MakingMusicWorkshop
/
6_songs-from-the-cloud
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: mbed Socket lwip-eth lwip-sys lwip
Embed:
(wiki syntax)
Show/hide line numbers
config.h
Go to the documentation of this file.
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 00024 /* 00025 * This set of compile-time options may be used to enable 00026 * or disable features selectively, and reduce the global 00027 * memory footprint. 00028 */ 00029 #ifndef MBEDTLS_CONFIG_H 00030 #define MBEDTLS_CONFIG_H 00031 00032 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00033 #define _CRT_SECURE_NO_DEPRECATE 1 00034 #endif 00035 00036 /** 00037 * \name SECTION: System support 00038 * 00039 * This section sets system specific settings. 00040 * \{ 00041 */ 00042 00043 /** 00044 * \def MBEDTLS_HAVE_ASM 00045 * 00046 * The compiler has support for asm(). 00047 * 00048 * Requires support for asm() in compiler. 00049 * 00050 * Used in: 00051 * library/timing.c 00052 * library/padlock.c 00053 * include/mbedtls/bn_mul.h 00054 * 00055 * Comment to disable the use of assembly code. 00056 */ 00057 #define MBEDTLS_HAVE_ASM 00058 00059 /** 00060 * \def MBEDTLS_HAVE_SSE2 00061 * 00062 * CPU supports SSE2 instruction set. 00063 * 00064 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00065 */ 00066 //#define MBEDTLS_HAVE_SSE2 00067 00068 /** 00069 * \def MBEDTLS_HAVE_TIME 00070 * 00071 * System has time.h and time(). 00072 * The time does not need to be correct, only time differences are used, 00073 * by contrast with MBEDTLS_HAVE_TIME_DATE 00074 * 00075 * Comment if your system does not support time functions 00076 */ 00077 #define MBEDTLS_HAVE_TIME 00078 00079 /** 00080 * \def MBEDTLS_HAVE_TIME_DATE 00081 * 00082 * System has time.h and time(), gmtime() and the clock is correct. 00083 * The time needs to be correct (not necesarily very accurate, but at least 00084 * the date should be correct). This is used to verify the validity period of 00085 * X.509 certificates. 00086 * 00087 * Comment if your system does not have a correct clock. 00088 */ 00089 #define MBEDTLS_HAVE_TIME_DATE 00090 00091 /** 00092 * \def MBEDTLS_PLATFORM_MEMORY 00093 * 00094 * Enable the memory allocation layer. 00095 * 00096 * By default mbed TLS uses the system-provided calloc() and free(). 00097 * This allows different allocators (self-implemented or provided) to be 00098 * provided to the platform abstraction layer. 00099 * 00100 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00101 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00102 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00103 * free() function pointer at runtime. 00104 * 00105 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00106 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00107 * alternate function at compile time. 00108 * 00109 * Requires: MBEDTLS_PLATFORM_C 00110 * 00111 * Enable this layer to allow use of alternative memory allocators. 00112 */ 00113 //#define MBEDTLS_PLATFORM_MEMORY 00114 00115 /** 00116 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00117 * 00118 * Do not assign standard functions in the platform layer (e.g. calloc() to 00119 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00120 * 00121 * This makes sure there are no linking errors on platforms that do not support 00122 * these functions. You will HAVE to provide alternatives, either at runtime 00123 * via the platform_set_xxx() functions or at compile time by setting 00124 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00125 * MBEDTLS_PLATFORM_XXX_MACRO. 00126 * 00127 * Requires: MBEDTLS_PLATFORM_C 00128 * 00129 * Uncomment to prevent default assignment of standard functions in the 00130 * platform layer. 00131 */ 00132 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00133 00134 /** 00135 * \def MBEDTLS_PLATFORM_XXX_ALT 00136 * 00137 * Uncomment a macro to let mbed TLS support the function in the platform 00138 * abstraction layer. 00139 * 00140 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00141 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00142 * alternative printf function pointer. 00143 * 00144 * All these define require MBEDTLS_PLATFORM_C to be defined! 00145 * 00146 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00147 * it will be enabled automatically by check_config.h 00148 * 00149 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00150 * MBEDTLS_PLATFORM_XXX_MACRO! 00151 * 00152 * Uncomment a macro to enable alternate implementation of specific base 00153 * platform function 00154 */ 00155 //#define MBEDTLS_PLATFORM_EXIT_ALT 00156 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00157 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00158 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00159 00160 /** 00161 * \def MBEDTLS_DEPRECATED_WARNING 00162 * 00163 * Mark deprecated functions so that they generate a warning if used. 00164 * Functions deprecated in one version will usually be removed in the next 00165 * version. You can enable this to help you prepare the transition to a new 00166 * major version by making sure your code is not using these functions. 00167 * 00168 * This only works with GCC and Clang. With other compilers, you may want to 00169 * use MBEDTLS_DEPRECATED_REMOVED 00170 * 00171 * Uncomment to get warnings on using deprecated functions. 00172 */ 00173 //#define MBEDTLS_DEPRECATED_WARNING 00174 00175 /** 00176 * \def MBEDTLS_DEPRECATED_REMOVED 00177 * 00178 * Remove deprecated functions so that they generate an error if used. 00179 * Functions deprecated in one version will usually be removed in the next 00180 * version. You can enable this to help you prepare the transition to a new 00181 * major version by making sure your code is not using these functions. 00182 * 00183 * Uncomment to get errors on using deprecated functions. 00184 */ 00185 //#define MBEDTLS_DEPRECATED_REMOVED 00186 00187 /* \} name SECTION: System support */ 00188 00189 /** 00190 * \name SECTION: mbed TLS feature support 00191 * 00192 * This section sets support for features that are or are not needed 00193 * within the modules that are enabled. 00194 * \{ 00195 */ 00196 00197 /** 00198 * \def MBEDTLS_TIMING_ALT 00199 * 00200 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00201 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00202 * 00203 * Only works if you have MBEDTLS_TIMING_C enabled. 00204 * 00205 * You will need to provide a header "timing_alt.h" and an implementation at 00206 * compile time. 00207 */ 00208 //#define MBEDTLS_TIMING_ALT 00209 00210 /** 00211 * \def MBEDTLS__MODULE_NAME__ALT 00212 * 00213 * Uncomment a macro to let mbed TLS use your alternate core implementation of 00214 * a symmetric crypto or hash module (e.g. platform specific assembly 00215 * optimized implementations). Keep in mind that the function prototypes 00216 * should remain the same. 00217 * 00218 * This replaces the whole module. If you only want to replace one of the 00219 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00220 * 00221 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00222 * provide the "struct mbedtls_aes_context" definition and omit the base function 00223 * declarations and implementations. "aes_alt.h" will be included from 00224 * "aes.h" to include the new function definitions. 00225 * 00226 * Uncomment a macro to enable alternate implementation of the corresponding 00227 * module. 00228 */ 00229 //#define MBEDTLS_AES_ALT 00230 //#define MBEDTLS_ARC4_ALT 00231 //#define MBEDTLS_BLOWFISH_ALT 00232 //#define MBEDTLS_CAMELLIA_ALT 00233 //#define MBEDTLS_DES_ALT 00234 //#define MBEDTLS_XTEA_ALT 00235 //#define MBEDTLS_MD2_ALT 00236 //#define MBEDTLS_MD4_ALT 00237 //#define MBEDTLS_MD5_ALT 00238 //#define MBEDTLS_RIPEMD160_ALT 00239 //#define MBEDTLS_SHA1_ALT 00240 //#define MBEDTLS_SHA256_ALT 00241 //#define MBEDTLS_SHA512_ALT 00242 00243 /** 00244 * \def MBEDTLS__FUNCTION_NAME__ALT 00245 * 00246 * Uncomment a macro to let mbed TLS use you alternate core implementation of 00247 * symmetric crypto or hash function. Keep in mind that function prototypes 00248 * should remain the same. 00249 * 00250 * This replaces only one function. The header file from mbed TLS is still 00251 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00252 * 00253 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00254 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00255 * the other function (using your mbedtls_sha1_process() function) and the definition 00256 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00257 * with this definition. 00258 * 00259 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00260 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00261 * tables. 00262 * 00263 * Uncomment a macro to enable alternate implementation of the corresponding 00264 * function. 00265 */ 00266 //#define MBEDTLS_MD2_PROCESS_ALT 00267 //#define MBEDTLS_MD4_PROCESS_ALT 00268 //#define MBEDTLS_MD5_PROCESS_ALT 00269 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00270 //#define MBEDTLS_SHA1_PROCESS_ALT 00271 //#define MBEDTLS_SHA256_PROCESS_ALT 00272 //#define MBEDTLS_SHA512_PROCESS_ALT 00273 //#define MBEDTLS_DES_SETKEY_ALT 00274 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00275 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00276 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00277 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00278 //#define MBEDTLS_AES_ENCRYPT_ALT 00279 //#define MBEDTLS_AES_DECRYPT_ALT 00280 00281 /** 00282 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00283 * 00284 * Uncomment this macro to let mbed TLS use your own implementation of a 00285 * hardware entropy collector. 00286 * 00287 * Your function must be called \c mbedtls_hardware_poll(), have the same 00288 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00289 * 00290 * Uncomment to use your own hardware entropy collector. 00291 */ 00292 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00293 00294 /** 00295 * \def MBEDTLS_AES_ROM_TABLES 00296 * 00297 * Store the AES tables in ROM. 00298 * 00299 * Uncomment this macro to store the AES tables in ROM. 00300 */ 00301 //#define MBEDTLS_AES_ROM_TABLES 00302 00303 /** 00304 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00305 * 00306 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00307 * 00308 * Uncomment this macro to use less memory for Camellia. 