HTTP and HTTPS example application for Mbed OS 5
Dependencies: mbed-http
This application demonstrates how to make HTTP and HTTPS requests and parse the response from Mbed OS 5.
It consists of six example applications, which you can select in source/select-demo.h
:
- HTTP:
- Does a GET request to http:httpbin.org/status/418.
- Does a POST request to http:httpbin.org/post.
- HTTPS:
- Does a GET request to https:os.mbed.com/media/uploads/mbed_official/hello.txt.
- Does a POST request to https:httpbin.org/post.
- HTTP with socket re-use.
- HTTPS with socket re-use.
- HTTP over IPv6.
- HTTPS with chunked requests.
Response parsing is done through nodejs/http-parser.
Note: HTTPS requests do not work on targets with less than 128K of RAM due to the size of the TLS handshake. For more background see mbed-http.
To build
- If you're using WiFi, specify the credentials in
mbed_app.json
. - Build the project in the online compiler or using Mbed CLI.
- Flash the project to your development board.
- Attach a serial monitor to your board to see the debug messages.
Defining the network interface
This application uses the on-board network interface for your board. If you use an external network interface (f.e. a WiFi module) you need to add the driver to this project. Then, open network-helper.h
and specify which network driver to use.
More information is in the Mbed OS documentation under IP Networking.
Entropy (or lack thereof)
On all platforms that do not have the TRNG
feature, the application is compiled without TLS entropy sources. This means that your code is inherently unsafe and should not be deployed to any production systems. To enable entropy, remove the MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
and MBEDTLS_TEST_NULL_ENTROPY
macros from mbed_app.json.
Flash size
Default flash size for HTTPS is very large, as the application is loading the default Mbed TLS configuration. To use a more optimized version, you can disable unused cypher suites and other Mbed TLS features with a custom configuration file. Create a new configuration file, then add in mbed_app.json
:
"MBEDTLS_CONFIG_FILE=\"mbedtls_config.h\""
to the macros
array.
Running tests
You can run the integration tests from this project via Mbed CLI.
- In
select-demo.h
set theDEMO
macro toDEMO_TESTS
. - Set your WiFi credentials in
mbed_app.json
. - Then run the tests via:
$ mbed test -v -n mbed-http-tests-tests-*
Tested on
- K64F with Ethernet.
- NUCLEO_F411RE with ESP8266 (not working on Mbed OS 5.12+)
- ODIN-W2 with WiFi.
- K64F with Atmel 6LoWPAN shield.
- DISCO-L475VG-IOT01A with WiFi (requires the wifi-ism43362 driver).
mbedtls_config.h@27:6554d4f5f1c3, 2018-01-25 (annotated)
- Committer:
- Jan Jongboom
- Date:
- Thu Jan 25 10:15:15 2018 +0200
- Revision:
- 27:6554d4f5f1c3
- Parent:
- 18:b661324be638
Fix superfluous \r\n after request body in mbed-http
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
Jan Jongboom |
18:b661324be638 | 1 | /** |
Jan Jongboom |
18:b661324be638 | 2 | * \file config.h |
Jan Jongboom |
18:b661324be638 | 3 | * |
Jan Jongboom |
18:b661324be638 | 4 | * \brief Configuration options (set of defines) |
Jan Jongboom |
18:b661324be638 | 5 | * |
Jan Jongboom |
18:b661324be638 | 6 | * This set of compile-time options may be used to enable |
Jan Jongboom |
18:b661324be638 | 7 | * or disable features selectively, and reduce the global |
Jan Jongboom |
18:b661324be638 | 8 | * memory footprint. |
Jan Jongboom |
18:b661324be638 | 9 | * |
Jan Jongboom |
18:b661324be638 | 10 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
Jan Jongboom |
18:b661324be638 | 11 | * SPDX-License-Identifier: Apache-2.0 |
Jan Jongboom |
18:b661324be638 | 12 | * |
Jan Jongboom |
18:b661324be638 | 13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
Jan Jongboom |
18:b661324be638 | 14 | * not use this file except in compliance with the License. |
Jan Jongboom |
18:b661324be638 | 15 | * You may obtain a copy of the License at |
Jan Jongboom |
18:b661324be638 | 16 | * |
Jan Jongboom |
18:b661324be638 | 17 | * http://www.apache.org/licenses/LICENSE-2.0 |
Jan Jongboom |
18:b661324be638 | 18 | * |
Jan Jongboom |
18:b661324be638 | 19 | * Unless required by applicable law or agreed to in writing, software |
Jan Jongboom |
18:b661324be638 | 20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
Jan Jongboom |
18:b661324be638 | 21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
Jan Jongboom |
18:b661324be638 | 22 | * See the License for the specific language governing permissions and |
Jan Jongboom |
18:b661324be638 | 23 | * limitations under the License. |
Jan Jongboom |
18:b661324be638 | 24 | * |
Jan Jongboom |
18:b661324be638 | 25 | * This file is part of mbed TLS (https://tls.mbed.org) |
Jan Jongboom |
18:b661324be638 | 26 | */ |
Jan Jongboom |
18:b661324be638 | 27 | |
Jan Jongboom |
18:b661324be638 | 28 | #ifndef MBEDTLS_CONFIG_H |
Jan Jongboom |
18:b661324be638 | 29 | |
Jan Jongboom |
18:b661324be638 | 30 | #include "platform/inc/platform_mbed.h" |
Jan Jongboom |
18:b661324be638 | 31 | |
Jan Jongboom |
18:b661324be638 | 32 | /* |
Jan Jongboom |
18:b661324be638 | 33 | * Only use features that do not require an entropy source when |
Jan Jongboom |
18:b661324be638 | 34 | * DEVICE_ENTROPY_SOURCE is not defined in mbed OS. |
Jan Jongboom |
18:b661324be638 | 35 | */ |
Jan Jongboom |
18:b661324be638 | 36 | #if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && !defined(MBEDTLS_TEST_NULL_ENTROPY) |
Jan Jongboom |
18:b661324be638 | 37 | #include "mbedtls/config-no-entropy.h" |
Jan Jongboom |
18:b661324be638 | 38 | |
Jan Jongboom |
18:b661324be638 | 39 | #if defined(MBEDTLS_USER_CONFIG_FILE) |
Jan Jongboom |
18:b661324be638 | 40 | #include MBEDTLS_USER_CONFIG_FILE |
Jan Jongboom |
18:b661324be638 | 41 | #endif |
Jan Jongboom |
18:b661324be638 | 42 | |
Jan Jongboom |
18:b661324be638 | 43 | #else |
Jan Jongboom |
18:b661324be638 | 44 | #define MBEDTLS_CONFIG_H |
Jan Jongboom |
18:b661324be638 | 45 | |
Jan Jongboom |
18:b661324be638 | 46 | #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) |
Jan Jongboom |
18:b661324be638 | 47 | #define _CRT_SECURE_NO_DEPRECATE 1 |
Jan Jongboom |
18:b661324be638 | 48 | #endif |
Jan Jongboom |
18:b661324be638 | 49 | |
Jan Jongboom |
18:b661324be638 | 50 | /** |
Jan Jongboom |
18:b661324be638 | 51 | * \name SECTION: System support |
Jan Jongboom |
18:b661324be638 | 52 | * |
Jan Jongboom |
18:b661324be638 | 53 | * This section sets system specific settings. |
Jan Jongboom |
18:b661324be638 | 54 | * \{ |
Jan Jongboom |
18:b661324be638 | 55 | */ |
Jan Jongboom |
18:b661324be638 | 56 | |
Jan Jongboom |
18:b661324be638 | 57 | /** |
Jan Jongboom |
18:b661324be638 | 58 | * \def MBEDTLS_HAVE_ASM |
Jan Jongboom |
18:b661324be638 | 59 | * |
Jan Jongboom |
18:b661324be638 | 60 | * The compiler has support for asm(). |
Jan Jongboom |
18:b661324be638 | 61 | * |
Jan Jongboom |
18:b661324be638 | 62 | * Requires support for asm() in compiler. |
Jan Jongboom |
18:b661324be638 | 63 | * |
Jan Jongboom |
18:b661324be638 | 64 | * Used in: |
Jan Jongboom |
18:b661324be638 | 65 | * library/timing.c |
Jan Jongboom |
18:b661324be638 | 66 | * library/padlock.c |
Jan Jongboom |
18:b661324be638 | 67 | * include/mbedtls/bn_mul.h |
Jan Jongboom |
18:b661324be638 | 68 | * |
Jan Jongboom |
18:b661324be638 | 69 | * Comment to disable the use of assembly code. |
Jan Jongboom |
18:b661324be638 | 70 | */ |
Jan Jongboom |
18:b661324be638 | 71 | #define MBEDTLS_HAVE_ASM |
Jan Jongboom |
18:b661324be638 | 72 | |
Jan Jongboom |
18:b661324be638 | 73 | /** |
Jan Jongboom |
18:b661324be638 | 74 | * \def MBEDTLS_NO_UDBL_DIVISION |
Jan Jongboom |
18:b661324be638 | 75 | * |
Jan Jongboom |
18:b661324be638 | 76 | * The platform lacks support for double-width integer division (64-bit |
Jan Jongboom |
18:b661324be638 | 77 | * division on a 32-bit platform, 128-bit division on a 64-bit platform). |
Jan Jongboom |
18:b661324be638 | 78 | * |
Jan Jongboom |
18:b661324be638 | 79 | * Used in: |
Jan Jongboom |
18:b661324be638 | 80 | * include/mbedtls/bignum.h |
Jan Jongboom |
18:b661324be638 | 81 | * library/bignum.c |
Jan Jongboom |
18:b661324be638 | 82 | * |
Jan Jongboom |
18:b661324be638 | 83 | * The bignum code uses double-width division to speed up some operations. |
Jan Jongboom |
18:b661324be638 | 84 | * Double-width division is often implemented in software that needs to |
Jan Jongboom |
18:b661324be638 | 85 | * be linked with the program. The presence of a double-width integer |
Jan Jongboom |
18:b661324be638 | 86 | * type is usually detected automatically through preprocessor macros, |
Jan Jongboom |
18:b661324be638 | 87 | * but the automatic detection cannot know whether the code needs to |
Jan Jongboom |
18:b661324be638 | 88 | * and can be linked with an implementation of division for that type. |
Jan Jongboom |
18:b661324be638 | 89 | * By default division is assumed to be usable if the type is present. |
Jan Jongboom |
18:b661324be638 | 90 | * Uncomment this option to prevent the use of double-width division. |
Jan Jongboom |
18:b661324be638 | 91 | * |
Jan Jongboom |
18:b661324be638 | 92 | * Note that division for the native integer type is always required. |
Jan Jongboom |
18:b661324be638 | 93 | * Furthermore, a 64-bit type is always required even on a 32-bit |
Jan Jongboom |
18:b661324be638 | 94 | * platform, but it need not support multiplication or division. In some |
Jan Jongboom |
18:b661324be638 | 95 | * cases it is also desirable to disable some double-width operations. For |
Jan Jongboom |
18:b661324be638 | 96 | * example, if double-width division is implemented in software, disabling |
Jan Jongboom |
18:b661324be638 | 97 | * it can reduce code size in some embedded targets. |
Jan Jongboom |
18:b661324be638 | 98 | */ |
Jan Jongboom |
18:b661324be638 | 99 | //#define MBEDTLS_NO_UDBL_DIVISION |
Jan Jongboom |
18:b661324be638 | 100 | |
Jan Jongboom |
18:b661324be638 | 101 | /** |
Jan Jongboom |
18:b661324be638 | 102 | * \def MBEDTLS_HAVE_SSE2 |
Jan Jongboom |
18:b661324be638 | 103 | * |
Jan Jongboom |
18:b661324be638 | 104 | * CPU supports SSE2 instruction set. |
Jan Jongboom |
18:b661324be638 | 105 | * |
Jan Jongboom |
18:b661324be638 | 106 | * Uncomment if the CPU supports SSE2 (IA-32 specific). |
Jan Jongboom |
18:b661324be638 | 107 | */ |
Jan Jongboom |
18:b661324be638 | 108 | //#define MBEDTLS_HAVE_SSE2 |
Jan Jongboom |
18:b661324be638 | 109 | |
Jan Jongboom |
18:b661324be638 | 110 | /** |
Jan Jongboom |
18:b661324be638 | 111 | * \def MBEDTLS_HAVE_TIME |
Jan Jongboom |
18:b661324be638 | 112 | * |
Jan Jongboom |
18:b661324be638 | 113 | * System has time.h and time(). |
Jan Jongboom |
18:b661324be638 | 114 | * The time does not need to be correct, only time differences are used, |
Jan Jongboom |
18:b661324be638 | 115 | * by contrast with MBEDTLS_HAVE_TIME_DATE |
Jan Jongboom |
18:b661324be638 | 116 | * |
Jan Jongboom |
18:b661324be638 | 117 | * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, |
