mbed TLS upgraded to 2.6.0
Fork of mbedtls by
Embed:
(wiki syntax)
Show/hide line numbers
config.h
Go to the documentation of this file.
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_CONFIG_H 00029 #define MBEDTLS_CONFIG_H 00030 00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00032 #define _CRT_SECURE_NO_DEPRECATE 1 00033 #endif 00034 00035 /** 00036 * \name SECTION: System support 00037 * 00038 * This section sets system specific settings. 00039 * \{ 00040 */ 00041 00042 /** 00043 * \def MBEDTLS_HAVE_ASM 00044 * 00045 * The compiler has support for asm(). 00046 * 00047 * Requires support for asm() in compiler. 00048 * 00049 * Used in: 00050 * library/timing.c 00051 * library/padlock.c 00052 * include/mbedtls/bn_mul.h 00053 * 00054 * Comment to disable the use of assembly code. 00055 */ 00056 #define MBEDTLS_HAVE_ASM 00057 00058 /** 00059 * \def MBEDTLS_NO_UDBL_DIVISION 00060 * 00061 * The platform lacks support for double-width integer division (64-bit 00062 * division on a 32-bit platform, 128-bit division on a 64-bit platform). 00063 * 00064 * Used in: 00065 * include/mbedtls/bignum.h 00066 * library/bignum.c 00067 * 00068 * The bignum code uses double-width division to speed up some operations. 00069 * Double-width division is often implemented in software that needs to 00070 * be linked with the program. The presence of a double-width integer 00071 * type is usually detected automatically through preprocessor macros, 00072 * but the automatic detection cannot know whether the code needs to 00073 * and can be linked with an implementation of division for that type. 00074 * By default division is assumed to be usable if the type is present. 00075 * Uncomment this option to prevent the use of double-width division. 00076 * 00077 * Note that division for the native integer type is always required. 00078 * Furthermore, a 64-bit type is always required even on a 32-bit 00079 * platform, but it need not support multiplication or division. In some 00080 * cases it is also desirable to disable some double-width operations. For 00081 * example, if double-width division is implemented in software, disabling 00082 * it can reduce code size in some embedded targets. 00083 */ 00084 //#define MBEDTLS_NO_UDBL_DIVISION 00085 00086 /** 00087 * \def MBEDTLS_HAVE_SSE2 00088 * 00089 * CPU supports SSE2 instruction set. 00090 * 00091 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00092 */ 00093 //#define MBEDTLS_HAVE_SSE2 00094 00095 /** 00096 * \def MBEDTLS_HAVE_TIME 00097 * 00098 * System has time.h and time(). 00099 * The time does not need to be correct, only time differences are used, 00100 * by contrast with MBEDTLS_HAVE_TIME_DATE 00101 * 00102 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00103 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00104 * MBEDTLS_PLATFORM_STD_TIME. 00105 * 00106 * Comment if your system does not support time functions 00107 */ 00108 #define MBEDTLS_HAVE_TIME 00109 00110 /** 00111 * \def MBEDTLS_HAVE_TIME_DATE 00112 * 00113 * System has time.h and time(), gmtime() and the clock is correct. 00114 * The time needs to be correct (not necesarily very accurate, but at least 00115 * the date should be correct). This is used to verify the validity period of 00116 * X.509 certificates. 00117 * 00118 * Comment if your system does not have a correct clock. 00119 */ 00120 #define MBEDTLS_HAVE_TIME_DATE 00121 00122 /** 00123 * \def MBEDTLS_PLATFORM_MEMORY 00124 * 00125 * Enable the memory allocation layer. 00126 * 00127 * By default mbed TLS uses the system-provided calloc() and free(). 00128 * This allows different allocators (self-implemented or provided) to be 00129 * provided to the platform abstraction layer. 00130 * 00131 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00132 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00133 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00134 * free() function pointer at runtime. 00135 * 00136 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00137 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00138 * alternate function at compile time. 00139 * 00140 * Requires: MBEDTLS_PLATFORM_C 00141 * 00142 * Enable this layer to allow use of alternative memory allocators. 00143 */ 00144 //#define MBEDTLS_PLATFORM_MEMORY 00145 00146 /** 00147 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00148 * 00149 * Do not assign standard functions in the platform layer (e.g. calloc() to 00150 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00151 * 00152 * This makes sure there are no linking errors on platforms that do not support 00153 * these functions. You will HAVE to provide alternatives, either at runtime 00154 * via the platform_set_xxx() functions or at compile time by setting 00155 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00156 * MBEDTLS_PLATFORM_XXX_MACRO. 00157 * 00158 * Requires: MBEDTLS_PLATFORM_C 00159 * 00160 * Uncomment to prevent default assignment of standard functions in the 00161 * platform layer. 00162 */ 00163 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00164 00165 /** 00166 * \def MBEDTLS_PLATFORM_EXIT_ALT 00167 * 00168 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00169 * function in the platform abstraction layer. 00170 * 00171 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00172 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00173 * alternative printf function pointer. 00174 * 00175 * All these define require MBEDTLS_PLATFORM_C to be defined! 00176 * 00177 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00178 * it will be enabled automatically by check_config.h 00179 * 00180 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00181 * MBEDTLS_PLATFORM_XXX_MACRO! 00182 * 00183 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00184 * 00185 * Uncomment a macro to enable alternate implementation of specific base 00186 * platform function 00187 */ 00188 //#define MBEDTLS_PLATFORM_EXIT_ALT 00189 //#define MBEDTLS_PLATFORM_TIME_ALT 00190 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00191 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00192 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00193 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00194 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT 00195 00196 /** 00197 * \def MBEDTLS_DEPRECATED_WARNING 00198 * 00199 * Mark deprecated functions so that they generate a warning if used. 00200 * Functions deprecated in one version will usually be removed in the next 00201 * version. You can enable this to help you prepare the transition to a new 00202 * major version by making sure your code is not using these functions. 00203 * 00204 * This only works with GCC and Clang. With other compilers, you may want to 00205 * use MBEDTLS_DEPRECATED_REMOVED 00206 * 00207 * Uncomment to get warnings on using deprecated functions. 00208 */ 00209 //#define MBEDTLS_DEPRECATED_WARNING 00210 00211 /** 00212 * \def MBEDTLS_DEPRECATED_REMOVED 00213 * 00214 * Remove deprecated functions so that they generate an error if used. 00215 * Functions deprecated in one version will usually be removed in the next 00216 * version. You can enable this to help you prepare the transition to a new 00217 * major version by making sure your code is not using these functions. 00218 * 00219 * Uncomment to get errors on using deprecated functions. 00220 */ 00221 //#define MBEDTLS_DEPRECATED_REMOVED 00222 00223 /* \} name SECTION: System support */ 00224 00225 /** 00226 * \name SECTION: mbed TLS feature support 00227 * 00228 * This section sets support for features that are or are not needed 00229 * within the modules that are enabled. 00230 * \{ 00231 */ 00232 00233 /** 00234 * \def MBEDTLS_TIMING_ALT 00235 * 00236 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00237 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00238 * 00239 * Only works if you have MBEDTLS_TIMING_C enabled. 00240 * 00241 * You will need to provide a header "timing_alt.h" and an implementation at 00242 * compile time. 00243 */ 00244 //#define MBEDTLS_TIMING_ALT 00245 00246 /** 00247 * \def MBEDTLS_AES_ALT 00248 * 00249 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00250 * alternate core implementation of a symmetric crypto, an arithmetic or hash 00251 * module (e.g. platform specific assembly optimized implementations). Keep 00252 * in mind that the function prototypes should remain the same. 00253 * 00254 * This replaces the whole module. If you only want to replace one of the 00255 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00256 * 00257 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00258 * provide the "struct mbedtls_aes_context" definition and omit the base 00259 * function declarations and implementations. "aes_alt.h" will be included from 00260 * "aes.h" to include the new function definitions. 00261 * 00262 * Uncomment a macro to enable alternate implementation of the corresponding 00263 * module. 00264 */ 00265 //#define MBEDTLS_AES_ALT 00266 //#define MBEDTLS_ARC4_ALT 00267 //#define MBEDTLS_BLOWFISH_ALT 00268 //#define MBEDTLS_CAMELLIA_ALT 00269 //#define MBEDTLS_DES_ALT 00270 //#define MBEDTLS_XTEA_ALT 00271 //#define MBEDTLS_MD2_ALT 00272 //#define MBEDTLS_MD4_ALT 00273 //#define MBEDTLS_MD5_ALT 00274 //#define MBEDTLS_RIPEMD160_ALT 00275 //#define MBEDTLS_SHA1_ALT 00276 //#define MBEDTLS_SHA256_ALT 00277 //#define MBEDTLS_SHA512_ALT 00278 /* 00279 * When replacing the elliptic curve module, pleace consider, that it is 00280 * implemented with two .c files: 00281 * - ecp.c 00282 * - ecp_curves.c 00283 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT 00284 * macros as described above. The only difference is that you have to make sure 00285 * that you provide functionality for both .c files. 00286 */ 00287 //#define MBEDTLS_ECP_ALT 00288 00289 /** 00290 * \def MBEDTLS_MD2_PROCESS_ALT 00291 * 00292 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00293 * alternate core implementation of symmetric crypto or hash function. Keep in 00294 * mind that function prototypes should remain the same. 00295 * 00296 * This replaces only one function. The header file from mbed TLS is still 00297 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00298 * 00299 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00300 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00301 * the other function (using your mbedtls_sha1_process() function) and the definition 00302 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00303 * with this definition. 00304 * 00305 * \note Because of a signature change, the core AES encryption and decryption routines are 00306 * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, 00307 * respectively. When setting up alternative implementations, these functions should 00308 * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt 00309 * must stay untouched. 00310 * 00311 * \note If you use the AES_xxx_ALT macros, then is is recommended to also set 00312 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00313 * tables. 00314 * 00315 * Uncomment a macro to enable alternate implementation of the corresponding 00316 * function. 00317 */ 00318 //#define MBEDTLS_MD2_PROCESS_ALT 00319 //#define MBEDTLS_MD4_PROCESS_ALT 00320 //#define MBEDTLS_MD5_PROCESS_ALT 00321 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00322 //#define MBEDTLS_SHA1_PROCESS_ALT 00323 //#define MBEDTLS_SHA256_PROCESS_ALT 00324 //#define MBEDTLS_SHA512_PROCESS_ALT 00325 //#define MBEDTLS_DES_SETKEY_ALT 00326 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00327 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00328 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00329 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00330 //#define MBEDTLS_AES_ENCRYPT_ALT 00331 //#define MBEDTLS_AES_DECRYPT_ALT 00332 00333 /** 00334 * \def MBEDTLS_ECP_INTERNAL_ALT 00335 * 00336 * Expose a part of the internal interface of the Elliptic Curve Point module. 