANSPORT_SUCCESS ) { /* Set up the certificate security profile, starting from the default value. */ @@ -448,15 +503,23 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext, { mbedtlsError = mbedtls_ssl_handshake( &( pTlsTransportParams->sslContext.context ) ); } while( ( mbedtlsError == MBEDTLS_ERR_SSL_WANT_READ ) || - ( mbedtlsError == MBEDTLS_ERR_SSL_WANT_WRITE ) ); + ( mbedtlsError == MBEDTLS_ERR_SSL_WANT_WRITE ) || + ( mbedtlsError == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) ); if( mbedtlsError != 0 ) { - LogError( ( "Failed to perform TLS handshake: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( mbedtlsError ), - mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); + if( mbedtlsError == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) + { + LogDebug( ( "Received a MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return code from mbedtls_ssl_handshake." ) ); + } + else + { + LogError( ( "Failed to perform TLS handshake: mbedTLSError= %s : %s.", + mbedtlsHighLevelCodeOrDefault( mbedtlsError ), + mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); - returnStatus = TLS_TRANSPORT_HANDSHAKE_FAILED; + returnStatus = TLS_TRANSPORT_HANDSHAKE_FAILED; + } } } @@ -633,7 +696,7 @@ static CK_RV initializeClientKeys( SSLContext_t * pxCtx, if( ( CKR_OK == xResult ) && ( pxCtx->xP11PrivateKey == CK_INVALID_HANDLE ) ) { xResult = CK_INVALID_HANDLE; - LogError( ( "Could not find private key." ) ); + LogError( ( "Could not find private key: %s", pcLabelName ) ); } if( xResult == CKR_OK ) @@ -808,8 +871,14 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) || + ( tlsStatus == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) ) { + if( tlsStatus == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) + { + LogDebug( ( "Received a MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return code from mbedtls_ssl_read." ) ); + } + LogDebug( ( "Failed to read data. However, a read can be retried on this error. " "mbedTLSError= %s : %s.", mbedtlsHighLevelCodeOrDefault( tlsStatus ), @@ -867,8 +936,14 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) + ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) || + ( tlsStatus == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) ) { + if( tlsStatus == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET ) + { + LogDebug( ( "Received a MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return code from mbedtls_ssl_write." ) ); + } + LogDebug( ( "Failed to send data. However, send can be retried on this error. " "mbedTLSError= %s : %s.", mbedtlsHighLevelCodeOrDefault( tlsStatus ), diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.h b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.h index 27d1b094829..1c4fe54d2e4 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.h +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.h @@ -37,6 +37,12 @@ #define MBEDTLS_ALLOW_PRIVATE_ACCESS +#if !defined( MBEDTLS_CONFIG_FILE ) + #include "mbedtls/mbedtls_config.h" +#else + #include MBEDTLS_CONFIG_FILE +#endif + #include "mbedtls/private_access.h" /* TCP Sockets Wrapper include.*/ @@ -46,6 +52,7 @@ #include "transport_interface.h" /* mbed TLS includes. */ +#include "mbedtls/build_info.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/entropy.h" #include "mbedtls/ssl.h" @@ -181,7 +188,7 @@ int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, /** * @brief Sends data over an established TLS connection. * - * This is the TLS version of the transport interface's + * @note This is the TLS version of the transport interface's * #TransportSend_t function. * * @param[in] pNetworkContext The network context. @@ -196,4 +203,25 @@ int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, const void * pBuffer, size_t bytesToSend ); + +#ifdef MBEDTLS_DEBUG_C + +/** + * @brief Write an MBedTLS Debug message to the LogDebug() function + * + * @param[in] sslContext Pointer of the SSL Context that is being used + * @param[in] level The severity level of the debug message from MBedTLS + * @param[in] file Name of the file that the debug message is from + * @param[in] line The line number that the debug message is from + * @param[in] str The full string debug message from MBedTLS + * + * @return void + */ + void mbedtls_string_printf( void * sslContext, + int level, + const char * file, + int line, + const char * str ); +#endif /* MBEDTLS_DEBUG_C */ + #endif /* ifndef TRANSPORT_MBEDTLS_PKCS11 */ diff --git a/FreeRTOS-Plus/Source/corePKCS11 b/FreeRTOS-Plus/Source/corePKCS11 index 6ddc35ebdcd..8b5ec3b3e3a 160000 --- a/FreeRTOS-Plus/Source/corePKCS11 +++ b/FreeRTOS-Plus/Source/corePKCS11 @@ -1 +1 @@ -Subproject commit 6ddc35ebdcd97a74d39a9c00e9bfa9a6b0febe4e +Subproject commit 8b5ec3b3e3a7fbf0c1d47646773ada90fa12b19b diff --git a/FreeRTOS-Plus/ThirdParty/mbedtls b/FreeRTOS-Plus/ThirdParty/mbedtls index 869298bffee..edb8fec9882 160000 --- a/FreeRTOS-Plus/ThirdParty/mbedtls +++ b/FreeRTOS-Plus/ThirdParty/mbedtls @@ -1 +1 @@ -Subproject commit 869298bffeea13b205343361b7a7daf2b210e33d +Subproject commit edb8fec9882084344a314368ac7fd957a187519c diff --git a/FreeRTOS-Plus/ThirdParty/winpcap/include/ip6_misc.h b/FreeRTOS-Plus/ThirdParty/winpcap/include/ip6_misc.h index 1b2e4337b55..f31c4e9b762 100644 --- a/FreeRTOS-Plus/ThirdParty/winpcap/include/ip6_misc.h +++ b/FreeRTOS-Plus/ThirdParty/winpcap/include/ip6_misc.h @@ -29,11 +29,13 @@ #include -#ifndef __MINGW32__ - #define IN_MULTICAST( a ) IN_CLASSD( a ) -#endif +#ifndef IN_MULTICAST + #ifndef __MINGW32__ + #define IN_MULTICAST( a ) IN_CLASSD( a ) + #endif +#endif /* IN_MULTICAST */ -#define IN_EXPERIMENTAL( a ) ( ( ( ( u_int32_t ) ( a ) ) & 0xf0000000 ) == 0xf0000000 ) +#define IN_EXPERIMENTAL( a ) ( ( ( ( u_int32_t ) ( a ) ) & 0xf0000000 ) == 0xf0000000 ) #define IN_LOOPBACKNET 127 diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/FreeRTOS+TCP.vcxproj b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/FreeRTOS+TCP.vcxproj index 4d37860e0b8..03ced5ca0bc 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/FreeRTOS+TCP.vcxproj +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/FreeRTOS+TCP.vcxproj @@ -68,12 +68,12 @@ - _CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_CRT_SECURE_NO_WARNINGS;_DEBUG;_LIB;%(PreprocessorDefinitions) MultiThreadedDebugDLL Level3 ProgramDatabase Disabled - ..\..\Source\FreeRTOS-Plus-TCP\source\include;..\..\Source\FreeRTOS-Plus-TCP\source\portable\Compiler\MSVC;..\..\Source\FreeRTOS-Plus-TCP\tools\tcp_utilities\include;..\..\ThirdParty\winpcap\include;..\..\ThirdParty\winpcap\include\pcap;.\;%(AdditionalIncludeDirectories) + ..\ThirdParty\MbedTLS;..\..\Source\FreeRTOS-Plus-TCP\source\include;..\..\Source\FreeRTOS-Plus-TCP\source\portable\Compiler\MSVC;..\..\Source\FreeRTOS-Plus-TCP\tools\tcp_utilities\include;..\..\ThirdParty\winpcap\include;..\..\ThirdParty\winpcap\include\pcap;.\;%(AdditionalIncludeDirectories) MachineX86 @@ -86,7 +86,7 @@ - BUILDING_LIBSLIRP;_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;BUILDING_LIBSLIRP;_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) MultiThreadedDebugDLL Level3 ProgramDatabase diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/plus_tcp_hooks_winsim.c b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/plus_tcp_hooks_winsim.c index 9ca4ce30edd..2529592cac9 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/plus_tcp_hooks_winsim.c +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS+TCP/plus_tcp_hooks_winsim.c @@ -35,6 +35,8 @@ #include "FreeRTOS_IP.h" #include "FreeRTOS_Sockets.h" +/* Function from freertos_hooks_winsim.c */ +extern UBaseType_t uxRand( void ); /*-----------------------------------------------------------*/ #if defined( ipconfigIPv4_BACKWARD_COMPATIBLE ) && ( ipconfigIPv4_BACKWARD_COMPATIBLE == 0 ) diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/FreeRTOS-Kernel.vcxproj b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/FreeRTOS-Kernel.vcxproj index b927a046021..bea5ef250db 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/FreeRTOS-Kernel.vcxproj +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/FreeRTOS-Kernel.vcxproj @@ -64,7 +64,7 @@ - _CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_CRT_SECURE_NO_WARNINGS;_DEBUG;_LIB;%(PreprocessorDefinitions) MultiThreadedDebugDLL Level3 ProgramDatabase @@ -78,7 +78,7 @@ - _CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_CRT_SECURE_NO_WARNINGS;_DEBUG;_LIB;%(PreprocessorDefinitions) MultiThreadedDebugDLL Level3 ProgramDatabase diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/FreeRTOSConfig.h b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/FreeRTOSConfig.h index 6bc03048fb9..de14ea07cdf 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/FreeRTOSConfig.h +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/FreeRTOSConfig.h @@ -139,7 +139,7 @@ void vConfigureTimerForRunTimeStats( void ); * results in the wired network being used, while setting * configNETWORK_INTERFACE_TO_USE to 2 results in the wireless network being * used. */ -#define configNETWORK_INTERFACE_TO_USE ( 1L ) +#define configNETWORK_INTERFACE_TO_USE ( 0L ) /* The address to which logging is sent should UDP logging be enabled. */ #define configUDP_LOGGING_ADDR0 192 diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/freertos_hooks_winsim.c b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/freertos_hooks_winsim.c index 65e351f40cf..0dc1ac5c084 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/freertos_hooks_winsim.c +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/freertos_hooks_winsim.c @@ -32,8 +32,16 @@ * should an assert get hit. */ #include -/* Windows Crypt api for uxRand() */ + +#ifdef WIN32_LEAN_AND_MEAN + #include +#else + #include +#endif /* WIN32_LEAN_AND_MEAN */ + #include + +/* Windows Crypt api for uxRand() */ #include /* FreeRTOS includes. */ @@ -52,7 +60,7 @@ void vAssertCalled( const char * pcFile, ( void ) pcFileName; ( void ) ulLineNumber; - printf( "vAssertCalled( %s, %u\n", pcFile, ulLine ); + printf( "vAssertCalled( %s, %u )\n", pcFile, ulLine ); /* Setting ulBlockVariable to a non-zero value in the debugger will allow * this function to be exited. */ diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/runtime_stats_winsim.c b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/runtime_stats_winsim.c index 58d8cc843d2..fcf00411a2e 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/runtime_stats_winsim.c +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/FreeRTOS-Kernel/runtime_stats_winsim.c @@ -37,7 +37,14 @@ */ #include -#include + +#ifdef WIN32_LEAN_AND_MEAN + #include +#else + #include +#endif /* WIN32_LEAN_AND_MEAN */ + +#include /* FreeRTOS includes. */ #include "FreeRTOS.h" diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/Logging/Logging.vcxproj b/FreeRTOS-Plus/VisualStudio_StaticProjects/Logging/Logging.vcxproj index 2f185ae3135..acac089ec3b 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/Logging/Logging.vcxproj +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/Logging/Logging.vcxproj @@ -54,7 +54,7 @@ Level3 true - _CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true $(PublicIncludeDirectories) true @@ -68,7 +68,7 @@ Level3 true - _CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_CRT_SECURE_NO_WARNINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true $(PublicIncludeDirectories) true diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/MbedTLS.vcxproj b/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/MbedTLS.vcxproj index c634ca28e52..9449cc88758 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/MbedTLS.vcxproj +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/MbedTLS.vcxproj @@ -26,6 +26,12 @@ + + + + + + @@ -41,6 +47,7 @@ + @@ -52,6 +59,7 @@ + @@ -62,6 +70,7 @@ + @@ -75,32 +84,47 @@ + + + + + + + + - + + + + + + + - + + @@ -108,39 +132,49 @@ + + + + + + - + + + + + @@ -158,12 +192,15 @@ + + + @@ -177,6 +214,7 @@ + @@ -187,20 +225,24 @@ - + + + + + @@ -221,6 +263,7 @@ + @@ -281,7 +324,7 @@ Level3 true - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions);MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h" + WIN32;WIN32_LEAN_AND_MEAN;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\..\ThirdParty\mbedtls\library;..\..\ThirdParty\mbedtls\include true @@ -295,7 +338,7 @@ Level3 true - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions);MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h" + WIN32;WIN32_LEAN_AND_MEAN;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true .\;..\..\ThirdParty\mbedtls\library;..\..\ThirdParty\mbedtls\include true diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/MbedTLS.vcxproj.filters b/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/MbedTLS.vcxproj.filters index 75a2f69aa8f..d39f9b09250 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/MbedTLS.vcxproj.filters +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/MbedTLS.vcxproj.filters @@ -21,396 +21,460 @@ - + + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + + MbedTLS Headers\mbedtls + + MbedTLS Headers\mbedtls MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + + MbedTLS Headers\mbedtls + + + MbedTLS Headers\mbedtls + + + MbedTLS Headers\mbedtls + + + MbedTLS Headers\mbedtls + + MbedTLS Headers\mbedtls MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + + MbedTLS Headers\mbedtls + + MbedTLS Headers\mbedtls MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - + MbedTLS Headers\mbedtls - - MbedTLS Headers\psa + + MbedTLS Headers\mbedtls - - MbedTLS Headers\psa + + MbedTLS Headers\mbedtls - - MbedTLS Headers\psa + + MbedTLS Headers\mbedtls - + MbedTLS Headers\psa - + MbedTLS Headers\psa - + MbedTLS Headers\psa - + MbedTLS Headers\psa - + MbedTLS Headers\psa - + MbedTLS Headers\psa - + MbedTLS Headers\psa - + MbedTLS Headers\psa - + MbedTLS Headers\psa - + MbedTLS Headers\psa MbedTLS Headers\psa - + MbedTLS Headers\psa - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - MbedTLS Source + + MbedTLS Headers\psa - - - + - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - - MbedTLS Source - - + + MbedTLS Source - + MbedTLS Source @@ -431,6 +495,15 @@ MbedTLS Source + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + MbedTLS Source @@ -482,6 +555,9 @@ MbedTLS Source + + MbedTLS Source + MbedTLS Source @@ -500,6 +576,12 @@ MbedTLS Source + + MbedTLS Source + + + MbedTLS Source + MbedTLS Source @@ -539,6 +621,9 @@ MbedTLS Source + + MbedTLS Source + MbedTLS Source @@ -569,18 +654,24 @@ MbedTLS Source - + MbedTLS Source MbedTLS Source + + MbedTLS Source + MbedTLS Source MbedTLS Source + + MbedTLS Source + MbedTLS Source @@ -596,6 +687,9 @@ MbedTLS Source + + MbedTLS Source + MbedTLS Source @@ -608,6 +702,9 @@ MbedTLS Source + + MbedTLS Source + MbedTLS Source @@ -659,6 +756,38 @@ MbedTLS Source - + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + + + MbedTLS Source + \ No newline at end of file diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/mbedtls_config_v3.2.1.h b/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/mbedtls_config_v3.5.1.h similarity index 69% rename from FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/mbedtls_config_v3.2.1.h rename to FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/mbedtls_config_v3.5.1.h index 7d5dedc5a39..f3bfdc80920 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/mbedtls_config_v3.2.1.h +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/MbedTLS/mbedtls_config_v3.5.1.h @@ -25,6 +25,9 @@ * limitations under the License. */ +#ifndef __FREERTOS_MBEDTLS_CONFIG__ +#define __FREERTOS_MBEDTLS_CONFIG__ + /** * This is an optional version symbol that enables compatibility handling of * config files. @@ -32,7 +35,7 @@ * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that * introduced the config format we want to be compatible with. */ -/*#define MBEDTLS_CONFIG_VERSION 0x03000000 */ +/* #define MBEDTLS_CONFIG_VERSION 0x03000000 */ /** * \name SECTION: System support @@ -49,11 +52,15 @@ * Requires support for asm() in compiler. * * Used in: + * library/aesni.h * library/aria.c * library/bn_mul.h + * library/constant_time.c + * library/padlock.h * * Required by: - * MBEDTLS_AESNI_C + * MBEDTLS_AESCE_C + * MBEDTLS_AESNI_C (on some platforms) * MBEDTLS_PADLOCK_C * * Comment to disable the use of assembly code. @@ -86,7 +93,7 @@ * example, if double-width division is implemented in software, disabling * it can reduce code size in some embedded targets. */ -/*#define MBEDTLS_NO_UDBL_DIVISION */ +/* #define MBEDTLS_NO_UDBL_DIVISION */ /** * \def MBEDTLS_NO_64BIT_MULTIPLICATION @@ -108,7 +115,7 @@ * Note that depending on the compiler, this may decrease performance compared * to using the library function provided by the toolchain. */ -/*#define MBEDTLS_NO_64BIT_MULTIPLICATION */ +/* #define MBEDTLS_NO_64BIT_MULTIPLICATION */ /** * \def MBEDTLS_HAVE_SSE2 @@ -117,7 +124,7 @@ * * Uncomment if the CPU supports SSE2 (IA-32 specific). */ -/*#define MBEDTLS_HAVE_SSE2 */ +/* #define MBEDTLS_HAVE_SSE2 */ /** * \def MBEDTLS_HAVE_TIME @@ -137,7 +144,7 @@ * regardless of the setting of