Jan Jongboom |
18:b661324be638 | 118 | * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and |
Jan Jongboom |
18:b661324be638 | 119 | * MBEDTLS_PLATFORM_STD_TIME. |
Jan Jongboom |
18:b661324be638 | 120 | * |
Jan Jongboom |
18:b661324be638 | 121 | * Comment if your system does not support time functions |
Jan Jongboom |
18:b661324be638 | 122 | */ |
Jan Jongboom |
18:b661324be638 | 123 | #define MBEDTLS_HAVE_TIME |
Jan Jongboom |
18:b661324be638 | 124 | |
Jan Jongboom |
18:b661324be638 | 125 | /** |
Jan Jongboom |
18:b661324be638 | 126 | * \def MBEDTLS_HAVE_TIME_DATE |
Jan Jongboom |
18:b661324be638 | 127 | * |
Jan Jongboom |
18:b661324be638 | 128 | * System has time.h and time(), gmtime() and the clock is correct. |
Jan Jongboom |
18:b661324be638 | 129 | * The time needs to be correct (not necesarily very accurate, but at least |
Jan Jongboom |
18:b661324be638 | 130 | * the date should be correct). This is used to verify the validity period of |
Jan Jongboom |
18:b661324be638 | 131 | * X.509 certificates. |
Jan Jongboom |
18:b661324be638 | 132 | * |
Jan Jongboom |
18:b661324be638 | 133 | * Comment if your system does not have a correct clock. |
Jan Jongboom |
18:b661324be638 | 134 | */ |
Jan Jongboom |
18:b661324be638 | 135 | //#define MBEDTLS_HAVE_TIME_DATE |
Jan Jongboom |
18:b661324be638 | 136 | |
Jan Jongboom |
18:b661324be638 | 137 | /** |
Jan Jongboom |
18:b661324be638 | 138 | * \def MBEDTLS_PLATFORM_MEMORY |
Jan Jongboom |
18:b661324be638 | 139 | * |
Jan Jongboom |
18:b661324be638 | 140 | * Enable the memory allocation layer. |
Jan Jongboom |
18:b661324be638 | 141 | * |
Jan Jongboom |
18:b661324be638 | 142 | * By default mbed TLS uses the system-provided calloc() and free(). |
Jan Jongboom |
18:b661324be638 | 143 | * This allows different allocators (self-implemented or provided) to be |
Jan Jongboom |
18:b661324be638 | 144 | * provided to the platform abstraction layer. |
Jan Jongboom |
18:b661324be638 | 145 | * |
Jan Jongboom |
18:b661324be638 | 146 | * Enabling MBEDTLS_PLATFORM_MEMORY without the |
Jan Jongboom |
18:b661324be638 | 147 | * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide |
Jan Jongboom |
18:b661324be638 | 148 | * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and |
Jan Jongboom |
18:b661324be638 | 149 | * free() function pointer at runtime. |
Jan Jongboom |
18:b661324be638 | 150 | * |
Jan Jongboom |
18:b661324be638 | 151 | * Enabling MBEDTLS_PLATFORM_MEMORY and specifying |
Jan Jongboom |
18:b661324be638 | 152 | * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the |
Jan Jongboom |
18:b661324be638 | 153 | * alternate function at compile time. |
Jan Jongboom |
18:b661324be638 | 154 | * |
Jan Jongboom |
18:b661324be638 | 155 | * Requires: MBEDTLS_PLATFORM_C |
Jan Jongboom |
18:b661324be638 | 156 | * |
Jan Jongboom |
18:b661324be638 | 157 | * Enable this layer to allow use of alternative memory allocators. |
Jan Jongboom |
18:b661324be638 | 158 | */ |
Jan Jongboom |
18:b661324be638 | 159 | //#define MBEDTLS_PLATFORM_MEMORY |
Jan Jongboom |
18:b661324be638 | 160 | |
Jan Jongboom |
18:b661324be638 | 161 | /** |
Jan Jongboom |
18:b661324be638 | 162 | * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
Jan Jongboom |
18:b661324be638 | 163 | * |
Jan Jongboom |
18:b661324be638 | 164 | * Do not assign standard functions in the platform layer (e.g. calloc() to |
Jan Jongboom |
18:b661324be638 | 165 | * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) |
Jan Jongboom |
18:b661324be638 | 166 | * |
Jan Jongboom |
18:b661324be638 | 167 | * This makes sure there are no linking errors on platforms that do not support |
Jan Jongboom |
18:b661324be638 | 168 | * these functions. You will HAVE to provide alternatives, either at runtime |
Jan Jongboom |
18:b661324be638 | 169 | * via the platform_set_xxx() functions or at compile time by setting |
Jan Jongboom |
18:b661324be638 | 170 | * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a |
Jan Jongboom |
18:b661324be638 | 171 | * MBEDTLS_PLATFORM_XXX_MACRO. |
Jan Jongboom |
18:b661324be638 | 172 | * |
Jan Jongboom |
18:b661324be638 | 173 | * Requires: MBEDTLS_PLATFORM_C |
Jan Jongboom |
18:b661324be638 | 174 | * |
Jan Jongboom |
18:b661324be638 | 175 | * Uncomment to prevent default assignment of standard functions in the |
Jan Jongboom |
18:b661324be638 | 176 | * platform layer. |
Jan Jongboom |
18:b661324be638 | 177 | */ |
Jan Jongboom |
18:b661324be638 | 178 | //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS |
Jan Jongboom |
18:b661324be638 | 179 | |
Jan Jongboom |
18:b661324be638 | 180 | /** |
Jan Jongboom |
18:b661324be638 | 181 | * \def MBEDTLS_PLATFORM_EXIT_ALT |
Jan Jongboom |
18:b661324be638 | 182 | * |
Jan Jongboom |
18:b661324be638 | 183 | * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the |
Jan Jongboom |
18:b661324be638 | 184 | * function in the platform abstraction layer. |
Jan Jongboom |
18:b661324be638 | 185 | * |
Jan Jongboom |
18:b661324be638 | 186 | * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will |
Jan Jongboom |
18:b661324be638 | 187 | * provide a function "mbedtls_platform_set_printf()" that allows you to set an |
Jan Jongboom |
18:b661324be638 | 188 | * alternative printf function pointer. |
Jan Jongboom |
18:b661324be638 | 189 | * |
Jan Jongboom |
18:b661324be638 | 190 | * All these define require MBEDTLS_PLATFORM_C to be defined! |
Jan Jongboom |
18:b661324be638 | 191 | * |
Jan Jongboom |
18:b661324be638 | 192 | * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; |
Jan Jongboom |
18:b661324be638 | 193 | * it will be enabled automatically by check_config.h |
Jan Jongboom |
18:b661324be638 | 194 | * |
Jan Jongboom |
18:b661324be638 | 195 | * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as |
Jan Jongboom |
18:b661324be638 | 196 | * MBEDTLS_PLATFORM_XXX_MACRO! |
Jan Jongboom |
18:b661324be638 | 197 | * |
Jan Jongboom |
18:b661324be638 | 198 | * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME |
Jan Jongboom |
18:b661324be638 | 199 | * |
Jan Jongboom |
18:b661324be638 | 200 | * Uncomment a macro to enable alternate implementation of specific base |
Jan Jongboom |
18:b661324be638 | 201 | * platform function |
Jan Jongboom |
18:b661324be638 | 202 | */ |
Jan Jongboom |
18:b661324be638 | 203 | //#define MBEDTLS_PLATFORM_EXIT_ALT |
Jan Jongboom |
18:b661324be638 | 204 | //#define MBEDTLS_PLATFORM_TIME_ALT |
Jan Jongboom |
18:b661324be638 | 205 | //#define MBEDTLS_PLATFORM_FPRINTF_ALT |
Jan Jongboom |
18:b661324be638 | 206 | //#define MBEDTLS_PLATFORM_PRINTF_ALT |
Jan Jongboom |
18:b661324be638 | 207 | //#define MBEDTLS_PLATFORM_SNPRINTF_ALT |
Jan Jongboom |
18:b661324be638 | 208 | //#define MBEDTLS_PLATFORM_NV_SEED_ALT |
Jan Jongboom |
18:b661324be638 | 209 | //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT |
Jan Jongboom |
18:b661324be638 | 210 | |
Jan Jongboom |
18:b661324be638 | 211 | /** |
Jan Jongboom |
18:b661324be638 | 212 | * \def MBEDTLS_DEPRECATED_WARNING |
Jan Jongboom |
18:b661324be638 | 213 | * |
Jan Jongboom |
18:b661324be638 | 214 | * Mark deprecated functions so that they generate a warning if used. |
Jan Jongboom |
18:b661324be638 | 215 | * Functions deprecated in one version will usually be removed in the next |
Jan Jongboom |
18:b661324be638 | 216 | * version. You can enable this to help you prepare the transition to a new |
Jan Jongboom |
18:b661324be638 | 217 | * major version by making sure your code is not using these functions. |
Jan Jongboom |
18:b661324be638 | 218 | * |
Jan Jongboom |
18:b661324be638 | 219 | * This only works with GCC and Clang. With other compilers, you may want to |
Jan Jongboom |
18:b661324be638 | 220 | * use MBEDTLS_DEPRECATED_REMOVED |
Jan Jongboom |
18:b661324be638 | 221 | * |
Jan Jongboom |
18:b661324be638 | 222 | * Uncomment to get warnings on using deprecated functions. |
Jan Jongboom |
18:b661324be638 | 223 | */ |
Jan Jongboom |
18:b661324be638 | 224 | //#define MBEDTLS_DEPRECATED_WARNING |
Jan Jongboom |
18:b661324be638 | 225 | |
Jan Jongboom |
18:b661324be638 | 226 | /** |
Jan Jongboom |
18:b661324be638 | 227 | * \def MBEDTLS_DEPRECATED_REMOVED |
Jan Jongboom |
18:b661324be638 | 228 | * |
Jan Jongboom |
18:b661324be638 | 229 | * Remove deprecated functions so that they generate an error if used. |
Jan Jongboom |
18:b661324be638 | 230 | * Functions deprecated in one version will usually be removed in the next |
Jan Jongboom |
18:b661324be638 | 231 | * version. You can enable this to help you prepare the transition to a new |
Jan Jongboom |
18:b661324be638 | 232 | * major version by making sure your code is not using these functions. |
Jan Jongboom |
18:b661324be638 | 233 | * |
Jan Jongboom |
18:b661324be638 | 234 | * Uncomment to get errors on using deprecated functions. |
Jan Jongboom |
18:b661324be638 | 235 | */ |
Jan Jongboom |
18:b661324be638 | 236 | //#define MBEDTLS_DEPRECATED_REMOVED |
Jan Jongboom |
18:b661324be638 | 237 | |
Jan Jongboom |
18:b661324be638 | 238 | /* \} name SECTION: System support */ |
Jan Jongboom |
18:b661324be638 | 239 | |
Jan Jongboom |
18:b661324be638 | 240 | /** |
Jan Jongboom |
18:b661324be638 | 241 | * \name SECTION: mbed TLS feature support |
Jan Jongboom |
18:b661324be638 | 242 | * |
Jan Jongboom |
18:b661324be638 | 243 | * This section sets support for features that are or are not needed |
Jan Jongboom |
18:b661324be638 | 244 | * within the modules that are enabled. |
Jan Jongboom |
18:b661324be638 | 245 | * \{ |
Jan Jongboom |
18:b661324be638 | 246 | */ |
Jan Jongboom |
18:b661324be638 | 247 | |
Jan Jongboom |
18:b661324be638 | 248 | /** |
Jan Jongboom |
18:b661324be638 | 249 | * \def MBEDTLS_TIMING_ALT |
Jan Jongboom |
18:b661324be638 | 250 | * |
Jan Jongboom |
18:b661324be638 | 251 | * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), |
Jan Jongboom |
18:b661324be638 | 252 | * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() |
Jan Jongboom |
18:b661324be638 | 253 | * |
Jan Jongboom |
18:b661324be638 | 254 | * Only works if you have MBEDTLS_TIMING_C enabled. |
Jan Jongboom |
18:b661324be638 | 255 | * |
Jan Jongboom |
18:b661324be638 | 256 | * You will need to provide a header "timing_alt.h" and an implementation at |
Jan Jongboom |
18:b661324be638 | 257 | * compile time. |
Jan Jongboom |
18:b661324be638 | 258 | */ |
Jan Jongboom |
18:b661324be638 | 259 | //#define MBEDTLS_TIMING_ALT |
Jan Jongboom |
18:b661324be638 | 260 | |
Jan Jongboom |
18:b661324be638 | 261 | /** |
Jan Jongboom |
18:b661324be638 | 262 | * \def MBEDTLS_AES_ALT |
Jan Jongboom |
18:b661324be638 | 263 | * |
Jan Jongboom |
18:b661324be638 | 264 | * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your |
Jan Jongboom |
18:b661324be638 | 265 | * alternate core implementation of a symmetric crypto, an arithmetic or hash |
Jan Jongboom |
18:b661324be638 | 266 | * module (e.g. platform specific assembly optimized implementations). Keep |
Jan Jongboom |
18:b661324be638 | 267 | * in mind that the function prototypes should remain the same. |
Jan Jongboom |
