Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of mbedtls by
config.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_CONFIG_H 00029 #define MBEDTLS_CONFIG_H 00030 00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00032 #define _CRT_SECURE_NO_DEPRECATE 1 00033 #endif 00034 00035 /** 00036 * \name SECTION: System support 00037 * 00038 * This section sets system specific settings. 00039 * \{ 00040 */ 00041 00042 /** 00043 * \def MBEDTLS_HAVE_ASM 00044 * 00045 * The compiler has support for asm(). 00046 * 00047 * Requires support for asm() in compiler. 00048 * 00049 * Used in: 00050 * library/timing.c 00051 * library/padlock.c 00052 * include/mbedtls/bn_mul.h 00053 * 00054 * Comment to disable the use of assembly code. 00055 */ 00056 #define MBEDTLS_HAVE_ASM 00057 00058 /** 00059 * \def MBEDTLS_NO_UDBL_DIVISION 00060 * 00061 * The platform lacks support for double-width integer division (64-bit 00062 * division on a 32-bit platform, 128-bit division on a 64-bit platform). 00063 * 00064 * Used in: 00065 * include/mbedtls/bignum.h 00066 * library/bignum.c 00067 * 00068 * The bignum code uses double-width division to speed up some operations. 00069 * Double-width division is often implemented in software that needs to 00070 * be linked with the program. The presence of a double-width integer 00071 * type is usually detected automatically through preprocessor macros, 00072 * but the automatic detection cannot know whether the code needs to 00073 * and can be linked with an implementation of division for that type. 00074 * By default division is assumed to be usable if the type is present. 00075 * Uncomment this option to prevent the use of double-width division. 00076 * 00077 * Note that division for the native integer type is always required. 00078 * Furthermore, a 64-bit type is always required even on a 32-bit 00079 * platform, but it need not support multiplication or division. In some 00080 * cases it is also desirable to disable some double-width operations. For 00081 * example, if double-width division is implemented in software, disabling 00082 * it can reduce code size in some embedded targets. 00083 */ 00084 //#define MBEDTLS_NO_UDBL_DIVISION 00085 00086 /** 00087 * \def MBEDTLS_HAVE_SSE2 00088 * 00089 * CPU supports SSE2 instruction set. 00090 * 00091 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00092 */ 00093 //#define MBEDTLS_HAVE_SSE2 00094 00095 /** 00096 * \def MBEDTLS_HAVE_TIME 00097 * 00098 * System has time.h and time(). 00099 * The time does not need to be correct, only time differences are used, 00100 * by contrast with MBEDTLS_HAVE_TIME_DATE 00101 * 00102 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00103 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00104 * MBEDTLS_PLATFORM_STD_TIME. 00105 * 00106 * Comment if your system does not support time functions 00107 */ 00108 #define MBEDTLS_HAVE_TIME 00109 00110 /** 00111 * \def MBEDTLS_HAVE_TIME_DATE 00112 * 00113 * System has time.h and time(), gmtime() and the clock is correct. 00114 * The time needs to be correct (not necesarily very accurate, but at least 00115 * the date should be correct). This is used to verify the validity period of 00116 * X.509 certificates. 00117 * 00118 * Comment if your system does not have a correct clock. 00119 */ 00120 #define MBEDTLS_HAVE_TIME_DATE 00121 00122 /** 00123 * \def MBEDTLS_PLATFORM_MEMORY 00124 * 00125 * Enable the memory allocation layer. 00126 * 00127 * By default mbed TLS uses the system-provided calloc() and free(). 00128 * This allows different allocators (self-implemented or provided) to be 00129 * provided to the platform abstraction layer. 00130 * 00131 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00132 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00133 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00134 * free() function pointer at runtime. 00135 * 00136 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00137 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00138 * alternate function at compile time. 00139 * 00140 * Requires: MBEDTLS_PLATFORM_C 00141 * 00142 * Enable this layer to allow use of alternative memory allocators. 00143 */ 00144 //#define MBEDTLS_PLATFORM_MEMORY 00145 00146 /** 00147 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00148 * 00149 * Do not assign standard functions in the platform layer (e.g. calloc() to 00150 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00151 * 00152 * This makes sure there are no linking errors on platforms that do not support 00153 * these functions. You will HAVE to provide alternatives, either at runtime 00154 * via the platform_set_xxx() functions or at compile time by setting 00155 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00156 * MBEDTLS_PLATFORM_XXX_MACRO. 00157 * 00158 * Requires: MBEDTLS_PLATFORM_C 00159 * 00160 * Uncomment to prevent default assignment of standard functions in the 00161 * platform layer. 00162 */ 00163 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00164 00165 /** 00166 * \def MBEDTLS_PLATFORM_EXIT_ALT 00167 * 00168 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00169 * function in the platform abstraction layer. 00170 * 00171 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00172 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00173 * alternative printf function pointer. 00174 * 00175 * All these define require MBEDTLS_PLATFORM_C to be defined! 00176 * 00177 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00178 * it will be enabled automatically by check_config.h 00179 * 00180 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00181 * MBEDTLS_PLATFORM_XXX_MACRO! 00182 * 00183 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00184 * 00185 * Uncomment a macro to enable alternate implementation of specific base 00186 * platform function 00187 */ 00188 //#define MBEDTLS_PLATFORM_EXIT_ALT 00189 //#define MBEDTLS_PLATFORM_TIME_ALT 00190 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00191 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00192 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00193 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00194 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT 00195 00196 /** 00197 * \def MBEDTLS_DEPRECATED_WARNING 00198 * 00199 * Mark deprecated functions so that they generate a warning if used. 00200 * Functions deprecated in one version will usually be removed in the next 00201 * version. You can enable this to help you prepare the transition to a new 00202 * major version by making sure your code is not using these functions. 00203 * 00204 * This only works with GCC and Clang. With other compilers, you may want to 00205 * use MBEDTLS_DEPRECATED_REMOVED 00206 * 00207 * Uncomment to get warnings on using deprecated functions. 00208 */ 00209 //#define MBEDTLS_DEPRECATED_WARNING 00210 00211 /** 00212 * \def MBEDTLS_DEPRECATED_REMOVED 00213 * 00214 * Remove deprecated functions so that they generate an error if used. 00215 * Functions deprecated in one version will usually be removed in the next 00216 * version. You can enable this to help you prepare the transition to a new 00217 * major version by making sure your code is not using these functions. 00218 * 00219 * Uncomment to get errors on using deprecated functions. 00220 */ 00221 //#define MBEDTLS_DEPRECATED_REMOVED 00222 00223 /* \} name SECTION: System support */ 00224 00225 /** 00226 * \name SECTION: mbed TLS feature support 00227 * 00228 * This section sets support for features that are or are not needed 00229 * within the modules that are enabled. 00230 * \{ 00231 */ 00232 00233 /** 00234 * \def MBEDTLS_TIMING_ALT 00235 * 00236 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00237 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00238 * 00239 * Only works if you have MBEDTLS_TIMING_C enabled. 00240 * 00241 * You will need to provide a header "timing_alt.h" and an implementation at 00242 * compile time. 00243 */ 00244 //#define MBEDTLS_TIMING_ALT 00245 00246 /** 00247 * \def MBEDTLS_AES_ALT 00248 * 00249 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00250 * alternate core implementation of a symmetric crypto, an arithmetic or hash 00251 * module (e.g. platform specific assembly optimized implementations). Keep 00252 * in mind that the function prototypes should remain the same. 00253 * 00254 * This replaces the whole module. If you only want to replace one of the 00255 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00256 * 00257 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00258 * provide the "struct mbedtls_aes_context" definition and omit the base 00259 * function declarations and implementations. "aes_alt.h" will be included from 00260 * "aes.h" to include the new function definitions. 00261 * 00262 * Uncomment a macro to enable alternate implementation of the corresponding 00263 * module. 00264 */ 00265 //#define MBEDTLS_AES_ALT 00266 //#define MBEDTLS_ARC4_ALT 00267 //#define MBEDTLS_BLOWFISH_ALT 00268 //#define MBEDTLS_CAMELLIA_ALT 00269 //#define MBEDTLS_DES_ALT 00270 //#define MBEDTLS_XTEA_ALT 00271 //#define MBEDTLS_MD2_ALT 00272 //#define MBEDTLS_MD4_ALT 00273 //#define MBEDTLS_MD5_ALT 00274 //#define MBEDTLS_RIPEMD160_ALT 00275 //#define MBEDTLS_SHA1_ALT 00276 //#define MBEDTLS_SHA256_ALT 00277 //#define MBEDTLS_SHA512_ALT 00278 /* 00279 * When replacing the elliptic curve module, pleace consider, that it is 00280 * implemented with two .c files: 00281 * - ecp.c 00282 * - ecp_curves.c 00283 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT 00284 * macros as described above. The only difference is that you have to make sure 00285 * that you provide functionality for both .c files. 00286 */ 00287 //#define MBEDTLS_ECP_ALT 00288 00289 /** 00290 * \def MBEDTLS_MD2_PROCESS_ALT 00291 * 00292 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00293 * alternate core implementation of symmetric crypto or hash function. Keep in 00294 * mind that function prototypes should remain the same. 00295 * 00296 * This replaces only one function. The header file from mbed TLS is still 00297 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00298 * 00299 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00300 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00301 * the other function (using your mbedtls_sha1_process() function) and the definition 00302 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00303 * with this definition. 00304 * 00305 * \note Because of a signature change, the core AES encryption and decryption routines are 00306 * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, 00307 * respectively. When setting up alternative implementations, these functions should 00308 * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt 00309 * must stay untouched. 00310 * 00311 * \note If you use the AES_xxx_ALT macros, then is is recommended to also set 00312 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00313 * tables. 00314 * 00315 * Uncomment a macro to enable alternate implementation of the corresponding 00316 * function. 00317 */ 00318 //#define MBEDTLS_MD2_PROCESS_ALT 00319 //#define MBEDTLS_MD4_PROCESS_ALT 00320 //#define MBEDTLS_MD5_PROCESS_ALT 00321 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00322 //#define MBEDTLS_SHA1_PROCESS_ALT 00323 //#define MBEDTLS_SHA256_PROCESS_ALT 00324 //#define MBEDTLS_SHA512_PROCESS_ALT 00325 //#define MBEDTLS_DES_SETKEY_ALT 00326 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00327 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00328 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00329 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00330 //#define MBEDTLS_AES_ENCRYPT_ALT 00331 //#define MBEDTLS_AES_DECRYPT_ALT 00332 00333 /** 00334 * \def MBEDTLS_ECP_INTERNAL_ALT 00335 * 00336 * Expose a part of the internal interface of the Elliptic Curve Point module. 