MBEDTLS_HAVE_TIME, unless * MBEDTLS_TIMING_ALT is used. See timing.c for more information. */ -/*#define MBEDTLS_HAVE_TIME */ +/* #define MBEDTLS_HAVE_TIME */ /** * \def MBEDTLS_HAVE_TIME_DATE @@ -158,26 +165,58 @@ * mbedtls_platform_gmtime_r() at compile-time by using the macro * MBEDTLS_PLATFORM_GMTIME_R_ALT. */ -/*#define MBEDTLS_HAVE_TIME_DATE */ +/* #define MBEDTLS_HAVE_TIME_DATE */ /** * \def MBEDTLS_PLATFORM_MEMORY * * Enable the memory allocation layer. * - * By default mbed TLS uses the system-provided calloc() and free(). + * By default Mbed TLS uses the system-provided calloc() and free(). * This allows different allocators (self-implemented or provided) to be * provided to the platform abstraction layer. * - * Enabling MBEDTLS_PLATFORM_MEMORY without the + * Enabling #MBEDTLS_PLATFORM_MEMORY without the * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and * free() function pointer at runtime. * - * Enabling MBEDTLS_PLATFORM_MEMORY and specifying + * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the * alternate function at compile time. * + * An overview of how the value of mbedtls_calloc is determined: + * + * - if !MBEDTLS_PLATFORM_MEMORY + * - mbedtls_calloc = calloc + * - if MBEDTLS_PLATFORM_MEMORY + * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO): + * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO + * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO): + * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC. + * - How is MBEDTLS_PLATFORM_STD_CALLOC handled? + * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS: + * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything; + * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present; + * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS: + * - if MBEDTLS_PLATFORM_STD_CALLOC is present: + * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected; + * - if !MBEDTLS_PLATFORM_STD_CALLOC: + * - MBEDTLS_PLATFORM_STD_CALLOC = calloc + * + * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked. + * - if !MBEDTLS_PLATFORM_STD_CALLOC + * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc + * + * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC. + * + * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible. + * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time. + * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used, + * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases. + * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer. + * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything. + * * Requires: MBEDTLS_PLATFORM_C * * Enable this layer to allow use of alternative memory allocators. @@ -206,15 +245,15 @@ void mbedtls_platform_free( void * ptr ); * Uncomment to prevent default assignment of standard functions in the * platform layer. */ -/*#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ +/* #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ /** * \def MBEDTLS_PLATFORM_EXIT_ALT * - * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the + * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the * function in the platform abstraction layer. * - * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will + * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will * provide a function "mbedtls_platform_set_printf()" that allows you to set an * alternative printf function pointer. * @@ -231,15 +270,58 @@ void mbedtls_platform_free( void * ptr ); * Uncomment a macro to enable alternate implementation of specific base * platform function */ -/*#define MBEDTLS_PLATFORM_SETBUF_ALT */ -/*#define MBEDTLS_PLATFORM_EXIT_ALT */ -/*#define MBEDTLS_PLATFORM_TIME_ALT */ -/*#define MBEDTLS_PLATFORM_FPRINTF_ALT */ -/*#define MBEDTLS_PLATFORM_PRINTF_ALT */ -/*#define MBEDTLS_PLATFORM_SNPRINTF_ALT */ -/*#define MBEDTLS_PLATFORM_VSNPRINTF_ALT */ -/*#define MBEDTLS_PLATFORM_NV_SEED_ALT */ -/*#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ +/* #define MBEDTLS_PLATFORM_SETBUF_ALT */ +/* #define MBEDTLS_PLATFORM_EXIT_ALT */ +/* #define MBEDTLS_PLATFORM_TIME_ALT */ +/* #define MBEDTLS_PLATFORM_FPRINTF_ALT */ +/* #define MBEDTLS_PLATFORM_PRINTF_ALT */ +/* #define MBEDTLS_PLATFORM_SNPRINTF_ALT */ +/* #define MBEDTLS_PLATFORM_VSNPRINTF_ALT */ +/* #define MBEDTLS_PLATFORM_NV_SEED_ALT */ +/* #define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ +/* #define MBEDTLS_PLATFORM_MS_TIME_ALT */ + +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_gmtime_r(). This replaces the default implementation in + * platform_util.c. + * + * gmtime() is not a thread-safe function as defined in the C standard. The + * library will try to use safer implementations of this function, such as + * gmtime_r() when available. However, if Mbed TLS cannot identify the target + * system, the implementation of mbedtls_platform_gmtime_r() will default to + * using the standard gmtime(). In this case, calls from the library to + * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex + * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the + * library are also guarded with this mutex to avoid race conditions. However, + * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_gmtime_r() + * supplied at compile time. + */ +/* #define MBEDTLS_PLATFORM_GMTIME_R_ALT */ + +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces + * the default implementation in platform_util.c. + * + * By default, the library uses a system function such as memset_s() + * (optional feature of C11), explicit_bzero() (BSD and compatible), or + * SecureZeroMemory (Windows). If no such function is detected, the library + * falls back to a plain C implementation. Compilers are technically + * permitted to optimize this implementation out, meaning that the memory is + * not actually wiped. The library tries to prevent that, but the C language + * makes it impossible to guarantee that the memory will always be wiped. + * + * If your platform provides a guaranteed method to wipe memory which + * `platform_util.c` does not detect, define this macro to the name of + * a function that takes two arguments, a `void *` pointer and a length, + * and wipes that many bytes starting at the specified address. For example, + * if your platform has explicit_bzero() but `platform_util.c` does not + * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be + * `explicit_bzero` to use that function as mbedtls_platform_zeroize(). + */ +/* #define MBEDTLS_PLATFORM_ZEROIZE_ALT */ /** * \def MBEDTLS_DEPRECATED_WARNING @@ -268,12 +350,12 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to get errors on using deprecated functions and features. */ -/*#define MBEDTLS_DEPRECATED_REMOVED */ +/* #define MBEDTLS_DEPRECATED_REMOVED */ /** \} name SECTION: System support */ /** - * \name SECTION: mbed TLS feature support + * \name SECTION: Mbed TLS feature support * * This section sets support for features that are or are not needed * within the modules that are enabled. @@ -291,12 +373,12 @@ void mbedtls_platform_free( void * ptr ); * You will need to provide a header "timing_alt.h" and an implementation at * compile time. */ -/*#define MBEDTLS_TIMING_ALT */ +/* #define MBEDTLS_TIMING_ALT */ /** * \def MBEDTLS_AES_ALT * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your + * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your * alternate core implementation of a symmetric crypto, an arithmetic or hash * module (e.g. platform specific assembly optimized implementations). Keep * in mind that the function prototypes should remain the same. @@ -304,7 +386,7 @@ void mbedtls_platform_free( void * ptr ); * This replaces the whole module. If you only want to replace one of the * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. * - * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer + * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer * provide the "struct mbedtls_aes_context" definition and omit the base * function declarations and implementations. "aes_alt.h" will be included from * "aes.h" to include the new function definitions. @@ -318,25 +400,25 @@ void mbedtls_platform_free( void * ptr ); * digests and ciphers instead. * */ -/*#define MBEDTLS_AES_ALT */ -/*#define MBEDTLS_ARIA_ALT */ -/*#define MBEDTLS_CAMELLIA_ALT */ -/*#define MBEDTLS_CCM_ALT */ -/*#define MBEDTLS_CHACHA20_ALT */ -/*#define MBEDTLS_CHACHAPOLY_ALT */ -/*#define MBEDTLS_CMAC_ALT */ -/*#define MBEDTLS_DES_ALT */ -/*#define MBEDTLS_DHM_ALT */ -/*#define MBEDTLS_ECJPAKE_ALT */ -/*#define MBEDTLS_GCM_ALT */ -/*#define MBEDTLS_NIST_KW_ALT */ -/*#define MBEDTLS_MD5_ALT */ -/*#define MBEDTLS_POLY1305_ALT */ -/*#define MBEDTLS_RIPEMD160_ALT */ -/*#define MBEDTLS_RSA_ALT */ -/*#define MBEDTLS_SHA1_ALT */ -/*#define MBEDTLS_SHA256_ALT */ -/*#define MBEDTLS_SHA512_ALT */ +/* #define MBEDTLS_AES_ALT */ +/* #define MBEDTLS_ARIA_ALT */ +/* #define MBEDTLS_CAMELLIA_ALT */ +/* #define MBEDTLS_CCM_ALT */ +/* #define MBEDTLS_CHACHA20_ALT */ +/* #define MBEDTLS_CHACHAPOLY_ALT */ +/* #define MBEDTLS_CMAC_ALT */ +/* #define MBEDTLS_DES_ALT */ +/* #define MBEDTLS_DHM_ALT */ +/* #define MBEDTLS_ECJPAKE_ALT */ +/* #define MBEDTLS_GCM_ALT */ +/* #define MBEDTLS_NIST_KW_ALT */ +/* #define MBEDTLS_MD5_ALT */ +/* #define MBEDTLS_POLY1305_ALT */ +/* #define MBEDTLS_RIPEMD160_ALT */ +/* #define MBEDTLS_RSA_ALT */ +/* #define MBEDTLS_SHA1_ALT */ +/* #define MBEDTLS_SHA256_ALT */ +/* #define MBEDTLS_SHA512_ALT */ /* * When replacing the elliptic curve module, please consider, that it is @@ -347,19 +429,19 @@ void mbedtls_platform_free( void * ptr ); * macros as described above. The only difference is that you have to make sure * that you provide functionality for both .c files. */ -/*#define MBEDTLS_ECP_ALT */ +/* #define MBEDTLS_ECP_ALT */ /** * \def MBEDTLS_SHA256_PROCESS_ALT * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you + * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you * alternate core implementation of symmetric crypto or hash function. Keep in * mind that function prototypes should remain the same. * - * This replaces only one function. The header file from mbed TLS is still + * This replaces only one function. The header file from Mbed TLS is still * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will + * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will * no longer provide the mbedtls_sha1_process() function, but it will still provide * the other function (using your mbedtls_sha1_process() function) and the definition * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible @@ -386,34 +468,34 @@ void mbedtls_platform_free( void * ptr ); * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). * */ -/*#define MBEDTLS_MD5_PROCESS_ALT */ -/*#define MBEDTLS_RIPEMD160_PROCESS_ALT */ -/*#define MBEDTLS_SHA1_PROCESS_ALT */ -/*#define MBEDTLS_SHA256_PROCESS_ALT */ -/*#define MBEDTLS_SHA512_PROCESS_ALT */ -/*#define MBEDTLS_DES_SETKEY_ALT */ -/*#define MBEDTLS_DES_CRYPT_ECB_ALT */ -/*#define MBEDTLS_DES3_CRYPT_ECB_ALT */ -/*#define MBEDTLS_AES_SETKEY_ENC_ALT */ -/*#define MBEDTLS_AES_SETKEY_DEC_ALT */ -/*#define MBEDTLS_AES_ENCRYPT_ALT */ -/*#define MBEDTLS_AES_DECRYPT_ALT */ -/*#define MBEDTLS_ECDH_GEN_PUBLIC_ALT */ -/*#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ -/*#define MBEDTLS_ECDSA_VERIFY_ALT */ -/*#define MBEDTLS_ECDSA_SIGN_ALT */ -/*#define MBEDTLS_ECDSA_GENKEY_ALT */ +/* #define MBEDTLS_MD5_PROCESS_ALT */ +/* #define MBEDTLS_RIPEMD160_PROCESS_ALT */ +/* #define MBEDTLS_SHA1_PROCESS_ALT */ +/* #define MBEDTLS_SHA256_PROCESS_ALT */ +/* #define MBEDTLS_SHA512_PROCESS_ALT */ +/* #define MBEDTLS_DES_SETKEY_ALT */ +/* #define MBEDTLS_DES_CRYPT_ECB_ALT */ +/* #define MBEDTLS_DES3_CRYPT_ECB_ALT */ +/* #define MBEDTLS_AES_SETKEY_ENC_ALT */ +/* #define MBEDTLS_AES_SETKEY_DEC_ALT */ +/* #define MBEDTLS_AES_ENCRYPT_ALT */ +/* #define MBEDTLS_AES_DECRYPT_ALT */ +/* #define MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +/* #define MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ +/* #define MBEDTLS_ECDSA_VERIFY_ALT */ +/* #define MBEDTLS_ECDSA_SIGN_ALT */ +/* #define MBEDTLS_ECDSA_GENKEY_ALT */ /** * \def MBEDTLS_ECP_INTERNAL_ALT * * Expose a part of the internal interface of the Elliptic Curve Point module. * - * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your + * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your * alternative core implementation of elliptic curve arithmetic. Keep in mind * that function prototypes should remain the same. * - * This partially replaces one function. The header file from mbed TLS is still + * This partially replaces one function. The header file from Mbed TLS is still * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation * is still present and it is used for group structures not supported by the * alternative. @@ -437,11 +519,11 @@ void mbedtls_platform_free( void * ptr ); * implement optimized set up and tear down instructions. * * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and - * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac() + * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac() * function, but will use your mbedtls_internal_ecp_double_jac() if the group * for the operation is supported by your implementation (i.e. your * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the - * group is not supported by your implementation, then the original mbed TLS + * group is not supported by your implementation, then the original Mbed TLS * implementation of ecp_double_jac() is used instead, unless this fallback * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). @@ -455,24 +537,24 @@ void mbedtls_platform_free( void * ptr ); * function. */ /* Required for all the functions in this section */ -/*#define MBEDTLS_ECP_INTERNAL_ALT */ +/* #define MBEDTLS_ECP_INTERNAL_ALT */ /* Turn off software fallback for curves not supported in hardware */ -/*#define MBEDTLS_ECP_NO_FALLBACK */ +/* #define MBEDTLS_ECP_NO_FALLBACK */ /* Support for Weierstrass curves with Jacobi representation */ -/*#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ -/*#define MBEDTLS_ECP_ADD_MIXED_ALT */ -/*#define MBEDTLS_ECP_DOUBLE_JAC_ALT */ -/*#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */ -/*#define MBEDTLS_ECP_NORMALIZE_JAC_ALT */ +/* #define MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ +/* #define MBEDTLS_ECP_ADD_MIXED_ALT */ +/* #define MBEDTLS_ECP_DOUBLE_JAC_ALT */ +/* #define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */ +/* #define MBEDTLS_ECP_NORMALIZE_JAC_ALT */ /* Support for curves with Montgomery arithmetic */ -/*#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ -/*#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ -/*#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ +/* #define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ +/* #define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ +/* #define MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT * - * Uncomment this macro to let mbed TLS use your own implementation of a + * Uncomment this macro to let Mbed TLS use your own implementation of a * hardware entropy collector. * * Your function must be called \c mbedtls_hardware_poll(), have the same @@ -499,7 +581,6 @@ void mbedtls_platform_free( void * ptr ); * performance if ROM access is slower than RAM access. * * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. - * */ #define MBEDTLS_AES_ROM_TABLES @@ -521,9 +602,39 @@ void mbedtls_platform_free( void * ptr ); * depends on the system and memory details. * * This option is independent of \c MBEDTLS_AES_ROM_TABLES. + */ +/* #define MBEDTLS_AES_FEWER_TABLES */ + +/** + * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + * + * Use only 128-bit keys in AES operations to save ROM. + * + * Uncomment this macro to remove support for AES operations that use 192- + * or 256-bit keys. * + * Uncommenting this macro reduces the size of AES code by ~300 bytes + * on v8-M/Thumb2. + * + * Module: library/aes.c + * + * Requires: MBEDTLS_AES_C */ -/*#define MBEDTLS_AES_FEWER_TABLES */ +/* #define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ + +/* + * Disable plain C implementation for AES. + * + * When the plain C implementation is enabled, and an implementation using a + * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime + * detection will be used to select between them. + * + * If only one implementation is present, runtime detection will not be used. + * This configuration will crash at runtime if running on a CPU without the + * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C + * and/or MBEDTLS_AESNI_C is enabled & present in the build. + */ +/* #define MBEDTLS_AES_USE_HARDWARE_ONLY */ /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY @@ -532,7 +643,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment this macro to use less memory for Camellia. */ -/*#define MBEDTLS_CAMELLIA_SMALL_MEMORY */ +/* #define MBEDTLS_CAMELLIA_SMALL_MEMORY */ /** * \def MBEDTLS_CHECK_RETURN_WARNING @@ -555,7 +666,7 @@ void mbedtls_platform_free( void * ptr ); * macro is not defined. To completely disable return value check * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion. */ -/*#define MBEDTLS_CHECK_RETURN_WARNING */ +/* #define MBEDTLS_CHECK_RETURN_WARNING */ /** * \def MBEDTLS_CIPHER_MODE_CBC @@ -622,7 +733,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment this macro to enable the NULL cipher and ciphersuites */ -/*#define MBEDTLS_CIPHER_NULL_CIPHER */ +/* #define MBEDTLS_CIPHER_NULL_CIPHER */ /** * \def MBEDTLS_CIPHER_PADDING_PKCS7 @@ -643,9 +754,19 @@ void mbedtls_platform_free( void * ptr ); /** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY * * Uncomment this macro to use a 128-bit key in the CTR_DRBG module. - * By default, CTR_DRBG uses a 256-bit key. + * Without this, CTR_DRBG uses a 256-bit key + * unless \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. + */ +/* #define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ + +/** + * Enable the verified implementations of ECDH primitives from Project Everest + * (currently only Curve25519). This feature changes the layout of ECDH + * contexts and therefore is a compatibility break for applications that access + * fields of a mbedtls_ecdh_context structure directly. See also + * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. */ -/*#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ +/* #define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ /** * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -656,17 +777,17 @@ void mbedtls_platform_free( void * ptr ); * Comment macros to disable the curve and functions for it */ /* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */ -/*#define MBEDTLS_ECP_DP_SECP192R1_ENABLED */ -/*#define MBEDTLS_ECP_DP_SECP224R1_ENABLED */ +/* #define MBEDTLS_ECP_DP_SECP192R1_ENABLED */ +/* #define MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP384R1_ENABLED #define MBEDTLS_ECP_DP_SECP521R1_ENABLED -/*#define MBEDTLS_ECP_DP_SECP192K1_ENABLED */ -/*#define MBEDTLS_ECP_DP_SECP224K1_ENABLED */ -/*#define MBEDTLS_ECP_DP_SECP256K1_ENABLED */ -/*#define MBEDTLS_ECP_DP_BP256R1_ENABLED */ -/*#define MBEDTLS_ECP_DP_BP384R1_ENABLED */ -/*#define MBEDTLS_ECP_DP_BP512R1_ENABLED */ +/* #define MBEDTLS_ECP_DP_SECP192K1_ENABLED */ +/* #define MBEDTLS_ECP_DP_SECP224K1_ENABLED */ +/* #define MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +/* #define MBEDTLS_ECP_DP_BP256R1_ENABLED */ +/* #define MBEDTLS_ECP_DP_BP384R1_ENABLED */ +/* #define MBEDTLS_ECP_DP_BP512R1_ENABLED */ /* Montgomery curves (supporting ECP) */ #define MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_ECP_DP_CURVE448_ENABLED @@ -698,13 +819,52 @@ void mbedtls_platform_free( void * ptr ); * This is useful in non-threaded environments if you want to avoid blocking * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. * - * Uncomment this macro to enable restartable ECC computations. + * This option: + * - Adds xxx_restartable() variants of existing operations in the + * following modules, with corresponding restart context types: + * - ECP (for Short Weierstrass curves only): scalar multiplication (mul), + * linear combination (muladd); + * - ECDSA: signature generation & verification; + * - PK: signature generation & verification; + * - X509: certificate chain verification. + * - Adds mbedtls_ecdh_enable_restart() in the ECDH module. + * - Changes the behaviour of TLS 1.2 clients (not servers) when using the + * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC + * computations restartable: + * - ECDH operations from the key exchange, only for Short Weierstrass + * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled. + * - verification of the server's key exchange signature; + * - verification of the server's certificate chain; + * - generation of the client's signature if client authentication is used, + * with an ECC key/certificate. + * + * \note In the cases above, the usual SSL/TLS functions, such as + * mbedtls_ssl_handshake(), can now return + * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. + * + * \note When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled, + * restartable operations in PK, X.509 and TLS (see above) are not + * using PSA. On the other hand, ECDH computations in TLS are using + * PSA, and are not restartable. These are temporary limitations that + * should be lifted in the future. * * \note This option only works with the default software implementation of * elliptic curve functionality. It is incompatible with * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. + * + * Requires: MBEDTLS_ECP_C + * + * Uncomment this macro to enable restartable ECC computations. */ -/*#define MBEDTLS_ECP_RESTARTABLE */ +/* #define MBEDTLS_ECP_RESTARTABLE */ + +/** + * Uncomment to enable using new bignum code in the ECC modules. + * + * \warning This is currently experimental, incomplete and therefore should not + * be used in production. + */ +/* #define MBEDTLS_ECP_WITH_MPI_UINT */ /** * \def MBEDTLS_ECDSA_DETERMINISTIC @@ -738,7 +898,7 @@ void mbedtls_platform_free( void * ptr ); * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -/*#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -767,14 +927,14 @@ void mbedtls_platform_free( void * ptr ); * See dhm.h for more details. * */ -/*#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ +/* #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED * * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -785,7 +945,7 @@ void mbedtls_platform_free( void * ptr ); * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -/*#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED @@ -808,7 +968,7 @@ void mbedtls_platform_free( void * ptr ); * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -/*#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ +#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED @@ -865,14 +1025,16 @@ void mbedtls_platform_free( void * ptr ); * See dhm.h for more details. * */ -/*#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ +/* #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED * * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * MBEDTLS_RSA_C + * MBEDTLS_PKCS1_V15 * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are @@ -895,7 +1057,9 @@ void mbedtls_platform_free( void * ptr ); * * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) + * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -917,7 +1081,9 @@ void mbedtls_platform_free( void * ptr ); * * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) + * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -932,14 +1098,16 @@ void mbedtls_platform_free( void * ptr ); * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ -/*#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ +/* #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED * * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * MBEDTLS_RSA_C + * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -954,7 +1122,7 @@ void mbedtls_platform_free( void * ptr ); * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ -/*#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -965,15 +1133,19 @@ void mbedtls_platform_free( void * ptr ); * Thread v1.0.0 specification; incompatible changes to the specification * might still happen. For this reason, this is disabled by default. * - * Requires: MBEDTLS_ECJPAKE_C - * MBEDTLS_SHA256_C + * Requires: MBEDTLS_ECJPAKE_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_JPAKE) + * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver) * MBEDTLS_ECP_DP_SECP256R1_ENABLED * + * \warning If SHA-256 is provided only by a PSA driver, you must call + * psa_crypto_init() before the first hanshake (even if + * MBEDTLS_USE_PSA_CRYPTO is disabled). + * * This enables the following ciphersuites (if other requisites are * enabled as well): * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 */ -/*#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +/* #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ /** * \def MBEDTLS_PK_PARSE_EC_EXTENDED @@ -989,6 +1161,19 @@ void mbedtls_platform_free( void * ptr ); */ #define MBEDTLS_PK_PARSE_EC_EXTENDED +/** + * \def MBEDTLS_PK_PARSE_EC_COMPRESSED + * + * Enable the support for parsing public keys of type Short Weierstrass + * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the + * compressed point format. This parsing is done through ECP module's functions. + * + * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h) + * the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and + * MBEDTLS_ECP_DP_SECP224K1. + */ +#define MBEDTLS_PK_PARSE_EC_COMPRESSED + /** * \def MBEDTLS_ERROR_STRERROR_DUMMY * @@ -1018,7 +1203,7 @@ void mbedtls_platform_free( void * ptr ); * * Enable functions that use the filesystem. */ -/*#define MBEDTLS_FS_IO */ +/* #define MBEDTLS_FS_IO */ /** * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES @@ -1030,7 +1215,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment this macro to prevent loading of default entropy functions. */ -/*#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ +/* #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ /** * \def MBEDTLS_NO_PLATFORM_ENTROPY @@ -1057,7 +1242,7 @@ void mbedtls_platform_free( void * ptr ); * This option is only useful if both MBEDTLS_SHA256_C and * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. */ -/*#define MBEDTLS_ENTROPY_FORCE_SHA256 */ +/* #define MBEDTLS_ENTROPY_FORCE_SHA256 */ /** * \def MBEDTLS_ENTROPY_NV_SEED @@ -1085,7 +1270,7 @@ void mbedtls_platform_free( void * ptr ); * \note The entropy collector will write to the seed file before entropy is * given to an external source, to update it. */ -/*#define MBEDTLS_ENTROPY_NV_SEED */ +/* #define MBEDTLS_ENTROPY_NV_SEED */ /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER * @@ -1097,7 +1282,7 @@ void mbedtls_platform_free( void * ptr ); * Note that this option is meant for internal use only and may be removed * without notice. */ -/*#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ +/* #define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /** * \def MBEDTLS_MEMORY_DEBUG @@ -1110,7 +1295,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment this macro to let the buffer allocator print out error messages. */ -/*#define MBEDTLS_MEMORY_DEBUG */ +/* #define MBEDTLS_MEMORY_DEBUG */ /** * \def MBEDTLS_MEMORY_BACKTRACE @@ -1118,11 +1303,11 @@ void mbedtls_platform_free( void * ptr ); * Include backtrace information with each allocated block. * * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * GLIBC-compatible backtrace() an backtrace_symbols() support + * GLIBC-compatible backtrace() and backtrace_symbols() support * * Uncomment this macro to include backtrace information */ -/*#define MBEDTLS_MEMORY_BACKTRACE */ +/* #define MBEDTLS_MEMORY_BACKTRACE */ /** * \def MBEDTLS_PK_RSA_ALT_SUPPORT @@ -1131,14 +1316,14 @@ void mbedtls_platform_free( void * ptr ); * * Comment this macro to disable support for external private RSA keys. */ -/*#define MBEDTLS_PK_RSA_ALT_SUPPORT */ +/* #define MBEDTLS_PK_RSA_ALT_SUPPORT */ /** * \def MBEDTLS_PKCS1_V15 * * Enable support for PKCS#1 v1.5 encoding. * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C + * Requires: MBEDTLS_RSA_C * * This enables support for PKCS#1 v1.5 operations. */ @@ -1149,7 +1334,10 @@ void mbedtls_platform_free( void * ptr ); * * Enable support for PKCS#1 v2.1 encoding. * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C + * Requires: MBEDTLS_RSA_C + * + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any PKCS#1 v2.1 operation. * * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ @@ -1169,7 +1357,7 @@ void mbedtls_platform_free( void * ptr ); * \warning This interface is experimental and may change or be removed * without notice. */ -/*#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ +/* #define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ /** \def MBEDTLS_PSA_CRYPTO_CLIENT * @@ -1185,19 +1373,7 @@ void mbedtls_platform_free( void * ptr ); * \warning This interface is experimental and may change or be removed * without notice. */ -/*#define MBEDTLS_PSA_CRYPTO_CLIENT */ - -/** \def MBEDTLS_PSA_CRYPTO_DRIVERS - * - * Enable support for the experimental PSA crypto driver interface. - * - * Requires: MBEDTLS_PSA_CRYPTO_C - * - * \warning This interface is experimental. We intend to maintain backward - * compatibility with application code that relies on drivers, - * but the driver interfaces may change without notice. - */ -/*#define MBEDTLS_PSA_CRYPTO_DRIVERS */ +/* #define MBEDTLS_PSA_CRYPTO_CLIENT */ /** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG * @@ -1223,8 +1399,8 @@ void mbedtls_platform_free( void * ptr ); * ); * ``` * The \c context value is initialized to 0 before the first call. - * The function must fill the \c output buffer with \p output_size bytes - * of random data and set \c *output_length to \p output_size. + * The function must fill the \c output buffer with \c output_size bytes + * of random data and set \c *output_length to \c output_size. * * Requires: MBEDTLS_PSA_CRYPTO_C * @@ -1235,7 +1411,7 @@ void mbedtls_platform_free( void * ptr ); * * \note This option is experimental and may be removed without notice. */ -/*#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +/* #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ /** * \def MBEDTLS_PSA_CRYPTO_SPM @@ -1245,11 +1421,59 @@ void mbedtls_platform_free( void * ptr ); * NSPE (Non-Secure Process Environment) and an SPE (Secure Process * Environment). * + * If you enable this option, your build environment must include a header + * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS + * header files, or in another directory on the compiler's include search + * path). Alternatively, your platform may customize the header + * `psa/crypto_platform.h`, in which case it can skip or replace the + * inclusion of `"crypto_spe.h"`. + * * Module: library/psa_crypto.c * Requires: MBEDTLS_PSA_CRYPTO_C * */ -/*#define MBEDTLS_PSA_CRYPTO_SPM */ +/* #define MBEDTLS_PSA_CRYPTO_SPM */ + +/** + * Uncomment to enable p256-m. This is an alternative implementation of + * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. + * Compared to the default implementation: + * + * - p256-m has a much smaller code size and RAM footprint. + * - p256-m is only available via the PSA API. This includes the pk module + * when #MBEDTLS_USE_PSA_CRYPTO is enabled. + * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols + * over the core arithmetic, or deterministic derivation of keys. + * + * We recommend enabling this option if your application uses the PSA API + * and the only elliptic curve support it needs is ECDH and ECDSA over + * SECP256R1. + * + * If you enable this option, you do not need to enable any ECC-related + * MBEDTLS_xxx option. You do need to separately request support for the + * cryptographic mechanisms through the PSA API: + * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based + * configuration; + * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; + * - #PSA_WANT_ECC_SECP_R1_256; + * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; + * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. + * + * \note To benefit from the smaller code size of p256-m, make sure that you + * do not enable any ECC-related option not supported by p256-m: this + * would cause the built-in ECC implementation to be built as well, in + * order to provide the required option. + * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than + * SECP256R1 are disabled as they are not supported by this driver. + * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or + * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of + * the built-in ECC implementation, see docs/driver-only-builds.md. + */ +/* #define MBEDTLS_PSA_P256M_DRIVER_ENABLED */ /** * \def MBEDTLS_PSA_INJECT_ENTROPY @@ -1262,7 +1486,7 @@ void mbedtls_platform_free( void * ptr ); * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED * */ -/*#define MBEDTLS_PSA_INJECT_ENTROPY */ +/* #define MBEDTLS_PSA_INJECT_ENTROPY */ /** * \def MBEDTLS_RSA_NO_CRT @@ -1273,14 +1497,14 @@ void mbedtls_platform_free( void * ptr ); * Uncomment this macro to disable the use of CRT in RSA. * */ -/*#define MBEDTLS_RSA_NO_CRT */ +/* #define MBEDTLS_RSA_NO_CRT */ /** * \def MBEDTLS_SELF_TEST * * Enable the checkup functions (*_self_test). */ -/*#define MBEDTLS_SELF_TEST */ +/* #define MBEDTLS_SELF_TEST */ /** * \def MBEDTLS_SHA256_SMALLER @@ -1296,7 +1520,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to enable the smaller implementation of SHA256. */ -/*#define MBEDTLS_SHA256_SMALLER */ +/* #define MBEDTLS_SHA256_SMALLER */ /** * \def MBEDTLS_SHA512_SMALLER @@ -1306,13 +1530,13 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to enable the smaller implementation of SHA512. */ -/*#define MBEDTLS_SHA512_SMALLER */ +/* #define MBEDTLS_SHA512_SMALLER */ /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate + * If you choose not to send the alert messages, Mbed TLS can still communicate * with other servers, only debugging of failures is harder. * * The advantage of not sending alert messages, is that no information is given @@ -1325,21 +1549,16 @@ void