18:b661324be638 | 268 | * |
Jan Jongboom |
18:b661324be638 | 269 | * This replaces the whole module. If you only want to replace one of the |
Jan Jongboom |
18:b661324be638 | 270 | * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. |
Jan Jongboom |
18:b661324be638 | 271 | * |
Jan Jongboom |
18:b661324be638 | 272 | * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer |
Jan Jongboom |
18:b661324be638 | 273 | * provide the "struct mbedtls_aes_context" definition and omit the base |
Jan Jongboom |
18:b661324be638 | 274 | * function declarations and implementations. "aes_alt.h" will be included from |
Jan Jongboom |
18:b661324be638 | 275 | * "aes.h" to include the new function definitions. |
Jan Jongboom |
18:b661324be638 | 276 | * |
Jan Jongboom |
18:b661324be638 | 277 | * Uncomment a macro to enable alternate implementation of the corresponding |
Jan Jongboom |
18:b661324be638 | 278 | * module. |
Jan Jongboom |
18:b661324be638 | 279 | */ |
Jan Jongboom |
18:b661324be638 | 280 | //#define MBEDTLS_AES_ALT |
Jan Jongboom |
18:b661324be638 | 281 | //#define MBEDTLS_ARC4_ALT |
Jan Jongboom |
18:b661324be638 | 282 | //#define MBEDTLS_BLOWFISH_ALT |
Jan Jongboom |
18:b661324be638 | 283 | //#define MBEDTLS_CAMELLIA_ALT |
Jan Jongboom |
18:b661324be638 | 284 | //#define MBEDTLS_DES_ALT |
Jan Jongboom |
18:b661324be638 | 285 | //#define MBEDTLS_XTEA_ALT |
Jan Jongboom |
18:b661324be638 | 286 | //#define MBEDTLS_MD2_ALT |
Jan Jongboom |
18:b661324be638 | 287 | //#define MBEDTLS_MD4_ALT |
Jan Jongboom |
18:b661324be638 | 288 | //#define MBEDTLS_MD5_ALT |
Jan Jongboom |
18:b661324be638 | 289 | //#define MBEDTLS_RIPEMD160_ALT |
Jan Jongboom |
18:b661324be638 | 290 | //#define MBEDTLS_SHA1_ALT |
Jan Jongboom |
18:b661324be638 | 291 | //#define MBEDTLS_SHA256_ALT |
Jan Jongboom |
18:b661324be638 | 292 | //#define MBEDTLS_SHA512_ALT |
Jan Jongboom |
18:b661324be638 | 293 | /* |
Jan Jongboom |
18:b661324be638 | 294 | * When replacing the elliptic curve module, pleace consider, that it is |
Jan Jongboom |
18:b661324be638 | 295 | * implemented with two .c files: |
Jan Jongboom |
18:b661324be638 | 296 | * - ecp.c |
Jan Jongboom |
18:b661324be638 | 297 | * - ecp_curves.c |
Jan Jongboom |
18:b661324be638 | 298 | * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT |
Jan Jongboom |
18:b661324be638 | 299 | * macros as described above. The only difference is that you have to make sure |
Jan Jongboom |
18:b661324be638 | 300 | * that you provide functionality for both .c files. |
Jan Jongboom |
18:b661324be638 | 301 | */ |
Jan Jongboom |
18:b661324be638 | 302 | //#define MBEDTLS_ECP_ALT |
Jan Jongboom |
18:b661324be638 | 303 | |
Jan Jongboom |
18:b661324be638 | 304 | /** |
Jan Jongboom |
18:b661324be638 | 305 | * \def MBEDTLS_MD2_PROCESS_ALT |
Jan Jongboom |
18:b661324be638 | 306 | * |
Jan Jongboom |
18:b661324be638 | 307 | * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you |
Jan Jongboom |
18:b661324be638 | 308 | * alternate core implementation of symmetric crypto or hash function. Keep in |
Jan Jongboom |
18:b661324be638 | 309 | * mind that function prototypes should remain the same. |
Jan Jongboom |
18:b661324be638 | 310 | * |
Jan Jongboom |
18:b661324be638 | 311 | * This replaces only one function. The header file from mbed TLS is still |
Jan Jongboom |
18:b661324be638 | 312 | * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. |
Jan Jongboom |
18:b661324be638 | 313 | * |
Jan Jongboom |
18:b661324be638 | 314 | * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will |
Jan Jongboom |
18:b661324be638 | 315 | * no longer provide the mbedtls_sha1_process() function, but it will still provide |
Jan Jongboom |
18:b661324be638 | 316 | * the other function (using your mbedtls_sha1_process() function) and the definition |
Jan Jongboom |
18:b661324be638 | 317 | * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible |
Jan Jongboom |
18:b661324be638 | 318 | * with this definition. |
Jan Jongboom |
18:b661324be638 | 319 | * |
Jan Jongboom |
18:b661324be638 | 320 | * \note Because of a signature change, the core AES encryption and decryption routines are |
Jan Jongboom |
18:b661324be638 | 321 | * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, |
Jan Jongboom |
18:b661324be638 | 322 | * respectively. When setting up alternative implementations, these functions should |
Jan Jongboom |
18:b661324be638 | 323 | * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt |
Jan Jongboom |
18:b661324be638 | 324 | * must stay untouched. |
Jan Jongboom |
18:b661324be638 | 325 | * |
Jan Jongboom |
18:b661324be638 | 326 | * \note If you use the AES_xxx_ALT macros, then is is recommended to also set |
Jan Jongboom |
18:b661324be638 | 327 | * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES |
Jan Jongboom |
18:b661324be638 | 328 | * tables. |
Jan Jongboom |
18:b661324be638 | 329 | * |
Jan Jongboom |
18:b661324be638 | 330 | * Uncomment a macro to enable alternate implementation of the corresponding |
Jan Jongboom |
18:b661324be638 | 331 | * function. |
Jan Jongboom |
18:b661324be638 | 332 | */ |
Jan Jongboom |
18:b661324be638 | 333 | //#define MBEDTLS_MD2_PROCESS_ALT |
Jan Jongboom |
18:b661324be638 | 334 | //#define MBEDTLS_MD4_PROCESS_ALT |
Jan Jongboom |
18:b661324be638 | 335 | //#define MBEDTLS_MD5_PROCESS_ALT |
Jan Jongboom |
18:b661324be638 | 336 | //#define MBEDTLS_RIPEMD160_PROCESS_ALT |
Jan Jongboom |
18:b661324be638 | 337 | //#define MBEDTLS_SHA1_PROCESS_ALT |
Jan Jongboom |
18:b661324be638 | 338 | //#define MBEDTLS_SHA256_PROCESS_ALT |
Jan Jongboom |
18:b661324be638 | 339 | //#define MBEDTLS_SHA512_PROCESS_ALT |
Jan Jongboom |
18:b661324be638 | 340 | //#define MBEDTLS_DES_SETKEY_ALT |
Jan Jongboom |
18:b661324be638 | 341 | //#define MBEDTLS_DES_CRYPT_ECB_ALT |
Jan Jongboom |
18:b661324be638 | 342 | //#define MBEDTLS_DES3_CRYPT_ECB_ALT |
Jan Jongboom |
18:b661324be638 | 343 | //#define MBEDTLS_AES_SETKEY_ENC_ALT |
Jan Jongboom |
18:b661324be638 | 344 | //#define MBEDTLS_AES_SETKEY_DEC_ALT |
Jan Jongboom |
18:b661324be638 | 345 | //#define MBEDTLS_AES_ENCRYPT_ALT |
Jan Jongboom |
18:b661324be638 | 346 | //#define MBEDTLS_AES_DECRYPT_ALT |
Jan Jongboom |
18:b661324be638 | 347 | |
Jan Jongboom |
18:b661324be638 | 348 | /** |
Jan Jongboom |
18:b661324be638 | 349 | * \def MBEDTLS_ECP_INTERNAL_ALT |
Jan Jongboom |
18:b661324be638 | 350 | * |
Jan Jongboom |
18:b661324be638 | 351 | * Expose a part of the internal interface of the Elliptic Curve Point module. |
Jan Jongboom |
18:b661324be638 | 352 | * |
Jan Jongboom |
18:b661324be638 | 353 | * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your |
Jan Jongboom |
18:b661324be638 | 354 | * alternative core implementation of elliptic curve arithmetic. Keep in mind |
Jan Jongboom |
18:b661324be638 | 355 | * that function prototypes should remain the same. |
Jan Jongboom |
18:b661324be638 | 356 | * |
Jan Jongboom |
18:b661324be638 | 357 | * This partially replaces one function. The header file from mbed TLS is still |
Jan Jongboom |
18:b661324be638 | 358 | * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation |
Jan Jongboom |
18:b661324be638 | 359 | * is still present and it is used for group structures not supported by the |
Jan Jongboom |
18:b661324be638 | 360 | * alternative. |
Jan Jongboom |
18:b661324be638 | 361 | * |
Jan Jongboom |
18:b661324be638 | 362 | * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT |
Jan Jongboom |
18:b661324be638 | 363 | * and implementing the following functions: |
Jan Jongboom |
18:b661324be638 | 364 | * unsigned char mbedtls_internal_ecp_grp_capable( |
Jan Jongboom |
18:b661324be638 | 365 | * const mbedtls_ecp_group *grp ) |
Jan Jongboom |
18:b661324be638 | 366 | * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) |
Jan Jongboom |
18:b661324be638 | 367 | * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) |
Jan Jongboom |
18:b661324be638 | 368 | * The mbedtls_internal_ecp_grp_capable function should return 1 if the |
Jan Jongboom |
18:b661324be638 | 369 | * replacement functions implement arithmetic for the given group and 0 |
Jan Jongboom |
18:b661324be638 | 370 | * otherwise. |
Jan Jongboom |
18:b661324be638 | 371 | * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are |
Jan Jongboom |
18:b661324be638 | 372 | * called before and after each point operation and provide an opportunity to |
Jan Jongboom |
18:b661324be638 | 373 | * implement optimized set up and tear down instructions. |
Jan Jongboom |
18:b661324be638 | 374 | * |
Jan Jongboom |
18:b661324be638 | 375 | * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and |
Jan Jongboom |
18:b661324be638 | 376 | * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac |
Jan Jongboom |
18:b661324be638 | 377 | * function, but will use your mbedtls_internal_ecp_double_jac if the group is |
Jan Jongboom |
18:b661324be638 | 378 | * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when |
Jan Jongboom |
18:b661324be638 | 379 | * receives it as an argument). If the group is not supported then the original |
Jan Jongboom |
18:b661324be638 | 380 | * implementation is used. The other functions and the definition of |
Jan Jongboom |
18:b661324be638 | 381 | * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your |
Jan Jongboom |
18:b661324be638 | 382 | * implementation of mbedtls_internal_ecp_double_jac and |
Jan Jongboom |
18:b661324be638 | 383 | * mbedtls_internal_ecp_grp_capable must be compatible with this definition. |
Jan Jongboom |
18:b661324be638 | 384 | * |
Jan Jongboom |
18:b661324be638 | 385 | * Uncomment a macro to enable alternate implementation of the corresponding |
Jan Jongboom |
18:b661324be638 | 386 | * function. |
Jan Jongboom |
18:b661324be638 | 387 | */ |
Jan Jongboom |
18:b661324be638 | 388 | /* Required for all the functions in this section */ |
Jan Jongboom |
18:b661324be638 | 389 | //#define MBEDTLS_ECP_INTERNAL_ALT |
Jan Jongboom |
18:b661324be638 | 390 | /* Support for Weierstrass curves with Jacobi representation */ |
Jan Jongboom |
18:b661324be638 | 391 | //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT |
Jan Jongboom |
18:b661324be638 | 392 | //#define MBEDTLS_ECP_ADD_MIXED_ALT |
Jan Jongboom |
18:b661324be638 | 393 | //#define MBEDTLS_ECP_DOUBLE_JAC_ALT |
Jan Jongboom |
18:b661324be638 | 394 | //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT |
Jan Jongboom |
18:b661324be638 | 395 | //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT |
Jan Jongboom |
18:b661324be638 | 396 | /* Support for curves with Montgomery arithmetic */ |
Jan Jongboom |
18:b661324be638 | 397 | //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT |
Jan Jongboom |
18:b661324be638 | 398 | //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT |
Jan Jongboom |
18:b661324be638 | 399 | //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT |
Jan Jongboom |
18:b661324be638 | 400 | |
Jan Jongboom |
18:b661324be638 | 401 | /** |
Jan Jongboom |
18:b661324be638 | 402 | * \def MBEDTLS_TEST_NULL_ENTROPY |
Jan Jongboom |