00309 */ 00310 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00311 00312 /** 00313 * \def MBEDTLS_CIPHER_MODE_CBC 00314 * 00315 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00316 */ 00317 #define MBEDTLS_CIPHER_MODE_CBC 00318 00319 /** 00320 * \def MBEDTLS_CIPHER_MODE_CFB 00321 * 00322 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00323 */ 00324 //#define MBEDTLS_CIPHER_MODE_CFB 00325 00326 /** 00327 * \def MBEDTLS_CIPHER_MODE_CTR 00328 * 00329 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00330 */ 00331 //#define MBEDTLS_CIPHER_MODE_CTR 00332 00333 /** 00334 * \def MBEDTLS_CIPHER_NULL_CIPHER 00335 * 00336 * Enable NULL cipher. 00337 * Warning: Only do so when you know what you are doing. This allows for 00338 * encryption or channels without any security! 00339 * 00340 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00341 * the following ciphersuites: 00342 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00343 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00344 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00345 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00346 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00347 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00348 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00349 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00350 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00351 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00352 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00353 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00354 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00355 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00356 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00357 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00358 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00359 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00360 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00361 * 00362 * Uncomment this macro to enable the NULL cipher and ciphersuites 00363 */ 00364 //#define MBEDTLS_CIPHER_NULL_CIPHER 00365 00366 /** 00367 * \def MBEDTLS_CIPHER_PADDING_XXX 00368 * 00369 * Uncomment or comment macros to add support for specific padding modes 00370 * in the cipher layer with cipher modes that support padding (e.g. CBC) 00371 * 00372 * If you disable all padding modes, only full blocks can be used with CBC. 00373 * 00374 * Enable padding modes in the cipher layer. 00375 */ 00376 #define MBEDTLS_CIPHER_PADDING_PKCS7 00377 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00378 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00379 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00380 00381 /** 00382 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00383 * 00384 * Enable weak ciphersuites in SSL / TLS. 00385 * Warning: Only do so when you know what you are doing. This allows for 00386 * channels with virtually no security at all! 00387 * 00388 * This enables the following ciphersuites: 00389 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00390 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00391 * 00392 * Uncomment this macro to enable weak ciphersuites 00393 */ 00394 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00395 00396 /** 00397 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00398 * 00399 * Remove RC4 ciphersuites by default in SSL / TLS. 00400 * This flag removes the ciphersuites based on RC4 from the default list as 00401 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00402 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00403 * explicitly. 00404 * 00405 * Uncomment this macro to remove RC4 ciphersuites by default. 00406 */ 00407 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00408 00409 /** 00410 * \def MBEDTLS_ECP_XXXX_ENABLED 00411 * 00412 * Enables specific curves within the Elliptic Curve module. 00413 * By default all supported curves are enabled. 00414 * 00415 * Comment macros to disable the curve and functions for it 00416 */ 00417 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00418 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00419 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00420 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00421 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00422 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00423 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00424 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00425 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00426 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00427 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00428 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00429 00430 /** 00431 * \def MBEDTLS_ECP_NIST_OPTIM 00432 * 00433 * Enable specific 'modulo p' routines for each NIST prime. 00434 * Depending on the prime and architecture, makes operations 4 to 8 times 00435 * faster on the corresponding curve. 00436 * 00437 * Comment this macro to disable NIST curves optimisation. 00438 */ 00439 #define MBEDTLS_ECP_NIST_OPTIM 00440 00441 /** 00442 * \def MBEDTLS_ECDSA_DETERMINISTIC 00443 * 00444 * Enable deterministic ECDSA (RFC 6979). 00445 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00446 * may result in a compromise of the long-term signing key. This is avoided by 00447 * the deterministic variant. 00448 * 00449 * Requires: MBEDTLS_HMAC_DRBG_C 00450 * 00451 * Comment this macro to disable deterministic ECDSA. 00452 */ 00453 #define MBEDTLS_ECDSA_DETERMINISTIC 00454 00455 /** 00456 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00457 * 00458 * Enable the PSK based ciphersuite modes in SSL / TLS. 00459 * 00460 * This enables the following ciphersuites (if other requisites are 00461 * enabled as well): 00462 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00463 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00464 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00465 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00466 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00467 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00468 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00469 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00470 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00471 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00472 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00473 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00474 */ 00475 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00476 00477 /** 00478 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00479 * 00480 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00481 * 00482 * Requires: MBEDTLS_DHM_C 00483 * 00484 * This enables the following ciphersuites (if other requisites are 00485 * enabled as well): 00486 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00487 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00488 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00489 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00490 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00491 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00492 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00493 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00494 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00495 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00496 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00497 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00498 */ 00499 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00500 00501 /** 00502 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00503 * 00504 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00505 * 00506 * Requires: MBEDTLS_ECDH_C 00507 * 00508 * This enables the following ciphersuites (if other requisites are 00509 * enabled as well): 00510 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00511 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00512 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00513 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00514 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00515 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00516 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00517 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00518 */ 00519 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00520 00521 /** 00522 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00523 * 00524 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00525 * 00526 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00527 * MBEDTLS_X509_CRT_PARSE_C 00528 * 00529 * This enables the following ciphersuites (if other requisites are 00530 * enabled as well): 00531 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00532 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00533 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00534 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00535 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00536 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00537 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00538 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00539 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00540 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00541 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00542 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00543 */ 00544 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00545 00546 /** 00547 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00548 * 00549 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00550 * 00551 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00552 * MBEDTLS_X509_CRT_PARSE_C 00553 * 00554 * This enables the following ciphersuites (if other requisites are 00555 * enabled as well): 00556 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00557 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00558 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00559 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00560 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00561 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00562 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00563 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00564 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00565 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00566 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00567 