Avnet
/
WNCInterface
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: WncControllerK64F
Dependents: WNCProximityMqtt Pubnub_ATT_IoT_SK_WNC_sync BluemixDemo BluemixQS ... more
Embed:
(wiki syntax)
Show/hide line numbers
config.h
Go to the documentation of this file.
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_CONFIG_H 00029 #define MBEDTLS_CONFIG_H 00030 00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00032 #define _CRT_SECURE_NO_DEPRECATE 1 00033 #endif 00034 00035 00036 /** 00037 * \name SECTION: System support 00038 * 00039 * This section sets system specific settings. 00040 * \{ 00041 */ 00042 00043 /** 00044 * \def MBEDTLS_HAVE_ASM 00045 * 00046 * The compiler has support for asm(). 00047 * 00048 * Requires support for asm() in compiler. 00049 * 00050 * Used in: 00051 * library/timing.c 00052 * library/padlock.c 00053 * include/mbedtls/bn_mul.h 00054 * 00055 * Comment to disable the use of assembly code. 00056 */ 00057 #define MBEDTLS_HAVE_ASM 00058 00059 /** 00060 * \def MBEDTLS_HAVE_SSE2 00061 * 00062 * CPU supports SSE2 instruction set. 00063 * 00064 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00065 */ 00066 //#define MBEDTLS_HAVE_SSE2 00067 00068 /** 00069 * \def MBEDTLS_HAVE_TIME 00070 * 00071 * System has time.h and time(). 00072 * The time does not need to be correct, only time differences are used, 00073 * by contrast with MBEDTLS_HAVE_TIME_DATE 00074 * 00075 * Comment if your system does not support time functions 00076 */ 00077 #define MBEDTLS_HAVE_TIME 00078 00079 /** 00080 * \def MBEDTLS_HAVE_TIME_DATE 00081 * 00082 * System has time.h and time(), gmtime() and the clock is correct. 00083 * The time needs to be correct (not necesarily very accurate, but at least 00084 * the date should be correct). This is used to verify the validity period of 00085 * X.509 certificates. 00086 * 00087 * Comment if your system does not have a correct clock. 00088 */ 00089 #define MBEDTLS_HAVE_TIME_DATE 00090 00091 /** 00092 * \def MBEDTLS_PLATFORM_MEMORY 00093 * 00094 * Enable the memory allocation layer. 00095 * 00096 * By default mbed TLS uses the system-provided calloc() and free(). 00097 * This allows different allocators (self-implemented or provided) to be 00098 * provided to the platform abstraction layer. 00099 * 00100 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00101 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00102 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00103 * free() function pointer at runtime. 00104 * 00105 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00106 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00107 * alternate function at compile time. 00108 * 00109 * Requires: MBEDTLS_PLATFORM_C 00110 * 00111 * Enable this layer to allow use of alternative memory allocators. 00112 */ 00113 //#define MBEDTLS_PLATFORM_MEMORY 00114 00115 /** 00116 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00117 * 00118 * Do not assign standard functions in the platform layer (e.g. calloc() to 00119 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00120 * 00121 * This makes sure there are no linking errors on platforms that do not support 00122 * these functions. You will HAVE to provide alternatives, either at runtime 00123 * via the platform_set_xxx() functions or at compile time by setting 00124 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00125 * MBEDTLS_PLATFORM_XXX_MACRO. 00126 * 00127 * Requires: MBEDTLS_PLATFORM_C 00128 * 00129 * Uncomment to prevent default assignment of standard functions in the 00130 * platform layer. 00131 */ 00132 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00133 00134 /** 00135 * \def MBEDTLS_PLATFORM_EXIT_ALT 00136 * 00137 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00138 * function in the platform abstraction layer. 00139 * 00140 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00141 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00142 * alternative printf function pointer. 00143 * 00144 * All these define require MBEDTLS_PLATFORM_C to be defined! 00145 * 00146 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00147 * it will be enabled automatically by check_config.h 00148 * 00149 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00150 * MBEDTLS_PLATFORM_XXX_MACRO! 00151 * 00152 * Uncomment a macro to enable alternate implementation of specific base 00153 * platform function 00154 */ 00155 //#define MBEDTLS_PLATFORM_EXIT_ALT 00156 //#define MBEDTLS_PLATFORM_TIME_ALT 00157 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00158 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00159 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00160 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00161 00162 /** 00163 * \def MBEDTLS_DEPRECATED_WARNING 00164 * 00165 * Mark deprecated functions so that they generate a warning if used. 00166 * Functions deprecated in one version will usually be removed in the next 00167 * version. You can enable this to help you prepare the transition to a new 00168 * major version by making sure your code is not using these functions. 00169 * 00170 * This only works with GCC and Clang. With other compilers, you may want to 00171 * use MBEDTLS_DEPRECATED_REMOVED 00172 * 00173 * Uncomment to get warnings on using deprecated functions. 00174 */ 00175 //#define MBEDTLS_DEPRECATED_WARNING 00176 00177 /** 00178 * \def MBEDTLS_DEPRECATED_REMOVED 00179 * 00180 * Remove deprecated functions so that they generate an error if used. 00181 * Functions deprecated in one version will usually be removed in the next 00182 * version. You can enable this to help you prepare the transition to a new 00183 * major version by making sure your code is not using these functions. 00184 * 00185 * Uncomment to get errors on using deprecated functions. 00186 */ 00187 //#define MBEDTLS_DEPRECATED_REMOVED 00188 00189 /* \} name SECTION: System support */ 00190 00191 /** 00192 * \name SECTION: mbed TLS feature support 00193 * 00194 * This section sets support for features that are or are not needed 00195 * within the modules that are enabled. 00196 * \{ 00197 */ 00198 00199 /** 00200 * \def MBEDTLS_TIMING_ALT 00201 * 00202 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00203 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00204 * 00205 * Only works if you have MBEDTLS_TIMING_C enabled. 00206 * 00207 * You will need to provide a header "timing_alt.h" and an implementation at 00208 * compile time. 00209 */ 00210 //#define MBEDTLS_TIMING_ALT 00211 00212 /** 00213 * \def MBEDTLS_AES_ALT 00214 * 00215 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00216 * alternate core implementation of a symmetric crypto or hash module (e.g. 00217 * platform specific assembly optimized implementations). Keep in mind that 00218 * the function prototypes should remain the same. 00219 * 00220 * This replaces the whole module. If you only want to replace one of the 00221 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00222 * 00223 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00224 * provide the "struct mbedtls_aes_context" definition and omit the base function 00225 * declarations and implementations. "aes_alt.h" will be included from 00226 * "aes.h" to include the new function definitions. 00227 * 00228 * Uncomment a macro to enable alternate implementation of the corresponding 00229 * module. 00230 */ 00231 //#define MBEDTLS_AES_ALT 00232 //#define MBEDTLS_ARC4_ALT 00233 //#define MBEDTLS_BLOWFISH_ALT 00234 //#define MBEDTLS_CAMELLIA_ALT 00235 //#define MBEDTLS_DES_ALT 00236 //#define MBEDTLS_XTEA_ALT 00237 //#define MBEDTLS_MD2_ALT 00238 //#define MBEDTLS_MD4_ALT 00239 //#define MBEDTLS_MD5_ALT 00240 //#define MBEDTLS_RIPEMD160_ALT 00241 //#define MBEDTLS_SHA1_ALT 00242 //#define MBEDTLS_SHA256_ALT 00243 //#define MBEDTLS_SHA512_ALT 00244 00245 /** 00246 * \def MBEDTLS_MD2_PROCESS_ALT 00247 * 00248 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00249 * alternate core implementation of symmetric crypto or hash function. Keep in 00250 * mind that function prototypes should remain the same. 00251 * 00252 * This replaces only one function. The header file from mbed TLS is still 00253 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00254 * 00255 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00256 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00257 * the other function (using your mbedtls_sha1_process() function) and the definition 00258 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00259 * with this definition. 00260 * 00261 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00262 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00263 * tables. 00264 * 00265 * Uncomment a macro to enable alternate implementation of the corresponding 00266 * function. 00267 */ 00268 //#define MBEDTLS_MD2_PROCESS_ALT 00269 //#define MBEDTLS_MD4_PROCESS_ALT 00270 //#define MBEDTLS_MD5_PROCESS_ALT 00271 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00272 //#define MBEDTLS_SHA1_PROCESS_ALT 00273 //#define MBEDTLS_SHA256_PROCESS_ALT 00274 //#define MBEDTLS_SHA512_PROCESS_ALT 00275 //#define MBEDTLS_DES_SETKEY_ALT 00276 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00277 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00278 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00279 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00280 //#define MBEDTLS_AES_ENCRYPT_ALT 00281 //#define MBEDTLS_AES_DECRYPT_ALT 00282 00283 /** 00284 * \def MBEDTLS_TEST_NULL_ENTROPY 00285 * 00286 * Enables testing and use of mbed TLS without any configured entropy sources. 00287 * This permits use of the library on platforms before an entropy source has 00288 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00289 * MBEDTLS_ENTROPY_NV_SEED switches). 00290 * 00291 * WARNING! This switch MUST be disabled in production builds, and is suitable 00292 * only for development. 00293 * Enabling the switch negates any security provided by the library. 00294 * 00295 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00296 * 00297 */ 00298 //#define MBEDTLS_TEST_NULL_ENTROPY 00299 00300 /** 00301 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00302 * 00303 * Uncomment this macro to let mbed TLS use your own implementation of a 00304 * hardware entropy collector. 00305 * 00306 * Your function must be called \c mbedtls_hardware_poll(), have the same 00307 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00308 * 00309 * Uncomment to use your own hardware entropy collector. 00310 */ 00311 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00312 00313 /** 00314 * \def MBEDTLS_AES_ROM_TABLES 00315 * 00316 * Store the AES tables in ROM. 00317 * 00318 * Uncomment this macro to store the AES tables in ROM. 00319 */ 00320 //#define MBEDTLS_AES_ROM_TABLES 00321 00322 /** 00323 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00324 * 00325 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00326 * 00327 * Uncomment this macro to use less memory for Camellia. 