00337 * 00338 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your 00339 * alternative core implementation of elliptic curve arithmetic. Keep in mind 00340 * that function prototypes should remain the same. 00341 * 00342 * This partially replaces one function. The header file from mbed TLS is still 00343 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation 00344 * is still present and it is used for group structures not supported by the 00345 * alternative. 00346 * 00347 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT 00348 * and implementing the following functions: 00349 * unsigned char mbedtls_internal_ecp_grp_capable( 00350 * const mbedtls_ecp_group *grp ) 00351 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) 00352 * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) 00353 * The mbedtls_internal_ecp_grp_capable function should return 1 if the 00354 * replacement functions implement arithmetic for the given group and 0 00355 * otherwise. 00356 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are 00357 * called before and after each point operation and provide an opportunity to 00358 * implement optimized set up and tear down instructions. 00359 * 00360 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and 00361 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac 00362 * function, but will use your mbedtls_internal_ecp_double_jac if the group is 00363 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when 00364 * receives it as an argument). If the group is not supported then the original 00365 * implementation is used. The other functions and the definition of 00366 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your 00367 * implementation of mbedtls_internal_ecp_double_jac and 00368 * mbedtls_internal_ecp_grp_capable must be compatible with this definition. 00369 * 00370 * Uncomment a macro to enable alternate implementation of the corresponding 00371 * function. 00372 */ 00373 /* Required for all the functions in this section */ 00374 //#define MBEDTLS_ECP_INTERNAL_ALT 00375 /* Support for Weierstrass curves with Jacobi representation */ 00376 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT 00377 //#define MBEDTLS_ECP_ADD_MIXED_ALT 00378 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT 00379 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT 00380 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT 00381 /* Support for curves with Montgomery arithmetic */ 00382 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT 00383 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT 00384 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT 00385 00386 /** 00387 * \def MBEDTLS_TEST_NULL_ENTROPY 00388 * 00389 * Enables testing and use of mbed TLS without any configured entropy sources. 00390 * This permits use of the library on platforms before an entropy source has 00391 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00392 * MBEDTLS_ENTROPY_NV_SEED switches). 00393 * 00394 * WARNING! This switch MUST be disabled in production builds, and is suitable 00395 * only for development. 00396 * Enabling the switch negates any security provided by the library. 00397 * 00398 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00399 * 00400 */ 00401 //#define MBEDTLS_TEST_NULL_ENTROPY 00402 00403 /** 00404 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00405 * 00406 * Uncomment this macro to let mbed TLS use your own implementation of a 00407 * hardware entropy collector. 00408 * 00409 * Your function must be called \c mbedtls_hardware_poll(), have the same 00410 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00411 * 00412 * Uncomment to use your own hardware entropy collector. 00413 */ 00414 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00415 00416 /** 00417 * \def MBEDTLS_AES_ROM_TABLES 00418 * 00419 * Store the AES tables in ROM. 00420 * 00421 * Uncomment this macro to store the AES tables in ROM. 00422 */ 00423 //#define MBEDTLS_AES_ROM_TABLES 00424 00425 /** 00426 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00427 * 00428 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00429 * 00430 * Uncomment this macro to use less memory for Camellia. 00431 */ 00432 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00433 00434 /** 00435 * \def MBEDTLS_CIPHER_MODE_CBC 00436 * 00437 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00438 */ 00439 #define MBEDTLS_CIPHER_MODE_CBC 00440 00441 /** 00442 * \def MBEDTLS_CIPHER_MODE_CFB 00443 * 00444 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00445 */ 00446 #define MBEDTLS_CIPHER_MODE_CFB 00447 00448 /** 00449 * \def MBEDTLS_CIPHER_MODE_CTR 00450 * 00451 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00452 */ 00453 #define MBEDTLS_CIPHER_MODE_CTR 00454 00455 /** 00456 * \def MBEDTLS_CIPHER_NULL_CIPHER 00457 * 00458 * Enable NULL cipher. 00459 * Warning: Only do so when you know what you are doing. This allows for 00460 * encryption or channels without any security! 00461 * 00462 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00463 * the following ciphersuites: 00464 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00465 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00466 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00467 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00468 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00469 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00470 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00471 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00472 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00473 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00474 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00475 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00476 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00477 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00478 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00479 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00480 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00481 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00482 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00483 * 00484 * Uncomment this macro to enable the NULL cipher and ciphersuites 00485 */ 00486 //#define MBEDTLS_CIPHER_NULL_CIPHER 00487 00488 /** 00489 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00490 * 00491 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00492 * specific padding modes in the cipher layer with cipher modes that support 00493 * padding (e.g. CBC) 00494 * 00495 * If you disable all padding modes, only full blocks can be used with CBC. 00496 * 00497 * Enable padding modes in the cipher layer. 00498 */ 00499 #define MBEDTLS_CIPHER_PADDING_PKCS7 00500 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00501 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00502 #define MBEDTLS_CIPHER_PADDING_ZEROS 00503 00504 /** 00505 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00506 * 00507 * Enable weak ciphersuites in SSL / TLS. 00508 * Warning: Only do so when you know what you are doing. This allows for 00509 * channels with virtually no security at all! 00510 * 00511 * This enables the following ciphersuites: 00512 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00513 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00514 * 00515 * Uncomment this macro to enable weak ciphersuites 00516 */ 00517 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00518 00519 /** 00520 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00521 * 00522 * Remove RC4 ciphersuites by default in SSL / TLS. 00523 * This flag removes the ciphersuites based on RC4 from the default list as 00524 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00525 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00526 * explicitly. 00527 * 00528 * Uncomment this macro to remove RC4 ciphersuites by default. 00529 */ 00530 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00531 00532 /** 00533 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00534 * 00535 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00536 * module. By default all supported curves are enabled. 00537 * 00538 * Comment macros to disable the curve and functions for it 00539 */ 00540 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00541 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00542 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00543 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00544 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00545 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00546 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00547 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00548 #define MBEDTLS_ECP_DP_BP256R1_ENABLED 00549 #define MBEDTLS_ECP_DP_BP384R1_ENABLED 00550 #define MBEDTLS_ECP_DP_BP512R1_ENABLED 00551 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00552 00553 /** 00554 * \def MBEDTLS_ECP_NIST_OPTIM 00555 * 00556 * Enable specific 'modulo p' routines for each NIST prime. 00557 * Depending on the prime and architecture, makes operations 4 to 8 times 00558 * faster on the corresponding curve. 00559 * 00560 * Comment this macro to disable NIST curves optimisation. 00561 */ 00562 #define MBEDTLS_ECP_NIST_OPTIM 00563 00564 /** 00565 * \def MBEDTLS_ECDSA_DETERMINISTIC 00566 * 00567 * Enable deterministic ECDSA (RFC 6979). 00568 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00569 * may result in a compromise of the long-term signing key. This is avoided by 00570 * the deterministic variant. 00571 * 00572 * Requires: MBEDTLS_HMAC_DRBG_C 00573 * 00574 * Comment this macro to disable deterministic ECDSA. 00575 */ 00576 #define MBEDTLS_ECDSA_DETERMINISTIC 00577 00578 /** 00579 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00580 * 00581 * Enable the PSK based ciphersuite modes in SSL / TLS. 00582 * 00583 * This enables the following ciphersuites (if other requisites are 00584 * enabled as well): 00585 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00586 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00587 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00588 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00589 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00590 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00591 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00592 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00593 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00594 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00595 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00596 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00597 */ 00598 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00599 00600 /** 00601 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00602 * 00603 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00604 * 00605 * Requires: MBEDTLS_DHM_C 00606 * 00607 * This enables the following ciphersuites (if other requisites are 00608 * enabled as well): 00609 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00610 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00611 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00612 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00613 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00614 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00615 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00616 