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00568 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00569 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00570 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00571 */ 00572 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00573 00574 /** 00575 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00576 * 00577 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00578 * 00579 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00580 * MBEDTLS_X509_CRT_PARSE_C 00581 * 00582 * This enables the following ciphersuites (if other requisites are 00583 * enabled as well): 00584 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00585 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00586 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00587 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00588 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00589 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00590 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00591 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00592 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00593 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00594 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00595 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00596 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00597 */ 00598 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00599 00600 /** 00601 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00602 * 00603 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00604 * 00605 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00606 * MBEDTLS_X509_CRT_PARSE_C 00607 * 00608 * This enables the following ciphersuites (if other requisites are 00609 * enabled as well): 00610 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00611 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00612 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00613 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00614 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00615 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00616 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00617 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00618 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00619 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00620 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00621 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00622 */ 00623 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00624 00625 /** 00626 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00627 * 00628 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00629 * 00630 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00631 * 00632 * This enables the following ciphersuites (if other requisites are 00633 * enabled as well): 00634 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00635 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00636 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00637 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00638 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00639 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00640 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00641 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00642 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00643 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00644 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00645 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00646 */ 00647 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00648 00649 /** 00650 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00651 * 00652 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00653 * 00654 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00655 * 00656 * This enables the following ciphersuites (if other requisites are 00657 * enabled as well): 00658 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00659 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00660 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00661 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00662 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00663 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00664 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00665 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00666 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00667 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00668 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00669 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00670 */ 00671 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00672 00673 /** 00674 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00675 * 00676 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00677 * 00678 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00679 * 00680 * This enables the following ciphersuites (if other requisites are 00681 * enabled as well): 00682 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00683 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00684 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00685 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00686 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00687 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00688 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00689 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00690 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00691 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00692 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00693 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00694 */ 00695 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00696 00697 /** 00698 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00699 * 00700 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00701 * 00702 * \warning This is currently experimental. EC J-PAKE support is based on the 00703 * Thread v1.0.0 specification; incompatible changes to the specification 00704 * might still happen. For this reason, this is disabled by default. 00705 * 00706 * Requires: MBEDTLS_ECJPAKE_C 00707 * MBEDTLS_SHA256_C 00708 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00709 * 00710 * This enables the following ciphersuites (if other requisites are 00711 * enabled as well): 00712 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00713 */ 00714 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00715 00716 /** 00717 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00718 * 00719 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00720 * RFC 5915 and RFC 5480. 00721 * 00722 * Currently this means parsing the SpecifiedECDomain choice of EC 00723 * parameters (only known groups are supported, not arbitrary domains, to 00724 * avoid validation issues). 00725 * 00726 * Disable if you only need to support RFC 5915 + 5480 key formats. 00727 */ 00728 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00729 00730 /** 00731 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00732 * 00733 * Enable a dummy error function to make use of mbedtls_strerror() in 00734 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00735 * (no effect when MBEDTLS_ERROR_C is enabled). 00736 * 00737 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00738 * not using mbedtls_strerror() or error_strerror() in your application. 00739 * 00740 * Disable if you run into name conflicts and want to really remove the 00741 * mbedtls_strerror() 00742 */ 00743 #define MBEDTLS_ERROR_STRERROR_DUMMY 00744 00745 /** 00746 * \def MBEDTLS_GENPRIME 00747 * 00748 * Enable the prime-number generation code. 00749 * 00750 * Requires: MBEDTLS_BIGNUM_C 00751 */ 00752 //#define MBEDTLS_GENPRIME 00753 00754 /** 00755 * \def MBEDTLS_FS_IO 00756 * 00757 * Enable functions that use the filesystem. 00758 */ 00759 //#define MBEDTLS_FS_IO 00760 00761 /** 00762 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00763 * 00764 * Do not add default entropy sources. These are the platform specific, 00765 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00766 * 00767 * This is useful to have more control over the added entropy sources in an 00768 * application. 00769 * 00770 * Uncomment this macro to prevent loading of default entropy functions. 00771 */ 00772 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00773 00774 /** 00775 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00776 * 00777 * Do not use built-in platform entropy functions. 00778 * This is useful if your platform does not support 00779 * standards like the /dev/urandom or Windows CryptoAPI. 00780 * 00781 * Uncomment this macro to disable the built-in platform entropy functions. 00782 */ 00783 //#define MBEDTLS_NO_PLATFORM_ENTROPY 00784 00785 /** 00786 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00787 * 00788 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00789 * default SHA-512 based one (if both are available). 00790 * 00791 * Requires: MBEDTLS_SHA256_C 00792 * 00793 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00794 * if you have performance concerns. 00795 * 00796 * This option is only useful if both MBEDTLS_SHA256_C and 00797 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00798 */ 00799 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00800 00801 /** 00802 * \def MBEDTLS_MEMORY_DEBUG 00803 * 00804 * Enable debugging of buffer allocator memory issues. Automatically prints 00805 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00806 * function for 'debug output' of allocated memory. 00807 * 00808 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00809 * 00810 * Uncomment this macro to let the buffer allocator print out error messages. 00811 */ 00812 //#define MBEDTLS_MEMORY_DEBUG 00813 00814 /** 00815 * \def MBEDTLS_MEMORY_BACKTRACE 00816 * 00817 * Include backtrace information with each allocated block. 00818 * 00819 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00820 * GLIBC-compatible backtrace() an backtrace_symbols() support 00821 * 00822 * Uncomment this macro to include backtrace information 00823 */ 00824 //#define MBEDTLS_MEMORY_BACKTRACE 00825 00826 /** 00827 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00828 * 00829 * Support external private RSA keys (eg from a HSM) in the PK layer. 