18:b661324be638 | 403 | * |
Jan Jongboom |
18:b661324be638 | 404 | * Enables testing and use of mbed TLS without any configured entropy sources. |
Jan Jongboom |
18:b661324be638 | 405 | * This permits use of the library on platforms before an entropy source has |
Jan Jongboom |
18:b661324be638 | 406 | * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the |
Jan Jongboom |
18:b661324be638 | 407 | * MBEDTLS_ENTROPY_NV_SEED switches). |
Jan Jongboom |
18:b661324be638 | 408 | * |
Jan Jongboom |
18:b661324be638 | 409 | * WARNING! This switch MUST be disabled in production builds, and is suitable |
Jan Jongboom |
18:b661324be638 | 410 | * only for development. |
Jan Jongboom |
18:b661324be638 | 411 | * Enabling the switch negates any security provided by the library. |
Jan Jongboom |
18:b661324be638 | 412 | * |
Jan Jongboom |
18:b661324be638 | 413 | * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
Jan Jongboom |
18:b661324be638 | 414 | * |
Jan Jongboom |
18:b661324be638 | 415 | */ |
Jan Jongboom |
18:b661324be638 | 416 | //#define MBEDTLS_TEST_NULL_ENTROPY |
Jan Jongboom |
18:b661324be638 | 417 | |
Jan Jongboom |
18:b661324be638 | 418 | /** |
Jan Jongboom |
18:b661324be638 | 419 | * \def MBEDTLS_ENTROPY_HARDWARE_ALT |
Jan Jongboom |
18:b661324be638 | 420 | * |
Jan Jongboom |
18:b661324be638 | 421 | * Uncomment this macro to let mbed TLS use your own implementation of a |
Jan Jongboom |
18:b661324be638 | 422 | * hardware entropy collector. |
Jan Jongboom |
18:b661324be638 | 423 | * |
Jan Jongboom |
18:b661324be638 | 424 | * Your function must be called \c mbedtls_hardware_poll(), have the same |
Jan Jongboom |
18:b661324be638 | 425 | * prototype as declared in entropy_poll.h, and accept NULL as first argument. |
Jan Jongboom |
18:b661324be638 | 426 | * |
Jan Jongboom |
18:b661324be638 | 427 | * Uncomment to use your own hardware entropy collector. |
Jan Jongboom |
18:b661324be638 | 428 | */ |
Jan Jongboom |
18:b661324be638 | 429 | //#define MBEDTLS_ENTROPY_HARDWARE_ALT |
Jan Jongboom |
18:b661324be638 | 430 | |
Jan Jongboom |
18:b661324be638 | 431 | /** |
Jan Jongboom |
18:b661324be638 | 432 | * \def MBEDTLS_AES_ROM_TABLES |
Jan Jongboom |
18:b661324be638 | 433 | * |
Jan Jongboom |
18:b661324be638 | 434 | * Store the AES tables in ROM. |
Jan Jongboom |
18:b661324be638 | 435 | * |
Jan Jongboom |
18:b661324be638 | 436 | * Uncomment this macro to store the AES tables in ROM. |
Jan Jongboom |
18:b661324be638 | 437 | */ |
Jan Jongboom |
18:b661324be638 | 438 | #define MBEDTLS_AES_ROM_TABLES |
Jan Jongboom |
18:b661324be638 | 439 | |
Jan Jongboom |
18:b661324be638 | 440 | /** |
Jan Jongboom |
18:b661324be638 | 441 | * \def MBEDTLS_CAMELLIA_SMALL_MEMORY |
Jan Jongboom |
18:b661324be638 | 442 | * |
Jan Jongboom |
18:b661324be638 | 443 | * Use less ROM for the Camellia implementation (saves about 768 bytes). |
Jan Jongboom |
18:b661324be638 | 444 | * |
Jan Jongboom |
18:b661324be638 | 445 | * Uncomment this macro to use less memory for Camellia. |
Jan Jongboom |
18:b661324be638 | 446 | */ |
Jan Jongboom |
18:b661324be638 | 447 | //#define MBEDTLS_CAMELLIA_SMALL_MEMORY |
Jan Jongboom |
18:b661324be638 | 448 | |
Jan Jongboom |
18:b661324be638 | 449 | /** |
Jan Jongboom |
18:b661324be638 | 450 | * \def MBEDTLS_CIPHER_MODE_CBC |
Jan Jongboom |
18:b661324be638 | 451 | * |
Jan Jongboom |
18:b661324be638 | 452 | * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. |
Jan Jongboom |
18:b661324be638 | 453 | */ |
Jan Jongboom |
18:b661324be638 | 454 | #define MBEDTLS_CIPHER_MODE_CBC |
Jan Jongboom |
18:b661324be638 | 455 | |
Jan Jongboom |
18:b661324be638 | 456 | /** |
Jan Jongboom |
18:b661324be638 | 457 | * \def MBEDTLS_CIPHER_MODE_CFB |
Jan Jongboom |
18:b661324be638 | 458 | * |
Jan Jongboom |
18:b661324be638 | 459 | * Enable Cipher Feedback mode (CFB) for symmetric ciphers. |
Jan Jongboom |
18:b661324be638 | 460 | */ |
Jan Jongboom |
18:b661324be638 | 461 | //#define MBEDTLS_CIPHER_MODE_CFB |
Jan Jongboom |
18:b661324be638 | 462 | |
Jan Jongboom |
18:b661324be638 | 463 | /** |
Jan Jongboom |
18:b661324be638 | 464 | * \def MBEDTLS_CIPHER_MODE_CTR |
Jan Jongboom |
18:b661324be638 | 465 | * |
Jan Jongboom |
18:b661324be638 | 466 | * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. |
Jan Jongboom |
18:b661324be638 | 467 | */ |
Jan Jongboom |
18:b661324be638 | 468 | //#define MBEDTLS_CIPHER_MODE_CTR |
Jan Jongboom |
18:b661324be638 | 469 | |
Jan Jongboom |
18:b661324be638 | 470 | /** |
Jan Jongboom |
18:b661324be638 | 471 | * \def MBEDTLS_CIPHER_NULL_CIPHER |
Jan Jongboom |
18:b661324be638 | 472 | * |
Jan Jongboom |
18:b661324be638 | 473 | * Enable NULL cipher. |
Jan Jongboom |
18:b661324be638 | 474 | * Warning: Only do so when you know what you are doing. This allows for |
Jan Jongboom |
18:b661324be638 | 475 | * encryption or channels without any security! |
Jan Jongboom |
18:b661324be638 | 476 | * |
Jan Jongboom |
18:b661324be638 | 477 | * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable |
Jan Jongboom |
18:b661324be638 | 478 | * the following ciphersuites: |
Jan Jongboom |
18:b661324be638 | 479 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 480 | * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 481 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 482 | * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 483 | * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 |
Jan Jongboom |
18:b661324be638 | 484 | * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 |
Jan Jongboom |
18:b661324be638 | 485 | * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 486 | * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 |
Jan Jongboom |
18:b661324be638 | 487 | * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 |
Jan Jongboom |
18:b661324be638 | 488 | * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 489 | * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 |
Jan Jongboom |
18:b661324be638 | 490 | * MBEDTLS_TLS_RSA_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 491 | * MBEDTLS_TLS_RSA_WITH_NULL_MD5 |
Jan Jongboom |
18:b661324be638 | 492 | * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 |
Jan Jongboom |
18:b661324be638 | 493 | * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 |
Jan Jongboom |
18:b661324be638 | 494 | * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 495 | * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 |
Jan Jongboom |
18:b661324be638 | 496 | * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 |
Jan Jongboom |
18:b661324be638 | 497 | * MBEDTLS_TLS_PSK_WITH_NULL_SHA |
Jan Jongboom |
18:b661324be638 | 498 | * |
Jan Jongboom |
18:b661324be638 | 499 | * Uncomment this macro to enable the NULL cipher and ciphersuites |
Jan Jongboom |
18:b661324be638 | 500 | */ |
Jan Jongboom |
18:b661324be638 | 501 | //#define MBEDTLS_CIPHER_NULL_CIPHER |
Jan Jongboom |
18:b661324be638 | 502 | |
Jan Jongboom |
18:b661324be638 | 503 | /** |
Jan Jongboom |
18:b661324be638 | 504 | * \def MBEDTLS_CIPHER_PADDING_PKCS7 |
Jan Jongboom |
18:b661324be638 | 505 | * |
Jan Jongboom |
18:b661324be638 | 506 | * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for |
Jan Jongboom |
18:b661324be638 | 507 | * specific padding modes in the cipher layer with cipher modes that support |
Jan Jongboom |
18:b661324be638 | 508 | * padding (e.g. CBC) |
Jan Jongboom |
18:b661324be638 | 509 | * |
Jan Jongboom |
18:b661324be638 | 510 | * If you disable all padding modes, only full blocks can be used with CBC. |
Jan Jongboom |
18:b661324be638 | 511 | * |
Jan Jongboom |
18:b661324be638 | 512 | * Enable padding modes in the cipher layer. |
Jan Jongboom |
18:b661324be638 | 513 | */ |
Jan Jongboom |
18:b661324be638 | 514 | #define MBEDTLS_CIPHER_PADDING_PKCS7 |
Jan Jongboom |
18:b661324be638 | 515 | //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS |
Jan Jongboom |
18:b661324be638 | 516 | //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN |
Jan Jongboom |
18:b661324be638 | 517 | //#define MBEDTLS_CIPHER_PADDING_ZEROS |
Jan Jongboom |
18:b661324be638 | 518 | |
Jan Jongboom |
18:b661324be638 | 519 | /** |
Jan Jongboom |
18:b661324be638 | 520 | * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES |
Jan Jongboom |
18:b661324be638 | 521 | * |
Jan Jongboom |
18:b661324be638 | 522 | * Enable weak ciphersuites in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 523 | * Warning: Only do so when you know what you are doing. This allows for |
Jan Jongboom |
18:b661324be638 | 524 | * channels with virtually no security at all! |
Jan Jongboom |
18:b661324be638 | 525 | * |
Jan Jongboom |
18:b661324be638 | 526 | * This enables the following ciphersuites: |
Jan Jongboom |
18:b661324be638 | 527 | * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 528 | * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 529 | * |
Jan Jongboom |
18:b661324be638 | 530 | * Uncomment this macro to enable weak ciphersuites |
Jan Jongboom |
18:b661324be638 | 531 | */ |
Jan Jongboom |
18:b661324be638 | 532 | //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES |
Jan Jongboom |
18:b661324be638 | 533 | |
Jan Jongboom |
18:b661324be638 | 534 | /** |
Jan Jongboom |
18:b661324be638 | 535 | * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES |
Jan Jongboom |
18:b661324be638 | 536 | * |
Jan Jongboom |
18:b661324be638 | 537 | * Remove RC4 ciphersuites by default in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 538 | * This flag removes the ciphersuites based on RC4 from the default list as |
Jan Jongboom |
18:b661324be638 | 539 | * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to |
Jan Jongboom |
18:b661324be638 | 540 | * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them |
Jan Jongboom |
18:b661324be638 | 541 | * explicitly. |
Jan Jongboom |
18:b661324be638 | 542 | * |
Jan Jongboom |
18:b661324be638 | 543 | * Uncomment this macro to remove RC4 ciphersuites by default. |
Jan Jongboom |
18:b661324be638 | 544 | */ |
Jan Jongboom |
18:b661324be638 | 545 | #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES |
Jan Jongboom |
18:b661324be638 | 546 | |
Jan Jongboom |
18:b661324be638 | 547 | /** |
Jan Jongboom |
18:b661324be638 | 548 | * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 549 | * |
Jan Jongboom |
18:b661324be638 | 550 | * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve |
Jan Jongboom |
18:b661324be638 | 551 | * module. By default all supported curves are enabled. |
Jan Jongboom |
18:b661324be638 | 552 | * |
Jan Jongboom |
18:b661324be638 | 553 | * Comment macros to disable the curve and functions for it |
Jan Jongboom |
18:b661324be638 | 554 | */ |
Jan Jongboom |
18:b661324be638 | 555 | //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 556 | //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 557 | #define MBEDTLS_ECP_DP_SECP256R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 558 | #define MBEDTLS_ECP_DP_SECP384R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 559 | //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 560 | //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED |
Jan Jongboom |
18:b661324be638 | 561 | //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED |
Jan Jongboom |
18:b661324be638 | 562 | //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED |
Jan Jongboom |
18:b661324be638 | 563 | //#define MBEDTLS_ECP_DP_BP256R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 564 | //#define MBEDTLS_ECP_DP_BP384R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 565 | //#define MBEDTLS_ECP_DP_BP512R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 566 | #define MBEDTLS_ECP_DP_CURVE25519_ENABLED |
Jan Jongboom |
18:b661324be638 | 567 | |
Jan Jongboom |
18:b661324be638 | 568 | /** |
Jan Jongboom |
18:b661324be638 | 569 | * \def MBEDTLS_ECP_NIST_OPTIM |
Jan Jongboom |
18:b661324be638 | 570 | * |
Jan Jongboom |
18:b661324be638 | 571 | * Enable specific 'modulo p' routines for each NIST prime. |
Jan Jongboom |
18:b661324be638 | 572 | * Depending on the prime and architecture, makes operations 4 to 8 times |
Jan Jongboom |
18:b661324be638 | 573 | * faster on the corresponding curve. |
Jan Jongboom |
18:b661324be638 | 574 | * |
Jan Jongboom |
18:b661324be638 | 575 | * Comment this macro to disable NIST curves optimisation. |
Jan Jongboom |
18:b661324be638 | 576 | */ |
Jan Jongboom |
18:b661324be638 | 577 | #define MBEDTLS_ECP_NIST_OPTIM |
Jan Jongboom |
18:b661324be638 | 578 | |
Jan Jongboom |
18:b661324be638 | 579 | /** |
Jan Jongboom |
18:b661324be638 | 580 | * \def MBEDTLS_ECDSA_DETERMINISTIC |
Jan Jongboom |
18:b661324be638 | 581 | * |
Jan Jongboom |
18:b661324be638 | 582 | * Enable deterministic ECDSA (RFC 6979). |
Jan Jongboom |
18:b661324be638 | 583 | * Standard ECDSA is "fragile" in the sense that lack of entropy when signing |
Jan Jongboom |
18:b661324be638 | 584 | * may result in a compromise of the long-term signing key. This is avoided by |
Jan Jongboom |
18:b661324be638 | 585 | * the deterministic variant. |
Jan Jongboom |
18:b661324be638 | 586 | * |
Jan Jongboom |
18:b661324be638 | 587 | * Requires: MBEDTLS_HMAC_DRBG_C |
Jan Jongboom |
18:b661324be638 | 588 | * |
Jan Jongboom |
18:b661324be638 | 589 | * Comment this macro to disable deterministic ECDSA. |
Jan Jongboom |
18:b661324be638 | 590 | */ |
Jan Jongboom |
18:b661324be638 | 591 | #define MBEDTLS_ECDSA_DETERMINISTIC |
Jan Jongboom |
18:b661324be638 | 592 | |
Jan Jongboom |
18:b661324be638 | 593 | /** |
Jan Jongboom |
18:b661324be638 | 594 | * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
Jan Jongboom |
18:b661324be638 | 595 | * |
Jan Jongboom |
18:b661324be638 | 596 | * Enable the PSK based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 597 | * |
Jan Jongboom |
18:b661324be638 | 598 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 599 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 600 | * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 601 | * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 602 | * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 603 | * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 604 | * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 605 | * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 606 | * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 607 | * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 608 | * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 609 | * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 610 | * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 611 | * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 612 | */ |
Jan Jongboom |
18:b661324be638 | 613 | #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
Jan Jongboom |
18:b661324be638 | 614 | |
Jan Jongboom |
18:b661324be638 | 615 | /** |
Jan Jongboom |
18:b661324be638 | 616 | * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
Jan Jongboom |
18:b661324be638 | 617 | * |
Jan Jongboom |
18:b661324be638 | 618 | * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 619 | * |
Jan Jongboom |
18:b661324be638 | 620 | * Requires: MBEDTLS_DHM_C |
Jan Jongboom |
18:b661324be638 | 621 | * |
Jan Jongboom |
18:b661324be638 | 622 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 623 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 624 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 625 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 626 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 627 | * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 628 | * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 629 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 630 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 631 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 632 | * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 633 | * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 634 | * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 635 | * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 636 | */ |
Jan Jongboom |
18:b661324be638 | 637 | //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
Jan Jongboom |
18:b661324be638 | 638 | |
Jan Jongboom |
18:b661324be638 | 639 | /** |
Jan Jongboom |
18:b661324be638 | 640 | * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
Jan Jongboom |
18:b661324be638 | 641 | * |
Jan Jongboom |
18:b661324be638 | 642 | * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 643 | * |
Jan Jongboom |
18:b661324be638 | 644 | * Requires: MBEDTLS_ECDH_C |
Jan Jongboom |
18:b661324be638 | 645 | * |
Jan Jongboom |
18:b661324be638 | 646 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 647 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 648 | * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 649 | * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 650 | * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 651 | * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 652 | * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 653 | * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 654 | * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 655 | * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 656 | */ |
Jan Jongboom |
18:b661324be638 | 657 | // #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
Jan Jongboom |
18:b661324be638 | 658 | |
Jan Jongboom |
18:b661324be638 | 659 | /** |
Jan Jongboom |
18:b661324be638 | 660 | * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
Jan Jongboom |
18:b661324be638 | 661 | * |
Jan Jongboom |
18:b661324be638 | 662 | * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 663 | * |
Jan Jongboom |
18:b661324be638 | 664 | * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, |
Jan Jongboom |
18:b661324be638 | 665 | * MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 666 | * |
Jan Jongboom |
18:b661324be638 | 667 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 668 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 669 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 670 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 671 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 672 | * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 673 | * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 674 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 675 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 676 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 677 | * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 678 | * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 679 | * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 680 | * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 681 | */ |
Jan Jongboom |
18:b661324be638 | 682 | //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
Jan Jongboom |
18:b661324be638 | 683 | |
Jan Jongboom |
18:b661324be638 | 684 | /** |
Jan Jongboom |
18:b661324be638 | 685 | * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 686 | * |
Jan Jongboom |
18:b661324be638 | 687 | * Enable the RSA-only based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 688 | * |
Jan Jongboom |
18:b661324be638 | 689 | * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, |
Jan Jongboom |
18:b661324be638 | 690 | * MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 691 | * |
Jan Jongboom |
18:b661324be638 | 692 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 693 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 694 | * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 695 | * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 696 | * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 697 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 698 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 699 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 700 | * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 701 | * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 702 | * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 703 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 704 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 705 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 706 | * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 707 | * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 708 | * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 |
Jan Jongboom |
18:b661324be638 | 709 | */ |
Jan Jongboom |
18:b661324be638 | 710 | //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 711 | |
Jan Jongboom |
18:b661324be638 | 712 | /** |
Jan Jongboom |
18:b661324be638 | 713 | * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 714 | * |
Jan Jongboom |
18:b661324be638 | 715 | * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 716 | * |
Jan Jongboom |
18:b661324be638 | 717 | * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, |
Jan Jongboom |
18:b661324be638 | 718 | * MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 719 | * |
Jan Jongboom |
18:b661324be638 | 720 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 721 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 722 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 723 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 724 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 725 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 726 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 727 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 728 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 729 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 730 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 731 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 732 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 733 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 734 | * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 735 | */ |
Jan Jongboom |
18:b661324be638 | 736 | //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 737 | |