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00617 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00618 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00619 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00620 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00621 */ 00622 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00623 00624 /** 00625 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00626 * 00627 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00628 * 00629 * Requires: MBEDTLS_ECDH_C 00630 * 00631 * This enables the following ciphersuites (if other requisites are 00632 * enabled as well): 00633 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00634 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00635 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00636 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00637 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00638 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00639 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00640 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00641 */ 00642 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00643 00644 /** 00645 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00646 * 00647 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00648 * 00649 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00650 * MBEDTLS_X509_CRT_PARSE_C 00651 * 00652 * This enables the following ciphersuites (if other requisites are 00653 * enabled as well): 00654 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00655 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00656 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00657 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00658 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00659 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00660 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00661 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00662 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00663 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00664 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00665 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00666 */ 00667 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00668 00669 /** 00670 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00671 * 00672 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00673 * 00674 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00675 * MBEDTLS_X509_CRT_PARSE_C 00676 * 00677 * This enables the following ciphersuites (if other requisites are 00678 * enabled as well): 00679 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00680 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00681 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00682 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00683 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00684 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00685 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00686 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00687 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00688 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00689 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00690 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00691 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00692 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00693 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00694 */ 00695 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00696 00697 /** 00698 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00699 * 00700 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00701 * 00702 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00703 * MBEDTLS_X509_CRT_PARSE_C 00704 * 00705 * This enables the following ciphersuites (if other requisites are 00706 * enabled as well): 00707 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00708 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00709 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00710 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00711 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00712 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00713 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00714 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00715 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00716 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00717 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00718 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00719 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00720 */ 00721 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00722 00723 /** 00724 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00725 * 00726 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00727 * 00728 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00729 * MBEDTLS_X509_CRT_PARSE_C 00730 * 00731 * This enables the following ciphersuites (if other requisites are 00732 * enabled as well): 00733 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00734 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00735 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00736 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00737 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00738 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00739 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00740 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00741 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00742 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00743 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00744 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00745 */ 00746 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00747 00748 /** 00749 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00750 * 00751 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00752 * 00753 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00754 * 00755 * This enables the following ciphersuites (if other requisites are 00756 * enabled as well): 00757 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00758 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00759 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00760 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00761 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00762 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00763 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00764 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00765 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00766 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00767 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00768 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00769 */ 00770 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00771 00772 /** 00773 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00774 * 00775 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00776 * 00777 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00778 * 00779 * This enables the following ciphersuites (if other requisites are 00780 * enabled as well): 00781 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00782 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00783 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00784 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00785 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00786 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00787 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00788 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00789 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00790 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00791 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00792 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00793 */ 00794 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00795 00796 /** 00797 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00798 * 00799 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00800 * 00801 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00802 * 00803 * This enables the following ciphersuites (if other requisites are 00804 * enabled as well): 00805 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00806 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00807 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00808 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00809 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00810 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00811 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00812 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00813 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00814 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00815 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00816 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00817 */ 00818 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00819 00820 /** 00821 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00822 * 00823 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00824 * 00825 * \warning This is currently experimental. EC J-PAKE support is based on the 00826 * Thread v1.0.0 specification; incompatible changes to the specification 00827 * might still happen. For this reason, this is disabled by default. 00828 * 00829 * Requires: MBEDTLS_ECJPAKE_C 00830 * MBEDTLS_SHA256_C 00831 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00832 * 00833 * This enables the following ciphersuites (if other requisites are 00834 * enabled as well): 00835 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00836 */ 00837 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00838 00839 /** 00840 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00841 * 00842 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00843 * RFC 5915 and RFC 5480. 00844 * 00845 * Currently this means parsing the SpecifiedECDomain choice of EC 00846 * parameters (only known groups are supported, not arbitrary domains, to 00847 * avoid validation issues). 00848 * 00849 * Disable if you only need to support RFC 5915 + 5480 key formats. 00850 */ 00851 #define MBEDTLS_PK_PARSE_EC_EXTENDED 00852 00853 /** 00854 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00855 * 00856 * Enable a dummy error function to make use of mbedtls_strerror() in 00857 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00858 * (no effect when MBEDTLS_ERROR_C is enabled). 00859 * 00860 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00861 * not using mbedtls_strerror() or error_strerror() in your application. 00862 * 00863 * Disable if you run into name conflicts and want to really remove the 00864 * mbedtls_strerror() 00865 */ 00866 #define MBEDTLS_ERROR_STRERROR_DUMMY 00867 00868 /** 00869 * \def MBEDTLS_GENPRIME 00870 * 00871 * Enable the prime-number generation code. 00872 * 00873 * Requires: MBEDTLS_BIGNUM_C 00874 */ 00875 #define MBEDTLS_GENPRIME 00876 00877 /** 00878 * \def MBEDTLS_FS_IO 00879 * 00880 * Enable functions that use the filesystem. 00881 */ 00882 //#define MBEDTLS_FS_IO 00883 00884 /** 00885 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00886 * 00887 * Do not add default entropy sources. These are the platform specific, 00888 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00889 * 00890 * This is useful to have more control over the added entropy sources in an 00891 * application. 00892 * 00893 * Uncomment this macro to prevent loading of default entropy functions. 