00830 * 00831 * Comment this macro to disable support for external private RSA keys. 00832 */ 00833 #define MBEDTLS_PK_RSA_ALT_SUPPORT 00834 00835 /** 00836 * \def MBEDTLS_PKCS1_V15 00837 * 00838 * Enable support for PKCS#1 v1.5 encoding. 00839 * 00840 * Requires: MBEDTLS_RSA_C 00841 * 00842 * This enables support for PKCS#1 v1.5 operations. 00843 */ 00844 #define MBEDTLS_PKCS1_V15 00845 00846 /** 00847 * \def MBEDTLS_PKCS1_V21 00848 * 00849 * Enable support for PKCS#1 v2.1 encoding. 00850 * 00851 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00852 * 00853 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00854 */ 00855 #define MBEDTLS_PKCS1_V21 00856 00857 /** 00858 * \def MBEDTLS_RSA_NO_CRT 00859 * 00860 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00861 * 00862 * Uncomment this macro to disable the use of CRT in RSA. 00863 * 00864 */ 00865 //#define MBEDTLS_RSA_NO_CRT 00866 00867 /** 00868 * \def MBEDTLS_SELF_TEST 00869 * 00870 * Enable the checkup functions (*_self_test). 00871 */ 00872 #define MBEDTLS_SELF_TEST 00873 00874 /** 00875 * \def MBEDTLS_SHA256_SMALLER 00876 * 00877 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00878 * lower performance. 00879 * 00880 * The default implementation is meant to be a reasonnable compromise between 00881 * performance and size. This version optimizes more aggressively for size at 00882 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00883 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00884 * 30%. 00885 * 00886 * Uncomment to enable the smaller implementation of SHA256. 00887 */ 00888 //#define MBEDTLS_SHA256_SMALLER 00889 00890 /** 00891 * \def MBEDTLS_SSL_AEAD_RANDOM_IV 00892 * 00893 * Generate a random IV rather than using the record sequence number as a 00894 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 00895 * 00896 * Using the sequence number is generally recommended. 00897 * 00898 * Uncomment this macro to always use random IVs with AEAD ciphersuites. 00899 */ 00900 //#define MBEDTLS_SSL_AEAD_RANDOM_IV 00901 00902 /** 00903 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00904 * 00905 * Enable sending of alert messages in case of encountered errors as per RFC. 00906 * If you choose not to send the alert messages, mbed TLS can still communicate 00907 * with other servers, only debugging of failures is harder. 00908 * 00909 * The advantage of not sending alert messages, is that no information is given 00910 * about reasons for failures thus preventing adversaries of gaining intel. 00911 * 00912 * Enable sending of all alert messages 00913 */ 00914 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 00915 00916 /** 00917 * \def MBEDTLS_SSL_DEBUG_ALL 00918 * 00919 * Enable the debug messages in SSL module for all issues. 00920 * Debug messages have been disabled in some places to prevent timing 00921 * attacks due to (unbalanced) debugging function calls. 00922 * 00923 * If you need all error reporting you should enable this during debugging, 00924 * but remove this for production servers that should log as well. 00925 * 00926 * Uncomment this macro to report all debug messages on errors introducing 00927 * a timing side-channel. 00928 * 00929 */ 00930 //#define MBEDTLS_SSL_DEBUG_ALL 00931 00932 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 00933 * 00934 * Enable support for Encrypt-then-MAC, RFC 7366. 00935 * 00936 * This allows peers that both support it to use a more robust protection for 00937 * ciphersuites using CBC, providing deep resistance against timing attacks 00938 * on the padding or underlying cipher. 00939 * 00940 * This only affects CBC ciphersuites, and is useless if none is defined. 00941 * 00942 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 00943 * MBEDTLS_SSL_PROTO_TLS1_1 or 00944 * MBEDTLS_SSL_PROTO_TLS1_2 00945 * 00946 * Comment this macro to disable support for Encrypt-then-MAC 00947 */ 00948 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 00949 00950 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 00951 * 00952 * Enable support for Extended Master Secret, aka Session Hash 00953 * (draft-ietf-tls-session-hash-02). 00954 * 00955 * This was introduced as "the proper fix" to the Triple Handshake familiy of 00956 * attacks, but it is recommended to always use it (even if you disable 00957 * renegotiation), since it actually fixes a more fundamental issue in the 00958 * original SSL/TLS design, and has implications beyond Triple Handshake. 00959 * 00960 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 00961 * MBEDTLS_SSL_PROTO_TLS1_1 or 00962 * MBEDTLS_SSL_PROTO_TLS1_2 00963 * 00964 * Comment this macro to disable support for Extended Master Secret. 00965 */ 00966 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 00967 00968 /** 00969 * \def MBEDTLS_SSL_FALLBACK_SCSV 00970 * 00971 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 00972 * 00973 * For servers, it is recommended to always enable this, unless you support 00974 * only one version of TLS, or know for sure that none of your clients 00975 * implements a fallback strategy. 00976 * 00977 * For clients, you only need this if you're using a fallback strategy, which 00978 * is not recommended in the first place, unless you absolutely need it to 00979 * interoperate with buggy (version-intolerant) servers. 00980 * 00981 * Comment this macro to disable support for FALLBACK_SCSV 00982 */ 00983 //#define MBEDTLS_SSL_FALLBACK_SCSV 00984 00985 /** 00986 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 00987 * 00988 * Enable hooking functions in SSL module for hardware acceleration of 00989 * individual records. 00990 * 00991 * Uncomment this macro to enable hooking functions. 00992 */ 00993 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 00994 00995 /** 00996 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 00997 * 00998 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 00999 * 01000 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01001 * of interoperability issues compared to sending 0-length records. 01002 * 01003 * Comment this macro to disable 1/n-1 record splitting. 01004 */ 01005 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01006 01007 /** 01008 * \def MBEDTLS_SSL_RENEGOTIATION 01009 * 01010 * Disable support for TLS renegotiation. 01011 * 01012 * The two main uses of renegotiation are (1) refresh keys on long-lived 01013 * connections and (2) client authentication after the initial handshake. 01014 * If you don't need renegotiation, it's probably better to disable it, since 01015 * it has been associated with security issues in the past and is easy to 01016 * misuse/misunderstand. 01017 * 01018 * Comment this to disable support for renegotiation. 01019 */ 01020 #define MBEDTLS_SSL_RENEGOTIATION 01021 01022 /** 01023 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01024 * 01025 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01026 * SSL Server module (MBEDTLS_SSL_SRV_C). 01027 * 01028 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01029 */ 01030 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01031 01032 /** 01033 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01034 * 01035 * Pick the ciphersuite according to the client's preferences rather than ours 01036 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01037 * 01038 * Uncomment this macro to respect client's ciphersuite order 01039 */ 01040 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01041 01042 /** 01043 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01044 * 01045 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01046 * 01047 * Comment this macro to disable support for the max_fragment_length extension 01048 */ 01049 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01050 01051 /** 01052 * \def MBEDTLS_SSL_PROTO_SSL3 01053 * 01054 * Enable support for SSL 3.0. 01055 * 01056 * Requires: MBEDTLS_MD5_C 01057 * MBEDTLS_SHA1_C 01058 * 01059 * Comment this macro to disable support for SSL 3.0 01060 */ 01061 //#define MBEDTLS_SSL_PROTO_SSL3 01062 01063 /** 01064 * \def MBEDTLS_SSL_PROTO_TLS1 01065 * 01066 * Enable support for TLS 1.0. 01067 * 01068 * Requires: MBEDTLS_MD5_C 01069 * MBEDTLS_SHA1_C 01070 * 01071 * Comment this macro to disable support for TLS 1.0 01072 */ 01073 //#define MBEDTLS_SSL_PROTO_TLS1 01074 01075 /** 01076 * \def MBEDTLS_SSL_PROTO_TLS1_1 01077 * 01078 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01079 * 01080 * Requires: MBEDTLS_MD5_C 01081 * MBEDTLS_SHA1_C 01082 * 01083 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01084 */ 01085 //#define MBEDTLS_SSL_PROTO_TLS1_1 01086 01087 /** 01088 * \def MBEDTLS_SSL_PROTO_TLS1_2 01089 * 01090 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01091 * 01092 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01093 * (Depends on ciphersuites) 01094 * 01095 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01096 */ 01097 #define MBEDTLS_SSL_PROTO_TLS1_2 01098 01099 /** 01100 * \def MBEDTLS_SSL_PROTO_DTLS 01101 * 01102 * Enable support for DTLS (all available versions). 01103 * 01104 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01105 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01106 * 01107 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01108 * or MBEDTLS_SSL_PROTO_TLS1_2 01109 * 01110 * Comment this macro to disable support for DTLS 01111 */ 01112 #define MBEDTLS_SSL_PROTO_DTLS 01113 01114 /** 01115 * \def MBEDTLS_SSL_ALPN 01116 * 01117 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01118 * 01119 * Comment this macro to disable support for ALPN. 01120 */ 01121 #define MBEDTLS_SSL_ALPN 01122 01123 /** 01124 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01125 * 01126 * Enable support for the anti-replay mechanism in DTLS. 01127 * 01128 * Requires: MBEDTLS_SSL_TLS_C 01129 * MBEDTLS_SSL_PROTO_DTLS 01130 * 01131 * \warning Disabling this is often a security risk! 01132 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01133 * 01134 * Comment this to disable anti-replay in DTLS. 01135 */ 01136 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01137 01138 /** 01139 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01140 * 01141 * Enable support for HelloVerifyRequest on DTLS servers. 01142 * 01143 * This feature is highly recommended to prevent DTLS servers being used as 01144 * amplifiers in DoS attacks against other hosts. It should always be enabled 01145 * unless you know for sure amplification cannot be a problem in the 01146 * environment in which your server operates. 