00328 */ 00329 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00330 00331 /** 00332 * \def MBEDTLS_CIPHER_MODE_CBC 00333 * 00334 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00335 */ 00336 #define MBEDTLS_CIPHER_MODE_CBC 00337 00338 /** 00339 * \def MBEDTLS_CIPHER_MODE_CFB 00340 * 00341 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00342 */ 00343 //#define MBEDTLS_CIPHER_MODE_CFB 00344 00345 /** 00346 * \def MBEDTLS_CIPHER_MODE_CTR 00347 * 00348 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00349 */ 00350 //#define MBEDTLS_CIPHER_MODE_CTR 00351 00352 /** 00353 * \def MBEDTLS_CIPHER_NULL_CIPHER 00354 * 00355 * Enable NULL cipher. 00356 * Warning: Only do so when you know what you are doing. This allows for 00357 * encryption or channels without any security! 00358 * 00359 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00360 * the following ciphersuites: 00361 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00362 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00363 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00364 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00365 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00366 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00367 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00368 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00369 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00370 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00371 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00372 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00373 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00374 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00375 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00376 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00377 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00378 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00379 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00380 * 00381 * Uncomment this macro to enable the NULL cipher and ciphersuites 00382 */ 00383 //#define MBEDTLS_CIPHER_NULL_CIPHER 00384 00385 /** 00386 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00387 * 00388 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00389 * specific padding modes in the cipher layer with cipher modes that support 00390 * padding (e.g. CBC) 00391 * 00392 * If you disable all padding modes, only full blocks can be used with CBC. 00393 * 00394 * Enable padding modes in the cipher layer. 00395 */ 00396 #define MBEDTLS_CIPHER_PADDING_PKCS7 00397 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00398 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00399 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00400 00401 /** 00402 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00403 * 00404 * Enable weak ciphersuites in SSL / TLS. 00405 * Warning: Only do so when you know what you are doing. This allows for 00406 * channels with virtually no security at all! 00407 * 00408 * This enables the following ciphersuites: 00409 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00410 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00411 * 00412 * Uncomment this macro to enable weak ciphersuites 00413 */ 00414 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00415 00416 /** 00417 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00418 * 00419 * Remove RC4 ciphersuites by default in SSL / TLS. 00420 * This flag removes the ciphersuites based on RC4 from the default list as 00421 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00422 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00423 * explicitly. 00424 * 00425 * Uncomment this macro to remove RC4 ciphersuites by default. 00426 */ 00427 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00428 00429 /** 00430 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00431 * 00432 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00433 * module. By default all supported curves are enabled. 00434 * 00435 * Comment macros to disable the curve and functions for it 00436 */ 00437 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00438 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00439 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00440 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00441 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00442 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00443 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00444 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00445 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00446 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00447 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00448 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00449 00450 /** 00451 * \def MBEDTLS_ECP_NIST_OPTIM 00452 * 00453 * Enable specific 'modulo p' routines for each NIST prime. 00454 * Depending on the prime and architecture, makes operations 4 to 8 times 00455 * faster on the corresponding curve. 00456 * 00457 * Comment this macro to disable NIST curves optimisation. 00458 */ 00459 #define MBEDTLS_ECP_NIST_OPTIM 00460 00461 /** 00462 * \def MBEDTLS_ECDSA_DETERMINISTIC 00463 * 00464 * Enable deterministic ECDSA (RFC 6979). 00465 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00466 * may result in a compromise of the long-term signing key. This is avoided by 00467 * the deterministic variant. 00468 * 00469 * Requires: MBEDTLS_HMAC_DRBG_C 00470 * 00471 * Comment this macro to disable deterministic ECDSA. 00472 */ 00473 #define MBEDTLS_ECDSA_DETERMINISTIC 00474 00475 /** 00476 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00477 * 00478 * Enable the PSK based ciphersuite modes in SSL / TLS. 00479 * 00480 * This enables the following ciphersuites (if other requisites are 00481 * enabled as well): 00482 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00483 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00484 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00485 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00486 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00487 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00488 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00489 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00490 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00491 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00492 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00493 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00494 */ 00495 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00496 00497 /** 00498 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00499 * 00500 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00501 * 00502 * Requires: MBEDTLS_DHM_C 00503 * 00504 * This enables the following ciphersuites (if other requisites are 00505 * enabled as well): 00506 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00507 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00508 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00509 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00510 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00511 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00512 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00513 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00514 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00515 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00516 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00517 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00518 */ 00519 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00520 00521 /** 00522 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00523 * 00524 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00525 * 00526 * Requires: MBEDTLS_ECDH_C 00527 * 00528 * This enables the following ciphersuites (if other requisites are 00529 * enabled as well): 00530 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00531 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00532 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00533 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00534 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00535 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00536 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00537 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00538 */ 00539 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00540 00541 /** 00542 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00543 * 00544 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00545 * 00546 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00547 * MBEDTLS_X509_CRT_PARSE_C 00548 * 00549 * This enables the following ciphersuites (if other requisites are 00550 * enabled as well): 00551 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00552 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00553 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00554 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00555 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00556 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00557 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00558 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00559 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00560 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00561 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00562 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00563 */ 00564 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00565 00566 /** 00567 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00568 * 00569 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00570 * 00571 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00572 * MBEDTLS_X509_CRT_PARSE_C 00573 * 00574 * This enables the following ciphersuites (if other requisites are 00575 * enabled as well): 00576 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00577 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00578 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00579 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00580 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00581 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00582 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00583 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00584 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00585 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00586 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00587 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00588 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00589 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00590 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00591 */ 00592 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00593 