00337 * 00338 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your 00339 * alternative core implementation of elliptic curve arithmetic. Keep in mind 00340 * that function prototypes should remain the same. 00341 * 00342 * This partially replaces one function. The header file from mbed TLS is still 00343 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation 00344 * is still present and it is used for group structures not supported by the 00345 * alternative. 00346 * 00347 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT 00348 * and implementing the following functions: 00349 * unsigned char mbedtls_internal_ecp_grp_capable( 00350 * const mbedtls_ecp_group *grp ) 00351 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) 00352 * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) 00353 * The mbedtls_internal_ecp_grp_capable function should return 1 if the 00354 * replacement functions implement arithmetic for the given group and 0 00355 * otherwise. 00356 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are 00357 * called before and after each point operation and provide an opportunity to 00358 * implement optimized set up and tear down instructions. 00359 * 00360 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and 00361 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac 00362 * function, but will use your mbedtls_internal_ecp_double_jac if the group is 00363 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when 00364 * receives it as an argument). If the group is not supported then the original 00365 * implementation is used. The other functions and the definition of 00366 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your 00367 * implementation of mbedtls_internal_ecp_double_jac and 00368 * mbedtls_internal_ecp_grp_capable must be compatible with this definition. 00369 * 00370 * Uncomment a macro to enable alternate implementation of the corresponding 00371 * function. 00372 */ 00373 /* Required for all the functions in this section */ 00374 //#define MBEDTLS_ECP_INTERNAL_ALT 00375 /* Support for Weierstrass curves with Jacobi representation */ 00376 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT 00377 //#define MBEDTLS_ECP_ADD_MIXED_ALT 00378 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT 00379 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT 00380 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT 00381 /* Support for curves with Montgomery arithmetic */ 00382 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT 00383 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT 00384 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT 00385 00386 /** 00387 * \def MBEDTLS_TEST_NULL_ENTROPY 00388 * 00389 * Enables testing and use of mbed TLS without any configured entropy sources. 00390 * This permits use of the library on platforms before an entropy source has 00391 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00392 * MBEDTLS_ENTROPY_NV_SEED switches). 00393 * 00394 * WARNING! This switch MUST be disabled in production builds, and is suitable 00395 * only for development. 00396 * Enabling the switch negates any security provided by the library. 00397 * 00398 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00399 * 00400 */ 00401 //#define MBEDTLS_TEST_NULL_ENTROPY 00402 00403 /** 00404 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00405 * 00406 * Uncomment this macro to let mbed TLS use your own implementation of a 00407 * hardware entropy collector. 00408 * 00409 * Your function must be called \c mbedtls_hardware_poll(), have the same 00410 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00411 * 00412 * Uncomment to use your own hardware entropy collector. 00413 */ 00414 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00415 00416 /** 00417 * \def MBEDTLS_AES_ROM_TABLES 00418 * 00419 * Store the AES tables in ROM. 00420 * 00421 * Uncomment this macro to store the AES tables in ROM. 00422 */ 00423 //#define MBEDTLS_AES_ROM_TABLES 00424 00425 /** 00426 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00427 * 00428 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00429 * 00430 * Uncomment this macro to use less memory for Camellia. 00431 */ 00432 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00433 00434 /** 00435 * \def MBEDTLS_CIPHER_MODE_CBC 00436 * 00437 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00438 */ 00439 #define MBEDTLS_CIPHER_MODE_CBC 00440 00441 /** 00442 * \def MBEDTLS_CIPHER_MODE_CFB 00443 * 00444 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00445 */ 00446 #define MBEDTLS_CIPHER_MODE_CFB 00447 00448 /** 00449 * \def MBEDTLS_CIPHER_MODE_CTR 00450 * 00451 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00452 */ 00453 #define MBEDTLS_CIPHER_MODE_CTR 00454 00455 /** 00456 * \def MBEDTLS_CIPHER_NULL_CIPHER 00457 * 00458 * Enable NULL cipher. 00459 * Warning: Only do so when you know what you are doing. This allows for 00460 * encryption or channels without any security! 00461 * 00462 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00463 * the following ciphersuites: 00464 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00465 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00466 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00467 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00468 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00469 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00470 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00471 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00472 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00473 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00474 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00475 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00476 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00477 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00478 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00479 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00480 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00481 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00482 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00483 * 00484 * Uncomment this macro to enable the NULL cipher and ciphersuites 00485 */ 00486 //#define MBEDTLS_CIPHER_NULL_CIPHER 00487 00488 /** 00489 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00490 * 00491 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00492 * specific padding modes in the cipher layer with cipher modes that support 00493 * padding (e.g. CBC) 00494 * 00495 * If you disable all padding modes, only full blocks can be used with CBC. 00496 * 00497 * Enable padding modes in the cipher layer. 00498 */ 00499 #define MBEDTLS_CIPHER_PADDING_PKCS7 00500 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00501 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00502 #define MBEDTLS_CIPHER_PADDING_ZEROS 00503 00504 /** 00505 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00506 * 00507 * Enable weak ciphersuites in SSL / TLS. 00508 * Warning: Only do so when you know what you are doing. This allows for 00509 * channels with virtually no security at all! 00510 * 00511 * This enables the following ciphersuites: 00512 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00513 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00514 * 00515 * Uncomment this macro to enable weak ciphersuites 00516 */ 00517 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00518 00519 /** 00520 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00521 * 00522 * Remove RC4 ciphersuites by default in SSL / TLS. 00523 * This flag removes the ciphersuites based on RC4 from the default list as 00524 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00525 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00526 * explicitly. 00527 * 00528 * Uncomment this macro to remove RC4 ciphersuites by default. 00529 */ 00530 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00531 00532 /** 00533 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00534 * 00535 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00536 * module. By default all supported curves are enabled. 00537 * 00538 * Comment macros to disable the curve and functions for it 00539 */ 00540 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00541 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00542 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00543 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00544 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00545 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00546 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00547 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00548 #define MBEDTLS_ECP_DP_BP256R1_ENABLED 00549 #define MBEDTLS_ECP_DP_BP384R1_ENABLED 00550 #define MBEDTLS_ECP_DP_BP512R1_ENABLED 00551 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00552 00553 /** 00554 * \def MBEDTLS_ECP_NIST_OPTIM 00555 * 00556 * Enable specific 'modulo p' routines for each NIST prime. 00557 * Depending on the prime and architecture, makes operations 4 to 8 times 00558 * faster on the corresponding curve. 00559 * 00560 * Comment this macro to disable NIST curves optimisation. 00561 */ 00562 #define MBEDTLS_ECP_NIST_OPTIM 00563 00564 /** 00565 * \def MBEDTLS_ECDSA_DETERMINISTIC 00566 * 00567 * Enable deterministic ECDSA (RFC 6979). 00568 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00569 * may result in a compromise of the long-term signing key. This is avoided by 00570 * the deterministic variant. 00571 * 00572 * Requires: MBEDTLS_HMAC_DRBG_C 00573 * 00574 * Comment this macro to disable deterministic ECDSA. 00575 */ 00576 #define MBEDTLS_ECDSA_DETERMINISTIC 00577 00578 /** 00579 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00580 * 00581 * Enable the PSK based ciphersuite modes in SSL / TLS. 00582 * 00583 * This enables the following ciphersuites (if other requisites are 00584 * enabled as well): 00585 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00586 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00587 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00588 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00589 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00590 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00591 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00592 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00593 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00594 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00595 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00596 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00597 */ 00598 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00599 00600 /** 00601 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00602 * 00603 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00604 * 00605 * Requires: MBEDTLS_DHM_C 00606 * 00607 * This enables the following ciphersuites (if other requisites are 00608 * enabled as well): 00609 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00610 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00611 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00612 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00613 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00614 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00615 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00616 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00617 