01147 * 01148 * \warning Disabling this can ba a security risk! (see above) 01149 * 01150 * Requires: MBEDTLS_SSL_PROTO_DTLS 01151 * 01152 * Comment this to disable support for HelloVerifyRequest. 01153 */ 01154 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01155 01156 /** 01157 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01158 * 01159 * Enable server-side support for clients that reconnect from the same port. 01160 * 01161 * Some clients unexpectedly close the connection and try to reconnect using the 01162 * same source port. This needs special support from the server to handle the 01163 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01164 * flag enables that support. 01165 * 01166 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01167 * 01168 * Comment this to disable support for clients reusing the source port. 01169 */ 01170 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01171 01172 /** 01173 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01174 * 01175 * Enable support for a limit of records with bad MAC. 01176 * 01177 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01178 * 01179 * Requires: MBEDTLS_SSL_PROTO_DTLS 01180 */ 01181 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01182 01183 /** 01184 * \def MBEDTLS_SSL_SESSION_TICKETS 01185 * 01186 * Enable support for RFC 5077 session tickets in SSL. 01187 * Client-side, provides full support for session tickets (maintainance of a 01188 * session store remains the responsibility of the application, though). 01189 * Server-side, you also need to provide callbacks for writing and parsing 01190 * tickets, including authenticated encryption and key management. Example 01191 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01192 * 01193 * Comment this macro to disable support for SSL session tickets 01194 */ 01195 #define MBEDTLS_SSL_SESSION_TICKETS 01196 01197 /** 01198 * \def MBEDTLS_SSL_EXPORT_KEYS 01199 * 01200 * Enable support for exporting key block and master secret. 01201 * This is required for certain users of TLS, e.g. EAP-TLS. 01202 * 01203 * Comment this macro to disable support for key export 01204 */ 01205 #define MBEDTLS_SSL_EXPORT_KEYS 01206 01207 /** 01208 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01209 * 01210 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01211 * 01212 * Requires: MBEDTLS_X509_CRT_PARSE_C 01213 * 01214 * Comment this macro to disable support for server name indication in SSL 01215 */ 01216 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01217 01218 /** 01219 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01220 * 01221 * Enable support for RFC 6066 truncated HMAC in SSL. 01222 * 01223 * Comment this macro to disable support for truncated HMAC in SSL 01224 */ 01225 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01226 01227 /** 01228 * \def MBEDTLS_THREADING_ALT 01229 * 01230 * Provide your own alternate threading implementation. 01231 * 01232 * Requires: MBEDTLS_THREADING_C 01233 * 01234 * Uncomment this to allow your own alternate threading implementation. 01235 */ 01236 //#define MBEDTLS_THREADING_ALT 01237 01238 /** 01239 * \def MBEDTLS_THREADING_PTHREAD 01240 * 01241 * Enable the pthread wrapper layer for the threading layer. 01242 * 01243 * Requires: MBEDTLS_THREADING_C 01244 * 01245 * Uncomment this to enable pthread mutexes. 01246 */ 01247 //#define MBEDTLS_THREADING_PTHREAD 01248 01249 /** 01250 * \def MBEDTLS_VERSION_FEATURES 01251 * 01252 * Allow run-time checking of compile-time enabled features. Thus allowing users 01253 * to check at run-time if the library is for instance compiled with threading 01254 * support via mbedtls_version_check_feature(). 01255 * 01256 * Requires: MBEDTLS_VERSION_C 01257 * 01258 * Comment this to disable run-time checking and save ROM space 01259 */ 01260 #define MBEDTLS_VERSION_FEATURES 01261 01262 /** 01263 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01264 * 01265 * If set, the X509 parser will not break-off when parsing an X509 certificate 01266 * and encountering an extension in a v1 or v2 certificate. 01267 * 01268 * Uncomment to prevent an error. 01269 */ 01270 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01271 01272 /** 01273 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01274 * 01275 * If set, the X509 parser will not break-off when parsing an X509 certificate 01276 * and encountering an unknown critical extension. 01277 * 01278 * \warning Depending on your PKI use, enabling this can be a security risk! 01279 * 01280 * Uncomment to prevent an error. 01281 */ 01282 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01283 01284 /** 01285 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01286 * 01287 * Enable verification of the keyUsage extension (CA and leaf certificates). 01288 * 01289 * Disabling this avoids problems with mis-issued and/or misused 01290 * (intermediate) CA and leaf certificates. 01291 * 01292 * \warning Depending on your PKI use, disabling this can be a security risk! 01293 * 01294 * Comment to skip keyUsage checking for both CA and leaf certificates. 01295 */ 01296 #define MBEDTLS_X509_CHECK_KEY_USAGE 01297 01298 /** 01299 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01300 * 01301 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01302 * 01303 * Disabling this avoids problems with mis-issued and/or misused certificates. 01304 * 01305 * \warning Depending on your PKI use, disabling this can be a security risk! 01306 * 01307 * Comment to skip extendedKeyUsage checking for certificates. 01308 */ 01309 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01310 01311 /** 01312 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01313 * 01314 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01315 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01316 * 01317 * Comment this macro to disallow using RSASSA-PSS in certificates. 01318 */ 01319 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01320 01321 /** 01322 * \def MBEDTLS_ZLIB_SUPPORT 01323 * 01324 * If set, the SSL/TLS module uses ZLIB to support compression and 01325 * decompression of packet data. 01326 * 01327 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01328 * CRIME attack. Before enabling this option, you should examine with care if 01329 * CRIME or similar exploits may be a applicable to your use case. 01330 * 01331 * \note Currently compression can't be used with DTLS. 01332 * 01333 * Used in: library/ssl_tls.c 01334 * library/ssl_cli.c 01335 * library/ssl_srv.c 01336 * 01337 * This feature requires zlib library and headers to be present. 01338 * 01339 * Uncomment to enable use of ZLIB 01340 */ 01341 //#define MBEDTLS_ZLIB_SUPPORT 01342 /* \} name SECTION: mbed TLS feature support */ 01343 01344 /** 01345 * \name SECTION: mbed TLS modules 01346 * 01347 * This section enables or disables entire modules in mbed TLS 01348 * \{ 01349 */ 01350 01351 /** 01352 * \def MBEDTLS_AESNI_C 01353 * 01354 * Enable AES-NI support on x86-64. 01355 * 01356 * Module: library/aesni.c 01357 * Caller: library/aes.c 01358 * 01359 * Requires: MBEDTLS_HAVE_ASM 01360 * 01361 * This modules adds support for the AES-NI instructions on x86-64 01362 */ 01363 //#define MBEDTLS_AESNI_C 01364 01365 /** 01366 * \def MBEDTLS_AES_C 01367 * 01368 * Enable the AES block cipher. 01369 * 01370 * Module: library/aes.c 01371 * Caller: library/ssl_tls.c 01372 * library/pem.c 01373 * library/ctr_drbg.c 01374 * 01375 * This module enables the following ciphersuites (if other requisites are 01376 * enabled as well): 01377 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01378 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01379 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01380 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01381 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01382 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01383 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01384 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01385 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01386 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01387 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01388 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01389 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01390 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01391 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01392 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01393 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01394 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01395 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01396 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01397 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01398 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01399 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01400 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01401 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01402 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01403 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01404 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01405 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01406 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01407 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01408 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01409 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01410 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01411 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01412 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01413 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01414 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01415 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01416 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01417 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01418 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01419 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01420 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01421 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01422 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01423 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01424 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01425 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01426 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01427 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01428 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01429 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01430 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01431 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01432 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01433 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01434 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01435 * 01436 * PEM_PARSE uses AES for decrypting encrypted keys. 01437 */ 01438 #define MBEDTLS_AES_C 01439 01440 /** 01441 * \def MBEDTLS_ARC4_C 01442 * 01443 * Enable the ARCFOUR stream cipher. 