00594 /** 00595 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00596 * 00597 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00598 * 00599 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00600 * MBEDTLS_X509_CRT_PARSE_C 00601 * 00602 * This enables the following ciphersuites (if other requisites are 00603 * enabled as well): 00604 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00605 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00606 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00607 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00608 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00609 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00610 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00611 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00612 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00613 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00614 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00615 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00616 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00617 */ 00618 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00619 00620 /** 00621 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00622 * 00623 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00624 * 00625 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00626 * MBEDTLS_X509_CRT_PARSE_C 00627 * 00628 * This enables the following ciphersuites (if other requisites are 00629 * enabled as well): 00630 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00631 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00632 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00633 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00634 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00635 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00636 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00637 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00638 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00639 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00640 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00641 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00642 */ 00643 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00644 00645 /** 00646 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00647 * 00648 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00649 * 00650 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00651 * 00652 * This enables the following ciphersuites (if other requisites are 00653 * enabled as well): 00654 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00655 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00656 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00657 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00658 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00659 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00660 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00661 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00662 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00663 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00664 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00665 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00666 */ 00667 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00668 00669 /** 00670 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00671 * 00672 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00673 * 00674 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00675 * 00676 * This enables the following ciphersuites (if other requisites are 00677 * enabled as well): 00678 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00679 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00680 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00681 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00682 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00683 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00684 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00685 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00686 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00687 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00688 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00689 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00690 */ 00691 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00692 00693 /** 00694 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00695 * 00696 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00697 * 00698 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00699 * 00700 * This enables the following ciphersuites (if other requisites are 00701 * enabled as well): 00702 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00703 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00704 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00705 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00706 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00707 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00708 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00709 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00710 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00711 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00712 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00713 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00714 */ 00715 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00716 00717 /** 00718 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00719 * 00720 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00721 * 00722 * \warning This is currently experimental. EC J-PAKE support is based on the 00723 * Thread v1.0.0 specification; incompatible changes to the specification 00724 * might still happen. For this reason, this is disabled by default. 00725 * 00726 * Requires: MBEDTLS_ECJPAKE_C 00727 * MBEDTLS_SHA256_C 00728 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00729 * 00730 * This enables the following ciphersuites (if other requisites are 00731 * enabled as well): 00732 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00733 */ 00734 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00735 00736 /** 00737 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00738 * 00739 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00740 * RFC 5915 and RFC 5480. 00741 * 00742 * Currently this means parsing the SpecifiedECDomain choice of EC 00743 * parameters (only known groups are supported, not arbitrary domains, to 00744 * avoid validation issues). 00745 * 00746 * Disable if you only need to support RFC 5915 + 5480 key formats. 00747 */ 00748 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00749 00750 /** 00751 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00752 * 00753 * Enable a dummy error function to make use of mbedtls_strerror() in 00754 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00755 * (no effect when MBEDTLS_ERROR_C is enabled). 00756 * 00757 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00758 * not using mbedtls_strerror() or error_strerror() in your application. 00759 * 00760 * Disable if you run into name conflicts and want to really remove the 00761 * mbedtls_strerror() 00762 */ 00763 #define MBEDTLS_ERROR_STRERROR_DUMMY 00764 00765 /** 00766 * \def MBEDTLS_GENPRIME 00767 * 00768 * Enable the prime-number generation code. 00769 * 00770 * Requires: MBEDTLS_BIGNUM_C 00771 */ 00772 //#define MBEDTLS_GENPRIME 00773 00774 /** 00775 * \def MBEDTLS_FS_IO 00776 * 00777 * Enable functions that use the filesystem. 00778 */ 00779 //#define MBEDTLS_FS_IO 00780 00781 /** 00782 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00783 * 00784 * Do not add default entropy sources. These are the platform specific, 00785 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00786 * 00787 * This is useful to have more control over the added entropy sources in an 00788 * application. 00789 * 00790 * Uncomment this macro to prevent loading of default entropy functions. 00791 */ 00792 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00793 00794 /** 00795 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00796 * 00797 * Do not use built-in platform entropy functions. 00798 * This is useful if your platform does not support 00799 * standards like the /dev/urandom or Windows CryptoAPI. 00800 * 00801 * Uncomment this macro to disable the built-in platform entropy functions. 00802 */ 00803 //#define MBEDTLS_NO_PLATFORM_ENTROPY 00804 00805 /** 00806 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00807 * 00808 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00809 * default SHA-512 based one (if both are available). 00810 * 00811 * Requires: MBEDTLS_SHA256_C 00812 * 00813 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00814 * if you have performance concerns. 00815 * 00816 * This option is only useful if both MBEDTLS_SHA256_C and 00817 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00818 */ 00819 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00820 00821 /** 00822 * \def MBEDTLS_ENTROPY_NV_SEED 00823 * 00824 * Enable the non-volatile (NV) seed file-based entropy source. 00825 * (Also enables the NV seed read/write functions in the platform layer) 00826 * 00827 * This is crucial (if not required) on systems that do not have a 00828 * cryptographic entropy source (in hardware or kernel) available. 00829 * 00830 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00831 * 00832 * \note The read/write functions that are used by the entropy source are 00833 * determined in the platform layer, and can be modified at runtime and/or 00834 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00835 * 00836 * \note If you use the default implementation functions that read a seedfile 00837 * with regular fopen(), please make sure you make a seedfile with the 00838 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00839 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00840 * and written to or you will get an entropy source error! The default 00841 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00842 * bytes from the file. 00843 * 00844 * \note The entropy collector will write to the seed file before entropy is 00845 * given to an external source, to update it. 00846 */ 00847 //#define MBEDTLS_ENTROPY_NV_SEED 00848 00849 /** 00850 * \def MBEDTLS_MEMORY_DEBUG 00851 * 00852 * Enable debugging of buffer allocator memory issues. Automatically prints 00853 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00854 * function for 'debug output' of allocated memory. 00855 * 00856 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00857 * 00858 * Uncomment this macro to let the buffer allocator print out error messages. 00859 */ 00860 //#define MBEDTLS_MEMORY_DEBUG 00861 00862 /** 00863 * \def MBEDTLS_MEMORY_BACKTRACE 00864 * 00865 * Include backtrace information with each allocated block. 