00894 */ 00895 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00896 00897 /** 00898 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00899 * 00900 * Do not use built-in platform entropy functions. 00901 * This is useful if your platform does not support 00902 * standards like the /dev/urandom or Windows CryptoAPI. 00903 * 00904 * Uncomment this macro to disable the built-in platform entropy functions. 00905 */ 00906 #define MBEDTLS_NO_PLATFORM_ENTROPY 00907 00908 /** 00909 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00910 * 00911 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00912 * default SHA-512 based one (if both are available). 00913 * 00914 * Requires: MBEDTLS_SHA256_C 00915 * 00916 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00917 * if you have performance concerns. 00918 * 00919 * This option is only useful if both MBEDTLS_SHA256_C and 00920 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00921 */ 00922 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00923 00924 /** 00925 * \def MBEDTLS_ENTROPY_NV_SEED 00926 * 00927 * Enable the non-volatile (NV) seed file-based entropy source. 00928 * (Also enables the NV seed read/write functions in the platform layer) 00929 * 00930 * This is crucial (if not required) on systems that do not have a 00931 * cryptographic entropy source (in hardware or kernel) available. 00932 * 00933 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00934 * 00935 * \note The read/write functions that are used by the entropy source are 00936 * determined in the platform layer, and can be modified at runtime and/or 00937 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00938 * 00939 * \note If you use the default implementation functions that read a seedfile 00940 * with regular fopen(), please make sure you make a seedfile with the 00941 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00942 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00943 * and written to or you will get an entropy source error! The default 00944 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00945 * bytes from the file. 00946 * 00947 * \note The entropy collector will write to the seed file before entropy is 00948 * given to an external source, to update it. 00949 */ 00950 //#define MBEDTLS_ENTROPY_NV_SEED 00951 00952 /** 00953 * \def MBEDTLS_MEMORY_DEBUG 00954 * 00955 * Enable debugging of buffer allocator memory issues. Automatically prints 00956 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00957 * function for 'debug output' of allocated memory. 00958 * 00959 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00960 * 00961 * Uncomment this macro to let the buffer allocator print out error messages. 00962 */ 00963 //#define MBEDTLS_MEMORY_DEBUG 00964 00965 /** 00966 * \def MBEDTLS_MEMORY_BACKTRACE 00967 * 00968 * Include backtrace information with each allocated block. 00969 * 00970 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00971 * GLIBC-compatible backtrace() an backtrace_symbols() support 00972 * 00973 * Uncomment this macro to include backtrace information 00974 */ 00975 //#define MBEDTLS_MEMORY_BACKTRACE 00976 00977 /** 00978 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00979 * 00980 * Support external private RSA keys (eg from a HSM) in the PK layer. 00981 * 00982 * Comment this macro to disable support for external private RSA keys. 00983 */ 00984 #define MBEDTLS_PK_RSA_ALT_SUPPORT 00985 00986 /** 00987 * \def MBEDTLS_PKCS1_V15 00988 * 00989 * Enable support for PKCS#1 v1.5 encoding. 00990 * 00991 * Requires: MBEDTLS_RSA_C 00992 * 00993 * This enables support for PKCS#1 v1.5 operations. 00994 */ 00995 #define MBEDTLS_PKCS1_V15 00996 00997 /** 00998 * \def MBEDTLS_PKCS1_V21 00999 * 01000 * Enable support for PKCS#1 v2.1 encoding. 01001 * 01002 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 01003 * 01004 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 01005 */ 01006 #define MBEDTLS_PKCS1_V21 01007 01008 /** 01009 * \def MBEDTLS_RSA_NO_CRT 01010 * 01011 * Do not use the Chinese Remainder Theorem for the RSA private operation. 01012 * 01013 * Uncomment this macro to disable the use of CRT in RSA. 01014 * 01015 */ 01016 //#define MBEDTLS_RSA_NO_CRT 01017 01018 /** 01019 * \def MBEDTLS_SELF_TEST 01020 * 01021 * Enable the checkup functions (*_self_test). 01022 */ 01023 #define MBEDTLS_SELF_TEST 01024 01025 /** 01026 * \def MBEDTLS_SHA256_SMALLER 01027 * 01028 * Enable an implementation of SHA-256 that has lower ROM footprint but also 01029 * lower performance. 01030 * 01031 * The default implementation is meant to be a reasonnable compromise between 01032 * performance and size. This version optimizes more aggressively for size at 01033 * the expense of performance. Eg on Cortex-M4 it reduces the size of 01034 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 01035 * 30%. 01036 * 01037 * Uncomment to enable the smaller implementation of SHA256. 01038 */ 01039 //#define MBEDTLS_SHA256_SMALLER 01040 01041 /** 01042 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 01043 * 01044 * Enable sending of alert messages in case of encountered errors as per RFC. 01045 * If you choose not to send the alert messages, mbed TLS can still communicate 01046 * with other servers, only debugging of failures is harder. 01047 * 01048 * The advantage of not sending alert messages, is that no information is given 01049 * about reasons for failures thus preventing adversaries of gaining intel. 01050 * 01051 * Enable sending of all alert messages 01052 */ 01053 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 01054 01055 /** 01056 * \def MBEDTLS_SSL_DEBUG_ALL 01057 * 01058 * Enable the debug messages in SSL module for all issues. 01059 * Debug messages have been disabled in some places to prevent timing 01060 * attacks due to (unbalanced) debugging function calls. 01061 * 01062 * If you need all error reporting you should enable this during debugging, 01063 * but remove this for production servers that should log as well. 01064 * 01065 * Uncomment this macro to report all debug messages on errors introducing 01066 * a timing side-channel. 01067 * 01068 */ 01069 //#define MBEDTLS_SSL_DEBUG_ALL 01070 01071 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 01072 * 01073 * Enable support for Encrypt-then-MAC, RFC 7366. 01074 * 01075 * This allows peers that both support it to use a more robust protection for 01076 * ciphersuites using CBC, providing deep resistance against timing attacks 01077 * on the padding or underlying cipher. 01078 * 01079 * This only affects CBC ciphersuites, and is useless if none is defined. 01080 * 01081 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01082 * MBEDTLS_SSL_PROTO_TLS1_1 or 01083 * MBEDTLS_SSL_PROTO_TLS1_2 01084 * 01085 * Comment this macro to disable support for Encrypt-then-MAC 01086 */ 01087 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01088 01089 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01090 * 01091 * Enable support for Extended Master Secret, aka Session Hash 01092 * (draft-ietf-tls-session-hash-02). 01093 * 01094 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01095 * attacks, but it is recommended to always use it (even if you disable 01096 * renegotiation), since it actually fixes a more fundamental issue in the 01097 * original SSL/TLS design, and has implications beyond Triple Handshake. 01098 * 01099 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01100 * MBEDTLS_SSL_PROTO_TLS1_1 or 01101 * MBEDTLS_SSL_PROTO_TLS1_2 01102 * 01103 * Comment this macro to disable support for Extended Master Secret. 01104 */ 01105 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01106 01107 /** 01108 * \def MBEDTLS_SSL_FALLBACK_SCSV 01109 * 01110 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01111 * 01112 * For servers, it is recommended to always enable this, unless you support 01113 * only one version of TLS, or know for sure that none of your clients 01114 * implements a fallback strategy. 01115 * 01116 * For clients, you only need this if you're using a fallback strategy, which 01117 * is not recommended in the first place, unless you absolutely need it to 01118 * interoperate with buggy (version-intolerant) servers. 01119 * 01120 * Comment this macro to disable support for FALLBACK_SCSV 01121 */ 01122 #define MBEDTLS_SSL_FALLBACK_SCSV 01123 01124 /** 01125 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01126 * 01127 * Enable hooking functions in SSL module for hardware acceleration of 01128 * individual records. 01129 * 01130 * Uncomment this macro to enable hooking functions. 01131 */ 01132 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01133 01134 /** 01135 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01136 * 01137 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01138 * 01139 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01140 * of interoperability issues compared to sending 0-length records. 01141 * 01142 * Comment this macro to disable 1/n-1 record splitting. 01143 */ 01144 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01145 01146 /** 01147 * \def MBEDTLS_SSL_RENEGOTIATION 01148 * 01149 * Disable support for TLS renegotiation. 01150 * 01151 * The two main uses of renegotiation are (1) refresh keys on long-lived 01152 * connections and (2) client authentication after the initial handshake. 01153 * If you don't need renegotiation, it's probably better to disable it, since 01154 * it has been associated with security issues in the past and is easy to 01155 * misuse/misunderstand. 01156 * 01157 * Comment this to disable support for renegotiation. 01158 */ 01159 #define MBEDTLS_SSL_RENEGOTIATION 01160 01161 /** 01162 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01163 * 01164 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01165 * SSL Server module (MBEDTLS_SSL_SRV_C). 01166 * 01167 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01168 */ 01169 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01170 01171 /** 01172 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01173 * 01174 * Pick the ciphersuite according to the client's preferences rather than ours 01175 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01176 * 01177 * Uncomment this macro to respect client's ciphersuite order 01178 */ 01179 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01180 01181 /** 01182 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01183 * 01184 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01185 * 01186 * Comment this macro to disable support for the max_fragment_length extension 01187 */ 01188 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01189 01190 /** 01191 * \def MBEDTLS_SSL_PROTO_SSL3 01192 * 01193 * Enable support for SSL 3.0. 01194 * 01195 * Requires: MBEDTLS_MD5_C 01196 * MBEDTLS_SHA1_C 01197 * 01198 * Comment this macro to disable support for SSL 3.0 01199 */ 01200 //#define MBEDTLS_SSL_PROTO_SSL3 01201 01202 /** 01203 * \def MBEDTLS_SSL_PROTO_TLS1 01204 * 01205 * Enable support for TLS 1.0. 01206 * 01207 * Requires: MBEDTLS_MD5_C 01208 * MBEDTLS_SHA1_C 01209 * 01210 * Comment this macro to disable support for TLS 1.0 01211 */ 01212 #define MBEDTLS_SSL_PROTO_TLS1 01213 01214 /** 01215 * \def MBEDTLS_SSL_PROTO_TLS1_1 01216 * 01217 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01218 * 01219 * Requires: MBEDTLS_MD5_C 01220 * MBEDTLS_SHA1_C 01221 * 01222 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01223 */ 01224 #define MBEDTLS_SSL_PROTO_TLS1_1 01225 01226 /** 01227 * \def MBEDTLS_SSL_PROTO_TLS1_2 01228 * 01229 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01230 * 01231 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01232 * (Depends on ciphersuites) 01233 * 01234 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01235 */ 01236 #define MBEDTLS_SSL_PROTO_TLS1_2 01237 01238 /** 01239 * \def MBEDTLS_SSL_PROTO_DTLS 01240 * 01241 * Enable support for DTLS (all available versions). 