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00618 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00619 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00620 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00621 */ 00622 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00623 00624 /** 00625 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00626 * 00627 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00628 * 00629 * Requires: MBEDTLS_ECDH_C 00630 * 00631 * This enables the following ciphersuites (if other requisites are 00632 * enabled as well): 00633 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00634 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00635 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00636 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00637 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00638 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00639 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00640 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00641 */ 00642 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00643 00644 /** 00645 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00646 * 00647 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00648 * 00649 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00650 * MBEDTLS_X509_CRT_PARSE_C 00651 * 00652 * This enables the following ciphersuites (if other requisites are 00653 * enabled as well): 00654 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00655 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00656 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00657 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00658 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00659 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00660 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00661 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00662 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00663 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00664 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00665 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00666 */ 00667 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00668 00669 /** 00670 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00671 * 00672 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00673 * 00674 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00675 * MBEDTLS_X509_CRT_PARSE_C 00676 * 00677 * This enables the following ciphersuites (if other requisites are 00678 * enabled as well): 00679 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00680 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00681 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00682 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00683 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00684 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00685 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00686 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00687 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00688 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00689 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00690 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00691 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00692 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00693 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00694 */ 00695 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00696 00697 /** 00698 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00699 * 00700 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00701 * 00702 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00703 * MBEDTLS_X509_CRT_PARSE_C 00704 * 00705 * This enables the following ciphersuites (if other requisites are 00706 * enabled as well): 00707 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00708 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00709 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00710 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00711 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00712 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00713 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00714 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00715 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00716 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00717 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00718 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00719 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00720 */ 00721 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00722 00723 /** 00724 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00725 * 00726 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00727 * 00728 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00729 * MBEDTLS_X509_CRT_PARSE_C 00730 * 00731 * This enables the following ciphersuites (if other requisites are 00732 * enabled as well): 00733 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00734 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00735 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00736 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00737 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00738 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00739 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00740 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00741 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00742 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00743 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00744 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00745 */ 00746 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00747 00748 /** 00749 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00750 * 00751 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00752 * 00753 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00754 * 00755 * This enables the following ciphersuites (if other requisites are 00756 * enabled as well): 00757 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00758 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00759 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00760 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00761 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00762 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00763 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00764 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00765 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00766 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00767 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00768 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00769 */ 00770 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00771 00772 /** 00773 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00774 * 00775 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00776 * 00777 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00778 * 00779 * This enables the following ciphersuites (if other requisites are 00780 * enabled as well): 00781 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00782 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00783 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00784 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00785 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00786 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00787 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00788 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00789 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00790 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00791 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00792 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00793 */ 00794 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00795 00796 /** 00797 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00798 * 00799 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00800 * 00801 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00802 * 00803 * This enables the following ciphersuites (if other requisites are 00804 * enabled as well): 00805 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00806 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00807 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00808 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00809 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00810 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00811 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00812 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00813 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00814 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00815 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00816 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00817 */ 00818 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00819 00820 /** 00821 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00822 * 00823 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00824 * 00825 * \warning This is currently experimental. EC J-PAKE support is based on the 00826 * Thread v1.0.0 specification; incompatible changes to the specification 00827 * might still happen. For this reason, this is disabled by default. 00828 * 00829 * Requires: MBEDTLS_ECJPAKE_C 00830 * MBEDTLS_SHA256_C 00831 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00832 * 00833 * This enables the following ciphersuites (if other requisites are 00834 * enabled as well): 00835 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00836 */ 00837 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00838 00839 /** 00840 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00841 * 00842 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00843 * RFC 5915 and RFC 5480. 00844 * 00845 * Currently this means parsing the SpecifiedECDomain choice of EC 00846 * parameters (only known groups are supported, not arbitrary domains, to 00847 * avoid validation issues). 00848 * 00849 * Disable if you only need to support RFC 5915 + 5480 key formats. 00850 */ 00851 #define MBEDTLS_PK_PARSE_EC_EXTENDED 00852 00853 /** 00854 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00855 * 00856 * Enable a dummy error function to make use of mbedtls_strerror() in 00857 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00858 * (no effect when MBEDTLS_ERROR_C is enabled). 00859 * 00860 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00861 * not using mbedtls_strerror() or error_strerror() in your application. 00862 * 00863 * Disable if you run into name conflicts and want to really remove the 00864 * mbedtls_strerror() 00865 */ 00866 #define MBEDTLS_ERROR_STRERROR_DUMMY 00867 00868 /** 00869 * \def MBEDTLS_GENPRIME 00870 * 00871 * Enable the prime-number generation code. 00872 * 00873 * Requires: MBEDTLS_BIGNUM_C 00874 */ 00875 #define MBEDTLS_GENPRIME 00876 00877 /** 00878 * \def MBEDTLS_FS_IO 00879 * 00880 * Enable functions that use the filesystem. 00881 */ 00882 //#define MBEDTLS_FS_IO 00883 00884 /** 00885 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00886 * 00887 * Do not add default entropy sources. These are the platform specific, 00888 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00889 * 00890 * This is useful to have more control over the added entropy sources in an 00891 * application. 00892 * 00893 * Uncomment this macro to prevent loading of default entropy functions. 