00866 * 00867 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00868 * GLIBC-compatible backtrace() an backtrace_symbols() support 00869 * 00870 * Uncomment this macro to include backtrace information 00871 */ 00872 //#define MBEDTLS_MEMORY_BACKTRACE 00873 00874 /** 00875 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00876 * 00877 * Support external private RSA keys (eg from a HSM) in the PK layer. 00878 * 00879 * Comment this macro to disable support for external private RSA keys. 00880 */ 00881 #define MBEDTLS_PK_RSA_ALT_SUPPORT 00882 00883 /** 00884 * \def MBEDTLS_PKCS1_V15 00885 * 00886 * Enable support for PKCS#1 v1.5 encoding. 00887 * 00888 * Requires: MBEDTLS_RSA_C 00889 * 00890 * This enables support for PKCS#1 v1.5 operations. 00891 */ 00892 #define MBEDTLS_PKCS1_V15 00893 00894 /** 00895 * \def MBEDTLS_PKCS1_V21 00896 * 00897 * Enable support for PKCS#1 v2.1 encoding. 00898 * 00899 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00900 * 00901 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00902 */ 00903 #define MBEDTLS_PKCS1_V21 00904 00905 /** 00906 * \def MBEDTLS_RSA_NO_CRT 00907 * 00908 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00909 * 00910 * Uncomment this macro to disable the use of CRT in RSA. 00911 * 00912 */ 00913 //#define MBEDTLS_RSA_NO_CRT 00914 00915 /** 00916 * \def MBEDTLS_SELF_TEST 00917 * 00918 * Enable the checkup functions (*_self_test). 00919 */ 00920 #define MBEDTLS_SELF_TEST 00921 00922 /** 00923 * \def MBEDTLS_SHA256_SMALLER 00924 * 00925 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00926 * lower performance. 00927 * 00928 * The default implementation is meant to be a reasonnable compromise between 00929 * performance and size. This version optimizes more aggressively for size at 00930 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00931 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00932 * 30%. 00933 * 00934 * Uncomment to enable the smaller implementation of SHA256. 00935 */ 00936 //#define MBEDTLS_SHA256_SMALLER 00937 00938 /** 00939 * \def MBEDTLS_SSL_AEAD_RANDOM_IV 00940 * 00941 * Generate a random IV rather than using the record sequence number as a 00942 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 00943 * 00944 * Using the sequence number is generally recommended. 00945 * 00946 * Uncomment this macro to always use random IVs with AEAD ciphersuites. 00947 */ 00948 //#define MBEDTLS_SSL_AEAD_RANDOM_IV 00949 00950 /** 00951 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00952 * 00953 * Enable sending of alert messages in case of encountered errors as per RFC. 00954 * If you choose not to send the alert messages, mbed TLS can still communicate 00955 * with other servers, only debugging of failures is harder. 00956 * 00957 * The advantage of not sending alert messages, is that no information is given 00958 * about reasons for failures thus preventing adversaries of gaining intel. 00959 * 00960 * Enable sending of all alert messages 00961 */ 00962 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 00963 00964 /** 00965 * \def MBEDTLS_SSL_DEBUG_ALL 00966 * 00967 * Enable the debug messages in SSL module for all issues. 00968 * Debug messages have been disabled in some places to prevent timing 00969 * attacks due to (unbalanced) debugging function calls. 00970 * 00971 * If you need all error reporting you should enable this during debugging, 00972 * but remove this for production servers that should log as well. 00973 * 00974 * Uncomment this macro to report all debug messages on errors introducing 00975 * a timing side-channel. 00976 * 00977 */ 00978 //#define MBEDTLS_SSL_DEBUG_ALL 00979 00980 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 00981 * 00982 * Enable support for Encrypt-then-MAC, RFC 7366. 00983 * 00984 * This allows peers that both support it to use a more robust protection for 00985 * ciphersuites using CBC, providing deep resistance against timing attacks 00986 * on the padding or underlying cipher. 00987 * 00988 * This only affects CBC ciphersuites, and is useless if none is defined. 00989 * 00990 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 00991 * MBEDTLS_SSL_PROTO_TLS1_1 or 00992 * MBEDTLS_SSL_PROTO_TLS1_2 00993 * 00994 * Comment this macro to disable support for Encrypt-then-MAC 00995 */ 00996 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 00997 00998 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 00999 * 01000 * Enable support for Extended Master Secret, aka Session Hash 01001 * (draft-ietf-tls-session-hash-02). 01002 * 01003 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01004 * attacks, but it is recommended to always use it (even if you disable 01005 * renegotiation), since it actually fixes a more fundamental issue in the 01006 * original SSL/TLS design, and has implications beyond Triple Handshake. 01007 * 01008 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01009 * MBEDTLS_SSL_PROTO_TLS1_1 or 01010 * MBEDTLS_SSL_PROTO_TLS1_2 01011 * 01012 * Comment this macro to disable support for Extended Master Secret. 01013 */ 01014 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01015 01016 /** 01017 * \def MBEDTLS_SSL_FALLBACK_SCSV 01018 * 01019 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01020 * 01021 * For servers, it is recommended to always enable this, unless you support 01022 * only one version of TLS, or know for sure that none of your clients 01023 * implements a fallback strategy. 01024 * 01025 * For clients, you only need this if you're using a fallback strategy, which 01026 * is not recommended in the first place, unless you absolutely need it to 01027 * interoperate with buggy (version-intolerant) servers. 01028 * 01029 * Comment this macro to disable support for FALLBACK_SCSV 01030 */ 01031 //#define MBEDTLS_SSL_FALLBACK_SCSV 01032 01033 /** 01034 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01035 * 01036 * Enable hooking functions in SSL module for hardware acceleration of 01037 * individual records. 01038 * 01039 * Uncomment this macro to enable hooking functions. 01040 */ 01041 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01042 01043 /** 01044 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01045 * 01046 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01047 * 01048 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01049 * of interoperability issues compared to sending 0-length records. 01050 * 01051 * Comment this macro to disable 1/n-1 record splitting. 01052 */ 01053 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01054 01055 /** 01056 * \def MBEDTLS_SSL_RENEGOTIATION 01057 * 01058 * Disable support for TLS renegotiation. 01059 * 01060 * The two main uses of renegotiation are (1) refresh keys on long-lived 01061 * connections and (2) client authentication after the initial handshake. 01062 * If you don't need renegotiation, it's probably better to disable it, since 01063 * it has been associated with security issues in the past and is easy to 01064 * misuse/misunderstand. 01065 * 01066 * Comment this to disable support for renegotiation. 01067 */ 01068 #define MBEDTLS_SSL_RENEGOTIATION 01069 01070 /** 01071 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01072 * 01073 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01074 * SSL Server module (MBEDTLS_SSL_SRV_C). 01075 * 01076 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01077 */ 01078 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01079 01080 /** 01081 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01082 * 01083 * Pick the ciphersuite according to the client's preferences rather than ours 01084 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01085 * 01086 * Uncomment this macro to respect client's ciphersuite order 01087 */ 01088 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01089 01090 /** 01091 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01092 * 01093 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01094 * 01095 * Comment this macro to disable support for the max_fragment_length extension 01096 */ 01097 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01098 01099 /** 01100 * \def MBEDTLS_SSL_PROTO_SSL3 01101 * 01102 * Enable support for SSL 3.0. 01103 * 01104 * Requires: MBEDTLS_MD5_C 01105 * MBEDTLS_SHA1_C 01106 * 01107 * Comment this macro to disable support for SSL 3.0 01108 */ 01109 //#define MBEDTLS_SSL_PROTO_SSL3 01110 01111 /** 01112 * \def MBEDTLS_SSL_PROTO_TLS1 01113 * 01114 * Enable support for TLS 1.0. 01115 * 01116 * Requires: MBEDTLS_MD5_C 01117 * MBEDTLS_SHA1_C 01118 * 01119 * Comment this macro to disable support for TLS 1.0 01120 */ 01121 //#define MBEDTLS_SSL_PROTO_TLS1 01122 01123 /** 01124 * \def MBEDTLS_SSL_PROTO_TLS1_1 01125 * 01126 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01127 * 01128 * Requires: MBEDTLS_MD5_C 01129 * MBEDTLS_SHA1_C 01130 * 01131 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01132 */ 01133 //#define MBEDTLS_SSL_PROTO_TLS1_1 01134 01135 /** 01136 * \def MBEDTLS_SSL_PROTO_TLS1_2 01137 * 01138 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01139 * 01140 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01141 * (Depends on ciphersuites) 01142 * 01143 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01144 */ 01145 #define MBEDTLS_SSL_PROTO_TLS1_2 01146 01147 /** 01148 * \def MBEDTLS_SSL_PROTO_DTLS 01149 * 01150 * Enable support for DTLS (all available versions). 01151 * 01152 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01153 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01154 * 01155 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01156 * or MBEDTLS_SSL_PROTO_TLS1_2 01157 * 01158 * Comment this macro to disable support for DTLS 01159 */ 01160 #define MBEDTLS_SSL_PROTO_DTLS 01161 01162 /** 01163 * \def MBEDTLS_SSL_ALPN 01164 * 01165 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01166 * 01167 * Comment this macro to disable support for ALPN. 01168 */ 01169 #define MBEDTLS_SSL_ALPN 01170 01171 /** 01172 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01173 * 01174 * Enable support for the anti-replay mechanism in DTLS. 01175 * 01176 * Requires: MBEDTLS_SSL_TLS_C 01177 * MBEDTLS_SSL_PROTO_DTLS 01178 * 01179 * \warning Disabling this is often a security risk! 01180 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01181 * 01182 * Comment this to disable anti-replay in DTLS. 01183 */ 01184 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01185 01186 /** 01187 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01188 * 01189 * Enable support for HelloVerifyRequest on DTLS servers. 01190 * 01191 * This feature is highly recommended to prevent DTLS servers being used as 01192 * amplifiers in DoS attacks against other hosts. It should always be enabled 01193 * unless you know for sure amplification cannot be a problem in the 01194 * environment in which your server operates. 