mbedtls_platform_free( void * ptr ); /** * \def MBEDTLS_SSL_DTLS_CONNECTION_ID * - * Enable support for the DTLS Connection ID extension - * (version draft-ietf-tls-dtls-connection-id-05, - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) + * Enable support for the DTLS Connection ID (CID) extension, * which allows to identify DTLS connections across changes - * in the underlying transport. + * in the underlying transport. The CID functionality is described + * in RFC 9146. * * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for * more information. * - * \warning The Connection ID extension is still in draft state. - * We make no stability promises for the availability - * or the shape of the API controlled by this option. - * * The maximum lengths of outgoing and incoming CIDs can be configured * through the options * - MBEDTLS_SSL_CID_OUT_LEN_MAX @@ -1349,7 +1568,30 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to enable the Connection ID extension. */ -/*#define MBEDTLS_SSL_DTLS_CONNECTION_ID */ +/* #define MBEDTLS_SSL_DTLS_CONNECTION_ID */ + + +/** + * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT + * + * Defines whether RFC 9146 (default) or the legacy version + * (version draft-ietf-tls-dtls-connection-id-05, + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) + * is used. + * + * Set the value to 0 for the standard version, and + * 1 for the legacy draft version. + * + * \deprecated Support for the legacy version of the DTLS + * Connection ID feature is deprecated. Please + * switch to the standardized version defined + * in RFC 9146 enabled by utilizing + * MBEDTLS_SSL_DTLS_CONNECTION_ID without use + * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. + * + * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID + */ +/* #define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 */ /** * \def MBEDTLS_SSL_ASYNC_PRIVATE @@ -1359,8 +1601,9 @@ void mbedtls_platform_free( void * ptr ); * module to perform private key operations instead of performing the * operation inside the library. * + * Requires: MBEDTLS_X509_CRT_PARSE_C */ -/*#define MBEDTLS_SSL_ASYNC_PRIVATE */ +/* #define MBEDTLS_SSL_ASYNC_PRIVATE */ /** * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION @@ -1385,9 +1628,11 @@ void mbedtls_platform_free( void * ptr ); * saved after the handshake to allow for more efficient serialization, so if * you don't need this feature you'll save RAM by disabling it. * + * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C + * * Comment to disable the context serialization APIs. */ -/*#define MBEDTLS_SSL_CONTEXT_SERIALIZATION */ +/* #define MBEDTLS_SSL_CONTEXT_SERIALIZATION */ /** * \def MBEDTLS_SSL_DEBUG_ALL @@ -1403,7 +1648,7 @@ void mbedtls_platform_free( void * ptr ); * a timing side-channel. * */ -/*#define MBEDTLS_SSL_DEBUG_ALL */ +/* #define MBEDTLS_SSL_DEBUG_ALL */ /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC * @@ -1419,7 +1664,7 @@ void mbedtls_platform_free( void * ptr ); * * Comment this macro to disable support for Encrypt-then-MAC */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +/* #define MBEDTLS_SSL_ENCRYPT_THEN_MAC */ /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * @@ -1435,7 +1680,7 @@ void mbedtls_platform_free( void * ptr ); * * Comment this macro to disable support for Extended Master Secret. */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +/* #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ /** * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE @@ -1472,6 +1717,8 @@ void mbedtls_platform_free( void * ptr ); * it has been associated with security issues in the past and is easy to * misuse/misunderstand. * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * * Comment this to disable support for renegotiation. * * \note Even if this option is disabled, both client and server are aware @@ -1481,7 +1728,7 @@ void mbedtls_platform_free( void * ptr ); * configuration of this extension). * */ -/*#define MBEDTLS_SSL_RENEGOTIATION */ +/* #define MBEDTLS_SSL_RENEGOTIATION */ /** * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -1490,14 +1737,36 @@ void mbedtls_platform_free( void * ptr ); * * Comment this macro to disable support for the max_fragment_length extension */ +/* #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + +/** + * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT + * + * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only). + * + * \warning This extension is currently in development and must NOT be used except + * for testing purposes. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_3 + * + * Uncomment this macro to enable support for the record_size_limit extension + */ +/* #define MBEDTLS_SSL_RECORD_SIZE_LIMIT */ /** * \def MBEDTLS_SSL_PROTO_TLS1_2 * * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). * - * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C - * (Depends on ciphersuites) + * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and + * (MBEDTLS_SHA256_C or MBEDTLS_SHA384_C or + * SHA-256 or SHA-512 provided by a PSA driver) + * With MBEDTLS_USE_PSA_CRYPTO: + * PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384 + * + * \warning If building with MBEDTLS_USE_PSA_CRYPTO, or if the hash(es) used + * are only provided by PSA drivers, you must call psa_crypto_init() before + * doing any TLS operations. * * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 */ @@ -1508,23 +1777,24 @@ void mbedtls_platform_free( void * ptr ); * * Enable support for TLS 1.3. * - * \note The support for TLS 1.3 is not comprehensive yet, in particular - * pre-shared keys are not supported. - * See docs/architecture/tls13-support.md for a description of the TLS + * \note See docs/architecture/tls13-support.md for a description of the TLS * 1.3 support that this option enables. * * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE * Requires: MBEDTLS_PSA_CRYPTO_C * - * Note: even though TLS 1.3 depends on PSA Crypto, if you want it to only use - * PSA for all crypto operations, you need to also enable - * MBEDTLS_USE_PSA_CRYPTO; otherwise X.509 operations, and functions that are - * common with TLS 1.2 (record protection, running handshake hash) will still - * use non-PSA crypto. + * \note TLS 1.3 uses PSA crypto for cryptographic operations that are + * directly performed by TLS 1.3 code. As a consequence, you must + * call psa_crypto_init() before the first TLS 1.3 handshake. + * + * \note Cryptographic operations performed indirectly via another module + * (X.509, PK) or by code shared with TLS 1.2 (record protection, + * running handshake hash) only use PSA crypto if + * #MBEDTLS_USE_PSA_CRYPTO is enabled. * * Uncomment this macro to enable the support for TLS 1.3. */ -/*#define MBEDTLS_SSL_PROTO_TLS1_3 */ +#define MBEDTLS_SSL_PROTO_TLS1_3 /** * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE @@ -1546,7 +1816,72 @@ void mbedtls_platform_free( void * ptr ); * effect on the build. * */ -/*#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ +#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + * + * Enable TLS 1.3 PSK key exchange mode. + * + * Comment to disable support for the PSK key exchange mode in TLS 1.3. If + * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any + * effect on the build. + * + */ +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + * + * Enable TLS 1.3 ephemeral key exchange mode. + * + * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH + * MBEDTLS_X509_CRT_PARSE_C + * and at least one of: + * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) + * MBEDTLS_PKCS1_V21 + * + * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. + * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any + * effect on the build. + * + */ +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + * + * Enable TLS 1.3 PSK ephemeral key exchange mode. + * + * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH + * + * Comment to disable support for the PSK ephemeral key exchange mode in + * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not + * have any effect on the build. + * + */ +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + +/** + * \def MBEDTLS_SSL_EARLY_DATA + * + * Enable support for RFC 8446 TLS 1.3 early data. + * + * Requires: MBEDTLS_SSL_SESSION_TICKETS and either + * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or + * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + * + * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 + * is not enabled, this option does not have any effect on the build. + * + * This feature is experimental, not completed and thus not ready for + * production. + * + * \note The maximum amount of early data can be set with + * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. + * + */ +/* #define MBEDTLS_SSL_EARLY_DATA */ /** * \def MBEDTLS_SSL_PROTO_DTLS @@ -1559,7 +1894,7 @@ void mbedtls_platform_free( void * ptr ); * * Comment this macro to disable support for DTLS */ -#define MBEDTLS_SSL_PROTO_DTLS +/* #define MBEDTLS_SSL_PROTO_DTLS */ /** * \def MBEDTLS_SSL_ALPN @@ -1583,7 +1918,7 @@ void mbedtls_platform_free( void * ptr ); * * Comment this to disable anti-replay in DTLS. */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +/* #define MBEDTLS_SSL_DTLS_ANTI_REPLAY */ /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY @@ -1601,7 +1936,7 @@ void mbedtls_platform_free( void * ptr ); * * Comment this to disable support for HelloVerifyRequest. */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +/* #define MBEDTLS_SSL_DTLS_HELLO_VERIFY */ /** * \def MBEDTLS_SSL_DTLS_SRTP @@ -1632,7 +1967,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment this to enable support for use_srtp extension. */ -/*#define MBEDTLS_SSL_DTLS_SRTP */ +/* #define MBEDTLS_SSL_DTLS_SRTP */ /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE @@ -1648,7 +1983,7 @@ void mbedtls_platform_free( void * ptr ); * * Comment this to disable support for clients reusing the source port. */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +/* #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */ /** * \def MBEDTLS_SSL_SESSION_TICKETS @@ -1683,6 +2018,7 @@ void mbedtls_platform_free( void * ptr ); * * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +/* #define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ /** * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN @@ -1699,7 +2035,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to enable testing of the constant-flow nature of selected code. */ -/*#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ +/* #define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ /** * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND @@ -1718,7 +2054,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to enable testing of the constant-flow nature of selected code. */ -/*#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ +/* #define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ /** * \def MBEDTLS_TEST_HOOKS @@ -1738,7 +2074,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to enable invasive tests. */ -/*#define MBEDTLS_TEST_HOOKS */ +/* #define MBEDTLS_TEST_HOOKS */ /** * \def MBEDTLS_THREADING_ALT @@ -1749,7 +2085,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment this to allow your own alternate threading implementation. */ -/*#define MBEDTLS_THREADING_ALT */ +/* #define MBEDTLS_THREADING_ALT */ /** * \def MBEDTLS_THREADING_PTHREAD @@ -1760,31 +2096,37 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment this to enable pthread mutexes. */ -/*#define MBEDTLS_THREADING_PTHREAD */ +/* #define MBEDTLS_THREADING_PTHREAD */ /** * \def MBEDTLS_USE_PSA_CRYPTO * - * Make the X.509 and TLS library use PSA for cryptographic operations, and - * enable new APIs for using keys handled by PSA Crypto. + * Make the X.509 and TLS libraries use PSA for cryptographic operations as + * much as possible, and enable new APIs for using keys handled by PSA Crypto. * * \note Development of this option is currently in progress, and parts of Mbed * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts * will still continue to work as usual, so enabling this option should not * break backwards compatibility. * - * \note See docs/use-psa-crypto.md for a complete description of what this - * option currently does, and of parts that are not affected by it so far. - * * \warning If you enable this option, you need to call `psa_crypto_init()` - * before calling any function from the SSL/TLS, X.509 or PK modules. + * before calling any function from the SSL/TLS, X.509 or PK modules, except + * for the various mbedtls_xxx_init() functions which can be called at any time. + * + * \note An important and desirable effect of this option is that it allows + * PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling + * this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in + * those modules. However, note that even with this option disabled, some code + * in PK, X.509, TLS or the crypto library might still use PSA drivers, if it + * can determine it's safe to do so; currently that's the case for hashes. + * + * \note See docs/use-psa-crypto.md for a complete description this option. * * Requires: MBEDTLS_PSA_CRYPTO_C. - * Conflicts with: MBEDTLS_ECP_RESTARTABLE * * Uncomment this to enable internal use of PSA Crypto and new associated APIs. */ -/*#define MBEDTLS_USE_PSA_CRYPTO */ +#define MBEDTLS_USE_PSA_CRYPTO /** * \def MBEDTLS_PSA_CRYPTO_CONFIG @@ -1806,10 +2148,17 @@ void mbedtls_platform_free( void * ptr ); * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies * an alternative header to include instead of include/psa/crypto_config.h. * - * This feature is still experimental and is not ready for production since - * it is not completed. + * \warning This option is experimental, in that the set of `PSA_WANT_XXX` + * symbols is not completely finalized yet, and the configuration + * tooling is not ideally adapted to having two separate configuration + * files. + * Future minor releases of Mbed TLS may make minor changes to those + * symbols, but we will endeavor to provide a transition path. + * Nonetheless, this option is considered mature enough to use in + * production, as long as you accept that you may need to make + * minor changes to psa/crypto_config.h when upgrading Mbed TLS. */ -/*#define MBEDTLS_PSA_CRYPTO_CONFIG */ +/* #define MBEDTLS_PSA_CRYPTO_CONFIG */ /** * \def MBEDTLS_VERSION_FEATURES @@ -1822,7 +2171,7 @@ void mbedtls_platform_free( void * ptr ); * * Comment this to disable run-time checking and save ROM space */ -/*#define MBEDTLS_VERSION_FEATURES */ +#define MBEDTLS_VERSION_FEATURES /** * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK @@ -1839,9 +2188,11 @@ void mbedtls_platform_free( void * ptr ); * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and * `mbedtls_ssl_conf_ca_cb()` for more information. * + * Requires: MBEDTLS_X509_CRT_PARSE_C + * * Uncomment to enable trusted certificate callbacks. */ -#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +/* #define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ /** * \def MBEDTLS_X509_REMOVE_INFO @@ -1852,7 +2203,7 @@ void mbedtls_platform_free( void * ptr ); * and other functions/constants only used by these functions, thus reducing * the code footprint by several KB. */ -/*#define MBEDTLS_X509_REMOVE_INFO */ +/* #define MBEDTLS_X509_REMOVE_INFO */ /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1863,28 +2214,70 @@ void mbedtls_platform_free( void * ptr ); * Comment this macro to disallow using RSASSA-PSS in certificates. */ #define MBEDTLS_X509_RSASSA_PSS_SUPPORT -/** \} name SECTION: mbed TLS feature support */ +/** \} name SECTION: Mbed TLS feature support */ /** - * \name SECTION: mbed TLS modules + * \name SECTION: Mbed TLS modules * - * This section enables or disables entire modules in mbed TLS + * This section enables or disables entire modules in Mbed TLS * \{ */ /** * \def MBEDTLS_AESNI_C * - * Enable AES-NI support on x86-64. + * Enable AES-NI support on x86-64 or x86-32. + * + * \note AESNI is only supported with certain compilers and target options: + * - Visual Studio 2013: supported. + * - GCC, x86-64, target not explicitly supporting AESNI: + * requires MBEDTLS_HAVE_ASM. + * - GCC, x86-32, target not explicitly supporting AESNI: + * not supported. + * - GCC, x86-64 or x86-32, target supporting AESNI: supported. + * For this assembly-less implementation, you must currently compile + * `library/aesni.c` and `library/aes.c` with machine options to enable + * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or + * `clang -maes -mpclmul`. + * - Non-x86 targets: this option is silently ignored. + * - Other compilers: this option is silently ignored. + * + * \note + * Above, "GCC" includes compatible compilers such as Clang. + * The limitations on target support are likely to be relaxed in the future. * * Module: library/aesni.c * Caller: library/aes.c * - * Requires: MBEDTLS_HAVE_ASM + * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note) + * + * This modules adds support for the AES-NI instructions on x86. + */ +/* #define MBEDTLS_AESNI_C */ + +/** + * \def MBEDTLS_AESCE_C + * + * Enable AES cryptographic extension support on 64-bit Arm. + * + * Module: library/aesce.