00894 */ 00895 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00896 00897 /** 00898 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00899 * 00900 * Do not use built-in platform entropy functions. 00901 * This is useful if your platform does not support 00902 * standards like the /dev/urandom or Windows CryptoAPI. 00903 * 00904 * Uncomment this macro to disable the built-in platform entropy functions. 00905 */ 00906 #define MBEDTLS_NO_PLATFORM_ENTROPY 00907 00908 /** 00909 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00910 * 00911 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00912 * default SHA-512 based one (if both are available). 00913 * 00914 * Requires: MBEDTLS_SHA256_C 00915 * 00916 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00917 * if you have performance concerns. 00918 * 00919 * This option is only useful if both MBEDTLS_SHA256_C and 00920 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00921 */ 00922 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00923 00924 /** 00925 * \def MBEDTLS_ENTROPY_NV_SEED 00926 * 00927 * Enable the non-volatile (NV) seed file-based entropy source. 00928 * (Also enables the NV seed read/write functions in the platform layer) 00929 * 00930 * This is crucial (if not required) on systems that do not have a 00931 * cryptographic entropy source (in hardware or kernel) available. 00932 * 00933 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00934 * 00935 * \note The read/write functions that are used by the entropy source are 00936 * determined in the platform layer, and can be modified at runtime and/or 00937 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00938 * 00939 * \note If you use the default implementation functions that read a seedfile 00940 * with regular fopen(), please make sure you make a seedfile with the 00941 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00942 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00943 * and written to or you will get an entropy source error! The default 00944 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00945 * bytes from the file. 00946 * 00947 * \note The entropy collector will write to the seed file before entropy is 00948 * given to an external source, to update it. 00949 */ 00950 //#define MBEDTLS_ENTROPY_NV_SEED 00951 00952 /** 00953 * \def MBEDTLS_MEMORY_DEBUG 00954 * 00955 * Enable debugging of buffer allocator memory issues. Automatically prints 00956 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00957 * function for 'debug output' of allocated memory. 00958 * 00959 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00960 * 00961 * Uncomment this macro to let the buffer allocator print out error messages. 00962 */ 00963 //#define MBEDTLS_MEMORY_DEBUG 00964 00965 /** 00966 * \def MBEDTLS_MEMORY_BACKTRACE 00967 * 00968 * Include backtrace information with each allocated block. 00969 * 00970 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00971 * GLIBC-compatible backtrace() an backtrace_symbols() support 00972 * 00973 * Uncomment this macro to include backtrace information 00974 */ 00975 //#define MBEDTLS_MEMORY_BACKTRACE 00976 00977 /** 00978 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00979 * 00980 * Support external private RSA keys (eg from a HSM) in the PK layer. 00981 * 00982 * Comment this macro to disable support for external private RSA keys. 00983 */ 00984 #define MBEDTLS_PK_RSA_ALT_SUPPORT 00985 00986 /** 00987 * \def MBEDTLS_PKCS1_V15 00988 * 00989 * Enable support for PKCS#1 v1.5 encoding. 00990 * 00991 * Requires: MBEDTLS_RSA_C 00992 * 00993 * This enables support for PKCS#1 v1.5 operations. 00994 */ 00995 #define MBEDTLS_PKCS1_V15 00996 00997 /** 00998 * \def MBEDTLS_PKCS1_V21 00999 * 01000 * Enable support for PKCS#1 v2.1 encoding. 01001 * 01002 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 01003 * 01004 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 01005 */ 01006 #define MBEDTLS_PKCS1_V21 01007 01008 /** 01009 * \def MBEDTLS_RSA_NO_CRT 01010 * 01011 * Do not use the Chinese Remainder Theorem for the RSA private operation. 01012 * 01013 * Uncomment this macro to disable the use of CRT in RSA. 01014 * 01015 */ 01016 //#define MBEDTLS_RSA_NO_CRT 01017 01018 /** 01019 * \def MBEDTLS_SELF_TEST 01020 * 01021 * Enable the checkup functions (*_self_test). 01022 */ 01023 #define MBEDTLS_SELF_TEST 01024 01025 /** 01026 * \def MBEDTLS_SHA256_SMALLER 01027 * 01028 * Enable an implementation of SHA-256 that has lower ROM footprint but also 01029 * lower performance. 01030 * 01031 * The default implementation is meant to be a reasonnable compromise between 01032 * performance and size. This version optimizes more aggressively for size at 01033 * the expense of performance. Eg on Cortex-M4 it reduces the size of 01034 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 01035 * 30%. 01036 * 01037 * Uncomment to enable the smaller implementation of SHA256. 01038 */ 01039 //#define MBEDTLS_SHA256_SMALLER 01040 01041 /** 01042 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 01043 * 01044 * Enable sending of alert messages in case of encountered errors as per RFC. 01045 * If you choose not to send the alert messages, mbed TLS can still communicate 01046 * with other servers, only debugging of failures is harder. 01047 * 01048 * The advantage of not sending alert messages, is that no information is given 01049 * about reasons for failures thus preventing adversaries of gaining intel. 01050 * 01051 * Enable sending of all alert messages 01052 */ 01053 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 01054 01055 /** 01056 * \def MBEDTLS_SSL_DEBUG_ALL 01057 * 01058 * Enable the debug messages in SSL module for all issues. 01059 * Debug messages have been disabled in some places to prevent timing 01060 * attacks due to (unbalanced) debugging function calls. 01061 * 01062 * If you need all error reporting you should enable this during debugging, 01063 * but remove this for production servers that should log as well. 01064 * 01065 * Uncomment this macro to report all debug messages on errors introducing 01066 * a timing side-channel. 01067 * 01068 */ 01069 //#define MBEDTLS_SSL_DEBUG_ALL 01070 01071 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 01072 * 01073 * Enable support for Encrypt-then-MAC, RFC 7366. 01074 * 01075 * This allows peers that both support it to use a more robust protection for 01076 * ciphersuites using CBC, providing deep resistance against timing attacks 01077 * on the padding or underlying cipher. 01078 * 01079 * This only affects CBC ciphersuites, and is useless if none is defined. 01080 * 01081 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01082 * MBEDTLS_SSL_PROTO_TLS1_1 or 01083 * MBEDTLS_SSL_PROTO_TLS1_2 01084 * 01085 * Comment this macro to disable support for Encrypt-then-MAC 01086 */ 01087 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01088 01089 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01090 * 01091 * Enable support for Extended Master Secret, aka Session Hash 01092 * (draft-ietf-tls-session-hash-02). 01093 * 01094 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01095 * attacks, but it is recommended to always use it (even if you disable 01096 * renegotiation), since it actually fixes a more fundamental issue in the 01097 * original SSL/TLS design, and has implications beyond Triple Handshake. 01098 * 01099 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01100 * MBEDTLS_SSL_PROTO_TLS1_1 or 01101 * MBEDTLS_SSL_PROTO_TLS1_2 01102 * 01103 * Comment this macro to disable support for Extended Master Secret. 01104 */ 01105 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01106 01107 /** 01108 * \def MBEDTLS_SSL_FALLBACK_SCSV 01109 * 01110 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01111 * 01112 * For servers, it is recommended to always enable this, unless you support 01113 * only one version of TLS, or know for sure that none of your clients 01114 * implements a fallback strategy. 01115 * 01116 * For clients, you only need this if you're using a fallback strategy, which 01117 * is not recommended in the first place, unless you absolutely need it to 01118 * interoperate with buggy (version-intolerant) servers. 01119 * 01120 * Comment this macro to disable support for FALLBACK_SCSV 01121 */ 01122 #define MBEDTLS_SSL_FALLBACK_SCSV 01123 01124 /** 01125 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01126 * 01127 * Enable hooking functions in SSL module for hardware acceleration of 01128 * individual records. 01129 * 01130 * Uncomment this macro to enable hooking functions. 01131 */ 01132 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01133 01134 /** 01135 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01136 * 01137 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01138 * 01139 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01140 * of interoperability issues compared to sending 0-length records. 01141 * 01142 * Comment this macro to disable 1/n-1 record splitting. 01143 */ 01144 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01145 01146 /** 01147 * \def MBEDTLS_SSL_RENEGOTIATION 01148 * 01149 * Disable support for TLS renegotiation. 01150 * 01151 * The two main uses of renegotiation are (1) refresh keys on long-lived 01152 * connections and (2) client authentication after the initial handshake. 01153 * If you don't need renegotiation, it's probably better to disable it, since 01154 * it has been associated with security issues in the past and is easy to 01155 * misuse/misunderstand. 01156 * 01157 * Comment this to disable support for renegotiation. 01158 */ 01159 #define MBEDTLS_SSL_RENEGOTIATION 01160 01161 /** 01162 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01163 * 01164 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01165 * SSL Server module (MBEDTLS_SSL_SRV_C). 01166 * 01167 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01168 */ 01169 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01170 01171 /** 01172 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01173 * 01174 * Pick the ciphersuite according to the client's preferences rather than ours 01175 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01176 * 01177 * Uncomment this macro to respect client's ciphersuite order 01178 */ 01179 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01180 01181 /** 01182 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01183 * 01184 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01185 * 01186 * Comment this macro to disable support for the max_fragment_length extension 01187 */ 01188 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01189 01190 /** 01191 * \def MBEDTLS_SSL_PROTO_SSL3 01192 * 01193 * Enable support for SSL 3.0. 01194 * 01195 * Requires: MBEDTLS_MD5_C 01196 * MBEDTLS_SHA1_C 01197 * 01198 * Comment this macro to disable support for SSL 3.0 01199 */ 01200 //#define MBEDTLS_SSL_PROTO_SSL3 01201 01202 /** 01203 * \def MBEDTLS_SSL_PROTO_TLS1 01204 * 01205 * Enable support for TLS 1.0. 01206 * 01207 * Requires: MBEDTLS_MD5_C 01208 * MBEDTLS_SHA1_C 01209 * 01210 * Comment this macro to disable support for TLS 1.0 01211 */ 01212 #define MBEDTLS_SSL_PROTO_TLS1 01213 01214 /** 01215 * \def MBEDTLS_SSL_PROTO_TLS1_1 01216 * 01217 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01218 * 01219 * Requires: MBEDTLS_MD5_C 01220 * MBEDTLS_SHA1_C 01221 * 01222 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01223 */ 01224 #define MBEDTLS_SSL_PROTO_TLS1_1 01225 01226 /** 01227 * \def MBEDTLS_SSL_PROTO_TLS1_2 01228 * 01229 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01230 * 01231 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01232 * (Depends on ciphersuites) 01233 * 01234 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01235 */ 01236 #define MBEDTLS_SSL_PROTO_TLS1_2 01237 01238 /** 01239 * \def MBEDTLS_SSL_PROTO_DTLS 01240 * 01241 * Enable support for DTLS (all available versions). 