01195 * 01196 * \warning Disabling this can ba a security risk! (see above) 01197 * 01198 * Requires: MBEDTLS_SSL_PROTO_DTLS 01199 * 01200 * Comment this to disable support for HelloVerifyRequest. 01201 */ 01202 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01203 01204 /** 01205 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01206 * 01207 * Enable server-side support for clients that reconnect from the same port. 01208 * 01209 * Some clients unexpectedly close the connection and try to reconnect using the 01210 * same source port. This needs special support from the server to handle the 01211 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01212 * flag enables that support. 01213 * 01214 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01215 * 01216 * Comment this to disable support for clients reusing the source port. 01217 */ 01218 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01219 01220 /** 01221 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01222 * 01223 * Enable support for a limit of records with bad MAC. 01224 * 01225 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01226 * 01227 * Requires: MBEDTLS_SSL_PROTO_DTLS 01228 */ 01229 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01230 01231 /** 01232 * \def MBEDTLS_SSL_SESSION_TICKETS 01233 * 01234 * Enable support for RFC 5077 session tickets in SSL. 01235 * Client-side, provides full support for session tickets (maintainance of a 01236 * session store remains the responsibility of the application, though). 01237 * Server-side, you also need to provide callbacks for writing and parsing 01238 * tickets, including authenticated encryption and key management. Example 01239 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01240 * 01241 * Comment this macro to disable support for SSL session tickets 01242 */ 01243 #define MBEDTLS_SSL_SESSION_TICKETS 01244 01245 /** 01246 * \def MBEDTLS_SSL_EXPORT_KEYS 01247 * 01248 * Enable support for exporting key block and master secret. 01249 * This is required for certain users of TLS, e.g. EAP-TLS. 01250 * 01251 * Comment this macro to disable support for key export 01252 */ 01253 #define MBEDTLS_SSL_EXPORT_KEYS 01254 01255 /** 01256 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01257 * 01258 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01259 * 01260 * Requires: MBEDTLS_X509_CRT_PARSE_C 01261 * 01262 * Comment this macro to disable support for server name indication in SSL 01263 */ 01264 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01265 01266 /** 01267 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01268 * 01269 * Enable support for RFC 6066 truncated HMAC in SSL. 01270 * 01271 * Comment this macro to disable support for truncated HMAC in SSL 01272 */ 01273 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01274 01275 /** 01276 * \def MBEDTLS_THREADING_ALT 01277 * 01278 * Provide your own alternate threading implementation. 01279 * 01280 * Requires: MBEDTLS_THREADING_C 01281 * 01282 * Uncomment this to allow your own alternate threading implementation. 01283 */ 01284 //#define MBEDTLS_THREADING_ALT 01285 01286 /** 01287 * \def MBEDTLS_THREADING_PTHREAD 01288 * 01289 * Enable the pthread wrapper layer for the threading layer. 01290 * 01291 * Requires: MBEDTLS_THREADING_C 01292 * 01293 * Uncomment this to enable pthread mutexes. 01294 */ 01295 //#define MBEDTLS_THREADING_PTHREAD 01296 01297 /** 01298 * \def MBEDTLS_VERSION_FEATURES 01299 * 01300 * Allow run-time checking of compile-time enabled features. Thus allowing users 01301 * to check at run-time if the library is for instance compiled with threading 01302 * support via mbedtls_version_check_feature(). 01303 * 01304 * Requires: MBEDTLS_VERSION_C 01305 * 01306 * Comment this to disable run-time checking and save ROM space 01307 */ 01308 #define MBEDTLS_VERSION_FEATURES 01309 01310 /** 01311 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01312 * 01313 * If set, the X509 parser will not break-off when parsing an X509 certificate 01314 * and encountering an extension in a v1 or v2 certificate. 01315 * 01316 * Uncomment to prevent an error. 01317 */ 01318 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01319 01320 /** 01321 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01322 * 01323 * If set, the X509 parser will not break-off when parsing an X509 certificate 01324 * and encountering an unknown critical extension. 01325 * 01326 * \warning Depending on your PKI use, enabling this can be a security risk! 01327 * 01328 * Uncomment to prevent an error. 01329 */ 01330 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01331 01332 /** 01333 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01334 * 01335 * Enable verification of the keyUsage extension (CA and leaf certificates). 01336 * 01337 * Disabling this avoids problems with mis-issued and/or misused 01338 * (intermediate) CA and leaf certificates. 01339 * 01340 * \warning Depending on your PKI use, disabling this can be a security risk! 01341 * 01342 * Comment to skip keyUsage checking for both CA and leaf certificates. 01343 */ 01344 #define MBEDTLS_X509_CHECK_KEY_USAGE 01345 01346 /** 01347 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01348 * 01349 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01350 * 01351 * Disabling this avoids problems with mis-issued and/or misused certificates. 01352 * 01353 * \warning Depending on your PKI use, disabling this can be a security risk! 01354 * 01355 * Comment to skip extendedKeyUsage checking for certificates. 01356 */ 01357 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01358 01359 /** 01360 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01361 * 01362 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01363 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01364 * 01365 * Comment this macro to disallow using RSASSA-PSS in certificates. 01366 */ 01367 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01368 01369 /** 01370 * \def MBEDTLS_ZLIB_SUPPORT 01371 * 01372 * If set, the SSL/TLS module uses ZLIB to support compression and 01373 * decompression of packet data. 01374 * 01375 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01376 * CRIME attack. Before enabling this option, you should examine with care if 01377 * CRIME or similar exploits may be a applicable to your use case. 01378 * 01379 * \note Currently compression can't be used with DTLS. 01380 * 01381 * Used in: library/ssl_tls.c 01382 * library/ssl_cli.c 01383 * library/ssl_srv.c 01384 * 01385 * This feature requires zlib library and headers to be present. 01386 * 01387 * Uncomment to enable use of ZLIB 01388 */ 01389 //#define MBEDTLS_ZLIB_SUPPORT 01390 /* \} name SECTION: mbed TLS feature support */ 01391 01392 /** 01393 * \name SECTION: mbed TLS modules 01394 * 01395 * This section enables or disables entire modules in mbed TLS 01396 * \{ 01397 */ 01398 01399 /** 01400 * \def MBEDTLS_AESNI_C 01401 * 01402 * Enable AES-NI support on x86-64. 01403 * 01404 * Module: library/aesni.c 01405 * Caller: library/aes.c 01406 * 01407 * Requires: MBEDTLS_HAVE_ASM 01408 * 01409 * This modules adds support for the AES-NI instructions on x86-64 01410 */ 01411 //#define MBEDTLS_AESNI_C 01412 01413 /** 01414 * \def MBEDTLS_AES_C 01415 * 01416 * Enable the AES block cipher. 01417 * 01418 * Module: library/aes.c 01419 * Caller: library/ssl_tls.c 01420 * library/pem.c 01421 * library/ctr_drbg.c 01422 * 01423 * This module enables the following ciphersuites (if other requisites are 01424 * enabled as well): 01425 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01426 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01427 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01428 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01429 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01430 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01431 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01432 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01433 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01434 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01435 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01436 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01437 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01438 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01439 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01440 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01441 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01442 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01443 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01444 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01445 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01446 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01447 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01448 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01449 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01450 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01451 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01452 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01453 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01454 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01455 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01456 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01457 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01458 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01459 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01460 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01461 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01462 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01463 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01464 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01465 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01466 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01467 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01468 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01469 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01470 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01471 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01472 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01473 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01474 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01475 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01476 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01477 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01478 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01479 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01480 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01481 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01482 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01483 * 01484 * PEM_PARSE uses AES for decrypting encrypted keys. 01485 */ 01486 #define MBEDTLS_AES_C 01487 01488 /** 01489 * \def MBEDTLS_ARC4_C 01490 * 01491 * Enable the ARCFOUR stream cipher. 