01444 * 01445 * Module: library/arc4.c 01446 * Caller: library/ssl_tls.c 01447 * 01448 * This module enables the following ciphersuites (if other requisites are 01449 * enabled as well): 01450 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01451 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01452 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01453 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01454 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01455 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01456 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01457 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01458 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01459 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01460 */ 01461 //#define MBEDTLS_ARC4_C 01462 01463 /** 01464 * \def MBEDTLS_ASN1_PARSE_C 01465 * 01466 * Enable the generic ASN1 parser. 01467 * 01468 * Module: library/asn1.c 01469 * Caller: library/x509.c 01470 * library/dhm.c 01471 * library/pkcs12.c 01472 * library/pkcs5.c 01473 * library/pkparse.c 01474 */ 01475 #define MBEDTLS_ASN1_PARSE_C 01476 01477 /** 01478 * \def MBEDTLS_ASN1_WRITE_C 01479 * 01480 * Enable the generic ASN1 writer. 01481 * 01482 * Module: library/asn1write.c 01483 * Caller: library/ecdsa.c 01484 * library/pkwrite.c 01485 * library/x509_create.c 01486 * library/x509write_crt.c 01487 * library/mbedtls_x509write_csr.c 01488 */ 01489 #define MBEDTLS_ASN1_WRITE_C 01490 01491 /** 01492 * \def MBEDTLS_BASE64_C 01493 * 01494 * Enable the Base64 module. 01495 * 01496 * Module: library/base64.c 01497 * Caller: library/pem.c 01498 * 01499 * This module is required for PEM support (required by X.509). 01500 */ 01501 #define MBEDTLS_BASE64_C 01502 01503 /** 01504 * \def MBEDTLS_BIGNUM_C 01505 * 01506 * Enable the multi-precision integer library. 01507 * 01508 * Module: library/bignum.c 01509 * Caller: library/dhm.c 01510 * library/ecp.c 01511 * library/ecdsa.c 01512 * library/rsa.c 01513 * library/ssl_tls.c 01514 * 01515 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01516 */ 01517 #define MBEDTLS_BIGNUM_C 01518 01519 /** 01520 * \def MBEDTLS_BLOWFISH_C 01521 * 01522 * Enable the Blowfish block cipher. 01523 * 01524 * Module: library/blowfish.c 01525 */ 01526 //#define MBEDTLS_BLOWFISH_C 01527 01528 /** 01529 * \def MBEDTLS_CAMELLIA_C 01530 * 01531 * Enable the Camellia block cipher. 01532 * 01533 * Module: library/camellia.c 01534 * Caller: library/ssl_tls.c 01535 * 01536 * This module enables the following ciphersuites (if other requisites are 01537 * enabled as well): 01538 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01539 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01540 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01541 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01542 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01543 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01544 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01545 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01546 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01547 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01548 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01549 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01550 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01551 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01552 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01553 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01554 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01555 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01556 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01557 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01558 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01559 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01560 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01561 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01562 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01563 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01564 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01565 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01566 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01567 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01568 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01569 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01570 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01571 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01572 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01573 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01574 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01575 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01576 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01577 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01578 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01579 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01580 */ 01581 //#define MBEDTLS_CAMELLIA_C 01582 01583 /** 01584 * \def MBEDTLS_CCM_C 01585 * 01586 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01587 * 01588 * Module: library/ccm.c 01589 * 01590 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01591 * 01592 * This module enables the AES-CCM ciphersuites, if other requisites are 01593 * enabled as well. 01594 */ 01595 #define MBEDTLS_CCM_C 01596 01597 /** 01598 * \def MBEDTLS_CERTS_C 01599 * 01600 * Enable the test certificates. 01601 * 01602 * Module: library/certs.c 01603 * Caller: 01604 * 01605 * This module is used for testing (ssl_client/server). 01606 */ 01607 #define MBEDTLS_CERTS_C 01608 01609 /** 01610 * \def MBEDTLS_CIPHER_C 01611 * 01612 * Enable the generic cipher layer. 01613 * 01614 * Module: library/cipher.c 01615 * Caller: library/ssl_tls.c 01616 * 01617 * Uncomment to enable generic cipher wrappers. 01618 */ 01619 #define MBEDTLS_CIPHER_C 01620 01621 /** 01622 * \def MBEDTLS_CTR_DRBG_C 01623 * 01624 * Enable the CTR_DRBG AES-256-based random generator. 01625 * 01626 * Module: library/ctr_drbg.c 01627 * Caller: 01628 * 01629 * Requires: MBEDTLS_AES_C 01630 * 01631 * This module provides the CTR_DRBG AES-256 random number generator. 01632 */ 01633 #define MBEDTLS_CTR_DRBG_C 01634 01635 /** 01636 * \def MBEDTLS_DEBUG_C 01637 * 01638 * Enable the debug functions. 01639 * 01640 * Module: library/debug.c 01641 * Caller: library/ssl_cli.c 01642 * library/ssl_srv.c 01643 * library/ssl_tls.c 01644 * 01645 * This module provides debugging functions. 01646 */ 01647 #define MBEDTLS_DEBUG_C 01648 01649 /** 01650 * \def MBEDTLS_DES_C 01651 * 01652 * Enable the DES block cipher. 01653 * 01654 * Module: library/des.c 01655 * Caller: library/pem.c 01656 * library/ssl_tls.c 01657 * 01658 * This module enables the following ciphersuites (if other requisites are 01659 * enabled as well): 01660 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01661 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01662 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01663 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01664 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01665 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01666 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01667 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01668 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01669 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01670 * 01671 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01672 */ 01673 //#define MBEDTLS_DES_C 01674 01675 /** 01676 * \def MBEDTLS_DHM_C 01677 * 01678 * Enable the Diffie-Hellman-Merkle module. 01679 * 01680 * Module: library/dhm.c 01681 * Caller: library/ssl_cli.c 01682 * library/ssl_srv.c 01683 * 01684 * This module is used by the following key exchanges: 01685 * DHE-RSA, DHE-PSK 01686 */ 01687 //#define MBEDTLS_DHM_C 01688 01689 /** 01690 * \def MBEDTLS_ECDH_C 01691 * 01692 * Enable the elliptic curve Diffie-Hellman library. 01693 * 01694 * Module: library/ecdh.c 01695 * Caller: library/ssl_cli.c 01696 * library/ssl_srv.c 01697 * 01698 * This module is used by the following key exchanges: 01699 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01700 * 01701 * Requires: MBEDTLS_ECP_C 01702 */ 01703 #define MBEDTLS_ECDH_C 01704 01705 /** 01706 * \def MBEDTLS_ECDSA_C 01707 * 01708 * Enable the elliptic curve DSA library. 01709 * 01710 * Module: library/ecdsa.c 01711 * Caller: 01712 * 01713 * This module is used by the following key exchanges: 01714 * ECDHE-ECDSA 01715 * 01716 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01717 */ 01718 #define MBEDTLS_ECDSA_C 01719 01720 /** 01721 * \def MBEDTLS_ECJPAKE_C 01722 * 01723 * Enable the elliptic curve J-PAKE library. 01724 * 01725 * \warning This is currently experimental. EC J-PAKE support is based on the 01726 * Thread v1.0.0 specification; incompatible changes to the specification 01727 * might still happen. For this reason, this is disabled by default. 01728 * 01729 * Module: library/ecjpake.c 01730 * Caller: 01731 * 01732 * This module is used by the following key exchanges: 01733 * ECJPAKE 01734 * 01735 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01736 */ 01737 //#define MBEDTLS_ECJPAKE_C 01738 01739 /** 01740 * \def MBEDTLS_ECP_C 01741 * 01742 * Enable the elliptic curve over GF(p) library. 01743 * 01744 * Module: library/ecp.c 01745 * Caller: library/ecdh.c 01746 * library/ecdsa.c 01747 * library/ecjpake.c 01748 * 01749 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01750 */ 01751 #define MBEDTLS_ECP_C 01752 01753 /** 01754 * \def MBEDTLS_ENTROPY_C 01755 * 01756 * Enable the platform-specific entropy code. 01757 * 01758 * Module: library/entropy.c 01759 * Caller: 01760 * 01761 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01762 * 01763 * This module provides a generic entropy pool 01764 */ 01765 #define MBEDTLS_ENTROPY_C 01766 01767 /** 01768 * \def MBEDTLS_ERROR_C 01769 * 01770 * Enable error code to error string conversion. 