Jan Jongboom |
18:b661324be638 | 738 | /** |
Jan Jongboom |
18:b661324be638 | 739 | * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 740 | * |
Jan Jongboom |
18:b661324be638 | 741 | * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 742 | * |
Jan Jongboom |
18:b661324be638 | 743 | * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, |
Jan Jongboom |
18:b661324be638 | 744 | * MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 745 | * |
Jan Jongboom |
18:b661324be638 | 746 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 747 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 748 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 749 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 750 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 751 | * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 752 | * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 753 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 754 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 755 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 756 | * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 757 | * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 758 | * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 759 | * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 760 | */ |
Jan Jongboom |
18:b661324be638 | 761 | // #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 762 | |
Jan Jongboom |
18:b661324be638 | 763 | /** |
Jan Jongboom |
18:b661324be638 | 764 | * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 765 | * |
Jan Jongboom |
18:b661324be638 | 766 | * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 767 | * |
Jan Jongboom |
18:b661324be638 | 768 | * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, |
Jan Jongboom |
18:b661324be638 | 769 | * |
Jan Jongboom |
18:b661324be638 | 770 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 771 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 772 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 773 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 774 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 775 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 776 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 777 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 778 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 779 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 780 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 781 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 782 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 783 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 784 | */ |
Jan Jongboom |
18:b661324be638 | 785 | // #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 786 | |
Jan Jongboom |
18:b661324be638 | 787 | /** |
Jan Jongboom |
18:b661324be638 | 788 | * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 789 | * |
Jan Jongboom |
18:b661324be638 | 790 | * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 791 | * |
Jan Jongboom |
18:b661324be638 | 792 | * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 793 | * |
Jan Jongboom |
18:b661324be638 | 794 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 795 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 796 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 797 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 798 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 799 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 800 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 801 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 802 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 803 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 804 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 805 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 806 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 807 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 808 | */ |
Jan Jongboom |
18:b661324be638 | 809 | //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 810 | |
Jan Jongboom |
18:b661324be638 | 811 | /** |
Jan Jongboom |
18:b661324be638 | 812 | * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 813 | * |
Jan Jongboom |
18:b661324be638 | 814 | * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 815 | * |
Jan Jongboom |
18:b661324be638 | 816 | * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 817 | * |
Jan Jongboom |
18:b661324be638 | 818 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 819 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 820 | * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 821 | * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 822 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 823 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 824 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 825 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 826 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 827 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 828 | * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 829 | * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 830 | * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 831 | * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 832 | */ |
Jan Jongboom |
18:b661324be638 | 833 | //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
Jan Jongboom |
18:b661324be638 | 834 | |
Jan Jongboom |
18:b661324be638 | 835 | /** |
Jan Jongboom |
18:b661324be638 | 836 | * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
Jan Jongboom |
18:b661324be638 | 837 | * |
Jan Jongboom |
18:b661324be638 | 838 | * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. |
Jan Jongboom |
18:b661324be638 | 839 | * |
Jan Jongboom |
18:b661324be638 | 840 | * \warning This is currently experimental. EC J-PAKE support is based on the |
Jan Jongboom |
18:b661324be638 | 841 | * Thread v1.0.0 specification; incompatible changes to the specification |
Jan Jongboom |
18:b661324be638 | 842 | * might still happen. For this reason, this is disabled by default. |
Jan Jongboom |
18:b661324be638 | 843 | * |
Jan Jongboom |
18:b661324be638 | 844 | * Requires: MBEDTLS_ECJPAKE_C |
Jan Jongboom |
18:b661324be638 | 845 | * MBEDTLS_SHA256_C |
Jan Jongboom |
18:b661324be638 | 846 | * MBEDTLS_ECP_DP_SECP256R1_ENABLED |
Jan Jongboom |
18:b661324be638 | 847 | * |
Jan Jongboom |
18:b661324be638 | 848 | * This enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 849 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 850 | * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 |
Jan Jongboom |
18:b661324be638 | 851 | */ |
Jan Jongboom |
18:b661324be638 | 852 | //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
Jan Jongboom |
18:b661324be638 | 853 | |
Jan Jongboom |
18:b661324be638 | 854 | /** |
Jan Jongboom |
18:b661324be638 | 855 | * \def MBEDTLS_PK_PARSE_EC_EXTENDED |
Jan Jongboom |
18:b661324be638 | 856 | * |
Jan Jongboom |
18:b661324be638 | 857 | * Enhance support for reading EC keys using variants of SEC1 not allowed by |
Jan Jongboom |
18:b661324be638 | 858 | * RFC 5915 and RFC 5480. |
Jan Jongboom |
18:b661324be638 | 859 | * |
Jan Jongboom |
18:b661324be638 | 860 | * Currently this means parsing the SpecifiedECDomain choice of EC |
Jan Jongboom |
18:b661324be638 | 861 | * parameters (only known groups are supported, not arbitrary domains, to |
Jan Jongboom |
18:b661324be638 | 862 | * avoid validation issues). |
Jan Jongboom |
18:b661324be638 | 863 | * |
Jan Jongboom |
18:b661324be638 | 864 | * Disable if you only need to support RFC 5915 + 5480 key formats. |
Jan Jongboom |
18:b661324be638 | 865 | */ |
Jan Jongboom |
18:b661324be638 | 866 | //#define MBEDTLS_PK_PARSE_EC_EXTENDED |
Jan Jongboom |
18:b661324be638 | 867 | |
Jan Jongboom |
18:b661324be638 | 868 | /** |
Jan Jongboom |
18:b661324be638 | 869 | * \def MBEDTLS_ERROR_STRERROR_DUMMY |
Jan Jongboom |
18:b661324be638 | 870 | * |
Jan Jongboom |
18:b661324be638 | 871 | * Enable a dummy error function to make use of mbedtls_strerror() in |
Jan Jongboom |
18:b661324be638 | 872 | * third party libraries easier when MBEDTLS_ERROR_C is disabled |
Jan Jongboom |
18:b661324be638 | 873 | * (no effect when MBEDTLS_ERROR_C is enabled). |
Jan Jongboom |
18:b661324be638 | 874 | * |
Jan Jongboom |
18:b661324be638 | 875 | * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're |
Jan Jongboom |
18:b661324be638 | 876 | * not using mbedtls_strerror() or error_strerror() in your application. |
Jan Jongboom |
18:b661324be638 | 877 | * |
Jan Jongboom |
18:b661324be638 | 878 | * Disable if you run into name conflicts and want to really remove the |
Jan Jongboom |
18:b661324be638 | 879 | * mbedtls_strerror() |
Jan Jongboom |
18:b661324be638 | 880 | */ |
Jan Jongboom |
18:b661324be638 | 881 | #define MBEDTLS_ERROR_STRERROR_DUMMY |
Jan Jongboom |
18:b661324be638 | 882 | |
Jan Jongboom |
18:b661324be638 | 883 | /** |
Jan Jongboom |
18:b661324be638 | 884 | * \def MBEDTLS_GENPRIME |
Jan Jongboom |
18:b661324be638 | 885 | * |
Jan Jongboom |
18:b661324be638 | 886 | * Enable the prime-number generation code. |
Jan Jongboom |
18:b661324be638 | 887 | * |
Jan Jongboom |
18:b661324be638 | 888 | * Requires: MBEDTLS_BIGNUM_C |
Jan Jongboom |
18:b661324be638 | 889 | */ |
Jan Jongboom |
18:b661324be638 | 890 | //#define MBEDTLS_GENPRIME |
Jan Jongboom |
18:b661324be638 | 891 | |
Jan Jongboom |
18:b661324be638 | 892 | /** |
Jan Jongboom |
18:b661324be638 | 893 | * \def MBEDTLS_FS_IO |
Jan Jongboom |
18:b661324be638 | 894 | * |
Jan Jongboom |
18:b661324be638 | 895 | * Enable functions that use the filesystem. |
Jan Jongboom |
18:b661324be638 | 896 | */ |
Jan Jongboom |
18:b661324be638 | 897 | //#define MBEDTLS_FS_IO |
Jan Jongboom |
18:b661324be638 | 898 | |
Jan Jongboom |
18:b661324be638 | 899 | /** |
Jan Jongboom |
18:b661324be638 | 900 | * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
Jan Jongboom |
18:b661324be638 | 901 | * |
Jan Jongboom |
18:b661324be638 | 902 | * Do not add default entropy sources. These are the platform specific, |
Jan Jongboom |
18:b661324be638 | 903 | * mbedtls_timing_hardclock and HAVEGE based poll functions. |
Jan Jongboom |
18:b661324be638 | 904 | * |
Jan Jongboom |
18:b661324be638 | 905 | * This is useful to have more control over the added entropy sources in an |
Jan Jongboom |
18:b661324be638 | 906 | * application. |
Jan Jongboom |
18:b661324be638 | 907 | * |
Jan Jongboom |
18:b661324be638 | 908 | * Uncomment this macro to prevent loading of default entropy functions. |
Jan Jongboom |
18:b661324be638 | 909 | */ |
Jan Jongboom |
18:b661324be638 | 910 | //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES |
Jan Jongboom |
18:b661324be638 | 911 | |
Jan Jongboom |
18:b661324be638 | 912 | /** |
Jan Jongboom |
18:b661324be638 | 913 | * \def MBEDTLS_NO_PLATFORM_ENTROPY |
Jan Jongboom |
18:b661324be638 | 914 | * |
Jan Jongboom |