01492 * 01493 * Module: library/arc4.c 01494 * Caller: library/ssl_tls.c 01495 * 01496 * This module enables the following ciphersuites (if other requisites are 01497 * enabled as well): 01498 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01499 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01500 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01501 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01502 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01503 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01504 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01505 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01506 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01507 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01508 */ 01509 //#define MBEDTLS_ARC4_C 01510 01511 /** 01512 * \def MBEDTLS_ASN1_PARSE_C 01513 * 01514 * Enable the generic ASN1 parser. 01515 * 01516 * Module: library/asn1.c 01517 * Caller: library/x509.c 01518 * library/dhm.c 01519 * library/pkcs12.c 01520 * library/pkcs5.c 01521 * library/pkparse.c 01522 */ 01523 #define MBEDTLS_ASN1_PARSE_C 01524 01525 /** 01526 * \def MBEDTLS_ASN1_WRITE_C 01527 * 01528 * Enable the generic ASN1 writer. 01529 * 01530 * Module: library/asn1write.c 01531 * Caller: library/ecdsa.c 01532 * library/pkwrite.c 01533 * library/x509_create.c 01534 * library/x509write_crt.c 01535 * library/mbedtls_x509write_csr.c 01536 */ 01537 #define MBEDTLS_ASN1_WRITE_C 01538 01539 /** 01540 * \def MBEDTLS_BASE64_C 01541 * 01542 * Enable the Base64 module. 01543 * 01544 * Module: library/base64.c 01545 * Caller: library/pem.c 01546 * 01547 * This module is required for PEM support (required by X.509). 01548 */ 01549 #define MBEDTLS_BASE64_C 01550 01551 /** 01552 * \def MBEDTLS_BIGNUM_C 01553 * 01554 * Enable the multi-precision integer library. 01555 * 01556 * Module: library/bignum.c 01557 * Caller: library/dhm.c 01558 * library/ecp.c 01559 * library/ecdsa.c 01560 * library/rsa.c 01561 * library/ssl_tls.c 01562 * 01563 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01564 */ 01565 #define MBEDTLS_BIGNUM_C 01566 01567 /** 01568 * \def MBEDTLS_BLOWFISH_C 01569 * 01570 * Enable the Blowfish block cipher. 01571 * 01572 * Module: library/blowfish.c 01573 */ 01574 //#define MBEDTLS_BLOWFISH_C 01575 01576 /** 01577 * \def MBEDTLS_CAMELLIA_C 01578 * 01579 * Enable the Camellia block cipher. 01580 * 01581 * Module: library/camellia.c 01582 * Caller: library/ssl_tls.c 01583 * 01584 * This module enables the following ciphersuites (if other requisites are 01585 * enabled as well): 01586 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01587 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01588 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01589 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01590 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01591 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01592 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01593 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01594 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01595 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01596 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01597 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01598 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01599 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01600 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01601 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01602 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01603 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01604 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01605 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01606 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01607 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01608 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01609 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01610 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01611 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01612 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01613 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01614 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01615 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01616 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01617 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01618 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01619 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01620 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01621 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01622 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01623 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01624 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01625 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01626 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01627 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01628 */ 01629 //#define MBEDTLS_CAMELLIA_C 01630 01631 /** 01632 * \def MBEDTLS_CCM_C 01633 * 01634 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01635 * 01636 * Module: library/ccm.c 01637 * 01638 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01639 * 01640 * This module enables the AES-CCM ciphersuites, if other requisites are 01641 * enabled as well. 01642 */ 01643 #define MBEDTLS_CCM_C 01644 01645 /** 01646 * \def MBEDTLS_CERTS_C 01647 * 01648 * Enable the test certificates. 01649 * 01650 * Module: library/certs.c 01651 * Caller: 01652 * 01653 * This module is used for testing (ssl_client/server). 01654 */ 01655 #define MBEDTLS_CERTS_C 01656 01657 /** 01658 * \def MBEDTLS_CIPHER_C 01659 * 01660 * Enable the generic cipher layer. 01661 * 01662 * Module: library/cipher.c 01663 * Caller: library/ssl_tls.c 01664 * 01665 * Uncomment to enable generic cipher wrappers. 01666 */ 01667 #define MBEDTLS_CIPHER_C 01668 01669 /** 01670 * \def MBEDTLS_CTR_DRBG_C 01671 * 01672 * Enable the CTR_DRBG AES-256-based random generator. 01673 * 01674 * Module: library/ctr_drbg.c 01675 * Caller: 01676 * 01677 * Requires: MBEDTLS_AES_C 01678 * 01679 * This module provides the CTR_DRBG AES-256 random number generator. 01680 */ 01681 #define MBEDTLS_CTR_DRBG_C 01682 01683 /** 01684 * \def MBEDTLS_DEBUG_C 01685 * 01686 * Enable the debug functions. 01687 * 01688 * Module: library/debug.c 01689 * Caller: library/ssl_cli.c 01690 * library/ssl_srv.c 01691 * library/ssl_tls.c 01692 * 01693 * This module provides debugging functions. 01694 */ 01695 #define MBEDTLS_DEBUG_C 01696 01697 /** 01698 * \def MBEDTLS_DES_C 01699 * 01700 * Enable the DES block cipher. 01701 * 01702 * Module: library/des.c 01703 * Caller: library/pem.c 01704 * library/ssl_tls.c 01705 * 01706 * This module enables the following ciphersuites (if other requisites are 01707 * enabled as well): 01708 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01709 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01710 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01711 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01712 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01713 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01714 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01715 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01716 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01717 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01718 * 01719 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01720 */ 01721 //#define MBEDTLS_DES_C 01722 01723 /** 01724 * \def MBEDTLS_DHM_C 01725 * 01726 * Enable the Diffie-Hellman-Merkle module. 01727 * 01728 * Module: library/dhm.c 01729 * Caller: library/ssl_cli.c 01730 * library/ssl_srv.c 01731 * 01732 * This module is used by the following key exchanges: 01733 * DHE-RSA, DHE-PSK 01734 */ 01735 //#define MBEDTLS_DHM_C 01736 01737 /** 01738 * \def MBEDTLS_ECDH_C 01739 * 01740 * Enable the elliptic curve Diffie-Hellman library. 01741 * 01742 * Module: library/ecdh.c 01743 * Caller: library/ssl_cli.c 01744 * library/ssl_srv.c 01745 * 01746 * This module is used by the following key exchanges: 01747 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01748 * 01749 * Requires: MBEDTLS_ECP_C 01750 */ 01751 #define MBEDTLS_ECDH_C 01752 01753 /** 01754 * \def MBEDTLS_ECDSA_C 01755 * 01756 * Enable the elliptic curve DSA library. 01757 * 01758 * Module: library/ecdsa.c 01759 * Caller: 01760 * 01761 * This module is used by the following key exchanges: 01762 * ECDHE-ECDSA 01763 * 01764 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01765 */ 01766 #define MBEDTLS_ECDSA_C 01767 01768 /** 01769 * \def MBEDTLS_ECJPAKE_C 01770 * 01771 * Enable the elliptic curve J-PAKE library. 01772 * 01773 * \warning This is currently experimental. EC J-PAKE support is based on the 01774 * Thread v1.0.0 specification; incompatible changes to the specification 01775 * might still happen. For this reason, this is disabled by default. 01776 * 01777 * Module: library/ecjpake.c 01778 * Caller: 01779 * 01780 * This module is used by the following key exchanges: 01781 * ECJPAKE 01782 * 01783 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01784 */ 01785 //#define MBEDTLS_ECJPAKE_C 01786 01787 /** 01788 * \def MBEDTLS_ECP_C 01789 * 01790 * Enable the elliptic curve over GF(p) library. 01791 * 01792 * Module: library/ecp.c 01793 * Caller: library/ecdh.c 01794 * library/ecdsa.c 01795 * library/ecjpake.c 01796 * 01797 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01798 */ 01799 #define MBEDTLS_ECP_C 01800 01801 /** 01802 * \def MBEDTLS_ENTROPY_C 01803 * 01804 * Enable the platform-specific entropy code. 01805 * 01806 * Module: library/entropy.c 01807 * Caller: 01808 * 01809 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01810 * 01811 * This module provides a generic entropy pool 01812 */ 01813 #define MBEDTLS_ENTROPY_C 01814 01815 /** 01816 * \def MBEDTLS_ERROR_C 01817 * 01818 * Enable error code to error string conversion. 01819 * 01820 * Module: library/error.c 01821 * Caller: 01822 * 01823 * This module enables mbedtls_strerror(). 01824 */ 01825 #define MBEDTLS_ERROR_C 01826 01827 /** 01828 * \def MBEDTLS_GCM_C 01829 * 01830 * Enable the Galois/Counter Mode (GCM) for AES. 01831 * 01832 * Module: library/gcm.c 01833 * 01834 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01835 * 01836 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01837 * requisites are enabled as well. 01838 */ 01839 #define MBEDTLS_GCM_C 01840 01841 /** 01842 * \def MBEDTLS_HAVEGE_C 01843 * 01844 * Enable the HAVEGE random generator. 