01771 * 01772 * Module: library/error.c 01773 * Caller: 01774 * 01775 * This module enables mbedtls_strerror(). 01776 */ 01777 #define MBEDTLS_ERROR_C 01778 01779 /** 01780 * \def MBEDTLS_GCM_C 01781 * 01782 * Enable the Galois/Counter Mode (GCM) for AES. 01783 * 01784 * Module: library/gcm.c 01785 * 01786 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01787 * 01788 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01789 * requisites are enabled as well. 01790 */ 01791 #define MBEDTLS_GCM_C 01792 01793 /** 01794 * \def MBEDTLS_HAVEGE_C 01795 * 01796 * Enable the HAVEGE random generator. 01797 * 01798 * Warning: the HAVEGE random generator is not suitable for virtualized 01799 * environments 01800 * 01801 * Warning: the HAVEGE random generator is dependent on timing and specific 01802 * processor traits. It is therefore not advised to use HAVEGE as 01803 * your applications primary random generator or primary entropy pool 01804 * input. As a secondary input to your entropy pool, it IS able add 01805 * the (limited) extra entropy it provides. 01806 * 01807 * Module: library/havege.c 01808 * Caller: 01809 * 01810 * Requires: MBEDTLS_TIMING_C 01811 * 01812 * Uncomment to enable the HAVEGE random generator. 01813 */ 01814 //#define MBEDTLS_HAVEGE_C 01815 01816 /** 01817 * \def MBEDTLS_HMAC_DRBG_C 01818 * 01819 * Enable the HMAC_DRBG random generator. 01820 * 01821 * Module: library/hmac_drbg.c 01822 * Caller: 01823 * 01824 * Requires: MBEDTLS_MD_C 01825 * 01826 * Uncomment to enable the HMAC_DRBG random number geerator. 01827 */ 01828 #define MBEDTLS_HMAC_DRBG_C 01829 01830 /** 01831 * \def MBEDTLS_MD_C 01832 * 01833 * Enable the generic message digest layer. 01834 * 01835 * Module: library/mbedtls_md.c 01836 * Caller: 01837 * 01838 * Uncomment to enable generic message digest wrappers. 01839 */ 01840 #define MBEDTLS_MD_C 01841 01842 /** 01843 * \def MBEDTLS_MD2_C 01844 * 01845 * Enable the MD2 hash algorithm. 01846 * 01847 * Module: library/mbedtls_md2.c 01848 * Caller: 01849 * 01850 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01851 */ 01852 //#define MBEDTLS_MD2_C 01853 01854 /** 01855 * \def MBEDTLS_MD4_C 01856 * 01857 * Enable the MD4 hash algorithm. 01858 * 01859 * Module: library/mbedtls_md4.c 01860 * Caller: 01861 * 01862 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01863 */ 01864 //#define MBEDTLS_MD4_C 01865 01866 /** 01867 * \def MBEDTLS_MD5_C 01868 * 01869 * Enable the MD5 hash algorithm. 01870 * 01871 * Module: library/mbedtls_md5.c 01872 * Caller: library/mbedtls_md.c 01873 * library/pem.c 01874 * library/ssl_tls.c 01875 * 01876 * This module is required for SSL/TLS and X.509. 01877 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01878 */ 01879 //#define MBEDTLS_MD5_C 01880 01881 /** 01882 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01883 * 01884 * Enable the buffer allocator implementation that makes use of a (stack) 01885 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01886 * calls) 01887 * 01888 * Module: library/memory_buffer_alloc.c 01889 * 01890 * Requires: MBEDTLS_PLATFORM_C 01891 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 01892 * 01893 * Enable this module to enable the buffer memory allocator. 01894 */ 01895 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 01896 01897 /** 01898 * \def MBEDTLS_NET_C 01899 * 01900 * Enable the TCP/IP networking routines. 01901 * 01902 * Module: library/net.c 01903 * 01904 * This module provides TCP/IP networking routines. 01905 */ 01906 //#define MBEDTLS_NET_C 01907 01908 /** 01909 * \def MBEDTLS_OID_C 01910 * 01911 * Enable the OID database. 01912 * 01913 * Module: library/oid.c 01914 * Caller: library/asn1write.c 01915 * library/pkcs5.c 01916 * library/pkparse.c 01917 * library/pkwrite.c 01918 * library/rsa.c 01919 * library/x509.c 01920 * library/x509_create.c 01921 * library/mbedtls_x509_crl.c 01922 * library/mbedtls_x509_crt.c 01923 * library/mbedtls_x509_csr.c 01924 * library/x509write_crt.c 01925 * library/mbedtls_x509write_csr.c 01926 * 01927 * This modules translates between OIDs and internal values. 01928 */ 01929 #define MBEDTLS_OID_C 01930 01931 /** 01932 * \def MBEDTLS_PADLOCK_C 01933 * 01934 * Enable VIA Padlock support on x86. 01935 * 01936 * Module: library/padlock.c 01937 * Caller: library/aes.c 01938 * 01939 * Requires: MBEDTLS_HAVE_ASM 01940 * 01941 * This modules adds support for the VIA PadLock on x86. 01942 */ 01943 //#define MBEDTLS_PADLOCK_C 01944 01945 /** 01946 * \def MBEDTLS_PEM_PARSE_C 01947 * 01948 * Enable PEM decoding / parsing. 01949 * 01950 * Module: library/pem.c 01951 * Caller: library/dhm.c 01952 * library/pkparse.c 01953 * library/mbedtls_x509_crl.c 01954 * library/mbedtls_x509_crt.c 01955 * library/mbedtls_x509_csr.c 01956 * 01957 * Requires: MBEDTLS_BASE64_C 01958 * 01959 * This modules adds support for decoding / parsing PEM files. 01960 */ 01961 #define MBEDTLS_PEM_PARSE_C 01962 01963 /** 01964 * \def MBEDTLS_PEM_WRITE_C 01965 * 01966 * Enable PEM encoding / writing. 01967 * 01968 * Module: library/pem.c 01969 * Caller: library/pkwrite.c 01970 * library/x509write_crt.c 01971 * library/mbedtls_x509write_csr.c 01972 * 01973 * Requires: MBEDTLS_BASE64_C 01974 * 01975 * This modules adds support for encoding / writing PEM files. 01976 */ 01977 //#define MBEDTLS_PEM_WRITE_C 01978 01979 /** 01980 * \def MBEDTLS_PK_C 01981 * 01982 * Enable the generic public (asymetric) key layer. 01983 * 01984 * Module: library/pk.c 01985 * Caller: library/ssl_tls.c 01986 * library/ssl_cli.c 01987 * library/ssl_srv.c 01988 * 01989 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 01990 * 01991 * Uncomment to enable generic public key wrappers. 01992 */ 01993 #define MBEDTLS_PK_C 01994 01995 /** 01996 * \def MBEDTLS_PK_PARSE_C 01997 * 01998 * Enable the generic public (asymetric) key parser. 01999 * 02000 * Module: library/pkparse.c 02001 * Caller: library/mbedtls_x509_crt.c 02002 * library/mbedtls_x509_csr.c 02003 * 02004 * Requires: MBEDTLS_PK_C 02005 * 02006 * Uncomment to enable generic public key parse functions. 02007 */ 02008 #define MBEDTLS_PK_PARSE_C 02009 02010 /** 02011 * \def MBEDTLS_PK_WRITE_C 02012 * 02013 * Enable the generic public (asymetric) key writer. 02014 * 02015 * Module: library/pkwrite.c 02016 * Caller: library/x509write.c 02017 * 02018 * Requires: MBEDTLS_PK_C 02019 * 02020 * Uncomment to enable generic public key write functions. 02021 */ 02022 #define MBEDTLS_PK_WRITE_C 02023 02024 /** 02025 * \def MBEDTLS_PKCS5_C 02026 * 02027 * Enable PKCS#5 functions. 02028 * 02029 * Module: library/pkcs5.c 02030 * 02031 * Requires: MBEDTLS_MD_C 02032 * 02033 * This module adds support for the PKCS#5 functions. 02034 */ 02035 //#define MBEDTLS_PKCS5_C 02036 02037 /** 02038 * \def MBEDTLS_PKCS11_C 02039 * 02040 * Enable wrapper for PKCS#11 smartcard support. 02041 * 02042 * Module: library/pkcs11.c 02043 * Caller: library/pk.c 02044 * 02045 * Requires: MBEDTLS_PK_C 02046 * 02047 * This module enables SSL/TLS PKCS #11 smartcard support. 02048 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02049 */ 02050 //#define MBEDTLS_PKCS11_C 02051 02052 /** 02053 * \def MBEDTLS_PKCS12_C 02054 * 02055 * Enable PKCS#12 PBE functions. 02056 * Adds algorithms for parsing PKCS#8 encrypted private keys 02057 * 02058 * Module: library/pkcs12.c 02059 * Caller: library/pkparse.c 02060 * 02061 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02062 * Can use: MBEDTLS_ARC4_C 02063 * 02064 * This module enables PKCS#12 functions. 02065 */ 02066 //#define MBEDTLS_PKCS12_C 02067 02068 /** 02069 * \def MBEDTLS_PLATFORM_C 02070 * 02071 * Enable the platform abstraction layer that allows you to re-assign 02072 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02073 * 02074 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02075 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02076 * above to be specified at runtime or compile time respectively. 02077 * 02078 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02079 * as other module rely on it for a fixed snprintf implementation. 02080 * 02081 * Module: library/platform.c 02082 * Caller: Most other .c files 02083 * 02084 * This module enables abstraction of common (libc) functions. 02085 */ 02086 #define MBEDTLS_PLATFORM_C 02087 02088 /** 02089 * \def MBEDTLS_RIPEMD160_C 02090 * 02091 * Enable the RIPEMD-160 hash algorithm. 02092 * 02093 * Module: library/mbedtls_ripemd160.c 02094 * Caller: library/mbedtls_md.c 02095 * 02096 */ 02097 //#define MBEDTLS_RIPEMD160_C 02098 02099 /** 02100 * \def MBEDTLS_RSA_C 02101 * 02102 * Enable the RSA public-key cryptosystem. 02103 * 02104 * Module: library/rsa.c 02105 * Caller: library/ssl_cli.c 02106 * library/ssl_srv.c 02107 * library/ssl_tls.c 02108 * library/x509.c 02109 * 02110 * This module is used by the following key exchanges: 02111 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02112 * 02113 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02114 */ 02115 #define MBEDTLS_RSA_C 02116 02117 /** 02118 * \def MBEDTLS_SHA1_C 02119 * 02120 * Enable the SHA1 cryptographic hash algorithm. 02121 * 02122 * Module: library/mbedtls_sha1.c 02123 * Caller: library/mbedtls_md.c 02124 * library/ssl_cli.c 02125 * library/ssl_srv.c 02126 * library/ssl_tls.c 02127 * library/x509write_crt.c 02128 * 02129 * This module is required for SSL/TLS and SHA1-signed certificates. 02130 */ 02131 //#define MBEDTLS_SHA1_C 02132 02133 /** 02134 * \def MBEDTLS_SHA256_C 02135 * 02136 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02137 * 02138 * Module: library/mbedtls_sha256.c 02139 * Caller: library/entropy.c 02140 * library/mbedtls_md.c 02141 * library/ssl_cli.c 02142 * library/ssl_srv.c 02143 * library/ssl_tls.c 02144 * 02145 * This module adds support for SHA-224 and SHA-256. 02146 * This module is required for the SSL/TLS 1.2 PRF function. 02147 */ 02148 #define MBEDTLS_SHA256_C 02149 02150 /** 02151 * \def MBEDTLS_SHA512_C 02152 * 02153 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02154 * 02155 * Module: library/mbedtls_sha512.c 02156 * Caller: library/entropy.c 02157 * library/mbedtls_md.c 02158 * library/ssl_cli.c 02159 * library/ssl_srv.c 02160 * 02161 * This module adds support for SHA-384 and SHA-512. 02162 */ 02163 #define MBEDTLS_SHA512_C 02164 02165 /** 02166 * \def MBEDTLS_SSL_CACHE_C 02167 * 02168 * Enable simple SSL cache implementation. 