18:b661324be638 | 915 | * Do not use built-in platform entropy functions. |
Jan Jongboom |
18:b661324be638 | 916 | * This is useful if your platform does not support |
Jan Jongboom |
18:b661324be638 | 917 | * standards like the /dev/urandom or Windows CryptoAPI. |
Jan Jongboom |
18:b661324be638 | 918 | * |
Jan Jongboom |
18:b661324be638 | 919 | * Uncomment this macro to disable the built-in platform entropy functions. |
Jan Jongboom |
18:b661324be638 | 920 | */ |
Jan Jongboom |
18:b661324be638 | 921 | #define MBEDTLS_NO_PLATFORM_ENTROPY |
Jan Jongboom |
18:b661324be638 | 922 | |
Jan Jongboom |
18:b661324be638 | 923 | /** |
Jan Jongboom |
18:b661324be638 | 924 | * \def MBEDTLS_ENTROPY_FORCE_SHA256 |
Jan Jongboom |
18:b661324be638 | 925 | * |
Jan Jongboom |
18:b661324be638 | 926 | * Force the entropy accumulator to use a SHA-256 accumulator instead of the |
Jan Jongboom |
18:b661324be638 | 927 | * default SHA-512 based one (if both are available). |
Jan Jongboom |
18:b661324be638 | 928 | * |
Jan Jongboom |
18:b661324be638 | 929 | * Requires: MBEDTLS_SHA256_C |
Jan Jongboom |
18:b661324be638 | 930 | * |
Jan Jongboom |
18:b661324be638 | 931 | * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option |
Jan Jongboom |
18:b661324be638 | 932 | * if you have performance concerns. |
Jan Jongboom |
18:b661324be638 | 933 | * |
Jan Jongboom |
18:b661324be638 | 934 | * This option is only useful if both MBEDTLS_SHA256_C and |
Jan Jongboom |
18:b661324be638 | 935 | * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. |
Jan Jongboom |
18:b661324be638 | 936 | */ |
Jan Jongboom |
18:b661324be638 | 937 | //#define MBEDTLS_ENTROPY_FORCE_SHA256 |
Jan Jongboom |
18:b661324be638 | 938 | |
Jan Jongboom |
18:b661324be638 | 939 | /** |
Jan Jongboom |
18:b661324be638 | 940 | * \def MBEDTLS_ENTROPY_NV_SEED |
Jan Jongboom |
18:b661324be638 | 941 | * |
Jan Jongboom |
18:b661324be638 | 942 | * Enable the non-volatile (NV) seed file-based entropy source. |
Jan Jongboom |
18:b661324be638 | 943 | * (Also enables the NV seed read/write functions in the platform layer) |
Jan Jongboom |
18:b661324be638 | 944 | * |
Jan Jongboom |
18:b661324be638 | 945 | * This is crucial (if not required) on systems that do not have a |
Jan Jongboom |
18:b661324be638 | 946 | * cryptographic entropy source (in hardware or kernel) available. |
Jan Jongboom |
18:b661324be638 | 947 | * |
Jan Jongboom |
18:b661324be638 | 948 | * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C |
Jan Jongboom |
18:b661324be638 | 949 | * |
Jan Jongboom |
18:b661324be638 | 950 | * \note The read/write functions that are used by the entropy source are |
Jan Jongboom |
18:b661324be638 | 951 | * determined in the platform layer, and can be modified at runtime and/or |
Jan Jongboom |
18:b661324be638 | 952 | * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. |
Jan Jongboom |
18:b661324be638 | 953 | * |
Jan Jongboom |
18:b661324be638 | 954 | * \note If you use the default implementation functions that read a seedfile |
Jan Jongboom |
18:b661324be638 | 955 | * with regular fopen(), please make sure you make a seedfile with the |
Jan Jongboom |
18:b661324be638 | 956 | * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at |
Jan Jongboom |
18:b661324be638 | 957 | * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from |
Jan Jongboom |
18:b661324be638 | 958 | * and written to or you will get an entropy source error! The default |
Jan Jongboom |
18:b661324be638 | 959 | * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE |
Jan Jongboom |
18:b661324be638 | 960 | * bytes from the file. |
Jan Jongboom |
18:b661324be638 | 961 | * |
Jan Jongboom |
18:b661324be638 | 962 | * \note The entropy collector will write to the seed file before entropy is |
Jan Jongboom |
18:b661324be638 | 963 | * given to an external source, to update it. |
Jan Jongboom |
18:b661324be638 | 964 | */ |
Jan Jongboom |
18:b661324be638 | 965 | //#define MBEDTLS_ENTROPY_NV_SEED |
Jan Jongboom |
18:b661324be638 | 966 | |
Jan Jongboom |
18:b661324be638 | 967 | /** |
Jan Jongboom |
18:b661324be638 | 968 | * \def MBEDTLS_MEMORY_DEBUG |
Jan Jongboom |
18:b661324be638 | 969 | * |
Jan Jongboom |
18:b661324be638 | 970 | * Enable debugging of buffer allocator memory issues. Automatically prints |
Jan Jongboom |
18:b661324be638 | 971 | * (to stderr) all (fatal) messages on memory allocation issues. Enables |
Jan Jongboom |
18:b661324be638 | 972 | * function for 'debug output' of allocated memory. |
Jan Jongboom |
18:b661324be638 | 973 | * |
Jan Jongboom |
18:b661324be638 | 974 | * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C |
Jan Jongboom |
18:b661324be638 | 975 | * |
Jan Jongboom |
18:b661324be638 | 976 | * Uncomment this macro to let the buffer allocator print out error messages. |
Jan Jongboom |
18:b661324be638 | 977 | */ |
Jan Jongboom |
18:b661324be638 | 978 | //#define MBEDTLS_MEMORY_DEBUG |
Jan Jongboom |
18:b661324be638 | 979 | |
Jan Jongboom |
18:b661324be638 | 980 | /** |
Jan Jongboom |
18:b661324be638 | 981 | * \def MBEDTLS_MEMORY_BACKTRACE |
Jan Jongboom |
18:b661324be638 | 982 | * |
Jan Jongboom |
18:b661324be638 | 983 | * Include backtrace information with each allocated block. |
Jan Jongboom |
18:b661324be638 | 984 | * |
Jan Jongboom |
18:b661324be638 | 985 | * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C |
Jan Jongboom |
18:b661324be638 | 986 | * GLIBC-compatible backtrace() an backtrace_symbols() support |
Jan Jongboom |
18:b661324be638 | 987 | * |
Jan Jongboom |
18:b661324be638 | 988 | * Uncomment this macro to include backtrace information |
Jan Jongboom |
18:b661324be638 | 989 | */ |
Jan Jongboom |
18:b661324be638 | 990 | //#define MBEDTLS_MEMORY_BACKTRACE |
Jan Jongboom |
18:b661324be638 | 991 | |
Jan Jongboom |
18:b661324be638 | 992 | /** |
Jan Jongboom |
18:b661324be638 | 993 | * \def MBEDTLS_PK_RSA_ALT_SUPPORT |
Jan Jongboom |
18:b661324be638 | 994 | * |
Jan Jongboom |
18:b661324be638 | 995 | * Support external private RSA keys (eg from a HSM) in the PK layer. |
Jan Jongboom |
18:b661324be638 | 996 | * |
Jan Jongboom |
18:b661324be638 | 997 | * Comment this macro to disable support for external private RSA keys. |
Jan Jongboom |
18:b661324be638 | 998 | */ |
Jan Jongboom |
18:b661324be638 | 999 | #define MBEDTLS_PK_RSA_ALT_SUPPORT |
Jan Jongboom |
18:b661324be638 | 1000 | |
Jan Jongboom |
18:b661324be638 | 1001 | /** |
Jan Jongboom |
18:b661324be638 | 1002 | * \def MBEDTLS_PKCS1_V15 |
Jan Jongboom |
18:b661324be638 | 1003 | * |
Jan Jongboom |
18:b661324be638 | 1004 | * Enable support for PKCS#1 v1.5 encoding. |
Jan Jongboom |
18:b661324be638 | 1005 | * |
Jan Jongboom |
18:b661324be638 | 1006 | * Requires: MBEDTLS_RSA_C |
Jan Jongboom |
18:b661324be638 | 1007 | * |
Jan Jongboom |
18:b661324be638 | 1008 | * This enables support for PKCS#1 v1.5 operations. |
Jan Jongboom |
18:b661324be638 | 1009 | */ |
Jan Jongboom |
18:b661324be638 | 1010 | #define MBEDTLS_PKCS1_V15 |
Jan Jongboom |
18:b661324be638 | 1011 | |
Jan Jongboom |
18:b661324be638 | 1012 | /** |
Jan Jongboom |
18:b661324be638 | 1013 | * \def MBEDTLS_PKCS1_V21 |
Jan Jongboom |
18:b661324be638 | 1014 | * |
Jan Jongboom |
18:b661324be638 | 1015 | * Enable support for PKCS#1 v2.1 encoding. |
Jan Jongboom |
18:b661324be638 | 1016 | * |
Jan Jongboom |
18:b661324be638 | 1017 | * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C |
Jan Jongboom |
18:b661324be638 | 1018 | * |
Jan Jongboom |
18:b661324be638 | 1019 | * This enables support for RSAES-OAEP and RSASSA-PSS operations. |
Jan Jongboom |
18:b661324be638 | 1020 | */ |
Jan Jongboom |
18:b661324be638 | 1021 | #define MBEDTLS_PKCS1_V21 |
Jan Jongboom |
18:b661324be638 | 1022 | |
Jan Jongboom |
18:b661324be638 | 1023 | /** |
Jan Jongboom |
18:b661324be638 | 1024 | * \def MBEDTLS_RSA_NO_CRT |
Jan Jongboom |
18:b661324be638 | 1025 | * |
Jan Jongboom |
18:b661324be638 | 1026 | * Do not use the Chinese Remainder Theorem for the RSA private operation. |
Jan Jongboom |
18:b661324be638 | 1027 | * |
Jan Jongboom |
18:b661324be638 | 1028 | * Uncomment this macro to disable the use of CRT in RSA. |
Jan Jongboom |
18:b661324be638 | 1029 | * |
Jan Jongboom |
18:b661324be638 | 1030 | */ |
Jan Jongboom |
18:b661324be638 | 1031 | //#define MBEDTLS_RSA_NO_CRT |
Jan Jongboom |
18:b661324be638 | 1032 | |
Jan Jongboom |
18:b661324be638 | 1033 | /** |
Jan Jongboom |
18:b661324be638 | 1034 | * \def MBEDTLS_SELF_TEST |
Jan Jongboom |
18:b661324be638 | 1035 | * |
Jan Jongboom |
18:b661324be638 | 1036 | * Enable the checkup functions (*_self_test). |
Jan Jongboom |
18:b661324be638 | 1037 | */ |
Jan Jongboom |
18:b661324be638 | 1038 | #define MBEDTLS_SELF_TEST |
Jan Jongboom |
18:b661324be638 | 1039 | |
Jan Jongboom |
18:b661324be638 | 1040 | /** |
Jan Jongboom |
18:b661324be638 | 1041 | * \def MBEDTLS_SHA256_SMALLER |
Jan Jongboom |
18:b661324be638 | 1042 | * |
Jan Jongboom |
18:b661324be638 | 1043 | * Enable an implementation of SHA-256 that has lower ROM footprint but also |
Jan Jongboom |
18:b661324be638 | 1044 | * lower performance. |
Jan Jongboom |
18:b661324be638 | 1045 | * |
Jan Jongboom |
18:b661324be638 | 1046 | * The default implementation is meant to be a reasonnable compromise between |
Jan Jongboom |
18:b661324be638 | 1047 | * performance and size. This version optimizes more aggressively for size at |
Jan Jongboom |
18:b661324be638 | 1048 | * the expense of performance. Eg on Cortex-M4 it reduces the size of |
Jan Jongboom |
18:b661324be638 | 1049 | * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about |
Jan Jongboom |
18:b661324be638 | 1050 | * 30%. |
Jan Jongboom |
18:b661324be638 | 1051 | * |
Jan Jongboom |
18:b661324be638 | 1052 | * Uncomment to enable the smaller implementation of SHA256. |
Jan Jongboom |
18:b661324be638 | 1053 | */ |
Jan Jongboom |
18:b661324be638 | 1054 | //#define MBEDTLS_SHA256_SMALLER |
Jan Jongboom |
18:b661324be638 | 1055 | |
Jan Jongboom |
18:b661324be638 | 1056 | /** |
Jan Jongboom |
18:b661324be638 | 1057 | * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES |
Jan Jongboom |
18:b661324be638 | 1058 | * |
Jan Jongboom |
18:b661324be638 | 1059 | * Enable sending of alert messages in case of encountered errors as per RFC. |
Jan Jongboom |
18:b661324be638 | 1060 | * If you choose not to send the alert messages, mbed TLS can still communicate |
Jan Jongboom |
18:b661324be638 | 1061 | * with other servers, only debugging of failures is harder. |
Jan Jongboom |
18:b661324be638 | 1062 | * |
Jan Jongboom |
18:b661324be638 | 1063 | * The advantage of not sending alert messages, is that no information is given |
Jan Jongboom |
18:b661324be638 | 1064 | * about reasons for failures thus preventing adversaries of gaining intel. |
Jan Jongboom |
18:b661324be638 | 1065 | * |
Jan Jongboom |
18:b661324be638 | 1066 | * Enable sending of all alert messages |
Jan Jongboom |
18:b661324be638 | 1067 | */ |
Jan Jongboom |
18:b661324be638 | 1068 | #define MBEDTLS_SSL_ALL_ALERT_MESSAGES |
Jan Jongboom |
18:b661324be638 | 1069 | |