01242 * 01243 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01244 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01245 * 01246 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01247 * or MBEDTLS_SSL_PROTO_TLS1_2 01248 * 01249 * Comment this macro to disable support for DTLS 01250 */ 01251 #define MBEDTLS_SSL_PROTO_DTLS 01252 01253 /** 01254 * \def MBEDTLS_SSL_ALPN 01255 * 01256 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01257 * 01258 * Comment this macro to disable support for ALPN. 01259 */ 01260 #define MBEDTLS_SSL_ALPN 01261 01262 /** 01263 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01264 * 01265 * Enable support for the anti-replay mechanism in DTLS. 01266 * 01267 * Requires: MBEDTLS_SSL_TLS_C 01268 * MBEDTLS_SSL_PROTO_DTLS 01269 * 01270 * \warning Disabling this is often a security risk! 01271 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01272 * 01273 * Comment this to disable anti-replay in DTLS. 01274 */ 01275 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01276 01277 /** 01278 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01279 * 01280 * Enable support for HelloVerifyRequest on DTLS servers. 01281 * 01282 * This feature is highly recommended to prevent DTLS servers being used as 01283 * amplifiers in DoS attacks against other hosts. It should always be enabled 01284 * unless you know for sure amplification cannot be a problem in the 01285 * environment in which your server operates. 01286 * 01287 * \warning Disabling this can ba a security risk! (see above) 01288 * 01289 * Requires: MBEDTLS_SSL_PROTO_DTLS 01290 * 01291 * Comment this to disable support for HelloVerifyRequest. 01292 */ 01293 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01294 01295 /** 01296 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01297 * 01298 * Enable server-side support for clients that reconnect from the same port. 01299 * 01300 * Some clients unexpectedly close the connection and try to reconnect using the 01301 * same source port. This needs special support from the server to handle the 01302 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01303 * flag enables that support. 01304 * 01305 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01306 * 01307 * Comment this to disable support for clients reusing the source port. 01308 */ 01309 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01310 01311 /** 01312 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01313 * 01314 * Enable support for a limit of records with bad MAC. 01315 * 01316 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01317 * 01318 * Requires: MBEDTLS_SSL_PROTO_DTLS 01319 */ 01320 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01321 01322 /** 01323 * \def MBEDTLS_SSL_SESSION_TICKETS 01324 * 01325 * Enable support for RFC 5077 session tickets in SSL. 01326 * Client-side, provides full support for session tickets (maintainance of a 01327 * session store remains the responsibility of the application, though). 01328 * Server-side, you also need to provide callbacks for writing and parsing 01329 * tickets, including authenticated encryption and key management. Example 01330 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01331 * 01332 * Comment this macro to disable support for SSL session tickets 01333 */ 01334 #define MBEDTLS_SSL_SESSION_TICKETS 01335 01336 /** 01337 * \def MBEDTLS_SSL_EXPORT_KEYS 01338 * 01339 * Enable support for exporting key block and master secret. 01340 * This is required for certain users of TLS, e.g. EAP-TLS. 01341 * 01342 * Comment this macro to disable support for key export 01343 */ 01344 #define MBEDTLS_SSL_EXPORT_KEYS 01345 01346 /** 01347 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01348 * 01349 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01350 * 01351 * Requires: MBEDTLS_X509_CRT_PARSE_C 01352 * 01353 * Comment this macro to disable support for server name indication in SSL 01354 */ 01355 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01356 01357 /** 01358 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01359 * 01360 * Enable support for RFC 6066 truncated HMAC in SSL. 01361 * 01362 * Comment this macro to disable support for truncated HMAC in SSL 01363 */ 01364 #define MBEDTLS_SSL_TRUNCATED_HMAC 01365 01366 /** 01367 * \def MBEDTLS_THREADING_ALT 01368 * 01369 * Provide your own alternate threading implementation. 01370 * 01371 * Requires: MBEDTLS_THREADING_C 01372 * 01373 * Uncomment this to allow your own alternate threading implementation. 01374 */ 01375 //#define MBEDTLS_THREADING_ALT 01376 01377 /** 01378 * \def MBEDTLS_THREADING_PTHREAD 01379 * 01380 * Enable the pthread wrapper layer for the threading layer. 01381 * 01382 * Requires: MBEDTLS_THREADING_C 01383 * 01384 * Uncomment this to enable pthread mutexes. 01385 */ 01386 //#define MBEDTLS_THREADING_PTHREAD 01387 01388 /** 01389 * \def MBEDTLS_VERSION_FEATURES 01390 * 01391 * Allow run-time checking of compile-time enabled features. Thus allowing users 01392 * to check at run-time if the library is for instance compiled with threading 01393 * support via mbedtls_version_check_feature(). 01394 * 01395 * Requires: MBEDTLS_VERSION_C 01396 * 01397 * Comment this to disable run-time checking and save ROM space 01398 */ 01399 #define MBEDTLS_VERSION_FEATURES 01400 01401 /** 01402 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01403 * 01404 * If set, the X509 parser will not break-off when parsing an X509 certificate 01405 * and encountering an extension in a v1 or v2 certificate. 01406 * 01407 * Uncomment to prevent an error. 01408 */ 01409 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01410 01411 /** 01412 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01413 * 01414 * If set, the X509 parser will not break-off when parsing an X509 certificate 01415 * and encountering an unknown critical extension. 01416 * 01417 * \warning Depending on your PKI use, enabling this can be a security risk! 01418 * 01419 * Uncomment to prevent an error. 01420 */ 01421 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01422 01423 /** 01424 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01425 * 01426 * Enable verification of the keyUsage extension (CA and leaf certificates). 01427 * 01428 * Disabling this avoids problems with mis-issued and/or misused 01429 * (intermediate) CA and leaf certificates. 01430 * 01431 * \warning Depending on your PKI use, disabling this can be a security risk! 01432 * 01433 * Comment to skip keyUsage checking for both CA and leaf certificates. 01434 */ 01435 #define MBEDTLS_X509_CHECK_KEY_USAGE 01436 01437 /** 01438 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01439 * 01440 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01441 * 01442 * Disabling this avoids problems with mis-issued and/or misused certificates. 01443 * 01444 * \warning Depending on your PKI use, disabling this can be a security risk! 01445 * 01446 * Comment to skip extendedKeyUsage checking for certificates. 01447 */ 01448 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01449 01450 /** 01451 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01452 * 01453 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01454 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01455 * 01456 * Comment this macro to disallow using RSASSA-PSS in certificates. 01457 */ 01458 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01459 01460 /** 01461 * \def MBEDTLS_ZLIB_SUPPORT 01462 * 01463 * If set, the SSL/TLS module uses ZLIB to support compression and 01464 * decompression of packet data. 01465 * 01466 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01467 * CRIME attack. Before enabling this option, you should examine with care if 01468 * CRIME or similar exploits may be a applicable to your use case. 01469 * 01470 * \note Currently compression can't be used with DTLS. 01471 * 01472 * Used in: library/ssl_tls.c 01473 * library/ssl_cli.c 01474 * library/ssl_srv.c 01475 * 01476 * This feature requires zlib library and headers to be present. 01477 * 01478 * Uncomment to enable use of ZLIB 01479 */ 01480 //#define MBEDTLS_ZLIB_SUPPORT 01481 /* \} name SECTION: mbed TLS feature support */ 01482 01483 /** 01484 * \name SECTION: mbed TLS modules 01485 * 01486 * This section enables or disables entire modules in mbed TLS 01487 * \{ 01488 */ 01489 01490 /** 01491 * \def MBEDTLS_AESNI_C 01492 * 01493 * Enable AES-NI support on x86-64. 01494 * 01495 * Module: library/aesni.c 01496 * Caller: library/aes.c 01497 * 01498 * Requires: MBEDTLS_HAVE_ASM 01499 * 01500 * This modules adds support for the AES-NI instructions on x86-64 01501 */ 01502 #define MBEDTLS_AESNI_C 01503 01504 /** 01505 * \def MBEDTLS_AES_C 01506 * 01507 * Enable the AES block cipher. 01508 * 01509 * Module: library/aes.c 01510 * Caller: library/ssl_tls.c 01511 * library/pem.c 01512 * library/ctr_drbg.c 01513 * 01514 * This module enables the following ciphersuites (if other requisites are 01515 * enabled as well): 01516 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01517 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01518 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01519 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01520 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01521 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01522 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01523 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01524 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01525 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01526 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01527 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01528 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01529 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01530 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01531 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01532 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01533 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01534 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01535 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01536 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01537 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01538 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01539 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01540 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01541 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01542 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01543 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01544 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01545 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01546 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01547 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01548 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01549 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01550 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01551 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01552 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01553 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01554 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01555 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01556 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01557 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01558 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01559 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01560 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01561 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01562 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01563 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01564 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01565 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01566 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01567 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01568 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01569 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01570 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01571 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01572 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01573 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01574 * 01575 * PEM_PARSE uses AES for decrypting encrypted keys. 01576 */ 01577 #define MBEDTLS_AES_C 01578 01579 /** 01580 * \def MBEDTLS_ARC4_C 01581 * 01582 * Enable the ARCFOUR stream cipher. 