01242 * 01243 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01244 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01245 * 01246 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01247 * or MBEDTLS_SSL_PROTO_TLS1_2 01248 * 01249 * Comment this macro to disable support for DTLS 01250 */ 01251 #define MBEDTLS_SSL_PROTO_DTLS 01252 01253 /** 01254 * \def MBEDTLS_SSL_ALPN 01255 * 01256 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01257 * 01258 * Comment this macro to disable support for ALPN. 01259 */ 01260 #define MBEDTLS_SSL_ALPN 01261 01262 /** 01263 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01264 * 01265 * Enable support for the anti-replay mechanism in DTLS. 01266 * 01267 * Requires: MBEDTLS_SSL_TLS_C 01268 * MBEDTLS_SSL_PROTO_DTLS 01269 * 01270 * \warning Disabling this is often a security risk! 01271 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01272 * 01273 * Comment this to disable anti-replay in DTLS. 01274 */ 01275 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01276 01277 /** 01278 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01279 * 01280 * Enable support for HelloVerifyRequest on DTLS servers. 01281 * 01282 * This feature is highly recommended to prevent DTLS servers being used as 01283 * amplifiers in DoS attacks against other hosts. It should always be enabled 01284 * unless you know for sure amplification cannot be a problem in the 01285 * environment in which your server operates. 01286 * 01287 * \warning Disabling this can ba a security risk! (see above) 01288 * 01289 * Requires: MBEDTLS_SSL_PROTO_DTLS 01290 * 01291 * Comment this to disable support for HelloVerifyRequest. 01292 */ 01293 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01294 01295 /** 01296 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01297 * 01298 * Enable server-side support for clients that reconnect from the same port. 01299 * 01300 * Some clients unexpectedly close the connection and try to reconnect using the 01301 * same source port. This needs special support from the server to handle the 01302 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01303 * flag enables that support. 01304 * 01305 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01306 * 01307 * Comment this to disable support for clients reusing the source port. 01308 */ 01309 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01310 01311 /** 01312 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01313 * 01314 * Enable support for a limit of records with bad MAC. 01315 * 01316 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01317 * 01318 * Requires: MBEDTLS_SSL_PROTO_DTLS 01319 */ 01320 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01321 01322 /** 01323 * \def MBEDTLS_SSL_SESSION_TICKETS 01324 * 01325 * Enable support for RFC 5077 session tickets in SSL. 01326 * Client-side, provides full support for session tickets (maintainance of a 01327 * session store remains the responsibility of the application, though). 01328 * Server-side, you also need to provide callbacks for writing and parsing 01329 * tickets, including authenticated encryption and key management. Example 01330 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01331 * 01332 * Comment this macro to disable support for SSL session tickets 01333 */ 01334 #define MBEDTLS_SSL_SESSION_TICKETS 01335 01336 /** 01337 * \def MBEDTLS_SSL_EXPORT_KEYS 01338 * 01339 * Enable support for exporting key block and master secret. 01340 * This is required for certain users of TLS, e.g. EAP-TLS. 01341 * 01342 * Comment this macro to disable support for key export 01343 */ 01344 #define MBEDTLS_SSL_EXPORT_KEYS 01345 01346 /** 01347 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01348 * 01349 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01350 * 01351 * Requires: MBEDTLS_X509_CRT_PARSE_C 01352 * 01353 * Comment this macro to disable support for server name indication in SSL 01354 */ 01355 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01356 01357 /** 01358 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01359 * 01360 * Enable support for RFC 6066 truncated HMAC in SSL. 01361 * 01362 * Comment this macro to disable support for truncated HMAC in SSL 01363 */ 01364 #define MBEDTLS_SSL_TRUNCATED_HMAC 01365 01366 /** 01367 * \def MBEDTLS_THREADING_ALT 01368 * 01369 * Provide your own alternate threading implementation. 01370 * 01371 * Requires: MBEDTLS_THREADING_C 01372 * 01373 * Uncomment this to allow your own alternate threading implementation. 01374 */ 01375 //#define MBEDTLS_THREADING_ALT 01376 01377 /** 01378 * \def MBEDTLS_THREADING_PTHREAD 01379 * 01380 * Enable the pthread wrapper layer for the threading layer. 01381 * 01382 * Requires: MBEDTLS_THREADING_C 01383 * 01384 * Uncomment this to enable pthread mutexes. 01385 */ 01386 //#define MBEDTLS_THREADING_PTHREAD 01387 01388 /** 01389 * \def MBEDTLS_VERSION_FEATURES 01390 * 01391 * Allow run-time checking of compile-time enabled features. Thus allowing users 01392 * to check at run-time if the library is for instance compiled with threading 01393 * support via mbedtls_version_check_feature(). 01394 * 01395 * Requires: MBEDTLS_VERSION_C 01396 * 01397 * Comment this to disable run-time checking and save ROM space 01398 */ 01399 #define MBEDTLS_VERSION_FEATURES 01400 01401 /** 01402 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01403 * 01404 * If set, the X509 parser will not break-off when parsing an X509 certificate 01405 * and encountering an extension in a v1 or v2 certificate. 01406 * 01407 * Uncomment to prevent an error. 01408 */ 01409 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01410 01411 /** 01412 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01413 * 01414 * If set, the X509 parser will not break-off when parsing an X509 certificate 01415 * and encountering an unknown critical extension. 01416 * 01417 * \warning Depending on your PKI use, enabling this can be a security risk! 01418 * 01419 * Uncomment to prevent an error. 01420 */ 01421 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01422 01423 /** 01424 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01425 * 01426 * Enable verification of the keyUsage extension (CA and leaf certificates). 01427 * 01428 * Disabling this avoids problems with mis-issued and/or misused 01429 * (intermediate) CA and leaf certificates. 01430 * 01431 * \warning Depending on your PKI use, disabling this can be a security risk! 01432 * 01433 * Comment to skip keyUsage checking for both CA and leaf certificates. 01434 */ 01435 #define MBEDTLS_X509_CHECK_KEY_USAGE 01436 01437 /** 01438 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01439 * 01440 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01441 * 01442 * Disabling this avoids problems with mis-issued and/or misused certificates. 01443 * 01444 * \warning Depending on your PKI use, disabling this can be a security risk! 01445 * 01446 * Comment to skip extendedKeyUsage checking for certificates. 01447 */ 01448 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01449 01450 /** 01451 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01452 * 01453 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01454 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01455 * 01456 * Comment this macro to disallow using RSASSA-PSS in certificates. 01457 */ 01458 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01459 01460 /** 01461 * \def MBEDTLS_ZLIB_SUPPORT 01462 * 01463 * If set, the SSL/TLS module uses ZLIB to support compression and 01464 * decompression of packet data. 01465 * 01466 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01467 * CRIME attack. Before enabling this option, you should examine with care if 01468 * CRIME or similar exploits may be a applicable to your use case. 01469 * 01470 * \note Currently compression can't be used with DTLS. 01471 * 01472 * Used in: library/ssl_tls.c 01473 * library/ssl_cli.c 01474 * library/ssl_srv.c 01475 * 01476 * This feature requires zlib library and headers to be present. 01477 * 01478 * Uncomment to enable use of ZLIB 01479 */ 01480 //#define MBEDTLS_ZLIB_SUPPORT 01481 /* \} name SECTION: mbed TLS feature support */ 01482 01483 /** 01484 * \name SECTION: mbed TLS modules 01485 * 01486 * This section enables or disables entire modules in mbed TLS 01487 * \{ 01488 */ 01489 01490 /** 01491 * \def MBEDTLS_AESNI_C 01492 * 01493 * Enable AES-NI support on x86-64. 01494 * 01495 * Module: library/aesni.c 01496 * Caller: library/aes.c 01497 * 01498 * Requires: MBEDTLS_HAVE_ASM 01499 * 01500 * This modules adds support for the AES-NI instructions on x86-64 01501 */ 01502 #define MBEDTLS_AESNI_C 01503 01504 /** 01505 * \def MBEDTLS_AES_C 01506 * 01507 * Enable the AES block cipher. 01508 * 01509 * Module: library/aes.c 01510 * Caller: library/ssl_tls.c 01511 * library/pem.c 01512 * library/ctr_drbg.c 01513 * 01514 * This module enables the following ciphersuites (if other requisites are 01515 * enabled as well): 01516 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01517 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01518 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01519 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01520 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01521 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01522 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01523 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01524 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01525 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01526 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01527 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01528 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01529 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01530 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01531 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01532 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01533 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01534 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01535 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01536 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01537 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01538 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01539 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01540 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01541 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01542 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01543 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01544 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01545 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01546 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01547 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01548 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01549 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01550 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01551 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01552 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01553 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01554 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01555 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01556 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01557 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01558 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01559 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01560 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01561 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01562 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01563 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01564 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01565 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01566 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01567 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01568 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01569 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01570 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01571 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01572 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01573 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01574 * 01575 * PEM_PARSE uses AES for decrypting encrypted keys. 01576 */ 01577 #define MBEDTLS_AES_C 01578 01579 /** 01580 * \def MBEDTLS_ARC4_C 01581 * 01582 * Enable the ARCFOUR stream cipher. 