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_AES_C + * + * \warning Runtime detection only works on Linux. For non-Linux operating + * system, Armv8-A Cryptographic Extensions must be supported by + * the CPU when this option is enabled. + * + * \note Minimum compiler versions for this feature are Clang 4.0, + * armclang 6.6, GCC 6.0 or MSVC 2019 version 16.11.2. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for + * armclang <= 6.9 * - * This modules adds support for the AES-NI instructions on x86-64 + * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems. */ -/*#define MBEDTLS_AESNI_C */ +/* #define MBEDTLS_AESCE_C */ /** * \def MBEDTLS_AES_C @@ -2007,6 +2400,9 @@ void mbedtls_platform_free( void * ptr ); * Enable the multi-precision integer library. * * Module: library/bignum.c + * library/bignum_core.c + * library/bignum_mod.c + * library/bignum_mod_raw.c * Caller: library/dhm.c * library/ecp.c * library/ecdsa.c @@ -2071,7 +2467,7 @@ void mbedtls_platform_free( void * ptr ); * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -/*#define MBEDTLS_CAMELLIA_C */ +/* #define MBEDTLS_CAMELLIA_C */ /** * \def MBEDTLS_ARIA_C @@ -2123,7 +2519,7 @@ void mbedtls_platform_free( void * ptr ); * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ -/*#define MBEDTLS_ARIA_C */ +/* #define MBEDTLS_ARIA_C */ /** * \def MBEDTLS_CCM_C @@ -2138,7 +2534,7 @@ void mbedtls_platform_free( void * ptr ); * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ -/*#define MBEDTLS_CCM_C */ +/* #define MBEDTLS_CCM_C */ /** * \def MBEDTLS_CHACHA20_C @@ -2207,6 +2603,8 @@ void mbedtls_platform_free( void * ptr ); * The CTR_DRBG generator uses AES-256 by default. * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. * + * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. + * * \note To achieve a 256-bit security strength with CTR_DRBG, * you must use AES-256 *and* use sufficient entropy. * See ctr_drbg.h for more details. @@ -2233,7 +2631,7 @@ void mbedtls_platform_free( void * ptr ); * * This module provides debugging functions. */ -/*#define MBEDTLS_DEBUG_C */ +/* #define MBEDTLS_DEBUG_C */ /** * \def MBEDTLS_DES_C @@ -2246,10 +2644,10 @@ void mbedtls_platform_free( void * ptr ); * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers instead. */ -/*#define MBEDTLS_DES_C */ +/* #define MBEDTLS_DES_C */ /** * \def MBEDTLS_DHM_C @@ -2323,9 +2721,12 @@ void mbedtls_platform_free( void * ptr ); * This module is used by the following key exchanges: * ECJPAKE * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C + * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C + * + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any EC J-PAKE operations. */ -/*#define MBEDTLS_ECJPAKE_C */ +/* #define MBEDTLS_ECJPAKE_C */ /** * \def MBEDTLS_ECP_C @@ -2411,6 +2812,32 @@ void mbedtls_platform_free( void * ptr ); */ #define MBEDTLS_HMAC_DRBG_C +/** + * \def MBEDTLS_LMS_C + * + * Enable the LMS stateful-hash asymmetric signature algorithm. + * + * Module: library/lms.c + * Caller: + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * Uncomment to enable the LMS verification algorithm and public key operations. + */ +#define MBEDTLS_LMS_C + +/** + * \def MBEDTLS_LMS_PRIVATE + * + * Enable LMS private-key operations and signing code. Functions enabled by this + * option are experimental, and should not be used in production. + * + * Requires: MBEDTLS_LMS_C + * + * Uncomment to enable the LMS signature algorithm and private key operations. + */ +/* #define MBEDTLS_LMS_PRIVATE */ + /** * \def MBEDTLS_NIST_KW_C * @@ -2427,8 +2854,12 @@ void mbedtls_platform_free( void * ptr ); /** * \def MBEDTLS_MD_C * - * Enable the generic message digest layer. + * Enable the generic layer for message digest (hashing) and HMAC. * + * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, + * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, + * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least + * one hash. * Module: library/md.c * Caller: library/constant_time.c * library/ecdsa.c @@ -2484,11 +2915,11 @@ void mbedtls_platform_free( void * ptr ); * Module: library/memory_buffer_alloc.c * * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) + * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS) * * Enable this module to enable the buffer memory allocator. */ -/*#define MBEDTLS_MEMORY_BUFFER_ALLOC_C */ +/* #define MBEDTLS_MEMORY_BUFFER_ALLOC_C */ /** * \def MBEDTLS_NET_C @@ -2501,13 +2932,13 @@ void mbedtls_platform_free( void * ptr ); * * \note See also our Knowledge Base article about porting to a new * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * * Module: library/net_sockets.c * * This module provides networking routines. */ -/*#define MBEDTLS_NET_C */ +/* #define MBEDTLS_NET_C */ /** * \def MBEDTLS_OID_C @@ -2544,7 +2975,7 @@ void mbedtls_platform_free( void * ptr ); * * This modules adds support for the VIA PadLock on x86. */ -/*#define MBEDTLS_PADLOCK_C */ +/* #define MBEDTLS_PADLOCK_C */ /** * \def MBEDTLS_PEM_PARSE_C @@ -2559,6 +2990,10 @@ void mbedtls_platform_free( void * ptr ); * library/x509_csr.c * * Requires: MBEDTLS_BASE64_C + * optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below) + * + * \warning When parsing password-protected files, if MD5 is provided only by + * a PSA driver, you must call psa_crypto_init() before the first file. * * This modules adds support for decoding / parsing PEM files. */ @@ -2634,12 +3069,32 @@ void mbedtls_platform_free( void * ptr ); * * Module: library/pkcs5.c * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * Requires: MBEDTLS_CIPHER_C + * Auto-enables: MBEDTLS_MD_C + * + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any PKCS5 operations. * * This module adds support for the PKCS#5 functions. */ #define MBEDTLS_PKCS5_C +/** + * \def MBEDTLS_PKCS7_C + * + * Enable PKCS #7 core for using PKCS #7-formatted signatures. + * RFC Link - https://tools.ietf.org/html/rfc2315 + * + * Module: library/pkcs7.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, + * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C + * + * This module is required for the PKCS #7 parsing modules. + */ +/* #define MBEDTLS_PKCS7_C */ + /** * \def MBEDTLS_PKCS12_C * @@ -2649,7 +3104,11 @@ void mbedtls_platform_free( void * ptr ); * Module: library/pkcs12.c * Caller: library/pkparse.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either + * MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C. + * + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any PKCS12 operations. * * This module enables PKCS#12 functions. */ @@ -2666,7 +3125,7 @@ void mbedtls_platform_free( void * ptr ); * above to be specified at runtime or compile time respectively. * * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. + * as other modules rely on it for a fixed snprintf implementation. * * Module: library/platform.c * Caller: Most other .c files @@ -2698,7 +3157,7 @@ void mbedtls_platform_free( void * ptr ); * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. * */ -/*#define MBEDTLS_PSA_CRYPTO_C */ +#define MBEDTLS_PSA_CRYPTO_C /** * \def MBEDTLS_PSA_CRYPTO_SE_C @@ -2706,15 +3165,15 @@ void mbedtls_platform_free( void * ptr ); * Enable dynamic secure element support in the Platform Security Architecture * cryptography API. * - * \deprecated This feature is deprecated. Please switch to the driver - * interface enabled by #MBEDTLS_PSA_CRYPTO_DRIVERS. + * \deprecated This feature is deprecated. Please switch to the PSA driver + * interface. * * Module: library/psa_crypto_se.c * * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C * */ -/*#define MBEDTLS_PSA_CRYPTO_SE_C */ +/* #define MBEDTLS_PSA_CRYPTO_SE_C */ /** * \def MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -2727,7 +3186,7 @@ void mbedtls_platform_free( void * ptr ); * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of * the PSA ITS interface */ -/*#define MBEDTLS_PSA_CRYPTO_STORAGE_C */ +/* #define MBEDTLS_PSA_CRYPTO_STORAGE_C */ /** * \def MBEDTLS_PSA_ITS_FILE_C @@ -2739,7 +3198,7 @@ void mbedtls_platform_free( void * ptr ); * * Requires: MBEDTLS_FS_IO */ -/*#define MBEDTLS_PSA_ITS_FILE_C */ +/* #define MBEDTLS_PSA_ITS_FILE_C */ /** * \def MBEDTLS_RIPEMD160_C @@ -2796,9 +3255,6 @@ void mbedtls_platform_free( void * ptr ); * * Enable the SHA-224 cryptographic hash algorithm. * - * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling - * SHA-224 without SHA-256. - * * Module: library/sha256.c * Caller: library/md.c * library/ssl_cookie.c @@ -2812,9 +3268,6 @@ void mbedtls_platform_free( void * ptr ); * * Enable the SHA-256 cryptographic hash algorithm. * - * Requires: MBEDTLS_SHA224_C. The library does not currently support enabling - * SHA-256 without SHA-224. - * * Module: library/sha256.c * Caller: library/entropy.c * library/md.c @@ -2837,8 +3290,11 @@ void mbedtls_platform_free( void * ptr ); * \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building * for a non-Aarch64 build it will be silently ignored. * - * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum - * of \c -march=armv8-a+crypto. + * \note Minimum compiler versions for this feature are Clang 4.0, + * armclang 6.6 or GCC 6.0. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for + * armclang <= 6.9 * * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the * same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. @@ -2850,7 +3306,7 @@ void mbedtls_platform_free( void * ptr ); * Uncomment to have the library check for the A64 SHA-256 crypto extensions * and use them if available. */ -/*#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */ +/* #define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */ /** * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY @@ -2862,8 +3318,11 @@ void mbedtls_platform_free( void * ptr ); * \note This allows builds with a smaller code size than with * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT * - * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum - * of \c -march=armv8-a+crypto. + * \note Minimum compiler versions for this feature are Clang 4.0, + * armclang 6.6 or GCC 6.0. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for + * armclang <= 6.9 * * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same * time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT. @@ -2875,15 +3334,13 @@ void mbedtls_platform_free( void * ptr ); * Uncomment to have the library use the A64 SHA-256 crypto extensions * unconditionally. */ -/*#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */ +/* #define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */ /** * \def MBEDTLS_SHA384_C * * Enable the SHA-384 cryptographic hash algorithm. * - * Requires: MBEDTLS_SHA512_C - * * Module: library/sha512.c * Caller: library/md.c * library/psa_crypto_hash.c @@ -2910,6 +3367,17 @@ void mbedtls_platform_free( void * ptr ); */ #define MBEDTLS_SHA512_C +/** + * \def MBEDTLS_SHA3_C + * + * Enable the SHA3 cryptographic hash algorithm. + * + * Module: library/sha3.c + * + * This module adds support for SHA3. + */ +#define MBEDTLS_SHA3_C + /** * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT * @@ -2920,10 +3388,11 @@ void mbedtls_platform_free( void * ptr ); * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building * for a non-Aarch64 build it will be silently ignored. * - * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or - * Clang >= 7, and \c CFLAGS must be set to a minimum of - * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the - * fastest code. + * \note Minimum compiler versions for this feature are Clang 7.0, + * armclang 6.9 or GCC 8.0. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for + * armclang 6.9 * * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. @@ -2935,7 +3404,7 @@ void mbedtls_platform_free( void * ptr ); * Uncomment to have the library check for the A64 SHA-512 crypto extensions * and use them if available. */ -/*#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */ +/* #define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */ /** * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY @@ -2947,10 +3416,11 @@ void mbedtls_platform_free( void * ptr ); * \note This allows builds with a smaller code size than with * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT * - * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or - * Clang >= 7, and \c CFLAGS must be set to a minimum of - * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the - * fastest code. + * \note Minimum compiler versions for this feature are Clang 7.0, + * armclang 6.9 or GCC 8.0. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for + * armclang 6.9 * * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT. @@ -2962,7 +3432,7 @@ void mbedtls_platform_free( void * ptr ); * Uncomment to have the library use the A64 SHA-512 crypto extensions * unconditionally. */ -/*#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ +/* #define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ /** * \def MBEDTLS_SSL_CACHE_C @@ -2994,7 +3464,8 @@ void mbedtls_platform_free( void * ptr ); * Module: library/ssl_ticket.c * Caller: * - * Requires: MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO + * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && + * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) */ #define MBEDTLS_SSL_TICKET_C @@ -3024,7 +3495,7 @@ void mbedtls_platform_free( void * ptr ); * * This module is required for SSL/TLS server support. */ -/*#define MBEDTLS_SSL_SRV */ +/* #define MBEDTLS_SSL_SRV */ /** * \def MBEDTLS_SSL_TLS_C @@ -3046,11 +3517,11 @@ void mbedtls_platform_free( void * ptr ); * \def MBEDTLS_THREADING_C * * Enable the threading abstraction layer. - * By default mbed TLS assumes it is used in a non-threaded environment or that + * By default Mbed TLS assumes it is used in a non-threaded environment or that * contexts are not shared between threads. If you do intend to use contexts * between threads, you will need to enable this layer to prevent race * conditions. See also our Knowledge Base article about threading: - * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading + * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading * * Module: library/threading.c * @@ -3060,7 +3531,7 @@ void mbedtls_platform_free( void * ptr ); * You will have to enable either MBEDTLS_THREADING_ALT or * MBEDTLS_THREADING_PTHREAD. * - * Enable this layer to allow use of mutexes within mbed TLS + * Enable this layer to allow use of mutexes within Mbed TLS */ #define MBEDTLS_THREADING_C #define MBEDTLS_THREADING_IMPL @@ -3084,11 +3555,11 @@ void mbedtls_platform_free( void * ptr ); * * \note See also our Knowledge Base article about porting to a new * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS * * Module: library/timing.c */ -/*#define MBEDTLS_TIMING_C */ +/* #define MBEDTLS_TIMING_C */ /** * \def MBEDTLS_VERSION_C @@ -3099,7 +3570,7 @@ void mbedtls_platform_free( void * ptr ); * * This module provides run-time version information. */ -/*#define MBEDTLS_VERSION_C */ +#define MBEDTLS_VERSION_C /** * \def MBEDTLS_X509_USE_C @@ -3111,8 +3582,11 @@ void mbedtls_platform_free( void * ptr ); * library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO) + * + * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call + * psa_crypto_init() before doing any X.509 operation. * * This module is required for the X.509 parsing modules. */ @@ -3169,7 +3643,11 @@ void mbedtls_platform_free( void * ptr ); * * Module: library/x509_create.c * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO) + * + * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call + * psa_crypto_init() before doing any X.509 create operation. * * This module is the basis for creating X.509 certificates and CSRs. */ @@ -3201,7 +3679,7 @@ void mbedtls_platform_free( void * ptr ); */ #define MBEDTLS_X509_CSR_WRITE_C -/** \} name SECTION: mbed TLS modules */ +/** \} name SECTION: Mbed TLS modules */ /** * \name SECTION: General configuration options @@ -3229,7 +3707,9 @@ void mbedtls_platform_free( void * ptr ); * The value of this symbol is typically a path in double quotes, either * absolute or relative to a directory on the include search path. */ -/*#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" */ +#ifndef MBEDTLS_CONFIG_FILE + #define MBEDTLS_CONFIG_FILE "mbedtls_config_v3.5.1.h" +#endif /* MBEDTLS_CONFIG_FILE */ /** * \def MBEDTLS_USER_CONFIG_FILE @@ -3246,7 +3726,7 @@ void mbedtls_platform_free( void * ptr ); * The value of this symbol is typically a path in double quotes, either * absolute or relative to a directory on the include search path. */ -/*#define MBEDTLS_USER_CONFIG_FILE "/dev/null" */ +/* #define MBEDTLS_USER_CONFIG_FILE "/dev/null" */ /** * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE @@ -3264,7 +3744,7 @@ void mbedtls_platform_free( void * ptr ); * The value of this symbol is typically a path in double quotes, either * absolute or relative to a directory on the include search path. */ -/*#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h" */ +/* #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h" */ /** * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE @@ -3281,7 +3761,54 @@ void mbedtls_platform_free( void * ptr ); * The value of this symbol is typically a path in double quotes, either * absolute or relative to a directory on the include search path. */ -/*#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" */ +/* #define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" */ + +/** + * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_platform.h"`. This file should declare the same identifiers + * as the one in Mbed TLS, but with definitions adapted to the platform on + * which the library code will run. + * + * \note The required content of this header can vary from one version of + * Mbed TLS to the next. Integrators who provide an alternative file + * should review the changes in the original file whenever they + * upgrade Mbed TLS. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +/* #define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h" */ + +/** + * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_struct.h"`. This file should declare the same identifiers + * as the one in Mbed TLS, but with definitions adapted to the environment + * in which the library code will run. The typical use for this feature + * is to provide alternative type definitions on the client side in + * client-server integrations of PSA crypto, where operation structures + * contain handles instead of cryptographic data. + * + * \note The required content of this header can vary from one version of + * Mbed TLS to the next. Integrators who provide an alternative file + * should review the changes in the original file whenever they + * upgrade Mbed TLS. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +/* #define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h" */ /** \} name SECTION: General configuration options */ @@ -3306,66 +3833,89 @@ void mbedtls_platform_free( void * ptr ); * comment in the specific module. */ /* MPI / BIGNUM options */ -/*#define MBEDTLS_MPI_WINDOW_SIZE 6 / **< Maximum window size used. * / */ -/*#define MBEDTLS_MPI_MAX_SIZE 1024 / **< Maximum number of bytes for usable MPIs. * / */ +/* #define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */ +/* #define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ /* CTR_DRBG options */ -/*#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 / **< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) * / */ -/*#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 / **< Interval before reseed is performed by default * / */ -/*#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 / **< Maximum number of additional input bytes * / */ -/*#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 / **< Maximum number of requested bytes per call * / */ -/*#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 / **< Maximum size of (re)seed buffer * / */ +/* #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +/* #define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +/* #define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +/* #define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +/* #define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ /* HMAC_DRBG options */ -/*#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 / **< Interval before reseed is performed by default * / */ -/*#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 / **< Maximum number of additional input bytes * / */ -/*#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 / **< Maximum number of requested bytes per call * / */ -/*#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 / **< Maximum size of (re)seed buffer * / */ +/* #define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +/* #define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +/* #define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +/* #define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ /* ECP options */ -/*#define MBEDTLS_ECP_WINDOW_SIZE 4 / **< Maximum window size used * / */ -/*#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 / **< Enable fixed-point speed-up * / */ +/* #define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */ +/* #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ /* Entropy options */ -/*#define MBEDTLS_ENTROPY_MAX_SOURCES 20 / **< Maximum number of sources supported * / */ -/*#define MBEDTLS_ENTROPY_MAX_GATHER 128 / **< Maximum amount requested from entropy sources * / */ -/*#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 / **< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released * / */ +/* #define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ +/* #define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ +/* #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ /* Memory buffer allocator options */ -/*#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 / **< Align on multiples of this value * / */ +/* #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ /* Platform options */ -/*#define MBEDTLS_PLATFORM_STD_MEM_HDR / **< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. * / */ -/*#define MBEDTLS_PLATFORM_STD_CALLOC calloc / **< Default allocator to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_FREE free / **< Default free to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_SETBUF setbuf / **< Default setbuf to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_EXIT exit / **< Default exit to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_TIME time / **< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled * / */ -/*#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf / **< Default fprintf to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_PRINTF printf / **< Default printf to use, can be undefined * / */ +/* #define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ + +/** \def MBEDTLS_PLATFORM_STD_CALLOC + * + * Default allocator to use, can be undefined. + * It must initialize the allocated buffer memory to zeroes. + * The size of the buffer is the product of the two parameters. + * The calloc function returns either a null pointer or a pointer to the allocated space. + * If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function. + * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer. + * See the description of #MBEDTLS_PLATFORM_MEMORY for more details. + * The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE. + */ +/* #define MBEDTLS_PLATFORM_STD_CALLOC calloc */ + +/** \def MBEDTLS_PLATFORM_STD_FREE + * + * Default free to use, can be undefined. + * NULL is a valid parameter, and the function must do nothing. + * A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed. + * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything. + * See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply). + */ +/* #define MBEDTLS_PLATFORM_STD_FREE free */ +/* #define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +/* #define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ /* Note: your snprintf must correctly zero-terminate the buffer! */ -/*#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf / **< Default snprintf to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 / **< Default exit value to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 / **< Default exit value to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read / **< Default nv_seed_read function to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write / **< Default nv_seed_write function to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" / **< Seed file to read/write with default implementation * / */ - -/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ +/* #define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ + +/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */ /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ -#define MBEDTLS_PLATFORM_CALLOC_MACRO mbedtls_platform_calloc /**< Default allocator macro to use, can be undefined */ -#define MBEDTLS_PLATFORM_FREE_MACRO mbedtls_platform_free /**< Default free macro to use, can be undefined */ -/*#define MBEDTLS_PLATFORM_EXIT_MACRO exit / **< Default exit macro to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf / **< Default setbuf macro to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_TIME_MACRO time / **< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled * / */ -/*#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t / **< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled * / */ -/*#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf / **< Default fprintf macro to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_PRINTF_MACRO printf / **< Default printf macro to use, can be undefined * / */ +#define MBEDTLS_PLATFORM_CALLOC_MACRO mbedtls_platform_calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */ +#define MBEDTLS_PLATFORM_FREE_MACRO mbedtls_platform_free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */ +/* #define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +/* #define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +/* #define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ /* Note: your snprintf must correctly zero-terminate the buffer! */ -/*#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf / **< Default snprintf macro to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf / **< Default vsnprintf macro to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read / **< Default nv_seed_read function to use, can be undefined * / */ -/*#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write / **< Default nv_seed_write function to use, can be undefined * / */ +/* #define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +/* #define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t /**< Default milliseconds time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled. It must be signed, and at least 64 bits. If it is changed from the default, MBEDTLS_PRINTF_MS_TIME must be updated to match.*/ +/* #define MBEDTLS_PRINTF_MS_TIME PRId64 /**< Default fmt for printf. That's avoid compiler warning if mbedtls_ms_time_t is redefined */ /** \def MBEDTLS_CHECK_RETURN * @@ -3380,7 +3930,7 @@ void mbedtls_platform_free( void * ptr ); * If the implementation here is empty, this will effectively disable the * checking of functions' return values. */ -/*#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) */ +/* #define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) */ /** \def MBEDTLS_IGNORE_RETURN * @@ -3388,7 +3938,7 @@ void mbedtls_platform_free( void * ptr ); * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this * warning is suppressed. */ -/*#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result)) */ +/* #define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result)) */ /* PSA options */ @@ -3402,7 +3952,7 @@ void mbedtls_platform_free( void * ptr ); * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and * on unspecified heuristics. */ -/*#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 */ +/* #define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 */ /** \def MBEDTLS_PSA_KEY_SLOT_COUNT * Restrict the PSA library to supporting a maximum amount of simultaneously @@ -3413,11 +3963,14 @@ void mbedtls_platform_free( void * ptr ); * If this option is unset, the library will fall back to a default value of * 32 keys. */ -/*#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 */ +/* #define MBEDTLS_PSA_KEY_SLOT_COUNT 32 */ + +/* RSA OPTIONS */ +/* #define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */ /* SSL Cache options */ -/*#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 / **< 1 day * / */ -/*#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 / **< Maximum entries in cache * / */ +/* #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ +/* #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ /* SSL options */ @@ -3440,21 +3993,21 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to set the maximum plaintext size of the incoming I/O buffer. */ -/*#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 */ +/* #define MBEDTLS_SSL_IN_CONTENT_LEN 16384 */ /** \def MBEDTLS_SSL_CID_IN_LEN_MAX * * The maximum length of CIDs used for incoming DTLS messages. * */ -/*#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 */ +/* #define MBEDTLS_SSL_CID_IN_LEN_MAX 32 */ /** \def MBEDTLS_SSL_CID_OUT_LEN_MAX * * The maximum length of CIDs used for outgoing DTLS messages. * */ -/*#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 */ +/* #define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 */ /** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY * @@ -3470,7 +4023,7 @@ void mbedtls_platform_free( void * ptr ); * Note: On systems lacking division instructions, * a power of two should be preferred. */ -/*#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 */ +/* #define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 */ /** \def MBEDTLS_SSL_OUT_CONTENT_LEN * @@ -3490,7 +4043,7 @@ void mbedtls_platform_free( void * ptr ); * * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. */ -/*#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 */ +/* #define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 */ /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING * @@ -3507,21 +4060,10 @@ void mbedtls_platform_free( void * ptr ); * while buffering multiple smaller handshake messages. * */ -/*#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 */ +/* #define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 */ -/*#define MBEDTLS_PSK_MAX_LEN 32 / **< Max size of TLS pre-shared keys, in bytes (default 256 bits) * / */ -/*#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 / **< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued * / */ - -/** \def MBEDTLS_TLS_EXT_CID - * - * At the time of writing, the CID extension has not been assigned its - * final value. Set this configuration option to make Mbed TLS use a - * different value. - * - * A future minor revision of Mbed TLS may change the default value of - * this option to match evolving standards and usage. - */ -/*#define MBEDTLS_TLS_EXT_CID 254 */ +/* #define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */ +/* #define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ /** * Complete list of ciphersuites to use, in order of preference. @@ -3535,58 +4077,128 @@ void mbedtls_platform_free( void * ptr ); * * The value below is only an example, not the default. */ -/*#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ +/* #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ -/* X509 options */ -/*#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 / **< Maximum number of intermediate CAs in a verification chain. * / */ -/*#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 / **< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). * / */ +/** + * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE + * + * The default maximum amount of 0-RTT data. See the documentation of + * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information. + * + * It must be positive and smaller than UINT32_MAX. + * + * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not + * have any impact on the build. + * + * This feature is experimental, not completed and thus not ready for + * production. + * + */ +/* #define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 */ /** - * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_platform_zeroize(). This replaces the default implementation in - * platform_util.c. + * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + * + * Maximum time difference in milliseconds tolerated between the age of a + * ticket from the server and client point of view. + * From the client point of view, the age of a ticket is the time difference + * between the time when the client proposes to the server to use the ticket + * (time of writing of the Pre-Shared Key Extension including the ticket) and + * the time the client received the ticket from the server. + * From the server point of view, the age of a ticket is the time difference + * between the time when the server receives a proposition from the client + * to use the ticket and the time when the ticket was created by the server. + * The server age is expected to be always greater than the client one and + * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the + * maximum difference tolerated for the server to accept the ticket. + * This is not used in TLS 1.2. * - * mbedtls_platform_zeroize() is a widely used function across the library to - * zero a block of memory. The implementation is expected to be secure in the - * sense that it has been written to prevent the compiler from removing calls - * to mbedtls_platform_zeroize() as part of redundant code elimination - * optimizations. However, it is difficult to guarantee that calls to - * mbedtls_platform_zeroize() will not be optimized