01583 * 01584 * Module: library/arc4.c 01585 * Caller: library/ssl_tls.c 01586 * 01587 * This module enables the following ciphersuites (if other requisites are 01588 * enabled as well): 01589 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01590 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01591 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01592 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01593 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01594 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01595 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01596 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01597 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01598 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01599 */ 01600 #define MBEDTLS_ARC4_C 01601 01602 /** 01603 * \def MBEDTLS_ASN1_PARSE_C 01604 * 01605 * Enable the generic ASN1 parser. 01606 * 01607 * Module: library/asn1.c 01608 * Caller: library/x509.c 01609 * library/dhm.c 01610 * library/pkcs12.c 01611 * library/pkcs5.c 01612 * library/pkparse.c 01613 */ 01614 #define MBEDTLS_ASN1_PARSE_C 01615 01616 /** 01617 * \def MBEDTLS_ASN1_WRITE_C 01618 * 01619 * Enable the generic ASN1 writer. 01620 * 01621 * Module: library/asn1write.c 01622 * Caller: library/ecdsa.c 01623 * library/pkwrite.c 01624 * library/x509_create.c 01625 * library/x509write_crt.c 01626 * library/x509write_csr.c 01627 */ 01628 #define MBEDTLS_ASN1_WRITE_C 01629 01630 /** 01631 * \def MBEDTLS_BASE64_C 01632 * 01633 * Enable the Base64 module. 01634 * 01635 * Module: library/base64.c 01636 * Caller: library/pem.c 01637 * 01638 * This module is required for PEM support (required by X.509). 01639 */ 01640 #define MBEDTLS_BASE64_C 01641 01642 /** 01643 * \def MBEDTLS_BIGNUM_C 01644 * 01645 * Enable the multi-precision integer library. 01646 * 01647 * Module: library/bignum.c 01648 * Caller: library/dhm.c 01649 * library/ecp.c 01650 * library/ecdsa.c 01651 * library/rsa.c 01652 * library/ssl_tls.c 01653 * 01654 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01655 */ 01656 #define MBEDTLS_BIGNUM_C 01657 01658 /** 01659 * \def MBEDTLS_BLOWFISH_C 01660 * 01661 * Enable the Blowfish block cipher. 01662 * 01663 * Module: library/blowfish.c 01664 */ 01665 #define MBEDTLS_BLOWFISH_C 01666 01667 /** 01668 * \def MBEDTLS_CAMELLIA_C 01669 * 01670 * Enable the Camellia block cipher. 01671 * 01672 * Module: library/camellia.c 01673 * Caller: library/ssl_tls.c 01674 * 01675 * This module enables the following ciphersuites (if other requisites are 01676 * enabled as well): 01677 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01678 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01679 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01680 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01681 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01682 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01683 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01684 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01685 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01686 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01687 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01688 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01689 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01690 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01691 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01692 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01693 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01694 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01695 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01696 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01697 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01698 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01699 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01700 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01701 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01702 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01703 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01704 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01705 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01706 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01707 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01708 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01709 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01710 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01711 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01712 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01713 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01714 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01715 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01716 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01717 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01718 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01719 */ 01720 #define MBEDTLS_CAMELLIA_C 01721 01722 /** 01723 * \def MBEDTLS_CCM_C 01724 * 01725 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01726 * 01727 * Module: library/ccm.c 01728 * 01729 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01730 * 01731 * This module enables the AES-CCM ciphersuites, if other requisites are 01732 * enabled as well. 01733 */ 01734 #define MBEDTLS_CCM_C 01735 01736 /** 01737 * \def MBEDTLS_CERTS_C 01738 * 01739 * Enable the test certificates. 01740 * 01741 * Module: library/certs.c 01742 * Caller: 01743 * 01744 * This module is used for testing (ssl_client/server). 01745 */ 01746 #define MBEDTLS_CERTS_C 01747 01748 /** 01749 * \def MBEDTLS_CIPHER_C 01750 * 01751 * Enable the generic cipher layer. 01752 * 01753 * Module: library/cipher.c 01754 * Caller: library/ssl_tls.c 01755 * 01756 * Uncomment to enable generic cipher wrappers. 01757 */ 01758 #define MBEDTLS_CIPHER_C 01759 01760 /** 01761 * \def MBEDTLS_CMAC_C 01762 * 01763 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01764 * ciphers. 01765 * 01766 * Module: library/cmac.c 01767 * 01768 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01769 * 01770 */ 01771 //#define MBEDTLS_CMAC_C 01772 01773 /** 01774 * \def MBEDTLS_CTR_DRBG_C 01775 * 01776 * Enable the CTR_DRBG AES-256-based random generator. 01777 * 01778 * Module: library/ctr_drbg.c 01779 * Caller: 01780 * 01781 * Requires: MBEDTLS_AES_C 01782 * 01783 * This module provides the CTR_DRBG AES-256 random number generator. 01784 */ 01785 #define MBEDTLS_CTR_DRBG_C 01786 01787 /** 01788 * \def MBEDTLS_DEBUG_C 01789 * 01790 * Enable the debug functions. 01791 * 01792 * Module: library/debug.c 01793 * Caller: library/ssl_cli.c 01794 * library/ssl_srv.c 01795 * library/ssl_tls.c 01796 * 01797 * This module provides debugging functions. 01798 */ 01799 #define MBEDTLS_DEBUG_C 01800 01801 /** 01802 * \def MBEDTLS_DES_C 01803 * 01804 * Enable the DES block cipher. 01805 * 01806 * Module: library/des.c 01807 * Caller: library/pem.c 01808 * library/ssl_tls.c 01809 * 01810 * This module enables the following ciphersuites (if other requisites are 01811 * enabled as well): 01812 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01813 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01814 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01815 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01816 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01817 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01818 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01819 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01820 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01821 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01822 * 01823 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01824 */ 01825 #define MBEDTLS_DES_C 01826 01827 /** 01828 * \def MBEDTLS_DHM_C 01829 * 01830 * Enable the Diffie-Hellman-Merkle module. 01831 * 01832 * Module: library/dhm.c 01833 * Caller: library/ssl_cli.c 01834 * library/ssl_srv.c 01835 * 01836 * This module is used by the following key exchanges: 01837 * DHE-RSA, DHE-PSK 01838 */ 01839 #define MBEDTLS_DHM_C 01840 01841 /** 01842 * \def MBEDTLS_ECDH_C 01843 * 01844 * Enable the elliptic curve Diffie-Hellman library. 01845 * 01846 * Module: library/ecdh.c 01847 * Caller: library/ssl_cli.c 01848 * library/ssl_srv.c 01849 * 01850 * This module is used by the following key exchanges: 01851 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01852 * 01853 * Requires: MBEDTLS_ECP_C 01854 */ 01855 #define MBEDTLS_ECDH_C 01856 01857 /** 01858 * \def MBEDTLS_ECDSA_C 01859 * 01860 * Enable the elliptic curve DSA library. 01861 * 01862 * Module: library/ecdsa.c 01863 * Caller: 01864 * 01865 * This module is used by the following key exchanges: 01866 * ECDHE-ECDSA 01867 * 01868 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01869 */ 01870 #define MBEDTLS_ECDSA_C 01871 01872 /** 01873 * \def MBEDTLS_ECJPAKE_C 01874 * 01875 * Enable the elliptic curve J-PAKE library. 01876 * 01877 * \warning This is currently experimental. EC J-PAKE support is based on the 01878 * Thread v1.0.0 specification; incompatible changes to the specification 01879 * might still happen. For this reason, this is disabled by default. 01880 * 01881 * Module: library/ecjpake.c 01882 * Caller: 01883 * 01884 * This module is used by the following key exchanges: 01885 * ECJPAKE 01886 * 01887 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01888 */ 01889 //#define MBEDTLS_ECJPAKE_C 01890 01891 /** 01892 * \def MBEDTLS_ECP_C 01893 * 01894 * Enable the elliptic curve over GF(p) library. 01895 * 01896 * Module: library/ecp.c 01897 * Caller: library/ecdh.c 01898 * library/ecdsa.c 01899 * library/ecjpake.c 01900 * 01901 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01902 */ 01903 #define MBEDTLS_ECP_C 01904 01905 /** 01906 * \def MBEDTLS_ENTROPY_C 01907 * 01908 * Enable the platform-specific entropy code. 01909 * 01910 * Module: library/entropy.c 01911 * Caller: 01912 * 01913 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01914 * 01915 * This module provides a generic entropy pool 01916 */ 01917 #define MBEDTLS_ENTROPY_C 01918 01919 /** 01920 * \def MBEDTLS_ERROR_C 01921 * 01922 * Enable error code to error string conversion. 01923 * 01924 * Module: library/error.c 01925 * Caller: 01926 * 01927 * This module enables mbedtls_strerror(). 