01583 * 01584 * Module: library/arc4.c 01585 * Caller: library/ssl_tls.c 01586 * 01587 * This module enables the following ciphersuites (if other requisites are 01588 * enabled as well): 01589 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01590 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01591 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01592 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01593 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01594 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01595 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01596 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01597 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01598 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01599 */ 01600 #define MBEDTLS_ARC4_C 01601 01602 /** 01603 * \def MBEDTLS_ASN1_PARSE_C 01604 * 01605 * Enable the generic ASN1 parser. 01606 * 01607 * Module: library/asn1.c 01608 * Caller: library/x509.c 01609 * library/dhm.c 01610 * library/pkcs12.c 01611 * library/pkcs5.c 01612 * library/pkparse.c 01613 */ 01614 #define MBEDTLS_ASN1_PARSE_C 01615 01616 /** 01617 * \def MBEDTLS_ASN1_WRITE_C 01618 * 01619 * Enable the generic ASN1 writer. 01620 * 01621 * Module: library/asn1write.c 01622 * Caller: library/ecdsa.c 01623 * library/pkwrite.c 01624 * library/x509_create.c 01625 * library/x509write_crt.c 01626 * library/x509write_csr.c 01627 */ 01628 #define MBEDTLS_ASN1_WRITE_C 01629 01630 /** 01631 * \def MBEDTLS_BASE64_C 01632 * 01633 * Enable the Base64 module. 01634 * 01635 * Module: library/base64.c 01636 * Caller: library/pem.c 01637 * 01638 * This module is required for PEM support (required by X.509). 01639 */ 01640 #define MBEDTLS_BASE64_C 01641 01642 /** 01643 * \def MBEDTLS_BIGNUM_C 01644 * 01645 * Enable the multi-precision integer library. 01646 * 01647 * Module: library/bignum.c 01648 * Caller: library/dhm.c 01649 * library/ecp.c 01650 * library/ecdsa.c 01651 * library/rsa.c 01652 * library/ssl_tls.c 01653 * 01654 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01655 */ 01656 #define MBEDTLS_BIGNUM_C 01657 01658 /** 01659 * \def MBEDTLS_BLOWFISH_C 01660 * 01661 * Enable the Blowfish block cipher. 01662 * 01663 * Module: library/blowfish.c 01664 */ 01665 #define MBEDTLS_BLOWFISH_C 01666 01667 /** 01668 * \def MBEDTLS_CAMELLIA_C 01669 * 01670 * Enable the Camellia block cipher. 01671 * 01672 * Module: library/camellia.c 01673 * Caller: library/ssl_tls.c 01674 * 01675 * This module enables the following ciphersuites (if other requisites are 01676 * enabled as well): 01677 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01678 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01679 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01680 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01681 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01682 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01683 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01684 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01685 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01686 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01687 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01688 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01689 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01690 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01691 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01692 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01693 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01694 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01695 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01696 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01697 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01698 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01699 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01700 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01701 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01702 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01703 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01704 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01705 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01706 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01707 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01708 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01709 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01710 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01711 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01712 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01713 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01714 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01715 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01716 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01717 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01718 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01719 */ 01720 #define MBEDTLS_CAMELLIA_C 01721 01722 /** 01723 * \def MBEDTLS_CCM_C 01724 * 01725 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01726 * 01727 * Module: library/ccm.c 01728 * 01729 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01730 * 01731 * This module enables the AES-CCM ciphersuites, if other requisites are 01732 * enabled as well. 01733 */ 01734 #define MBEDTLS_CCM_C 01735 01736 /** 01737 * \def MBEDTLS_CERTS_C 01738 * 01739 * Enable the test certificates. 01740 * 01741 * Module: library/certs.c 01742 * Caller: 01743 * 01744 * This module is used for testing (ssl_client/server). 01745 */ 01746 #define MBEDTLS_CERTS_C 01747 01748 /** 01749 * \def MBEDTLS_CIPHER_C 01750 * 01751 * Enable the generic cipher layer. 01752 * 01753 * Module: library/cipher.c 01754 * Caller: library/ssl_tls.c 01755 * 01756 * Uncomment to enable generic cipher wrappers. 01757 */ 01758 #define MBEDTLS_CIPHER_C 01759 01760 /** 01761 * \def MBEDTLS_CMAC_C 01762 * 01763 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01764 * ciphers. 01765 * 01766 * Module: library/cmac.c 01767 * 01768 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01769 * 01770 */ 01771 //#define MBEDTLS_CMAC_C 01772 01773 /** 01774 * \def MBEDTLS_CTR_DRBG_C 01775 * 01776 * Enable the CTR_DRBG AES-256-based random generator. 01777 * 01778 * Module: library/ctr_drbg.c 01779 * Caller: 01780 * 01781 * Requires: MBEDTLS_AES_C 01782 * 01783 * This module provides the CTR_DRBG AES-256 random number generator. 01784 */ 01785 #define MBEDTLS_CTR_DRBG_C 01786 01787 /** 01788 * \def MBEDTLS_DEBUG_C 01789 * 01790 * Enable the debug functions. 01791 * 01792 * Module: library/debug.c 01793 * Caller: library/ssl_cli.c 01794 * library/ssl_srv.c 01795 * library/ssl_tls.c 01796 * 01797 * This module provides debugging functions. 01798 */ 01799 #define MBEDTLS_DEBUG_C 01800 01801 /** 01802 * \def MBEDTLS_DES_C 01803 * 01804 * Enable the DES block cipher. 01805 * 01806 * Module: library/des.c 01807 * Caller: library/pem.c 01808 * library/ssl_tls.c 01809 * 01810 * This module enables the following ciphersuites (if other requisites are 01811 * enabled as well): 01812 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01813 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01814 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01815 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01816 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01817 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01818 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01819 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01820 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01821 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01822 * 01823 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01824 */ 01825 #define MBEDTLS_DES_C 01826 01827 /** 01828 * \def MBEDTLS_DHM_C 01829 * 01830 * Enable the Diffie-Hellman-Merkle module. 01831 * 01832 * Module: library/dhm.c 01833 * Caller: library/ssl_cli.c 01834 * library/ssl_srv.c 01835 * 01836 * This module is used by the following key exchanges: 01837 * DHE-RSA, DHE-PSK 01838 */ 01839 #define MBEDTLS_DHM_C 01840 01841 /** 01842 * \def MBEDTLS_ECDH_C 01843 * 01844 * Enable the elliptic curve Diffie-Hellman library. 01845 * 01846 * Module: library/ecdh.c 01847 * Caller: library/ssl_cli.c 01848 * library/ssl_srv.c 01849 * 01850 * This module is used by the following key exchanges: 01851 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01852 * 01853 * Requires: MBEDTLS_ECP_C 01854 */ 01855 #define MBEDTLS_ECDH_C 01856 01857 /** 01858 * \def MBEDTLS_ECDSA_C 01859 * 01860 * Enable the elliptic curve DSA library. 01861 * 01862 * Module: library/ecdsa.c 01863 * Caller: 01864 * 01865 * This module is used by the following key exchanges: 01866 * ECDHE-ECDSA 01867 * 01868 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01869 */ 01870 #define MBEDTLS_ECDSA_C 01871 01872 /** 01873 * \def MBEDTLS_ECJPAKE_C 01874 * 01875 * Enable the elliptic curve J-PAKE library. 01876 * 01877 * \warning This is currently experimental. EC J-PAKE support is based on the 01878 * Thread v1.0.0 specification; incompatible changes to the specification 01879 * might still happen. For this reason, this is disabled by default. 01880 * 01881 * Module: library/ecjpake.c 01882 * Caller: 01883 * 01884 * This module is used by the following key exchanges: 01885 * ECJPAKE 01886 * 01887 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01888 */ 01889 //#define MBEDTLS_ECJPAKE_C 01890 01891 /** 01892 * \def MBEDTLS_ECP_C 01893 * 01894 * Enable the elliptic curve over GF(p) library. 01895 * 01896 * Module: library/ecp.c 01897 * Caller: library/ecdh.c 01898 * library/ecdsa.c 01899 * library/ecjpake.c 01900 * 01901 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01902 */ 01903 #define MBEDTLS_ECP_C 01904 01905 /** 01906 * \def MBEDTLS_ENTROPY_C 01907 * 01908 * Enable the platform-specific entropy code. 01909 * 01910 * Module: library/entropy.c 01911 * Caller: 01912 * 01913 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01914 * 01915 * This module provides a generic entropy pool 01916 */ 01917 #define MBEDTLS_ENTROPY_C 01918 01919 /** 01920 * \def MBEDTLS_ERROR_C 01921 * 01922 * Enable error code to error string conversion. 01923 * 01924 * Module: library/error.c 01925 * Caller: 01926 * 01927 * This module enables mbedtls_strerror(). 