01845 * 01846 * Warning: the HAVEGE random generator is not suitable for virtualized 01847 * environments 01848 * 01849 * Warning: the HAVEGE random generator is dependent on timing and specific 01850 * processor traits. It is therefore not advised to use HAVEGE as 01851 * your applications primary random generator or primary entropy pool 01852 * input. As a secondary input to your entropy pool, it IS able add 01853 * the (limited) extra entropy it provides. 01854 * 01855 * Module: library/havege.c 01856 * Caller: 01857 * 01858 * Requires: MBEDTLS_TIMING_C 01859 * 01860 * Uncomment to enable the HAVEGE random generator. 01861 */ 01862 //#define MBEDTLS_HAVEGE_C 01863 01864 /** 01865 * \def MBEDTLS_HMAC_DRBG_C 01866 * 01867 * Enable the HMAC_DRBG random generator. 01868 * 01869 * Module: library/hmac_drbg.c 01870 * Caller: 01871 * 01872 * Requires: MBEDTLS_MD_C 01873 * 01874 * Uncomment to enable the HMAC_DRBG random number geerator. 01875 */ 01876 #define MBEDTLS_HMAC_DRBG_C 01877 01878 /** 01879 * \def MBEDTLS_MD_C 01880 * 01881 * Enable the generic message digest layer. 01882 * 01883 * Module: library/mbedtls_md.c 01884 * Caller: 01885 * 01886 * Uncomment to enable generic message digest wrappers. 01887 */ 01888 #define MBEDTLS_MD_C 01889 01890 /** 01891 * \def MBEDTLS_MD2_C 01892 * 01893 * Enable the MD2 hash algorithm. 01894 * 01895 * Module: library/mbedtls_md2.c 01896 * Caller: 01897 * 01898 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01899 */ 01900 //#define MBEDTLS_MD2_C 01901 01902 /** 01903 * \def MBEDTLS_MD4_C 01904 * 01905 * Enable the MD4 hash algorithm. 01906 * 01907 * Module: library/mbedtls_md4.c 01908 * Caller: 01909 * 01910 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01911 */ 01912 //#define MBEDTLS_MD4_C 01913 01914 /** 01915 * \def MBEDTLS_MD5_C 01916 * 01917 * Enable the MD5 hash algorithm. 01918 * 01919 * Module: library/mbedtls_md5.c 01920 * Caller: library/mbedtls_md.c 01921 * library/pem.c 01922 * library/ssl_tls.c 01923 * 01924 * This module is required for SSL/TLS and X.509. 01925 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01926 */ 01927 //#define MBEDTLS_MD5_C 01928 01929 /** 01930 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01931 * 01932 * Enable the buffer allocator implementation that makes use of a (stack) 01933 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01934 * calls) 01935 * 01936 * Module: library/memory_buffer_alloc.c 01937 * 01938 * Requires: MBEDTLS_PLATFORM_C 01939 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 01940 * 01941 * Enable this module to enable the buffer memory allocator. 01942 */ 01943 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 01944 01945 /** 01946 * \def MBEDTLS_NET_C 01947 * 01948 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 01949 * 01950 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 01951 * and Windows. For other platforms, you'll want to disable it, and write your 01952 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 01953 * 01954 * \note See also our Knowledge Base article about porting to a new 01955 * environment: 01956 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 01957 * 01958 * Module: library/net.c 01959 * 01960 * This module provides networking routines. 01961 */ 01962 //#define MBEDTLS_NET_C 01963 01964 /** 01965 * \def MBEDTLS_OID_C 01966 * 01967 * Enable the OID database. 01968 * 01969 * Module: library/oid.c 01970 * Caller: library/asn1write.c 01971 * library/pkcs5.c 01972 * library/pkparse.c 01973 * library/pkwrite.c 01974 * library/rsa.c 01975 * library/x509.c 01976 * library/x509_create.c 01977 * library/mbedtls_x509_crl.c 01978 * library/mbedtls_x509_crt.c 01979 * library/mbedtls_x509_csr.c 01980 * library/x509write_crt.c 01981 * library/mbedtls_x509write_csr.c 01982 * 01983 * This modules translates between OIDs and internal values. 01984 */ 01985 #define MBEDTLS_OID_C 01986 01987 /** 01988 * \def MBEDTLS_PADLOCK_C 01989 * 01990 * Enable VIA Padlock support on x86. 01991 * 01992 * Module: library/padlock.c 01993 * Caller: library/aes.c 01994 * 01995 * Requires: MBEDTLS_HAVE_ASM 01996 * 01997 * This modules adds support for the VIA PadLock on x86. 01998 */ 01999 //#define MBEDTLS_PADLOCK_C 02000 02001 /** 02002 * \def MBEDTLS_PEM_PARSE_C 02003 * 02004 * Enable PEM decoding / parsing. 02005 * 02006 * Module: library/pem.c 02007 * Caller: library/dhm.c 02008 * library/pkparse.c 02009 * library/mbedtls_x509_crl.c 02010 * library/mbedtls_x509_crt.c 02011 * library/mbedtls_x509_csr.c 02012 * 02013 * Requires: MBEDTLS_BASE64_C 02014 * 02015 * This modules adds support for decoding / parsing PEM files. 02016 */ 02017 #define MBEDTLS_PEM_PARSE_C 02018 02019 /** 02020 * \def MBEDTLS_PEM_WRITE_C 02021 * 02022 * Enable PEM encoding / writing. 02023 * 02024 * Module: library/pem.c 02025 * Caller: library/pkwrite.c 02026 * library/x509write_crt.c 02027 * library/mbedtls_x509write_csr.c 02028 * 02029 * Requires: MBEDTLS_BASE64_C 02030 * 02031 * This modules adds support for encoding / writing PEM files. 02032 */ 02033 //#define MBEDTLS_PEM_WRITE_C 02034 02035 /** 02036 * \def MBEDTLS_PK_C 02037 * 02038 * Enable the generic public (asymetric) key layer. 02039 * 02040 * Module: library/pk.c 02041 * Caller: library/ssl_tls.c 02042 * library/ssl_cli.c 02043 * library/ssl_srv.c 02044 * 02045 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02046 * 02047 * Uncomment to enable generic public key wrappers. 02048 */ 02049 #define MBEDTLS_PK_C 02050 02051 /** 02052 * \def MBEDTLS_PK_PARSE_C 02053 * 02054 * Enable the generic public (asymetric) key parser. 02055 * 02056 * Module: library/pkparse.c 02057 * Caller: library/mbedtls_x509_crt.c 02058 * library/mbedtls_x509_csr.c 02059 * 02060 * Requires: MBEDTLS_PK_C 02061 * 02062 * Uncomment to enable generic public key parse functions. 02063 */ 02064 #define MBEDTLS_PK_PARSE_C 02065 02066 /** 02067 * \def MBEDTLS_PK_WRITE_C 02068 * 02069 * Enable the generic public (asymetric) key writer. 02070 * 02071 * Module: library/pkwrite.c 02072 * Caller: library/x509write.c 02073 * 02074 * Requires: MBEDTLS_PK_C 02075 * 02076 * Uncomment to enable generic public key write functions. 02077 */ 02078 #define MBEDTLS_PK_WRITE_C 02079 02080 /** 02081 * \def MBEDTLS_PKCS5_C 02082 * 02083 * Enable PKCS#5 functions. 02084 * 02085 * Module: library/pkcs5.c 02086 * 02087 * Requires: MBEDTLS_MD_C 02088 * 02089 * This module adds support for the PKCS#5 functions. 02090 */ 02091 //#define MBEDTLS_PKCS5_C 02092 02093 /** 02094 * \def MBEDTLS_PKCS11_C 02095 * 02096 * Enable wrapper for PKCS#11 smartcard support. 02097 * 02098 * Module: library/pkcs11.c 02099 * Caller: library/pk.c 02100 * 02101 * Requires: MBEDTLS_PK_C 02102 * 02103 * This module enables SSL/TLS PKCS #11 smartcard support. 02104 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02105 */ 02106 //#define MBEDTLS_PKCS11_C 02107 02108 /** 02109 * \def MBEDTLS_PKCS12_C 02110 * 02111 * Enable PKCS#12 PBE functions. 02112 * Adds algorithms for parsing PKCS#8 encrypted private keys 02113 * 02114 * Module: library/pkcs12.c 02115 * Caller: library/pkparse.c 02116 * 02117 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02118 * Can use: MBEDTLS_ARC4_C 02119 * 02120 * This module enables PKCS#12 functions. 02121 */ 02122 //#define MBEDTLS_PKCS12_C 02123 02124 /** 02125 * \def MBEDTLS_PLATFORM_C 02126 * 02127 * Enable the platform abstraction layer that allows you to re-assign 02128 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02129 * 02130 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02131 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02132 * above to be specified at runtime or compile time respectively. 02133 * 02134 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02135 * as other module rely on it for a fixed snprintf implementation. 02136 * 02137 * Module: library/platform.c 02138 * Caller: Most other .c files 02139 * 02140 * This module enables abstraction of common (libc) functions. 02141 */ 02142 #define MBEDTLS_PLATFORM_C 02143 02144 /** 02145 * \def MBEDTLS_RIPEMD160_C 02146 * 02147 * Enable the RIPEMD-160 hash algorithm. 02148 * 02149 * Module: library/mbedtls_ripemd160.c 02150 * Caller: library/mbedtls_md.c 02151 * 02152 */ 02153 //#define MBEDTLS_RIPEMD160_C 02154 02155 /** 02156 * \def MBEDTLS_RSA_C 02157 * 02158 * Enable the RSA public-key cryptosystem. 02159 * 02160 * Module: library/rsa.c 02161 * Caller: library/ssl_cli.c 02162 * library/ssl_srv.c 02163 * library/ssl_tls.c 02164 * library/x509.c 02165 * 02166 * This module is used by the following key exchanges: 02167 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02168 * 02169 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02170 */ 02171 #define MBEDTLS_RSA_C 02172 02173 /** 02174 * \def MBEDTLS_SHA1_C 02175 * 02176 * Enable the SHA1 cryptographic hash algorithm. 02177 * 02178 * Module: library/mbedtls_sha1.c 02179 * Caller: library/mbedtls_md.c 02180 * library/ssl_cli.c 02181 * library/ssl_srv.c 02182 * library/ssl_tls.c 02183 * library/x509write_crt.c 02184 * 02185 * This module is required for SSL/TLS and SHA1-signed certificates. 02186 */ 02187 //#define MBEDTLS_SHA1_C 02188 02189 /** 02190 * \def MBEDTLS_SHA256_C 02191 * 02192 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02193 * 02194 * Module: library/mbedtls_sha256.c 02195 * Caller: library/entropy.c 02196 * library/mbedtls_md.c 02197 * library/ssl_cli.c 02198 * library/ssl_srv.c 02199 * library/ssl_tls.c 02200 * 02201 * This module adds support for SHA-224 and SHA-256. 02202 * This module is required for the SSL/TLS 1.2 PRF function. 02203 */ 02204 #define MBEDTLS_SHA256_C 02205 02206 /** 02207 * \def MBEDTLS_SHA512_C 02208 * 02209 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02210 * 02211 * Module: library/mbedtls_sha512.c 02212 * Caller: library/entropy.c 02213 * library/mbedtls_md.c 02214 * library/ssl_cli.c 02215 * library/ssl_srv.c 02216 * 02217 * This module adds support for SHA-384 and SHA-512. 02218 */ 02219 #define MBEDTLS_SHA512_C 02220 02221 /** 02222 * \def MBEDTLS_SSL_CACHE_C 02223 * 02224 * Enable simple SSL cache implementation. 02225 * 02226 * Module: library/ssl_cache.c 02227 * Caller: 02228 * 02229 * Requires: MBEDTLS_SSL_CACHE_C 02230 */ 02231 #define MBEDTLS_SSL_CACHE_C 02232 02233 /** 02234 * \def MBEDTLS_SSL_COOKIE_C 02235 * 02236 * Enable basic implementation of DTLS cookies for hello verification. 02237 * 02238 * Module: library/ssl_cookie.c 02239 * Caller: 02240 */ 02241 #define MBEDTLS_SSL_COOKIE_C 02242 02243 /** 02244 * \def MBEDTLS_SSL_TICKET_C 02245 * 02246 * Enable an implementation of TLS server-side callbacks for session tickets. 02247 * 02248 * Module: library/ssl_ticket.c 02249 * Caller: 02250 * 02251 * Requires: MBEDTLS_CIPHER_C 02252 */ 02253 #define MBEDTLS_SSL_TICKET_C 02254 02255 /** 02256 * \def MBEDTLS_SSL_CLI_C 02257 * 02258 * Enable the SSL/TLS client code. 02259 * 02260 * Module: library/ssl_cli.c 02261 * Caller: 02262 * 02263 * Requires: MBEDTLS_SSL_TLS_C 02264 * 02265 * This module is required for SSL/TLS client support. 02266 */ 02267 #define MBEDTLS_SSL_CLI_C 02268 02269 /** 02270 * \def MBEDTLS_SSL_SRV_C 02271 * 02272 * Enable the SSL/TLS server code. 02273 * 02274 * Module: library/ssl_srv.c 02275 * Caller: 02276 * 02277 * Requires: MBEDTLS_SSL_TLS_C 02278 * 02279 * This module is required for SSL/TLS server support. 