01928 */ 01929 #define MBEDTLS_ERROR_C 01930 01931 /** 01932 * \def MBEDTLS_GCM_C 01933 * 01934 * Enable the Galois/Counter Mode (GCM) for AES. 01935 * 01936 * Module: library/gcm.c 01937 * 01938 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01939 * 01940 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01941 * requisites are enabled as well. 01942 */ 01943 #define MBEDTLS_GCM_C 01944 01945 /** 01946 * \def MBEDTLS_HAVEGE_C 01947 * 01948 * Enable the HAVEGE random generator. 01949 * 01950 * Warning: the HAVEGE random generator is not suitable for virtualized 01951 * environments 01952 * 01953 * Warning: the HAVEGE random generator is dependent on timing and specific 01954 * processor traits. It is therefore not advised to use HAVEGE as 01955 * your applications primary random generator or primary entropy pool 01956 * input. As a secondary input to your entropy pool, it IS able add 01957 * the (limited) extra entropy it provides. 01958 * 01959 * Module: library/havege.c 01960 * Caller: 01961 * 01962 * Requires: MBEDTLS_TIMING_C 01963 * 01964 * Uncomment to enable the HAVEGE random generator. 01965 */ 01966 //#define MBEDTLS_HAVEGE_C 01967 01968 /** 01969 * \def MBEDTLS_HMAC_DRBG_C 01970 * 01971 * Enable the HMAC_DRBG random generator. 01972 * 01973 * Module: library/hmac_drbg.c 01974 * Caller: 01975 * 01976 * Requires: MBEDTLS_MD_C 01977 * 01978 * Uncomment to enable the HMAC_DRBG random number geerator. 01979 */ 01980 #define MBEDTLS_HMAC_DRBG_C 01981 01982 /** 01983 * \def MBEDTLS_MD_C 01984 * 01985 * Enable the generic message digest layer. 01986 * 01987 * Module: library/md.c 01988 * Caller: 01989 * 01990 * Uncomment to enable generic message digest wrappers. 01991 */ 01992 #define MBEDTLS_MD_C 01993 01994 /** 01995 * \def MBEDTLS_MD2_C 01996 * 01997 * Enable the MD2 hash algorithm. 01998 * 01999 * Module: library/md2.c 02000 * Caller: 02001 * 02002 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 02003 */ 02004 //#define MBEDTLS_MD2_C 02005 02006 /** 02007 * \def MBEDTLS_MD4_C 02008 * 02009 * Enable the MD4 hash algorithm. 02010 * 02011 * Module: library/md4.c 02012 * Caller: 02013 * 02014 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 02015 */ 02016 //#define MBEDTLS_MD4_C 02017 02018 /** 02019 * \def MBEDTLS_MD5_C 02020 * 02021 * Enable the MD5 hash algorithm. 02022 * 02023 * Module: library/md5.c 02024 * Caller: library/md.c 02025 * library/pem.c 02026 * library/ssl_tls.c 02027 * 02028 * This module is required for SSL/TLS and X.509. 02029 * PEM_PARSE uses MD5 for decrypting encrypted keys. 02030 */ 02031 #define MBEDTLS_MD5_C 02032 02033 /** 02034 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 02035 * 02036 * Enable the buffer allocator implementation that makes use of a (stack) 02037 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 02038 * calls) 02039 * 02040 * Module: library/memory_buffer_alloc.c 02041 * 02042 * Requires: MBEDTLS_PLATFORM_C 02043 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 02044 * 02045 * Enable this module to enable the buffer memory allocator. 02046 */ 02047 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 02048 02049 /** 02050 * \def MBEDTLS_NET_C 02051 * 02052 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 02053 * 02054 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 02055 * and Windows. For other platforms, you'll want to disable it, and write your 02056 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 02057 * 02058 * \note See also our Knowledge Base article about porting to a new 02059 * environment: 02060 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02061 * 02062 * Module: library/net_sockets.c 02063 * 02064 * This module provides networking routines. 02065 */ 02066 //#define MBEDTLS_NET_C 02067 02068 /** 02069 * \def MBEDTLS_OID_C 02070 * 02071 * Enable the OID database. 02072 * 02073 * Module: library/oid.c 02074 * Caller: library/asn1write.c 02075 * library/pkcs5.c 02076 * library/pkparse.c 02077 * library/pkwrite.c 02078 * library/rsa.c 02079 * library/x509.c 02080 * library/x509_create.c 02081 * library/x509_crl.c 02082 * library/x509_crt.c 02083 * library/x509_csr.c 02084 * library/x509write_crt.c 02085 * library/x509write_csr.c 02086 * 02087 * This modules translates between OIDs and internal values. 02088 */ 02089 #define MBEDTLS_OID_C 02090 02091 /** 02092 * \def MBEDTLS_PADLOCK_C 02093 * 02094 * Enable VIA Padlock support on x86. 02095 * 02096 * Module: library/padlock.c 02097 * Caller: library/aes.c 02098 * 02099 * Requires: MBEDTLS_HAVE_ASM 02100 * 02101 * This modules adds support for the VIA PadLock on x86. 02102 */ 02103 #define MBEDTLS_PADLOCK_C 02104 02105 /** 02106 * \def MBEDTLS_PEM_PARSE_C 02107 * 02108 * Enable PEM decoding / parsing. 02109 * 02110 * Module: library/pem.c 02111 * Caller: library/dhm.c 02112 * library/pkparse.c 02113 * library/x509_crl.c 02114 * library/x509_crt.c 02115 * library/x509_csr.c 02116 * 02117 * Requires: MBEDTLS_BASE64_C 02118 * 02119 * This modules adds support for decoding / parsing PEM files. 02120 */ 02121 #define MBEDTLS_PEM_PARSE_C 02122 02123 /** 02124 * \def MBEDTLS_PEM_WRITE_C 02125 * 02126 * Enable PEM encoding / writing. 02127 * 02128 * Module: library/pem.c 02129 * Caller: library/pkwrite.c 02130 * library/x509write_crt.c 02131 * library/x509write_csr.c 02132 * 02133 * Requires: MBEDTLS_BASE64_C 02134 * 02135 * This modules adds support for encoding / writing PEM files. 02136 */ 02137 #define MBEDTLS_PEM_WRITE_C 02138 02139 /** 02140 * \def MBEDTLS_PK_C 02141 * 02142 * Enable the generic public (asymetric) key layer. 02143 * 02144 * Module: library/pk.c 02145 * Caller: library/ssl_tls.c 02146 * library/ssl_cli.c 02147 * library/ssl_srv.c 02148 * 02149 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02150 * 02151 * Uncomment to enable generic public key wrappers. 02152 */ 02153 #define MBEDTLS_PK_C 02154 02155 /** 02156 * \def MBEDTLS_PK_PARSE_C 02157 * 02158 * Enable the generic public (asymetric) key parser. 02159 * 02160 * Module: library/pkparse.c 02161 * Caller: library/x509_crt.c 02162 * library/x509_csr.c 02163 * 02164 * Requires: MBEDTLS_PK_C 02165 * 02166 * Uncomment to enable generic public key parse functions. 02167 */ 02168 #define MBEDTLS_PK_PARSE_C 02169 02170 /** 02171 * \def MBEDTLS_PK_WRITE_C 02172 * 02173 * Enable the generic public (asymetric) key writer. 02174 * 02175 * Module: library/pkwrite.c 02176 * Caller: library/x509write.c 02177 * 02178 * Requires: MBEDTLS_PK_C 02179 * 02180 * Uncomment to enable generic public key write functions. 02181 */ 02182 #define MBEDTLS_PK_WRITE_C 02183 02184 /** 02185 * \def MBEDTLS_PKCS5_C 02186 * 02187 * Enable PKCS#5 functions. 02188 * 02189 * Module: library/pkcs5.c 02190 * 02191 * Requires: MBEDTLS_MD_C 02192 * 02193 * This module adds support for the PKCS#5 functions. 02194 */ 02195 #define MBEDTLS_PKCS5_C 02196 02197 /** 02198 * \def MBEDTLS_PKCS11_C 02199 * 02200 * Enable wrapper for PKCS#11 smartcard support. 02201 * 02202 * Module: library/pkcs11.c 02203 * Caller: library/pk.c 02204 * 02205 * Requires: MBEDTLS_PK_C 02206 * 02207 * This module enables SSL/TLS PKCS #11 smartcard support. 02208 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02209 */ 02210 //#define MBEDTLS_PKCS11_C 02211 02212 /** 02213 * \def MBEDTLS_PKCS12_C 02214 * 02215 * Enable PKCS#12 PBE functions. 02216 * Adds algorithms for parsing PKCS#8 encrypted private keys 02217 * 02218 * Module: library/pkcs12.c 02219 * Caller: library/pkparse.c 02220 * 02221 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02222 * Can use: MBEDTLS_ARC4_C 02223 * 02224 * This module enables PKCS#12 functions. 02225 */ 02226 #define MBEDTLS_PKCS12_C 02227 02228 /** 02229 * \def MBEDTLS_PLATFORM_C 02230 * 02231 * Enable the platform abstraction layer that allows you to re-assign 02232 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02233 * 02234 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02235 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02236 * above to be specified at runtime or compile time respectively. 02237 * 02238 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02239 * as other module rely on it for a fixed snprintf implementation. 02240 * 02241 * Module: library/platform.c 02242 * Caller: Most other .c files 02243 * 02244 * This module enables abstraction of common (libc) functions. 02245 */ 02246 #define MBEDTLS_PLATFORM_C 02247 02248 /** 02249 * \def MBEDTLS_RIPEMD160_C 02250 * 02251 * Enable the RIPEMD-160 hash algorithm. 02252 * 02253 * Module: library/ripemd160.c 02254 * Caller: library/md.c 02255 * 02256 */ 02257 #define MBEDTLS_RIPEMD160_C 02258 02259 /** 02260 * \def MBEDTLS_RSA_C 02261 * 02262 * Enable the RSA public-key cryptosystem. 02263 * 02264 * Module: library/rsa.c 02265 * Caller: library/ssl_cli.c 02266 * library/ssl_srv.c 02267 * library/ssl_tls.c 02268 * library/x509.c 02269 * 02270 * This module is used by the following key exchanges: 02271 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02272 * 02273 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02274 */ 02275 #define MBEDTLS_RSA_C 02276 02277 /** 02278 * \def MBEDTLS_SHA1_C 02279 * 02280 * Enable the SHA1 cryptographic hash algorithm. 02281 * 02282 * Module: library/sha1.c 02283 * Caller: library/md.c 02284 * library/ssl_cli.c 02285 * library/ssl_srv.c 02286 * library/ssl_tls.c 02287 * library/x509write_crt.c 02288 * 02289 * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 02290 * depending on the handshake parameters, and for SHA1-signed certificates. 02291 */ 02292 #define MBEDTLS_SHA1_C 02293 02294 /** 02295 * \def MBEDTLS_SHA256_C 02296 * 02297 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02298 * 02299 * Module: library/sha256.c 02300 * Caller: library/entropy.c 02301 * library/md.c 02302 * library/ssl_cli.c 02303 * library/ssl_srv.c 02304 * library/ssl_tls.c 02305 * 02306 * This module adds support for SHA-224 and SHA-256. 02307 * This module is required for the SSL/TLS 1.2 PRF function. 02308 */ 02309 #define MBEDTLS_SHA256_C 02310 02311 /** 02312 * \def MBEDTLS_SHA512_C 02313 * 02314 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02315 * 02316 * Module: library/sha512.c 02317 * Caller: library/entropy.c 02318 * library/md.c 02319 * library/ssl_cli.c 02320 * library/ssl_srv.c 02321 * 02322 * This module adds support for SHA-384 and SHA-512. 02323 */ 02324 #define MBEDTLS_SHA512_C 02325 02326 /** 02327 * \def MBEDTLS_SSL_CACHE_C 02328 * 02329 * Enable simple SSL cache implementation. 02330 * 02331 * Module: library/ssl_cache.c 02332 * Caller: 02333 * 02334 * Requires: MBEDTLS_SSL_CACHE_C 02335 */ 02336 #define MBEDTLS_SSL_CACHE_C 02337 02338 /** 02339 * \def MBEDTLS_SSL_COOKIE_C 02340 * 02341 * Enable basic implementation of DTLS cookies for hello verification. 02342 * 02343 * Module: library/ssl_cookie.c 02344 * Caller: 02345 */ 02346 #define MBEDTLS_SSL_COOKIE_C 02347 02348 /** 02349 * \def MBEDTLS_SSL_TICKET_C 02350 * 02351 * Enable an implementation of TLS server-side callbacks for session tickets. 02352 * 02353 * Module: library/ssl_ticket.c 02354 * Caller: 02355 * 02356 * Requires: MBEDTLS_CIPHER_C 02357 */ 02358 #define MBEDTLS_SSL_TICKET_C 02359 02360 /** 02361 * \def MBEDTLS_SSL_CLI_C 02362 * 02363 * Enable the SSL/TLS client code. 02364 * 02365 * Module: library/ssl_cli.c 02366 * Caller: 02367 * 02368 * Requires: MBEDTLS_SSL_TLS_C 02369 * 02370 * This module is required for SSL/TLS client support. 02371 */ 02372 #define MBEDTLS_SSL_CLI_C 02373 02374 /** 02375 * \def MBEDTLS_SSL_SRV_C 02376 * 02377 * Enable the SSL/TLS server code. 02378 * 02379 * Module: library/ssl_srv.c 02380 * Caller: 02381 * 02382 * Requires: MBEDTLS_SSL_TLS_C 02383 * 02384 * This module is required for SSL/TLS server support. 