02169 * 02170 * Module: library/ssl_cache.c 02171 * Caller: 02172 * 02173 * Requires: MBEDTLS_SSL_CACHE_C 02174 */ 02175 #define MBEDTLS_SSL_CACHE_C 02176 02177 /** 02178 * \def MBEDTLS_SSL_COOKIE_C 02179 * 02180 * Enable basic implementation of DTLS cookies for hello verification. 02181 * 02182 * Module: library/ssl_cookie.c 02183 * Caller: 02184 */ 02185 #define MBEDTLS_SSL_COOKIE_C 02186 02187 /** 02188 * \def MBEDTLS_SSL_TICKET_C 02189 * 02190 * Enable an implementation of TLS server-side callbacks for session tickets. 02191 * 02192 * Module: library/ssl_ticket.c 02193 * Caller: 02194 * 02195 * Requires: MBEDTLS_CIPHER_C 02196 */ 02197 #define MBEDTLS_SSL_TICKET_C 02198 02199 /** 02200 * \def MBEDTLS_SSL_CLI_C 02201 * 02202 * Enable the SSL/TLS client code. 02203 * 02204 * Module: library/ssl_cli.c 02205 * Caller: 02206 * 02207 * Requires: MBEDTLS_SSL_TLS_C 02208 * 02209 * This module is required for SSL/TLS client support. 02210 */ 02211 #define MBEDTLS_SSL_CLI_C 02212 02213 /** 02214 * \def MBEDTLS_SSL_SRV_C 02215 * 02216 * Enable the SSL/TLS server code. 02217 * 02218 * Module: library/ssl_srv.c 02219 * Caller: 02220 * 02221 * Requires: MBEDTLS_SSL_TLS_C 02222 * 02223 * This module is required for SSL/TLS server support. 02224 */ 02225 #define MBEDTLS_SSL_SRV_C 02226 02227 /** 02228 * \def MBEDTLS_SSL_TLS_C 02229 * 02230 * Enable the generic SSL/TLS code. 02231 * 02232 * Module: library/ssl_tls.c 02233 * Caller: library/ssl_cli.c 02234 * library/ssl_srv.c 02235 * 02236 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02237 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02238 * 02239 * This module is required for SSL/TLS. 02240 */ 02241 #define MBEDTLS_SSL_TLS_C 02242 02243 /** 02244 * \def MBEDTLS_THREADING_C 02245 * 02246 * Enable the threading abstraction layer. 02247 * By default mbed TLS assumes it is used in a non-threaded environment or that 02248 * contexts are not shared between threads. If you do intend to use contexts 02249 * between threads, you will need to enable this layer to prevent race 02250 * conditions. 02251 * 02252 * Module: library/threading.c 02253 * 02254 * This allows different threading implementations (self-implemented or 02255 * provided). 02256 * 02257 * You will have to enable either MBEDTLS_THREADING_ALT or 02258 * MBEDTLS_THREADING_PTHREAD. 02259 * 02260 * Enable this layer to allow use of mutexes within mbed TLS 02261 */ 02262 //#define MBEDTLS_THREADING_C 02263 02264 /** 02265 * \def MBEDTLS_TIMING_C 02266 * 02267 * Enable the portable timing interface. 02268 * 02269 * Module: library/timing.c 02270 * Caller: library/havege.c 02271 * 02272 * This module is used by the HAVEGE random number generator. 02273 */ 02274 //#define MBEDTLS_TIMING_C 02275 02276 /** 02277 * \def MBEDTLS_VERSION_C 02278 * 02279 * Enable run-time version information. 02280 * 02281 * Module: library/version.c 02282 * 02283 * This module provides run-time version information. 02284 */ 02285 #define MBEDTLS_VERSION_C 02286 02287 /** 02288 * \def MBEDTLS_X509_USE_C 02289 * 02290 * Enable X.509 core for using certificates. 02291 * 02292 * Module: library/x509.c 02293 * Caller: library/mbedtls_x509_crl.c 02294 * library/mbedtls_x509_crt.c 02295 * library/mbedtls_x509_csr.c 02296 * 02297 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02298 * MBEDTLS_PK_PARSE_C 02299 * 02300 * This module is required for the X.509 parsing modules. 02301 */ 02302 #define MBEDTLS_X509_USE_C 02303 02304 /** 02305 * \def MBEDTLS_X509_CRT_PARSE_C 02306 * 02307 * Enable X.509 certificate parsing. 02308 * 02309 * Module: library/mbedtls_x509_crt.c 02310 * Caller: library/ssl_cli.c 02311 * library/ssl_srv.c 02312 * library/ssl_tls.c 02313 * 02314 * Requires: MBEDTLS_X509_USE_C 02315 * 02316 * This module is required for X.509 certificate parsing. 02317 */ 02318 #define MBEDTLS_X509_CRT_PARSE_C 02319 02320 /** 02321 * \def MBEDTLS_X509_CRL_PARSE_C 02322 * 02323 * Enable X.509 CRL parsing. 02324 * 02325 * Module: library/mbedtls_x509_crl.c 02326 * Caller: library/mbedtls_x509_crt.c 02327 * 02328 * Requires: MBEDTLS_X509_USE_C 02329 * 02330 * This module is required for X.509 CRL parsing. 02331 */ 02332 #define MBEDTLS_X509_CRL_PARSE_C 02333 02334 /** 02335 * \def MBEDTLS_X509_CSR_PARSE_C 02336 * 02337 * Enable X.509 Certificate Signing Request (CSR) parsing. 02338 * 02339 * Module: library/mbedtls_x509_csr.c 02340 * Caller: library/x509_crt_write.c 02341 * 02342 * Requires: MBEDTLS_X509_USE_C 02343 * 02344 * This module is used for reading X.509 certificate request. 02345 */ 02346 //#define MBEDTLS_X509_CSR_PARSE_C 02347 02348 /** 02349 * \def MBEDTLS_X509_CREATE_C 02350 * 02351 * Enable X.509 core for creating certificates. 02352 * 02353 * Module: library/x509_create.c 02354 * 02355 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02356 * 02357 * This module is the basis for creating X.509 certificates and CSRs. 02358 */ 02359 //#define MBEDTLS_X509_CREATE_C 02360 02361 /** 02362 * \def MBEDTLS_X509_CRT_WRITE_C 02363 * 02364 * Enable creating X.509 certificates. 02365 * 02366 * Module: library/x509_crt_write.c 02367 * 02368 * Requires: MBEDTLS_X509_CREATE_C 02369 * 02370 * This module is required for X.509 certificate creation. 02371 */ 02372 //#define MBEDTLS_X509_CRT_WRITE_C 02373 02374 /** 02375 * \def MBEDTLS_X509_CSR_WRITE_C 02376 * 02377 * Enable creating X.509 Certificate Signing Requests (CSR). 02378 * 02379 * Module: library/x509_csr_write.c 02380 * 02381 * Requires: MBEDTLS_X509_CREATE_C 02382 * 02383 * This module is required for X.509 certificate request writing. 02384 */ 02385 //#define MBEDTLS_X509_CSR_WRITE_C 02386 02387 /** 02388 * \def MBEDTLS_XTEA_C 02389 * 02390 * Enable the XTEA block cipher. 02391 * 02392 * Module: library/xtea.c 02393 * Caller: 02394 */ 02395 //#define MBEDTLS_XTEA_C 02396 02397 /* \} name SECTION: mbed TLS modules */ 02398 02399 /** 02400 * \name SECTION: Module configuration options 02401 * 02402 * This section allows for the setting of module specific sizes and 02403 * configuration options. The default values are already present in the 02404 * relevant header files and should suffice for the regular use cases. 02405 * 02406 * Our advice is to enable options and change their values here 02407 * only if you have a good reason and know the consequences. 02408 * 02409 * Please check the respective header file for documentation on these 02410 * parameters (to prevent duplicate documentation). 02411 * \{ 02412 */ 02413 02414 /* MPI / BIGNUM options */ 02415 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02416 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02417 02418 /* CTR_DRBG options */ 02419 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02420 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02421 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02422 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02423 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02424 02425 /* HMAC_DRBG options */ 02426 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02427 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02428 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02429 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02430 02431 /* ECP options */ 02432 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02433 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02434 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02435 02436 /* Entropy options */ 02437 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02438 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02439 02440 /* Memory buffer allocator options */ 02441 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02442 02443 /* Platform options */ 02444 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02445 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02446 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02447 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02448 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02449 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02450 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02451 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02452 02453 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02454 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02455 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02456 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02457 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02458 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02459 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02460 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02461 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02462 02463 /* SSL Cache options */ 02464 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02465 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02466 02467 /* SSL options */ 02468 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02469 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02470 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02471 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02472 02473 /** 02474 * Complete list of ciphersuites to use, in order of preference. 02475 * 02476 * \warning No dependency checking is done on that field! This option can only 02477 * be used to restrict the set of available ciphersuites. It is your 02478 * responsibility to make sure the needed modules are active. 02479 * 02480 * Use this to save a few hundred bytes of ROM (default ordering of all 02481 * available ciphersuites) and a few to a few hundred bytes of RAM. 02482 * 02483 * The value below is only an example, not the default. 02484 */ 02485 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02486 02487 /* X509 options */ 02488 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02489 02490 /* \} name SECTION: Module configuration options */ 02491 02492 #if defined(TARGET_LIKE_MBED) 02493 #include "mbedtls/target_config.h" 02494 #endif 02495 02496 /* 02497 * Allow user to override any previous default. 02498 * 02499 * Use two macro names for that, as: 02500 * - with yotta the prefix YOTTA_CFG_ is forced 02501 * - without yotta is looks weird to have a YOTTA prefix. 02502 */ 02503 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02504 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02505 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02506 #include MBEDTLS_USER_CONFIG_FILE 02507 #endif 02508 02509 #include "check_config.h" 02510 02511 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 19:08:11 by
1.7.2