by the compiler as older - * versions of the C language standards do not provide a secure implementation - * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to - * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from newer - * C standards (e.g using memset_s() in C11) or calling a secure memset() from - * their system (e.g explicit_bzero() in BSD). */ -/*#define MBEDTLS_PLATFORM_ZEROIZE_ALT */ +/* #define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 */ /** - * Uncomment the macro to let Mbed TLS use your alternate implementation of - * mbedtls_platform_gmtime_r(). This replaces the default implementation in - * platform_util.c. + * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH * - * gmtime() is not a thread-safe function as defined in the C standard. The - * library will try to use safer implementations of this function, such as - * gmtime_r() when available. However, if Mbed TLS cannot identify the target - * system, the implementation of mbedtls_platform_gmtime_r() will default to - * using the standard gmtime(). In this case, calls from the library to - * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the - * library are also guarded with this mutex to avoid race conditions. However, - * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will - * unconditionally use the implementation for mbedtls_platform_gmtime_r() - * supplied at compile time. + * Size in bytes of a ticket nonce. This is not used in TLS 1.2. + * + * This must be less than 256. */ -/*#define MBEDTLS_PLATFORM_GMTIME_R_ALT */ +/* #define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 */ /** - * Enable the verified implementations of ECDH primitives from Project Everest - * (currently only Curve25519). This feature changes the layout of ECDH - * contexts and therefore is a compatibility break for applications that access - * fields of a mbedtls_ecdh_context structure directly. See also - * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. + * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS + * + * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server + * after handshake completion. This is not used in TLS 1.2 and relevant only if + * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. + * */ -/*#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ +/* #define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 */ + +/* X509 options */ +/* #define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ +/* #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ /** \} name SECTION: Module configuration options */ + +#if 0 + #ifndef MBEDTLS_SSL_PROTO_TLS1_2 + #ifdef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + + #ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + #error This option is undef'd in build_info.h + #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_2*/ +#endif /* if 0 */ + +#ifdef MBEDTLS_USE_PSA_CRYPTO + #ifdef MBEDTLS_PSA_CRYPTO_CONFIG + #include MBEDTLS_PSA_CRYPTO_CONFIG + #else + #include "mbedtls/config_psa.h" + #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#include "mbedtls/config_adjust_legacy_crypto.h" + +#include "mbedtls/check_config.h" + +#endif /* __FREERTOS_MBEDTLS_CONFIG__*/ diff --git a/FreeRTOS-Plus/VisualStudio_StaticProjects/corePKCS11/corePKCS11.vcxproj b/FreeRTOS-Plus/VisualStudio_StaticProjects/corePKCS11/corePKCS11.vcxproj index 12df4729dfd..6f12f846a59 100644 --- a/FreeRTOS-Plus/VisualStudio_StaticProjects/corePKCS11/corePKCS11.vcxproj +++ b/FreeRTOS-Plus/VisualStudio_StaticProjects/corePKCS11/corePKCS11.vcxproj @@ -54,7 +54,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true ..\..\Source\corePKCS11\source\include;..\..\Source\corePKCS11\source\portable\os;..\..\Source\corePKCS11\source\portable\os\freertos_winsim;..\..\Source\corePKCS11\source\dependency\3rdparty\mbedtls_utils;..\..\Source\corePKCS11\source\dependency\3rdparty\pkcs11;.\;%(AdditionalIncludeDirectories) true @@ -68,7 +68,7 @@ Level3 true - MBEDTLS_CONFIG_FILE="mbedtls_config_v3.2.1.h";WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MBEDTLS_CONFIG_FILE="mbedtls_config_v3.5.1.h";WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true ..\..\Source\corePKCS11\source\include;..\..\Source\corePKCS11\source\portable\os;..\..\Source\corePKCS11\source\portable\os\freertos_winsim;..\..\Source\corePKCS11\source\dependency\3rdparty\mbedtls_utils;..\..\Source\corePKCS11\source\dependency\3rdparty\pkcs11;.\;%(AdditionalIncludeDirectories) true diff --git a/FreeRTOS/Demo/WIN32-MSVC-Static-Allocation-Only/WIN32.vcxproj b/FreeRTOS/Demo/WIN32-MSVC-Static-Allocation-Only/WIN32.vcxproj index 9e7a3da1449..4ceefcccdd3 100644 --- a/FreeRTOS/Demo/WIN32-MSVC-Static-Allocation-Only/WIN32.vcxproj +++ b/FreeRTOS/Demo/WIN32-MSVC-Static-Allocation-Only/WIN32.vcxproj @@ -74,7 +74,7 @@ Disabled ..\..\Source\include;..\..\Source\portable\MSVC-MingW;..\Common\Include;..\..\..\FreeRTOS-Plus\Source\FreeRTOS-Plus-Trace\kernelports\FreeRTOS;..\..\..\FreeRTOS-Plus\Source\FreeRTOS-Plus-Trace\kernelports\FreeRTOS\include;..\..\..\FreeRTOS-Plus\Source\FreeRTOS-Plus-Trace\Include;.\Trace_Recorder_Configuration;.;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0500;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) true EnableFastChecks MultiThreadedDebug diff --git a/FreeRTOS/Demo/WIN32-MSVC/FreeRTOSConfig.h b/FreeRTOS/Demo/WIN32-MSVC/FreeRTOSConfig.h index 60d2e7a9c23..40ec37e6846 100644 --- a/FreeRTOS/Demo/WIN32-MSVC/FreeRTOSConfig.h +++ b/FreeRTOS/Demo/WIN32-MSVC/FreeRTOSConfig.h @@ -127,6 +127,12 @@ extern void vAssertCalled( unsigned long ulLine, const char * const pcFileName ) #define sbSEND_COMPLETED( pxStreamBuffer ) vGenerateCoreBInterrupt( pxStreamBuffer ) #endif /* configINCLUDE_MESSAGE_BUFFER_AMP_DEMO */ +#ifdef WIN32_LEAN_AND_MEAN + #include "winsock2.h" +#else + #include +#endif /* WIN32_LEAN_AND_MEAN */ + /* Include the FreeRTOS+Trace FreeRTOS trace macro definitions. */ #include "trcRecorder.h" diff --git a/FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj b/FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj index 189ca5a26b6..0ef5e555ac4 100644 --- a/FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj +++ b/FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj @@ -40,7 +40,7 @@ Disabled ..\..\Source\include;..\..\Source\portable\MSVC-MingW;..\Common\Include;..\..\..\FreeRTOS-Plus\Source\FreeRTOS-Plus-Trace\kernelports\FreeRTOS;..\..\..\FreeRTOS-Plus\Source\FreeRTOS-Plus-Trace\kernelports\FreeRTOS\include;..\..\..\FreeRTOS-Plus\Source\FreeRTOS-Plus-Trace\include;.\Trace_Recorder_Configuration;.;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0601;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + WIN32;WIN32_LEAN_AND_MEAN;_DEBUG;_CONSOLE;_WIN32_WINNT=0x0601;WINVER=0x400;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebug .\Debug/WIN32.pch diff --git a/FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj.filters b/FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj.filters index 06e942977fd..7049d309c3b 100644 --- a/FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj.filters +++ b/FreeRTOS/Demo/WIN32-MSVC/WIN32.vcxproj.filters @@ -222,9 +222,6 @@ Configuration Files - - Demo App Source\FreeRTOS+Trace Recorder\include - Demo App Source\FreeRTOS+Trace Recorder\include diff --git a/FreeRTOS/Demo/WIN32-MSVC/main.c b/FreeRTOS/Demo/WIN32-MSVC/main.c index 3281b2364f9..e1a9427bc77 100644 --- a/FreeRTOS/Demo/WIN32-MSVC/main.c +++ b/FreeRTOS/Demo/WIN32-MSVC/main.c @@ -52,6 +52,12 @@ #include #include +#ifdef WIN32_LEAN_AND_MEAN + #include "winsock2.h" +#else + #include +#endif /* WIN32_LEAN_AND_MEAN */ + /* Visual studio intrinsics used so the __debugbreak() function is available * should an assert get hit. */ #include diff --git a/FreeRTOS/Demo/WIN32-MingW/Trace_Recorder_Configuration/trcConfig.h b/FreeRTOS/Demo/WIN32-MingW/Trace_Recorder_Configuration/trcConfig.h index 34f5adc4cb1..8a84fc76b5c 100644 --- a/FreeRTOS/Demo/WIN32-MingW/Trace_Recorder_Configuration/trcConfig.h +++ b/FreeRTOS/Demo/WIN32-MingW/Trace_Recorder_Configuration/trcConfig.h @@ -1,319 +1,333 @@ -/* - * Trace Recorder for Tracealyzer v4.6.0 - * Copyright 2021 Percepio AB - * www.percepio.com - * - * SPDX-License-Identifier: Apache-2.0 - * - * Main configuration parameters for the trace recorder library. - * More settings can be found in trcStreamingConfig.h and trcSnapshotConfig.h. - */ - -#ifndef TRC_CONFIG_H -#define TRC_CONFIG_H - -#ifdef __cplusplus -extern "C" { -#endif - -/****************************************************************************** - * Include of processor header file - * - * Here you may need to include the header file for your processor. This is - * required at least for the ARM Cortex-M port, that uses the ARM CMSIS API. - * Try that in case of build problems. Otherwise, remove the #error line below. - *****************************************************************************/ - -/** - * @def TRC_CFG_HARDWARE_PORT - * @brief Specify what hardware port to use (i.e., the "timestamping driver"). - * - * All ARM Cortex-M MCUs are supported by "TRC_HARDWARE_PORT_ARM_Cortex_M". - * This port uses the DWT cycle counter for Cortex-M3/M4/M7 devices, which is - * available on most such devices. In case your device don't have DWT support, - * you will get an error message opening the trace. In that case, you may - * force the recorder to use SysTick timestamping instead, using this define: - * - * #define TRC_CFG_ARM_CM_USE_SYSTICK - * - * For ARM Cortex-M0/M0+ devices, SysTick mode is used automatically. - * - * See trcHardwarePort.h for available ports and information on how to - * define your own port, if not already present. - */ -#define TRC_CFG_HARDWARE_PORT TRC_HARDWARE_PORT_Win32 - -/** - * @def TRC_CFG_SCHEDULING_ONLY - * @brief Macro which should be defined as an integer value. - * - * If this setting is enabled (= 1), only scheduling events are recorded. - * If disabled (= 0), all events are recorded (unless filtered in other ways). - * - * Default value is 0 (= include additional events). - */ -#define TRC_CFG_SCHEDULING_ONLY 0 - -/** - * @def TRC_CFG_INCLUDE_MEMMANG_EVENTS - * @brief Macro which should be defined as either zero (0) or one (1). - * - * This controls if malloc and free calls should be traced. Set this to zero (0) - * to exclude malloc/free calls, or one (1) to include such events in the trace. - * - * Default value is 1. - */ -#define TRC_CFG_INCLUDE_MEMMANG_EVENTS 1 - -/** - * @def TRC_CFG_INCLUDE_USER_EVENTS - * @brief Macro which should be defined as either zero (0) or one (1). - * - * If this is zero (0), all code related to User Events is excluded in order - * to reduce code size. Any attempts of storing User Events are then silently - * ignored. - * - * User Events are application-generated events, like "printf" but for the - * trace log, generated using vTracePrint and vTracePrintF. - * The formatting is done on host-side, by Tracealyzer. User Events are - * therefore much faster than a console printf and can often be used - * in timing critical code without problems. - * - * Note: In streaming mode, User Events are used to provide error messages - * and warnings from the recorder (in case of incorrect configuration) for - * display in Tracealyzer. Disabling user events will also disable these - * warnings. You can however still catch them by calling xTraceErrorGetLast - * or by putting breakpoints in xTraceError and xTraceWarning. - * - * Default value is 1. - */ -#define TRC_CFG_INCLUDE_USER_EVENTS 1 - -/** - * @def TRC_CFG_INCLUDE_ISR_TRACING - * @brief Macro which should be defined as either zero (0) or one (1). - * - * If this is zero (0), the code for recording Interrupt Service Routines is - * excluded, in order to reduce code size. This means that any calls to - * vTraceStoreISRBegin/vTraceStoreISREnd will be ignored. - * This does not completely disable ISR tracing, in cases where an ISR is - * calling a traced kernel service. These events will still be recorded and - * show up in anonymous ISR instances in Tracealyzer, with names such as - * "ISR sending to ". - * To disable such tracing, please refer to vTraceSetFilterGroup and - * vTraceSetFilterMask. - * - * Default value is 1. - * - * Note: tracing ISRs requires that you insert calls to vTraceStoreISRBegin - * and vTraceStoreISREnd in your interrupt handlers. - */ -#define TRC_CFG_INCLUDE_ISR_TRACING 1 - -/** - * @def TRC_CFG_INCLUDE_READY_EVENTS - * @brief Macro which should be defined as either zero (0) or one (1). - * - * If one (1), events are recorded when tasks enter scheduling state "ready". - * This allows Tracealyzer to show the initial pending time before tasks enter - * the execution state, and present accurate response times. - * If zero (0), "ready events" are not created, which allows for recording - * longer traces in the same amount of RAM. - * - * Default value is 1. - */ -#define TRC_CFG_INCLUDE_READY_EVENTS 1 - -/** - * @def TRC_CFG_INCLUDE_OSTICK_EVENTS - * @brief Macro which should be defined as either zero (0) or one (1). - * - * If this is one (1), events will be generated whenever the OS clock is - * increased. If zero (0), OS tick events are not generated, which allows for - * recording longer traces in the same amount of RAM. - * - * Default value is 1. - */ -#define TRC_CFG_INCLUDE_OSTICK_EVENTS 1 - -/** - * @def TRC_CFG_ENABLE_STACK_MONITOR - * @brief If enabled (1), the recorder periodically reports the unused stack space of - * all active tasks. - * The stack monitoring runs in the Tracealyzer Control task, TzCtrl. This task - * is always created by the recorder when in streaming mode. - * In snapshot mode, the TzCtrl task is only used for stack monitoring and is - * not created unless this is enabled. - */ -#define TRC_CFG_ENABLE_STACK_MONITOR 1 - -/** - * @def TRC_CFG_STACK_MONITOR_MAX_TASKS - * @brief Macro which should be defined as a non-zero integer value. - * - * This controls how many tasks that can be monitored by the stack monitor. - * If this is too small, some tasks will be excluded and a warning is shown. - * - * Default value is 10. - */ -#define TRC_CFG_STACK_MONITOR_MAX_TASKS 50 - -/** - * @def TRC_CFG_STACK_MONITOR_MAX_REPORTS - * @brief Macro which should be defined as a non-zero integer value. - * - * This defines how many tasks that will be subject to stack usage analysis for - * each execution of the Tracealyzer Control task (TzCtrl). Note that the stack - * monitoring cycles between the tasks, so this does not affect WHICH tasks that - * are monitored, but HOW OFTEN each task stack is analyzed. - * - * This setting can be combined with TRC_CFG_CTRL_TASK_DELAY to tune the - * frequency of the stack monitoring. This is motivated since the stack analysis - * can take some time to execute. - * However, note that the stack analysis runs in a separate task (TzCtrl) that - * can be executed on low priority. This way, you can avoid that the stack - * analysis disturbs any time-sensitive tasks. - * - * Default value is 1. - */ -#define TRC_CFG_STACK_MONITOR_MAX_REPORTS 1 - -/** - * @def TRC_CFG_CTRL_TASK_PRIORITY - * @brief The scheduling priority of the Tracealyzer Control (TzCtrl) task. - * - * In streaming mode, TzCtrl is used to receive start/stop commands from - * Tracealyzer and in some cases also to transmit the trace data (for stream - * ports that uses the internal buffer, like TCP/IP). For such stream ports, - * make sure the TzCtrl priority is high enough to ensure reliable periodic - * execution and transfer of the data, but low enough to avoid disturbing any - * time-sensitive functions. - * - * In Snapshot mode, TzCtrl is only used for the stack usage monitoring and is - * not created if stack monitoring is disabled. TRC_CFG_CTRL_TASK_PRIORITY should - * be low, to avoid disturbing any time-sensitive tasks. - */ -#define TRC_CFG_CTRL_TASK_PRIORITY 1 - -/** - * @def TRC_CFG_CTRL_TASK_DELAY - * @brief The delay between loops of the TzCtrl task (see TRC_CFG_CTRL_TASK_PRIORITY), - * which affects the frequency of the stack monitoring. - * - * In streaming mode, this also affects the trace data transfer if you are using - * a stream port leveraging the internal buffer (like TCP/IP). A shorter delay - * increases the CPU load of TzCtrl somewhat, but may improve the performance of - * of the trace streaming, especially if the trace buffer is small. - */ -#define TRC_CFG_CTRL_TASK_DELAY 2 - -/** - * @def TRC_CFG_CTRL_TASK_STACK_SIZE - * @brief The stack size of the Tracealyzer Control (TzCtrl) task. - * See TRC_CFG_CTRL_TASK_PRIORITY for further information about TzCtrl. - */ -#define TRC_CFG_CTRL_TASK_STACK_SIZE 1024 - -/** - * @def TRC_CFG_RECORDER_BUFFER_ALLOCATION - * @brief Specifies how the recorder buffer is allocated (also in case of streaming, in - * port using the recorder's internal temporary buffer) - * - * Values: - * TRC_RECORDER_BUFFER_ALLOCATION_STATIC - Static allocation (internal) - * TRC_RECORDER_BUFFER_ALLOCATION_DYNAMIC - Malloc in vTraceEnable - * TRC_RECORDER_BUFFER_ALLOCATION_CUSTOM - Use vTraceSetRecorderDataBuffer - * - * Static and dynamic mode does the allocation