02385 */ 02386 #define MBEDTLS_SSL_SRV_C 02387 02388 /** 02389 * \def MBEDTLS_SSL_TLS_C 02390 * 02391 * Enable the generic SSL/TLS code. 02392 * 02393 * Module: library/ssl_tls.c 02394 * Caller: library/ssl_cli.c 02395 * library/ssl_srv.c 02396 * 02397 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02398 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02399 * 02400 * This module is required for SSL/TLS. 02401 */ 02402 #define MBEDTLS_SSL_TLS_C 02403 02404 /** 02405 * \def MBEDTLS_THREADING_C 02406 * 02407 * Enable the threading abstraction layer. 02408 * By default mbed TLS assumes it is used in a non-threaded environment or that 02409 * contexts are not shared between threads. If you do intend to use contexts 02410 * between threads, you will need to enable this layer to prevent race 02411 * conditions. See also our Knowledge Base article about threading: 02412 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02413 * 02414 * Module: library/threading.c 02415 * 02416 * This allows different threading implementations (self-implemented or 02417 * provided). 02418 * 02419 * You will have to enable either MBEDTLS_THREADING_ALT or 02420 * MBEDTLS_THREADING_PTHREAD. 02421 * 02422 * Enable this layer to allow use of mutexes within mbed TLS 02423 */ 02424 //#define MBEDTLS_THREADING_C 02425 02426 /** 02427 * \def MBEDTLS_TIMING_C 02428 * 02429 * Enable the semi-portable timing interface. 02430 * 02431 * \note The provided implementation only works on POSIX/Unix (including Linux, 02432 * BSD and OS X) and Windows. On other platforms, you can either disable that 02433 * module and provide your own implementations of the callbacks needed by 02434 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02435 * your own implementation of the whole module by setting 02436 * \c MBEDTLS_TIMING_ALT in the current file. 02437 * 02438 * \note See also our Knowledge Base article about porting to a new 02439 * environment: 02440 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02441 * 02442 * Module: library/timing.c 02443 * Caller: library/havege.c 02444 * 02445 * This module is used by the HAVEGE random number generator. 02446 */ 02447 //#define MBEDTLS_TIMING_C 02448 02449 /** 02450 * \def MBEDTLS_VERSION_C 02451 * 02452 * Enable run-time version information. 02453 * 02454 * Module: library/version.c 02455 * 02456 * This module provides run-time version information. 02457 */ 02458 #define MBEDTLS_VERSION_C 02459 02460 /** 02461 * \def MBEDTLS_X509_USE_C 02462 * 02463 * Enable X.509 core for using certificates. 02464 * 02465 * Module: library/x509.c 02466 * Caller: library/x509_crl.c 02467 * library/x509_crt.c 02468 * library/x509_csr.c 02469 * 02470 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02471 * MBEDTLS_PK_PARSE_C 02472 * 02473 * This module is required for the X.509 parsing modules. 02474 */ 02475 #define MBEDTLS_X509_USE_C 02476 02477 /** 02478 * \def MBEDTLS_X509_CRT_PARSE_C 02479 * 02480 * Enable X.509 certificate parsing. 02481 * 02482 * Module: library/x509_crt.c 02483 * Caller: library/ssl_cli.c 02484 * library/ssl_srv.c 02485 * library/ssl_tls.c 02486 * 02487 * Requires: MBEDTLS_X509_USE_C 02488 * 02489 * This module is required for X.509 certificate parsing. 02490 */ 02491 #define MBEDTLS_X509_CRT_PARSE_C 02492 02493 /** 02494 * \def MBEDTLS_X509_CRL_PARSE_C 02495 * 02496 * Enable X.509 CRL parsing. 02497 * 02498 * Module: library/x509_crl.c 02499 * Caller: library/x509_crt.c 02500 * 02501 * Requires: MBEDTLS_X509_USE_C 02502 * 02503 * This module is required for X.509 CRL parsing. 02504 */ 02505 #define MBEDTLS_X509_CRL_PARSE_C 02506 02507 /** 02508 * \def MBEDTLS_X509_CSR_PARSE_C 02509 * 02510 * Enable X.509 Certificate Signing Request (CSR) parsing. 02511 * 02512 * Module: library/x509_csr.c 02513 * Caller: library/x509_crt_write.c 02514 * 02515 * Requires: MBEDTLS_X509_USE_C 02516 * 02517 * This module is used for reading X.509 certificate request. 02518 */ 02519 #define MBEDTLS_X509_CSR_PARSE_C 02520 02521 /** 02522 * \def MBEDTLS_X509_CREATE_C 02523 * 02524 * Enable X.509 core for creating certificates. 02525 * 02526 * Module: library/x509_create.c 02527 * 02528 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02529 * 02530 * This module is the basis for creating X.509 certificates and CSRs. 02531 */ 02532 #define MBEDTLS_X509_CREATE_C 02533 02534 /** 02535 * \def MBEDTLS_X509_CRT_WRITE_C 02536 * 02537 * Enable creating X.509 certificates. 02538 * 02539 * Module: library/x509_crt_write.c 02540 * 02541 * Requires: MBEDTLS_X509_CREATE_C 02542 * 02543 * This module is required for X.509 certificate creation. 02544 */ 02545 #define MBEDTLS_X509_CRT_WRITE_C 02546 02547 /** 02548 * \def MBEDTLS_X509_CSR_WRITE_C 02549 * 02550 * Enable creating X.509 Certificate Signing Requests (CSR). 02551 * 02552 * Module: library/x509_csr_write.c 02553 * 02554 * Requires: MBEDTLS_X509_CREATE_C 02555 * 02556 * This module is required for X.509 certificate request writing. 02557 */ 02558 #define MBEDTLS_X509_CSR_WRITE_C 02559 02560 /** 02561 * \def MBEDTLS_XTEA_C 02562 * 02563 * Enable the XTEA block cipher. 02564 * 02565 * Module: library/xtea.c 02566 * Caller: 02567 */ 02568 #define MBEDTLS_XTEA_C 02569 02570 /* \} name SECTION: mbed TLS modules */ 02571 02572 /** 02573 * \name SECTION: Module configuration options 02574 * 02575 * This section allows for the setting of module specific sizes and 02576 * configuration options. The default values are already present in the 02577 * relevant header files and should suffice for the regular use cases. 02578 * 02579 * Our advice is to enable options and change their values here 02580 * only if you have a good reason and know the consequences. 02581 * 02582 * Please check the respective header file for documentation on these 02583 * parameters (to prevent duplicate documentation). 02584 * \{ 02585 */ 02586 02587 /* MPI / BIGNUM options */ 02588 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02589 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02590 02591 /* CTR_DRBG options */ 02592 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02593 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02594 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02595 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02596 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02597 02598 /* HMAC_DRBG options */ 02599 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02600 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02601 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02602 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02603 02604 /* ECP options */ 02605 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02606 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02607 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02608 02609 /* Entropy options */ 02610 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02611 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02612 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02613 02614 /* Memory buffer allocator options */ 02615 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02616 02617 /* Platform options */ 02618 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02619 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02620 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02621 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02622 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02623 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02624 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02625 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02626 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02627 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02628 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02629 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02630 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02631 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02632 02633 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02634 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02635 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02636 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02637 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02638 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02639 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02640 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02641 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02642 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02643 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02644 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02645 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02646 02647 /* SSL Cache options */ 02648 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02649 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02650 02651 /* SSL options */ 02652 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02653 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02654 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02655 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02656 02657 /** 02658 * Complete list of ciphersuites to use, in order of preference. 02659 * 02660 * \warning No dependency checking is done on that field! This option can only 02661 * be used to restrict the set of available ciphersuites. It is your 02662 * responsibility to make sure the needed modules are active. 02663 * 02664 * Use this to save a few hundred bytes of ROM (default ordering of all 02665 * available ciphersuites) and a few to a few hundred bytes of RAM. 02666 * 02667 * The value below is only an example, not the default. 02668 */ 02669 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02670 02671 /* X509 options */ 02672 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02673 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02674 02675 /** 02676 * Allow SHA-1 in the default TLS configuration for certificate signing. 02677 * Without this build-time option, SHA-1 support must be activated explicitly 02678 * through mbedtls_ssl_conf_cert_profile. Turning on this option is not 02679 * recommended because of it is possible to generte SHA-1 collisions, however 02680 * this may be safe for legacy infrastructure where additional controls apply. 02681 */ 02682 // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 02683 02684 /** 02685 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake 02686 * signature and ciphersuite selection. Without this build-time option, SHA-1 02687 * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. 02688 * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by 02689 * default. At the time of writing, there is no practical attack on the use 02690 * of SHA-1 in handshake signatures, hence this option is turned on by default 02691 * for compatibility with existing peers. 02692 */ 02693 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE 02694 02695 /* \} name SECTION: Customisation configuration options */ 02696 02697 /* Target and application specific configurations */ 02698 //#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" 02699 02700 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) 02701 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE 02702 #endif 02703 02704 /* 02705 * Allow user to override any previous default. 02706 * 02707 * Use two macro names for that, as: 02708 * - with yotta the prefix YOTTA_CFG_ is forced 02709 * - without yotta is looks weird to have a YOTTA prefix. 02710 */ 02711 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02712 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02713 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02714 #include MBEDTLS_USER_CONFIG_FILE 02715 #endif 02716 02717 #include "check_config.h" 02718 02719 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 17:25:41 by