01928 */ 01929 #define MBEDTLS_ERROR_C 01930 01931 /** 01932 * \def MBEDTLS_GCM_C 01933 * 01934 * Enable the Galois/Counter Mode (GCM) for AES. 01935 * 01936 * Module: library/gcm.c 01937 * 01938 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01939 * 01940 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01941 * requisites are enabled as well. 01942 */ 01943 #define MBEDTLS_GCM_C 01944 01945 /** 01946 * \def MBEDTLS_HAVEGE_C 01947 * 01948 * Enable the HAVEGE random generator. 01949 * 01950 * Warning: the HAVEGE random generator is not suitable for virtualized 01951 * environments 01952 * 01953 * Warning: the HAVEGE random generator is dependent on timing and specific 01954 * processor traits. It is therefore not advised to use HAVEGE as 01955 * your applications primary random generator or primary entropy pool 01956 * input. As a secondary input to your entropy pool, it IS able add 01957 * the (limited) extra entropy it provides. 01958 * 01959 * Module: library/havege.c 01960 * Caller: 01961 * 01962 * Requires: MBEDTLS_TIMING_C 01963 * 01964 * Uncomment to enable the HAVEGE random generator. 01965 */ 01966 //#define MBEDTLS_HAVEGE_C 01967 01968 /** 01969 * \def MBEDTLS_HMAC_DRBG_C 01970 * 01971 * Enable the HMAC_DRBG random generator. 01972 * 01973 * Module: library/hmac_drbg.c 01974 * Caller: 01975 * 01976 * Requires: MBEDTLS_MD_C 01977 * 01978 * Uncomment to enable the HMAC_DRBG random number geerator. 01979 */ 01980 #define MBEDTLS_HMAC_DRBG_C 01981 01982 /** 01983 * \def MBEDTLS_MD_C 01984 * 01985 * Enable the generic message digest layer. 01986 * 01987 * Module: library/md.c 01988 * Caller: 01989 * 01990 * Uncomment to enable generic message digest wrappers. 01991 */ 01992 #define MBEDTLS_MD_C 01993 01994 /** 01995 * \def MBEDTLS_MD2_C 01996 * 01997 * Enable the MD2 hash algorithm. 01998 * 01999 * Module: library/md2.c 02000 * Caller: 02001 * 02002 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 02003 */ 02004 //#define MBEDTLS_MD2_C 02005 02006 /** 02007 * \def MBEDTLS_MD4_C 02008 * 02009 * Enable the MD4 hash algorithm. 02010 * 02011 * Module: library/md4.c 02012 * Caller: 02013 * 02014 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 02015 */ 02016 //#define MBEDTLS_MD4_C 02017 02018 /** 02019 * \def MBEDTLS_MD5_C 02020 * 02021 * Enable the MD5 hash algorithm. 02022 * 02023 * Module: library/md5.c 02024 * Caller: library/md.c 02025 * library/pem.c 02026 * library/ssl_tls.c 02027 * 02028 * This module is required for SSL/TLS and X.509. 02029 * PEM_PARSE uses MD5 for decrypting encrypted keys. 02030 */ 02031 #define MBEDTLS_MD5_C 02032 02033 /** 02034 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 02035 * 02036 * Enable the buffer allocator implementation that makes use of a (stack) 02037 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 02038 * calls) 02039 * 02040 * Module: library/memory_buffer_alloc.c 02041 * 02042 * Requires: MBEDTLS_PLATFORM_C 02043 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 02044 * 02045 * Enable this module to enable the buffer memory allocator. 02046 */ 02047 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 02048 02049 /** 02050 * \def MBEDTLS_NET_C 02051 * 02052 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 02053 * 02054 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 02055 * and Windows. For other platforms, you'll want to disable it, and write your 02056 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 02057 * 02058 * \note See also our Knowledge Base article about porting to a new 02059 * environment: 02060 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02061 * 02062 * Module: library/net_sockets.c 02063 * 02064 * This module provides networking routines. 02065 */ 02066 //#define MBEDTLS_NET_C 02067 02068 /** 02069 * \def MBEDTLS_OID_C 02070 * 02071 * Enable the OID database. 02072 * 02073 * Module: library/oid.c 02074 * Caller: library/asn1write.c 02075 * library/pkcs5.c 02076 * library/pkparse.c 02077 * library/pkwrite.c 02078 * library/rsa.c 02079 * library/x509.c 02080 * library/x509_create.c 02081 * library/x509_crl.c 02082 * library/x509_crt.c 02083 * library/x509_csr.c 02084 * library/x509write_crt.c 02085 * library/x509write_csr.c 02086 * 02087 * This modules translates between OIDs and internal values. 02088 */ 02089 #define MBEDTLS_OID_C 02090 02091 /** 02092 * \def MBEDTLS_PADLOCK_C 02093 * 02094 * Enable VIA Padlock support on x86. 02095 * 02096 * Module: library/padlock.c 02097 * Caller: library/aes.c 02098 * 02099 * Requires: MBEDTLS_HAVE_ASM 02100 * 02101 * This modules adds support for the VIA PadLock on x86. 02102 */ 02103 #define MBEDTLS_PADLOCK_C 02104 02105 /** 02106 * \def MBEDTLS_PEM_PARSE_C 02107 * 02108 * Enable PEM decoding / parsing. 02109 * 02110 * Module: library/pem.c 02111 * Caller: library/dhm.c 02112 * library/pkparse.c 02113 * library/x509_crl.c 02114 * library/x509_crt.c 02115 * library/x509_csr.c 02116 * 02117 * Requires: MBEDTLS_BASE64_C 02118 * 02119 * This modules adds support for decoding / parsing PEM files. 02120 */ 02121 #define MBEDTLS_PEM_PARSE_C 02122 02123 /** 02124 * \def MBEDTLS_PEM_WRITE_C 02125 * 02126 * Enable PEM encoding / writing. 02127 * 02128 * Module: library/pem.c 02129 * Caller: library/pkwrite.c 02130 * library/x509write_crt.c 02131 * library/x509write_csr.c 02132 * 02133 * Requires: MBEDTLS_BASE64_C 02134 * 02135 * This modules adds support for encoding / writing PEM files. 02136 */ 02137 #define MBEDTLS_PEM_WRITE_C 02138 02139 /** 02140 * \def MBEDTLS_PK_C 02141 * 02142 * Enable the generic public (asymetric) key layer. 02143 * 02144 * Module: library/pk.c 02145 * Caller: library/ssl_tls.c 02146 * library/ssl_cli.c 02147 * library/ssl_srv.c 02148 * 02149 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02150 * 02151 * Uncomment to enable generic public key wrappers. 02152 */ 02153 #define MBEDTLS_PK_C 02154 02155 /** 02156 * \def MBEDTLS_PK_PARSE_C 02157 * 02158 * Enable the generic public (asymetric) key parser. 02159 * 02160 * Module: library/pkparse.c 02161 * Caller: library/x509_crt.c 02162 * library/x509_csr.c 02163 * 02164 * Requires: MBEDTLS_PK_C 02165 * 02166 * Uncomment to enable generic public key parse functions. 02167 */ 02168 #define MBEDTLS_PK_PARSE_C 02169 02170 /** 02171 * \def MBEDTLS_PK_WRITE_C 02172 * 02173 * Enable the generic public (asymetric) key writer. 02174 * 02175 * Module: library/pkwrite.c 02176 * Caller: library/x509write.c 02177 * 02178 * Requires: MBEDTLS_PK_C 02179 * 02180 * Uncomment to enable generic public key write functions. 02181 */ 02182 #define MBEDTLS_PK_WRITE_C 02183 02184 /** 02185 * \def MBEDTLS_PKCS5_C 02186 * 02187 * Enable PKCS#5 functions. 02188 * 02189 * Module: library/pkcs5.c 02190 * 02191 * Requires: MBEDTLS_MD_C 02192 * 02193 * This module adds support for the PKCS#5 functions. 02194 */ 02195 #define MBEDTLS_PKCS5_C 02196 02197 /** 02198 * \def MBEDTLS_PKCS11_C 02199 * 02200 * Enable wrapper for PKCS#11 smartcard support. 02201 * 02202 * Module: library/pkcs11.c 02203 * Caller: library/pk.c 02204 * 02205 * Requires: MBEDTLS_PK_C 02206 * 02207 * This module enables SSL/TLS PKCS #11 smartcard support. 02208 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02209 */ 02210 //#define MBEDTLS_PKCS11_C 02211 02212 /** 02213 * \def MBEDTLS_PKCS12_C 02214 * 02215 * Enable PKCS#12 PBE functions. 02216 * Adds algorithms for parsing PKCS#8 encrypted private keys 02217 * 02218 * Module: library/pkcs12.c 02219 * Caller: library/pkparse.c 02220 * 02221 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02222 * Can use: MBEDTLS_ARC4_C 02223 * 02224 * This module enables PKCS#12 functions. 02225 */ 02226 #define MBEDTLS_PKCS12_C 02227 02228 /** 02229 * \def MBEDTLS_PLATFORM_C 02230 * 02231 * Enable the platform abstraction layer that allows you to re-assign 02232 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02233 * 02234 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02235 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02236 * above to be specified at runtime or compile time respectively. 02237 * 02238 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02239 * as other module rely on it for a fixed snprintf implementation. 02240 * 02241 * Module: library/platform.c 02242 * Caller: Most other .c files 02243 * 02244 * This module enables abstraction of common (libc) functions. 02245 */ 02246 #define MBEDTLS_PLATFORM_C 02247 02248 /** 02249 * \def MBEDTLS_RIPEMD160_C 02250 * 02251 * Enable the RIPEMD-160 hash algorithm. 02252 * 02253 * Module: library/ripemd160.c 02254 * Caller: library/md.c 02255 * 02256 */ 02257 #define MBEDTLS_RIPEMD160_C 02258 02259 /** 02260 * \def MBEDTLS_RSA_C 02261 * 02262 * Enable the RSA public-key cryptosystem. 02263 * 02264 * Module: library/rsa.c 02265 * Caller: library/ssl_cli.c 02266 * library/ssl_srv.c 02267 * library/ssl_tls.c 02268 * library/x509.c 02269 * 02270 * This module is used by the following key exchanges: 02271 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02272 * 02273 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02274 */ 02275 #define MBEDTLS_RSA_C 02276 02277 /** 02278 * \def MBEDTLS_SHA1_C 02279 * 02280 * Enable the SHA1 cryptographic hash algorithm. 02281 * 02282 * Module: library/sha1.c 02283 * Caller: library/md.c 02284 * library/ssl_cli.c 02285 * library/ssl_srv.c 02286 * library/ssl_tls.c 02287 * library/x509write_crt.c 02288 * 02289 * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 02290 * depending on the handshake parameters, and for SHA1-signed certificates. 02291 */ 02292 #define MBEDTLS_SHA1_C 02293 02294 /** 02295 * \def MBEDTLS_SHA256_C 02296 * 02297 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02298 * 02299 * Module: library/sha256.c 02300 * Caller: library/entropy.c 02301 * library/md.c 02302 * library/ssl_cli.c 02303 * library/ssl_srv.c 02304 * library/ssl_tls.c 02305 * 02306 * This module adds support for SHA-224 and SHA-256. 02307 * This module is required for the SSL/TLS 1.2 PRF function. 02308 */ 02309 #define MBEDTLS_SHA256_C 02310 02311 /** 02312 * \def MBEDTLS_SHA512_C 02313 * 02314 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02315 * 02316 * Module: library/sha512.c 02317 * Caller: library/entropy.c 02318 * library/md.c 02319 * library/ssl_cli.c 02320 * library/ssl_srv.c 02321 * 02322 * This module adds support for SHA-384 and SHA-512. 02323 */ 02324 #define MBEDTLS_SHA512_C 02325 02326 /** 02327 * \def MBEDTLS_SSL_CACHE_C 02328 * 02329 * Enable simple SSL cache implementation. 02330 * 02331 * Module: library/ssl_cache.c 02332 * Caller: 02333 * 02334 * Requires: MBEDTLS_SSL_CACHE_C 02335 */ 02336 #define MBEDTLS_SSL_CACHE_C 02337 02338 /** 02339 * \def MBEDTLS_SSL_COOKIE_C 02340 * 02341 * Enable basic implementation of DTLS cookies for hello verification. 02342 * 02343 * Module: library/ssl_cookie.c 02344 * Caller: 02345 */ 02346 #define MBEDTLS_SSL_COOKIE_C 02347 02348 /** 02349 * \def MBEDTLS_SSL_TICKET_C 02350 * 02351 * Enable an implementation of TLS server-side callbacks for session tickets. 02352 * 02353 * Module: library/ssl_ticket.c 02354 * Caller: 02355 * 02356 * Requires: MBEDTLS_CIPHER_C 02357 */ 02358 #define MBEDTLS_SSL_TICKET_C 02359 02360 /** 02361 * \def MBEDTLS_SSL_CLI_C 02362 * 02363 * Enable the SSL/TLS client code. 02364 * 02365 * Module: library/ssl_cli.c 02366 * Caller: 02367 * 02368 * Requires: MBEDTLS_SSL_TLS_C 02369 * 02370 * This module is required for SSL/TLS client support. 02371 */ 02372 #define MBEDTLS_SSL_CLI_C 02373 02374 /** 02375 * \def MBEDTLS_SSL_SRV_C 02376 * 02377 * Enable the SSL/TLS server code. 02378 * 02379 * Module: library/ssl_srv.c 02380 * Caller: 02381 * 02382 * Requires: MBEDTLS_SSL_TLS_C 02383 * 02384 * This module is required for SSL/TLS server support. 