02280 */ 02281 #define MBEDTLS_SSL_SRV_C 02282 02283 /** 02284 * \def MBEDTLS_SSL_TLS_C 02285 * 02286 * Enable the generic SSL/TLS code. 02287 * 02288 * Module: library/ssl_tls.c 02289 * Caller: library/ssl_cli.c 02290 * library/ssl_srv.c 02291 * 02292 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02293 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02294 * 02295 * This module is required for SSL/TLS. 02296 */ 02297 #define MBEDTLS_SSL_TLS_C 02298 02299 /** 02300 * \def MBEDTLS_THREADING_C 02301 * 02302 * Enable the threading abstraction layer. 02303 * By default mbed TLS assumes it is used in a non-threaded environment or that 02304 * contexts are not shared between threads. If you do intend to use contexts 02305 * between threads, you will need to enable this layer to prevent race 02306 * conditions. See also our Knowledge Base article about threading: 02307 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02308 * 02309 * Module: library/threading.c 02310 * 02311 * This allows different threading implementations (self-implemented or 02312 * provided). 02313 * 02314 * You will have to enable either MBEDTLS_THREADING_ALT or 02315 * MBEDTLS_THREADING_PTHREAD. 02316 * 02317 * Enable this layer to allow use of mutexes within mbed TLS 02318 */ 02319 //#define MBEDTLS_THREADING_C 02320 02321 /** 02322 * \def MBEDTLS_TIMING_C 02323 * 02324 * Enable the semi-portable timing interface. 02325 * 02326 * \note The provided implementation only works on POSIX/Unix (including Linux, 02327 * BSD and OS X) and Windows. On other platforms, you can either disable that 02328 * module and provide your own implementations of the callbacks needed by 02329 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02330 * your own implementation of the whole module by setting 02331 * \c MBEDTLS_TIMING_ALT in the current file. 02332 * 02333 * \note See also our Knowledge Base article about porting to a new 02334 * environment: 02335 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02336 * 02337 * Module: library/timing.c 02338 * Caller: library/havege.c 02339 * 02340 * This module is used by the HAVEGE random number generator. 02341 */ 02342 //#define MBEDTLS_TIMING_C 02343 02344 /** 02345 * \def MBEDTLS_VERSION_C 02346 * 02347 * Enable run-time version information. 02348 * 02349 * Module: library/version.c 02350 * 02351 * This module provides run-time version information. 02352 */ 02353 #define MBEDTLS_VERSION_C 02354 02355 /** 02356 * \def MBEDTLS_X509_USE_C 02357 * 02358 * Enable X.509 core for using certificates. 02359 * 02360 * Module: library/x509.c 02361 * Caller: library/mbedtls_x509_crl.c 02362 * library/mbedtls_x509_crt.c 02363 * library/mbedtls_x509_csr.c 02364 * 02365 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02366 * MBEDTLS_PK_PARSE_C 02367 * 02368 * This module is required for the X.509 parsing modules. 02369 */ 02370 #define MBEDTLS_X509_USE_C 02371 02372 /** 02373 * \def MBEDTLS_X509_CRT_PARSE_C 02374 * 02375 * Enable X.509 certificate parsing. 02376 * 02377 * Module: library/mbedtls_x509_crt.c 02378 * Caller: library/ssl_cli.c 02379 * library/ssl_srv.c 02380 * library/ssl_tls.c 02381 * 02382 * Requires: MBEDTLS_X509_USE_C 02383 * 02384 * This module is required for X.509 certificate parsing. 02385 */ 02386 #define MBEDTLS_X509_CRT_PARSE_C 02387 02388 /** 02389 * \def MBEDTLS_X509_CRL_PARSE_C 02390 * 02391 * Enable X.509 CRL parsing. 02392 * 02393 * Module: library/mbedtls_x509_crl.c 02394 * Caller: library/mbedtls_x509_crt.c 02395 * 02396 * Requires: MBEDTLS_X509_USE_C 02397 * 02398 * This module is required for X.509 CRL parsing. 02399 */ 02400 #define MBEDTLS_X509_CRL_PARSE_C 02401 02402 /** 02403 * \def MBEDTLS_X509_CSR_PARSE_C 02404 * 02405 * Enable X.509 Certificate Signing Request (CSR) parsing. 02406 * 02407 * Module: library/mbedtls_x509_csr.c 02408 * Caller: library/x509_crt_write.c 02409 * 02410 * Requires: MBEDTLS_X509_USE_C 02411 * 02412 * This module is used for reading X.509 certificate request. 02413 */ 02414 //#define MBEDTLS_X509_CSR_PARSE_C 02415 02416 /** 02417 * \def MBEDTLS_X509_CREATE_C 02418 * 02419 * Enable X.509 core for creating certificates. 02420 * 02421 * Module: library/x509_create.c 02422 * 02423 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02424 * 02425 * This module is the basis for creating X.509 certificates and CSRs. 02426 */ 02427 //#define MBEDTLS_X509_CREATE_C 02428 02429 /** 02430 * \def MBEDTLS_X509_CRT_WRITE_C 02431 * 02432 * Enable creating X.509 certificates. 02433 * 02434 * Module: library/x509_crt_write.c 02435 * 02436 * Requires: MBEDTLS_X509_CREATE_C 02437 * 02438 * This module is required for X.509 certificate creation. 02439 */ 02440 //#define MBEDTLS_X509_CRT_WRITE_C 02441 02442 /** 02443 * \def MBEDTLS_X509_CSR_WRITE_C 02444 * 02445 * Enable creating X.509 Certificate Signing Requests (CSR). 02446 * 02447 * Module: library/x509_csr_write.c 02448 * 02449 * Requires: MBEDTLS_X509_CREATE_C 02450 * 02451 * This module is required for X.509 certificate request writing. 02452 */ 02453 //#define MBEDTLS_X509_CSR_WRITE_C 02454 02455 /** 02456 * \def MBEDTLS_XTEA_C 02457 * 02458 * Enable the XTEA block cipher. 02459 * 02460 * Module: library/xtea.c 02461 * Caller: 02462 */ 02463 //#define MBEDTLS_XTEA_C 02464 02465 /* \} name SECTION: mbed TLS modules */ 02466 02467 /** 02468 * \name SECTION: Module configuration options 02469 * 02470 * This section allows for the setting of module specific sizes and 02471 * configuration options. The default values are already present in the 02472 * relevant header files and should suffice for the regular use cases. 02473 * 02474 * Our advice is to enable options and change their values here 02475 * only if you have a good reason and know the consequences. 02476 * 02477 * Please check the respective header file for documentation on these 02478 * parameters (to prevent duplicate documentation). 02479 * \{ 02480 */ 02481 02482 /* MPI / BIGNUM options */ 02483 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02484 //#define MBEDTLS_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */ 02485 02486 /* CTR_DRBG options */ 02487 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02488 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02489 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02490 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02491 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02492 02493 /* HMAC_DRBG options */ 02494 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02495 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02496 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02497 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02498 02499 /* ECP options */ 02500 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02501 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02502 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02503 02504 /* Entropy options */ 02505 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02506 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02507 02508 /* Memory buffer allocator options */ 02509 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02510 02511 /* Platform options */ 02512 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02513 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02514 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02515 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02516 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined */ 02517 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02518 //#define MBEDTLS_PLATFORM_STD_PRINTF pc.printf /**< Default printf to use, can be undefined */ 02519 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02520 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02521 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02522 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02523 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02524 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02525 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02526 02527 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02528 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02529 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02530 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02531 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02532 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined */ 02533 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined */ 02534 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02535 02536 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02537 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02538 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02539 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02540 02541 /* SSL Cache options */ 02542 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02543 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02544 02545 /* SSL options */ 02546 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02547 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02548 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02549 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02550 02551 /** 02552 * Complete list of ciphersuites to use, in order of preference. 02553 * 02554 * \warning No dependency checking is done on that field! This option can only 02555 * be used to restrict the set of available ciphersuites. It is your 02556 * responsibility to make sure the needed modules are active. 02557 * 02558 * Use this to save a few hundred bytes of ROM (default ordering of all 02559 * available ciphersuites) and a few to a few hundred bytes of RAM. 02560 * 02561 * The value below is only an example, not the default. 02562 */ 02563 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02564 02565 /* X509 options */ 02566 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02567 02568 /* \} name SECTION: Customisation configuration options */ 02569 02570 /* Target and application specific configurations */ 02571 #define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" 02572 02573 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) 02574 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE 02575 #endif 02576 02577 /* 02578 * Allow user to override any previous default. 02579 * 02580 * Use two macro names for that, as: 02581 * - with yotta the prefix YOTTA_CFG_ is forced 02582 * - without yotta is looks weird to have a YOTTA prefix. 02583 */ 02584 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02585 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02586 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02587 #include MBEDTLS_USER_CONFIG_FILE 02588 #endif 02589 02590 #include "check_config.h" 02591 02592 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 20:19:29 by
1.7.2