for you, either in compile time - * (static) or in runtime (malloc). - * The custom mode allows you to control how and where the allocation is made, - * for details see TRC_ALLOC_CUSTOM_BUFFER and vTraceSetRecorderDataBuffer(). - */ -#define TRC_CFG_RECORDER_BUFFER_ALLOCATION TRC_RECORDER_BUFFER_ALLOCATION_STATIC - -/** - * @def TRC_CFG_MAX_ISR_NESTING - * @brief Defines how many levels of interrupt nesting the recorder can handle, in - * case multiple ISRs are traced and ISR nesting is possible. If this - * is exceeded, the particular ISR will not be traced and the recorder then - * logs an error message. This setting is used to allocate an internal stack - * for keeping track of the previous execution context (4 byte per entry). - * - * This value must be a non-zero positive constant, at least 1. - * - * Default value: 8 - */ -#define TRC_CFG_MAX_ISR_NESTING 8 - -/** - * @def TRC_CFG_ISR_TAILCHAINING_THRESHOLD - * @brief Macro which should be defined as an integer value. - * - * If tracing multiple ISRs, this setting allows for accurate display of the - * context-switching also in cases when the ISRs execute in direct sequence. - * - * vTraceStoreISREnd normally assumes that the ISR returns to the previous - * context, i.e., a task or a preempted ISR. But if another traced ISR - * executes in direct sequence, Tracealyzer may incorrectly display a minimal - * fragment of the previous context in between the ISRs. - * - * By using TRC_CFG_ISR_TAILCHAINING_THRESHOLD you can avoid this. This is - * however a threshold value that must be measured for your specific setup. - * See http://percepio.com/2014/03/21/isr_tailchaining_threshold/ - * - * The default setting is 0, meaning "disabled" and that you may get an - * extra fragments of the previous context in between tail-chained ISRs. - * - * Note: This setting has separate definitions in trcSnapshotConfig.h and - * trcStreamingConfig.h, since it is affected by the recorder mode. - */ -#define TRC_CFG_ISR_TAILCHAINING_THRESHOLD 0 - -/** - * @def TRC_CFG_RECORDER_DATA_INIT - * @brief Macro which states wether the recorder data should have an initial value. - * - * In very specific cases where traced objects are created before main(), - * the recorder will need to be started even before that. In these cases, - * the recorder data would be initialized by vTraceEnable(TRC_INIT) but could - * then later be overwritten by the initialization value. - * If this is an issue for you, set TRC_CFG_RECORDER_DATA_INIT to 0. - * The following code can then be used before any traced objects are created: - * - * extern uint32_t RecorderEnabled; - * RecorderEnabled = 0; - * xTraceInitialize(); - * - * After the clocks are properly initialized, use vTraceEnable(...) to start - * the tracing. - * - * Default value is 1. - */ -#define TRC_CFG_RECORDER_DATA_INIT 1 - -/** - * @def TRC_CFG_RECORDER_DATA_ATTRIBUTE - * @brief When setting TRC_CFG_RECORDER_DATA_INIT to 0, you might also need to make - * sure certain recorder data is placed in a specific RAM section to avoid being - * zeroed out after initialization. Define TRC_CFG_RECORDER_DATA_ATTRIBUTE as - * that attribute. - * - * Example: - * #define TRC_CFG_RECORDER_DATA_ATTRIBUTE __attribute__((section(".bss.trace_recorder_data"))) - * - * Default value is empty. - */ -#define TRC_CFG_RECORDER_DATA_ATTRIBUTE - -/** - * @def TRC_CFG_USE_TRACE_ASSERT - * @brief Enable or disable debug asserts. Information regarding any assert that is - * triggered will be in trcAssert.c. - */ -#define TRC_CFG_USE_TRACE_ASSERT 0 - -#ifdef __cplusplus -} -#endif - -#endif /* _TRC_CONFIG_H */ +/* + * Trace Recorder for Tracealyzer v4.6.0 + * Copyright 2021 Percepio AB + * www.percepio.com + * + * SPDX-License-Identifier: Apache-2.0 + * + * Main configuration parameters for the trace recorder library. + * More settings can be found in trcStreamingConfig.h and trcSnapshotConfig.h. + */ + +#ifndef TRC_CONFIG_H +#define TRC_CONFIG_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** Exclude Windows APIs such as Cryptography, DDE, RPC, Shell, +* and Windows Sockets. */ +#ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN +#endif + +#include + +/* Define _WINSOCKAPI_ to ensure that winsock.h is not included */ +#ifndef _WINSOCKAPI_ + #define _WINSOCKAPI_ +#endif + + +/****************************************************************************** + * Include of processor header file + * + * Here you may need to include the header file for your processor. This is + * required at least for the ARM Cortex-M port, that uses the ARM CMSIS API. + * Try that in case of build problems. Otherwise, remove the #error line below. + *****************************************************************************/ + +/** + * @def TRC_CFG_HARDWARE_PORT + * @brief Specify what hardware port to use (i.e., the "timestamping driver"). + * + * All ARM Cortex-M MCUs are supported by "TRC_HARDWARE_PORT_ARM_Cortex_M". + * This port uses the DWT cycle counter for Cortex-M3/M4/M7 devices, which is + * available on most such devices. In case your device don't have DWT support, + * you will get an error message opening the trace. In that case, you may + * force the recorder to use SysTick timestamping instead, using this define: + * + * #define TRC_CFG_ARM_CM_USE_SYSTICK + * + * For ARM Cortex-M0/M0+ devices, SysTick mode is used automatically. + * + * See trcHardwarePort.h for available ports and information on how to + * define your own port, if not already present. + */ +#define TRC_CFG_HARDWARE_PORT TRC_HARDWARE_PORT_Win32 + +/** + * @def TRC_CFG_SCHEDULING_ONLY + * @brief Macro which should be defined as an integer value. + * + * If this setting is enabled (= 1), only scheduling events are recorded. + * If disabled (= 0), all events are recorded (unless filtered in other ways). + * + * Default value is 0 (= include additional events). + */ +#define TRC_CFG_SCHEDULING_ONLY 0 + +/** + * @def TRC_CFG_INCLUDE_MEMMANG_EVENTS + * @brief Macro which should be defined as either zero (0) or one (1). + * + * This controls if malloc and free calls should be traced. Set this to zero (0) + * to exclude malloc/free calls, or one (1) to include such events in the trace. + * + * Default value is 1. + */ +#define TRC_CFG_INCLUDE_MEMMANG_EVENTS 1 + +/** + * @def TRC_CFG_INCLUDE_USER_EVENTS + * @brief Macro which should be defined as either zero (0) or one (1). + * + * If this is zero (0), all code related to User Events is excluded in order + * to reduce code size. Any attempts of storing User Events are then silently + * ignored. + * + * User Events are application-generated events, like "printf" but for the + * trace log, generated using vTracePrint and vTracePrintF. + * The formatting is done on host-side, by Tracealyzer. User Events are + * therefore much faster than a console printf and can often be used + * in timing critical code without problems. + * + * Note: In streaming mode, User Events are used to provide error messages + * and warnings from the recorder (in case of incorrect configuration) for + * display in Tracealyzer. Disabling user events will also disable these + * warnings. You can however still catch them by calling xTraceErrorGetLast + * or by putting breakpoints in xTraceError and xTraceWarning. + * + * Default value is 1. + */ +#define TRC_CFG_INCLUDE_USER_EVENTS 1 + +/** + * @def TRC_CFG_INCLUDE_ISR_TRACING + * @brief Macro which should be defined as either zero (0) or one (1). + * + * If this is zero (0), the code for recording Interrupt Service Routines is + * excluded, in order to reduce code size. This means that any calls to + * vTraceStoreISRBegin/vTraceStoreISREnd will be ignored. + * This does not completely disable ISR tracing, in cases where an ISR is + * calling a traced kernel service. These events will still be recorded and + * show up in anonymous ISR instances in Tracealyzer, with names such as + * "ISR sending to ". + * To disable such tracing, please refer to vTraceSetFilterGroup and + * vTraceSetFilterMask. + * + * Default value is 1. + * + * Note: tracing ISRs requires that you insert calls to vTraceStoreISRBegin + * and vTraceStoreISREnd in your interrupt handlers. + */ +#define TRC_CFG_INCLUDE_ISR_TRACING 1 + +/** + * @def TRC_CFG_INCLUDE_READY_EVENTS + * @brief Macro which should be defined as either zero (0) or one (1). + * + * If one (1), events are recorded when tasks enter scheduling state "ready". + * This allows Tracealyzer to show the initial pending time before tasks enter + * the execution state, and present accurate response times. + * If zero (0), "ready events" are not created, which allows for recording + * longer traces in the same amount of RAM. + * + * Default value is 1. + */ +#define TRC_CFG_INCLUDE_READY_EVENTS 1 + +/** + * @def TRC_CFG_INCLUDE_OSTICK_EVENTS + * @brief Macro which should be defined as either zero (0) or one (1). + * + * If this is one (1), events will be generated whenever the OS clock is + * increased. If zero (0), OS tick events are not generated, which allows for + * recording longer traces in the same amount of RAM. + * + * Default value is 1. + */ +#define TRC_CFG_INCLUDE_OSTICK_EVENTS 1 + +/** + * @def TRC_CFG_ENABLE_STACK_MONITOR + * @brief If enabled (1), the recorder periodically reports the unused stack space of + * all active tasks. + * The stack monitoring runs in the Tracealyzer Control task, TzCtrl. This task + * is always created by the recorder when in streaming mode. + * In snapshot mode, the TzCtrl task is only used for stack monitoring and is + * not created unless this is enabled. + */ +#define TRC_CFG_ENABLE_STACK_MONITOR 1 + +/** + * @def TRC_CFG_STACK_MONITOR_MAX_TASKS + * @brief Macro which should be defined as a non-zero integer value. + * + * This controls how many tasks that can be monitored by the stack monitor. + * If this is too small, some tasks will be excluded and a warning is shown. + * + * Default value is 10. + */ +#define TRC_CFG_STACK_MONITOR_MAX_TASKS 50 + +/** + * @def TRC_CFG_STACK_MONITOR_MAX_REPORTS + * @brief Macro which should be defined as a non-zero integer value. + * + * This defines how many tasks that will be subject to stack usage analysis for + * each execution of the Tracealyzer Control task (TzCtrl). Note that the stack + * monitoring cycles between the tasks, so this does not affect WHICH tasks that + * are monitored, but HOW OFTEN each task stack is analyzed. + * + * This setting can be combined with TRC_CFG_CTRL_TASK_DELAY to tune the + * frequency of the stack monitoring. This is motivated since the stack analysis + * can take some time to execute. + * However, note that the stack analysis runs in a separate task (TzCtrl) that + * can be executed on low priority. This way, you can avoid that the stack + * analysis disturbs any time-sensitive tasks. + * + * Default value is 1. + */ +#define TRC_CFG_STACK_MONITOR_MAX_REPORTS 1 + +/** + * @def TRC_CFG_CTRL_TASK_PRIORITY + * @brief The scheduling priority of the Tracealyzer Control (TzCtrl) task. + * + * In streaming mode, TzCtrl is used to receive start/stop commands from + * Tracealyzer and in some cases also to transmit the trace data (for stream + * ports that uses the internal buffer, like TCP/IP). For such stream ports, + * make sure the TzCtrl priority is high enough to ensure reliable periodic + * execution and transfer of the data, but low enough to avoid disturbing any + * time-sensitive functions. + * + * In Snapshot mode, TzCtrl is only used for the stack usage monitoring and is + * not created if stack monitoring is disabled. TRC_CFG_CTRL_TASK_PRIORITY should + * be low, to avoid disturbing any time-sensitive tasks. + */ +#define TRC_CFG_CTRL_TASK_PRIORITY 1 + +/** + * @def TRC_CFG_CTRL_TASK_DELAY + * @brief The delay between loops of the TzCtrl task (see TRC_CFG_CTRL_TASK_PRIORITY), + * which affects the frequency of the stack monitoring. + * + * In streaming mode, this also affects the trace data transfer if you are using + * a stream port leveraging the internal buffer (like TCP/IP). A shorter delay + * increases the CPU load of TzCtrl somewhat, but may improve the performance of + * of the trace streaming, especially if the trace buffer is small. + */ +#define TRC_CFG_CTRL_TASK_DELAY 2 + +/** + * @def TRC_CFG_CTRL_TASK_STACK_SIZE + * @brief The stack size of the Tracealyzer Control (TzCtrl) task. + * See TRC_CFG_CTRL_TASK_PRIORITY for further information about TzCtrl. + */ +#define TRC_CFG_CTRL_TASK_STACK_SIZE 1024 + +/** + * @def TRC_CFG_RECORDER_BUFFER_ALLOCATION + * @brief Specifies how the recorder buffer is allocated (also in case of streaming, in + * port using the recorder's internal temporary buffer) + * + * Values: + * TRC_RECORDER_BUFFER_ALLOCATION_STATIC - Static allocation (internal) + * TRC_RECORDER_BUFFER_ALLOCATION_DYNAMIC - Malloc in vTraceEnable + * TRC_RECORDER_BUFFER_ALLOCATION_CUSTOM - Use vTraceSetRecorderDataBuffer + * + * Static and dynamic mode does the allocation for you, either in compile time + * (static) or in runtime (malloc). + * The custom mode allows you to control how and where the allocation is made, + * for details see TRC_ALLOC_CUSTOM_BUFFER and vTraceSetRecorderDataBuffer(). + */ +#define TRC_CFG_RECORDER_BUFFER_ALLOCATION TRC_RECORDER_BUFFER_ALLOCATION_STATIC + +/** + * @def TRC_CFG_MAX_ISR_NESTING + * @brief Defines how many levels of interrupt nesting the recorder can handle, in + * case multiple ISRs are traced and ISR nesting is possible. If this + * is exceeded, the particular ISR will not be traced and the recorder then + * logs an error message. This setting is used to allocate an internal stack + * for keeping track of the previous execution context (4 byte per entry). + * + * This value must be a non-zero positive constant, at least 1. + * + * Default value: 8 + */ +#define TRC_CFG_MAX_ISR_NESTING 8 + +/** + * @def TRC_CFG_ISR_TAILCHAINING_THRESHOLD + * @brief Macro which should be defined as an integer value. + * + * If tracing multiple ISRs, this setting allows for accurate display of the + * context-switching also in cases when the ISRs execute in direct sequence. + * + * vTraceStoreISREnd normally assumes that the ISR returns to the previous + * context, i.e., a task or a preempted ISR. But if another traced ISR + * executes in direct sequence, Tracealyzer may incorrectly display a minimal + * fragment of the previous context in between the ISRs. + * + * By using TRC_CFG_ISR_TAILCHAINING_THRESHOLD you can avoid this. This is + * however a threshold value that must be measured for your specific setup. + * See http://percepio.com/2014/03/21/isr_tailchaining_threshold/ + * + * The default setting is 0, meaning "disabled" and that you may get an + * extra fragments of the previous context in between tail-chained ISRs. + * + * Note: This setting has separate definitions in trcSnapshotConfig.h and + * trcStreamingConfig.h, since it is affected by the recorder mode. + */ +#define TRC_CFG_ISR_TAILCHAINING_THRESHOLD 0 + +/** + * @def TRC_CFG_RECORDER_DATA_INIT + * @brief Macro which states wether the recorder data should have an initial value. + * + * In very specific cases where traced objects are created before main(), + * the recorder will need to be started even before that. In these cases, + * the recorder data would be initialized by vTraceEnable(TRC_INIT) but could + * then later be overwritten by the initialization value. + * If this is an issue for you, set TRC_CFG_RECORDER_DATA_INIT to 0. + * The following code can then be used before any traced objects are created: + * + * extern uint32_t RecorderEnabled; + * RecorderEnabled = 0; + * xTraceInitialize(); + * + * After the clocks are properly initialized, use vTraceEnable(...) to start + * the tracing. + * + * Default value is 1. + */ +#define TRC_CFG_RECORDER_DATA_INIT 1 + +/** + * @def TRC_CFG_RECORDER_DATA_ATTRIBUTE + * @brief When setting TRC_CFG_RECORDER_DATA_INIT to 0, you might also need to make + * sure certain recorder data is placed in a specific RAM section to avoid being + * zeroed out after initialization. Define TRC_CFG_RECORDER_DATA_ATTRIBUTE as + * that attribute. + * + * Example: + * #define TRC_CFG_RECORDER_DATA_ATTRIBUTE __attribute__((section(".bss.trace_recorder_data"))) + * + * Default value is empty. + */ +#define TRC_CFG_RECORDER_DATA_ATTRIBUTE + +/** + * @def TRC_CFG_USE_TRACE_ASSERT + * @brief Enable or disable debug asserts. Information regarding any assert that is + * triggered will be in trcAssert.c. + */ +#define TRC_CFG_USE_TRACE_ASSERT 0 + +#ifdef __cplusplus +} +#endif + +#endif /* _TRC_CONFIG_H */ diff --git a/manifest.yml b/manifest.yml index a373d523800..aaff56d6048 100644 --- a/manifest.yml +++ b/manifest.yml @@ -54,7 +54,7 @@ dependencies: path: "FreeRTOS-Plus/Source/Application-Protocols/coreMQTT-Agent" - name: "corePKCS11" - version: "6ddc35e" + version: "8b5ec3b3e" repository: type: "git" url: "https://github.com/FreeRTOS/corePKCS11.git" @@ -89,7 +89,7 @@ dependencies: path: "FreeRTOS-Plus/ThirdParty/wolfSSL" - name: "mbedtls" - version: "v3.2.1" + version: "v3.5.1" repository: type: "git" url: "https://github.com/Mbed-TLS/mbedtls.git"