02385 */ 02386 #define MBEDTLS_SSL_SRV_C 02387 02388 /** 02389 * \def MBEDTLS_SSL_TLS_C 02390 * 02391 * Enable the generic SSL/TLS code. 02392 * 02393 * Module: library/ssl_tls.c 02394 * Caller: library/ssl_cli.c 02395 * library/ssl_srv.c 02396 * 02397 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02398 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02399 * 02400 * This module is required for SSL/TLS. 02401 */ 02402 #define MBEDTLS_SSL_TLS_C 02403 02404 /** 02405 * \def MBEDTLS_THREADING_C 02406 * 02407 * Enable the threading abstraction layer. 02408 * By default mbed TLS assumes it is used in a non-threaded environment or that 02409 * contexts are not shared between threads. If you do intend to use contexts 02410 * between threads, you will need to enable this layer to prevent race 02411 * conditions. See also our Knowledge Base article about threading: 02412 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02413 * 02414 * Module: library/threading.c 02415 * 02416 * This allows different threading implementations (self-implemented or 02417 * provided). 02418 * 02419 * You will have to enable either MBEDTLS_THREADING_ALT or 02420 * MBEDTLS_THREADING_PTHREAD. 02421 * 02422 * Enable this layer to allow use of mutexes within mbed TLS 02423 */ 02424 //#define MBEDTLS_THREADING_C 02425 02426 /** 02427 * \def MBEDTLS_TIMING_C 02428 * 02429 * Enable the semi-portable timing interface. 02430 * 02431 * \note The provided implementation only works on POSIX/Unix (including Linux, 02432 * BSD and OS X) and Windows. On other platforms, you can either disable that 02433 * module and provide your own implementations of the callbacks needed by 02434 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02435 * your own implementation of the whole module by setting 02436 * \c MBEDTLS_TIMING_ALT in the current file. 02437 * 02438 * \note See also our Knowledge Base article about porting to a new 02439 * environment: 02440 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02441 * 02442 * Module: library/timing.c 02443 * Caller: library/havege.c 02444 * 02445 * This module is used by the HAVEGE random number generator. 02446 */ 02447 //#define MBEDTLS_TIMING_C 02448 02449 /** 02450 * \def MBEDTLS_VERSION_C 02451 * 02452 * Enable run-time version information. 02453 * 02454 * Module: library/version.c 02455 * 02456 * This module provides run-time version information. 02457 */ 02458 #define MBEDTLS_VERSION_C 02459 02460 /** 02461 * \def MBEDTLS_X509_USE_C 02462 * 02463 * Enable X.509 core for using certificates. 02464 * 02465 * Module: library/x509.c 02466 * Caller: library/x509_crl.c 02467 * library/x509_crt.c 02468 * library/x509_csr.c 02469 * 02470 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02471 * MBEDTLS_PK_PARSE_C 02472 * 02473 * This module is required for the X.509 parsing modules. 02474 */ 02475 #define MBEDTLS_X509_USE_C 02476 02477 /** 02478 * \def MBEDTLS_X509_CRT_PARSE_C 02479 * 02480 * Enable X.509 certificate parsing. 02481 * 02482 * Module: library/x509_crt.c 02483 * Caller: library/ssl_cli.c 02484 * library/ssl_srv.c 02485 * library/ssl_tls.c 02486 * 02487 * Requires: MBEDTLS_X509_USE_C 02488 * 02489 * This module is required for X.509 certificate parsing. 02490 */ 02491 #define MBEDTLS_X509_CRT_PARSE_C 02492 02493 /** 02494 * \def MBEDTLS_X509_CRL_PARSE_C 02495 * 02496 * Enable X.509 CRL parsing. 02497 * 02498 * Module: library/x509_crl.c 02499 * Caller: library/x509_crt.c 02500 * 02501 * Requires: MBEDTLS_X509_USE_C 02502 * 02503 * This module is required for X.509 CRL parsing. 02504 */ 02505 #define MBEDTLS_X509_CRL_PARSE_C 02506 02507 /** 02508 * \def MBEDTLS_X509_CSR_PARSE_C 02509 * 02510 * Enable X.509 Certificate Signing Request (CSR) parsing. 02511 * 02512 * Module: library/x509_csr.c 02513 * Caller: library/x509_crt_write.c 02514 * 02515 * Requires: MBEDTLS_X509_USE_C 02516 * 02517 * This module is used for reading X.509 certificate request. 02518 */ 02519 #define MBEDTLS_X509_CSR_PARSE_C 02520 02521 /** 02522 * \def MBEDTLS_X509_CREATE_C 02523 * 02524 * Enable X.509 core for creating certificates. 02525 * 02526 * Module: library/x509_create.c 02527 * 02528 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02529 * 02530 * This module is the basis for creating X.509 certificates and CSRs. 02531 */ 02532 #define MBEDTLS_X509_CREATE_C 02533 02534 /** 02535 * \def MBEDTLS_X509_CRT_WRITE_C 02536 * 02537 * Enable creating X.509 certificates. 02538 * 02539 * Module: library/x509_crt_write.c 02540 * 02541 * Requires: MBEDTLS_X509_CREATE_C 02542 * 02543 * This module is required for X.509 certificate creation. 02544 */ 02545 #define MBEDTLS_X509_CRT_WRITE_C 02546 02547 /** 02548 * \def MBEDTLS_X509_CSR_WRITE_C 02549 * 02550 * Enable creating X.509 Certificate Signing Requests (CSR). 02551 * 02552 * Module: library/x509_csr_write.c 02553 * 02554 * Requires: MBEDTLS_X509_CREATE_C 02555 * 02556 * This module is required for X.509 certificate request writing. 02557 */ 02558 #define MBEDTLS_X509_CSR_WRITE_C 02559 02560 /** 02561 * \def MBEDTLS_XTEA_C 02562 * 02563 * Enable the XTEA block cipher. 02564 * 02565 * Module: library/xtea.c 02566 * Caller: 02567 */ 02568 #define MBEDTLS_XTEA_C 02569 02570 /* \} name SECTION: mbed TLS modules */ 02571 02572 /** 02573 * \name SECTION: Module configuration options 02574 * 02575 * This section allows for the setting of module specific sizes and 02576 * configuration options. The default values are already present in the 02577 * relevant header files and should suffice for the regular use cases. 02578 * 02579 * Our advice is to enable options and change their values here 02580 * only if you have a good reason and know the consequences. 02581 * 02582 * Please check the respective header file for documentation on these 02583 * parameters (to prevent duplicate documentation). 02584 * \{ 02585 */ 02586 02587 /* MPI / BIGNUM options */ 02588 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02589 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02590 02591 /* CTR_DRBG options */ 02592 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02593 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02594 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02595 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02596 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02597 02598 /* HMAC_DRBG options */ 02599 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02600 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02601 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02602 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02603 02604 /* ECP options */ 02605 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02606 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02607 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02608 02609 /* Entropy options */ 02610 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02611 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02612 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02613 02614 /* Memory buffer allocator options */ 02615 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02616 02617 /* Platform options */ 02618 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02619 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02620 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02621 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02622 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02623 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02624 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02625 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02626 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02627 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02628 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02629 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02630 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02631 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02632 02633 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02634 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02635 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02636 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02637 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02638 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02639 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02640 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02641 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02642 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02643 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02644 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02645 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02646 02647 /* SSL Cache options */ 02648 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02649 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02650 02651 /* SSL options */ 02652 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02653 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02654 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02655 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02656 02657 /** 02658 * Complete list of ciphersuites to use, in order of preference. 02659 * 02660 * \warning No dependency checking is done on that field! This option can only 02661 * be used to restrict the set of available ciphersuites. It is your 02662 * responsibility to make sure the needed modules are active. 02663 * 02664 * Use this to save a few hundred bytes of ROM (default ordering of all 02665 * available ciphersuites) and a few to a few hundred bytes of RAM. 02666 * 02667 * The value below is only an example, not the default. 02668 */ 02669 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02670 02671 /* X509 options */ 02672 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02673 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02674 02675 /** 02676 * Allow SHA-1 in the default TLS configuration for certificate signing. 02677 * Without this build-time option, SHA-1 support must be activated explicitly 02678 * through mbedtls_ssl_conf_cert_profile. Turning on this option is not 02679 * recommended because of it is possible to generte SHA-1 collisions, however 02680 * this may be safe for legacy infrastructure where additional controls apply. 02681 */ 02682 // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 02683 02684 /** 02685 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake 02686 * signature and ciphersuite selection. Without this build-time option, SHA-1 02687 * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. 02688 * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by 02689 * default. At the time of writing, there is no practical attack on the use 02690 * of SHA-1 in handshake signatures, hence this option is turned on by default 02691 * for compatibility with existing peers. 02692 */ 02693 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE 02694 02695 /* \} name SECTION: Customisation configuration options */ 02696 02697 /* Target and application specific configurations */ 02698 //#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" 02699 02700 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) 02701 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE 02702 #endif 02703 02704 /* 02705 * Allow user to override any previous default. 02706 * 02707 * Use two macro names for that, as: 02708 * - with yotta the prefix YOTTA_CFG_ is forced 02709 * - without yotta is looks weird to have a YOTTA prefix. 02710 */ 02711 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02712 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02713 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02714 #include MBEDTLS_USER_CONFIG_FILE 02715 #endif 02716 02717 #include "check_config.h" 02718 02719 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 17:25:41 by
1.7.2