Jan Jongboom |
18:b661324be638 | 1070 | /** |
Jan Jongboom |
18:b661324be638 | 1071 | * \def MBEDTLS_SSL_DEBUG_ALL |
Jan Jongboom |
18:b661324be638 | 1072 | * |
Jan Jongboom |
18:b661324be638 | 1073 | * Enable the debug messages in SSL module for all issues. |
Jan Jongboom |
18:b661324be638 | 1074 | * Debug messages have been disabled in some places to prevent timing |
Jan Jongboom |
18:b661324be638 | 1075 | * attacks due to (unbalanced) debugging function calls. |
Jan Jongboom |
18:b661324be638 | 1076 | * |
Jan Jongboom |
18:b661324be638 | 1077 | * If you need all error reporting you should enable this during debugging, |
Jan Jongboom |
18:b661324be638 | 1078 | * but remove this for production servers that should log as well. |
Jan Jongboom |
18:b661324be638 | 1079 | * |
Jan Jongboom |
18:b661324be638 | 1080 | * Uncomment this macro to report all debug messages on errors introducing |
Jan Jongboom |
18:b661324be638 | 1081 | * a timing side-channel. |
Jan Jongboom |
18:b661324be638 | 1082 | * |
Jan Jongboom |
18:b661324be638 | 1083 | */ |
Jan Jongboom |
18:b661324be638 | 1084 | //#define MBEDTLS_SSL_DEBUG_ALL |
Jan Jongboom |
18:b661324be638 | 1085 | |
Jan Jongboom |
18:b661324be638 | 1086 | /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC |
Jan Jongboom |
18:b661324be638 | 1087 | * |
Jan Jongboom |
18:b661324be638 | 1088 | * Enable support for Encrypt-then-MAC, RFC 7366. |
Jan Jongboom |
18:b661324be638 | 1089 | * |
Jan Jongboom |
18:b661324be638 | 1090 | * This allows peers that both support it to use a more robust protection for |
Jan Jongboom |
18:b661324be638 | 1091 | * ciphersuites using CBC, providing deep resistance against timing attacks |
Jan Jongboom |
18:b661324be638 | 1092 | * on the padding or underlying cipher. |
Jan Jongboom |
18:b661324be638 | 1093 | * |
Jan Jongboom |
18:b661324be638 | 1094 | * This only affects CBC ciphersuites, and is useless if none is defined. |
Jan Jongboom |
18:b661324be638 | 1095 | * |
Jan Jongboom |
18:b661324be638 | 1096 | * Requires: MBEDTLS_SSL_PROTO_TLS1 or |
Jan Jongboom |
18:b661324be638 | 1097 | * MBEDTLS_SSL_PROTO_TLS1_1 or |
Jan Jongboom |
18:b661324be638 | 1098 | * MBEDTLS_SSL_PROTO_TLS1_2 |
Jan Jongboom |
18:b661324be638 | 1099 | * |
Jan Jongboom |
18:b661324be638 | 1100 | * Comment this macro to disable support for Encrypt-then-MAC |
Jan Jongboom |
18:b661324be638 | 1101 | */ |
Jan Jongboom |
18:b661324be638 | 1102 | #define MBEDTLS_SSL_ENCRYPT_THEN_MAC |
Jan Jongboom |
18:b661324be638 | 1103 | |
Jan Jongboom |
18:b661324be638 | 1104 | /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET |
Jan Jongboom |
18:b661324be638 | 1105 | * |
Jan Jongboom |
18:b661324be638 | 1106 | * Enable support for Extended Master Secret, aka Session Hash |
Jan Jongboom |
18:b661324be638 | 1107 | * (draft-ietf-tls-session-hash-02). |
Jan Jongboom |
18:b661324be638 | 1108 | * |
Jan Jongboom |
18:b661324be638 | 1109 | * This was introduced as "the proper fix" to the Triple Handshake familiy of |
Jan Jongboom |
18:b661324be638 | 1110 | * attacks, but it is recommended to always use it (even if you disable |
Jan Jongboom |
18:b661324be638 | 1111 | * renegotiation), since it actually fixes a more fundamental issue in the |
Jan Jongboom |
18:b661324be638 | 1112 | * original SSL/TLS design, and has implications beyond Triple Handshake. |
Jan Jongboom |
18:b661324be638 | 1113 | * |
Jan Jongboom |
18:b661324be638 | 1114 | * Requires: MBEDTLS_SSL_PROTO_TLS1 or |
Jan Jongboom |
18:b661324be638 | 1115 | * MBEDTLS_SSL_PROTO_TLS1_1 or |
Jan Jongboom |
18:b661324be638 | 1116 | * MBEDTLS_SSL_PROTO_TLS1_2 |
Jan Jongboom |
18:b661324be638 | 1117 | * |
Jan Jongboom |
18:b661324be638 | 1118 | * Comment this macro to disable support for Extended Master Secret. |
Jan Jongboom |
18:b661324be638 | 1119 | */ |
Jan Jongboom |
18:b661324be638 | 1120 | #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET |
Jan Jongboom |
18:b661324be638 | 1121 | |
Jan Jongboom |
18:b661324be638 | 1122 | /** |
Jan Jongboom |
18:b661324be638 | 1123 | * \def MBEDTLS_SSL_FALLBACK_SCSV |
Jan Jongboom |
18:b661324be638 | 1124 | * |
Jan Jongboom |
18:b661324be638 | 1125 | * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). |
Jan Jongboom |
18:b661324be638 | 1126 | * |
Jan Jongboom |
18:b661324be638 | 1127 | * For servers, it is recommended to always enable this, unless you support |
Jan Jongboom |
18:b661324be638 | 1128 | * only one version of TLS, or know for sure that none of your clients |
Jan Jongboom |
18:b661324be638 | 1129 | * implements a fallback strategy. |
Jan Jongboom |
18:b661324be638 | 1130 | * |
Jan Jongboom |
18:b661324be638 | 1131 | * For clients, you only need this if you're using a fallback strategy, which |
Jan Jongboom |
18:b661324be638 | 1132 | * is not recommended in the first place, unless you absolutely need it to |
Jan Jongboom |
18:b661324be638 | 1133 | * interoperate with buggy (version-intolerant) servers. |
Jan Jongboom |
18:b661324be638 | 1134 | * |
Jan Jongboom |
18:b661324be638 | 1135 | * Comment this macro to disable support for FALLBACK_SCSV |
Jan Jongboom |
18:b661324be638 | 1136 | */ |
Jan Jongboom |
18:b661324be638 | 1137 | //#define MBEDTLS_SSL_FALLBACK_SCSV |
Jan Jongboom |
18:b661324be638 | 1138 | |
Jan Jongboom |
18:b661324be638 | 1139 | /** |
Jan Jongboom |
18:b661324be638 | 1140 | * \def MBEDTLS_SSL_HW_RECORD_ACCEL |
Jan Jongboom |
18:b661324be638 | 1141 | * |
Jan Jongboom |
18:b661324be638 | 1142 | * Enable hooking functions in SSL module for hardware acceleration of |
Jan Jongboom |
18:b661324be638 | 1143 | * individual records. |
Jan Jongboom |
18:b661324be638 | 1144 | * |
Jan Jongboom |
18:b661324be638 | 1145 | * Uncomment this macro to enable hooking functions. |
Jan Jongboom |
18:b661324be638 | 1146 | */ |
Jan Jongboom |
18:b661324be638 | 1147 | //#define MBEDTLS_SSL_HW_RECORD_ACCEL |
Jan Jongboom |
18:b661324be638 | 1148 | |
Jan Jongboom |
18:b661324be638 | 1149 | /** |
Jan Jongboom |
18:b661324be638 | 1150 | * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING |
Jan Jongboom |
18:b661324be638 | 1151 | * |
Jan Jongboom |
18:b661324be638 | 1152 | * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. |
Jan Jongboom |
18:b661324be638 | 1153 | * |
Jan Jongboom |
18:b661324be638 | 1154 | * This is a countermeasure to the BEAST attack, which also minimizes the risk |
Jan Jongboom |
18:b661324be638 | 1155 | * of interoperability issues compared to sending 0-length records. |
Jan Jongboom |
18:b661324be638 | 1156 | * |
Jan Jongboom |
18:b661324be638 | 1157 | * Comment this macro to disable 1/n-1 record splitting. |
Jan Jongboom |
18:b661324be638 | 1158 | */ |
Jan Jongboom |
18:b661324be638 | 1159 | //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING |
Jan Jongboom |
18:b661324be638 | 1160 | |
Jan Jongboom |
18:b661324be638 | 1161 | /** |
Jan Jongboom |
18:b661324be638 | 1162 | * \def MBEDTLS_SSL_RENEGOTIATION |
Jan Jongboom |
18:b661324be638 | 1163 | * |
Jan Jongboom |
18:b661324be638 | 1164 | * Disable support for TLS renegotiation. |
Jan Jongboom |
18:b661324be638 | 1165 | * |
Jan Jongboom |
18:b661324be638 | 1166 | * The two main uses of renegotiation are (1) refresh keys on long-lived |
Jan Jongboom |
18:b661324be638 | 1167 | * connections and (2) client authentication after the initial handshake. |
Jan Jongboom |
18:b661324be638 | 1168 | * If you don't need renegotiation, it's probably better to disable it, since |
Jan Jongboom |
18:b661324be638 | 1169 | * it has been associated with security issues in the past and is easy to |
Jan Jongboom |
18:b661324be638 | 1170 | * misuse/misunderstand. |
Jan Jongboom |
18:b661324be638 | 1171 | * |
Jan Jongboom |
18:b661324be638 | 1172 | * Comment this to disable support for renegotiation. |
Jan Jongboom |
18:b661324be638 | 1173 | */ |
Jan Jongboom |
18:b661324be638 | 1174 | #define MBEDTLS_SSL_RENEGOTIATION |
Jan Jongboom |
18:b661324be638 | 1175 | |
Jan Jongboom |
18:b661324be638 | 1176 | /** |
Jan Jongboom |
18:b661324be638 | 1177 | * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO |
Jan Jongboom |
18:b661324be638 | 1178 | * |
Jan Jongboom |
18:b661324be638 | 1179 | * Enable support for receiving and parsing SSLv2 Client Hello messages for the |
Jan Jongboom |
18:b661324be638 | 1180 | * SSL Server module (MBEDTLS_SSL_SRV_C). |
Jan Jongboom |
18:b661324be638 | 1181 | * |
Jan Jongboom |
18:b661324be638 | 1182 | * Uncomment this macro to enable support for SSLv2 Client Hello messages. |
Jan Jongboom |
18:b661324be638 | 1183 | */ |
Jan Jongboom |
18:b661324be638 | 1184 | //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO |
Jan Jongboom |
18:b661324be638 | 1185 | |
Jan Jongboom |
18:b661324be638 | 1186 | /** |
Jan Jongboom |
18:b661324be638 | 1187 | * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE |
Jan Jongboom |
18:b661324be638 | 1188 | * |
Jan Jongboom |
18:b661324be638 | 1189 | * Pick the ciphersuite according to the client's preferences rather than ours |
Jan Jongboom |
18:b661324be638 | 1190 | * in the SSL Server module (MBEDTLS_SSL_SRV_C). |
Jan Jongboom |
18:b661324be638 | 1191 | * |
Jan Jongboom |
18:b661324be638 | 1192 | * Uncomment this macro to respect client's ciphersuite order |
Jan Jongboom |
18:b661324be638 | 1193 | */ |
Jan Jongboom |
18:b661324be638 | 1194 | //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE |
Jan Jongboom |
18:b661324be638 | 1195 | |
Jan Jongboom |
18:b661324be638 | 1196 | /** |
Jan Jongboom |
18:b661324be638 | 1197 | * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH |
Jan Jongboom |
18:b661324be638 | 1198 | * |
Jan Jongboom |
18:b661324be638 | 1199 | * Enable support for RFC 6066 max_fragment_length extension in SSL. |
Jan Jongboom |
18:b661324be638 | 1200 | * |
Jan Jongboom |
18:b661324be638 | 1201 | * Comment this macro to disable support for the max_fragment_length extension |
Jan Jongboom |
18:b661324be638 | 1202 | */ |
Jan Jongboom |
18:b661324be638 | 1203 | #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH |
Jan Jongboom |
18:b661324be638 | 1204 | |
Jan Jongboom |
18:b661324be638 | 1205 | /** |
Jan Jongboom |
18:b661324be638 | 1206 | * \def MBEDTLS_SSL_PROTO_SSL3 |
Jan Jongboom |
18:b661324be638 | 1207 | * |
Jan Jongboom |
18:b661324be638 | 1208 | * Enable support for SSL 3.0. |
Jan Jongboom |
18:b661324be638 | 1209 | * |
Jan Jongboom |
18:b661324be638 | 1210 | * Requires: MBEDTLS_MD5_C |
Jan Jongboom |
18:b661324be638 | 1211 | * MBEDTLS_SHA1_C |
Jan Jongboom |
18:b661324be638 | 1212 | * |
Jan Jongboom |
18:b661324be638 | 1213 | * Comment this macro to disable support for SSL 3.0 |
Jan Jongboom |
18:b661324be638 | 1214 | */ |
Jan Jongboom |
18:b661324be638 | 1215 | //#define MBEDTLS_SSL_PROTO_SSL3 |
Jan Jongboom |
18:b661324be638 | 1216 | |
Jan Jongboom |
18:b661324be638 | 1217 | /** |
Jan Jongboom |
18:b661324be638 | 1218 | * \def MBEDTLS_SSL_PROTO_TLS1 |
Jan Jongboom |
18:b661324be638 | 1219 | * |
Jan Jongboom |
18:b661324be638 | 1220 | * Enable support for TLS 1.0. |
Jan Jongboom |
18:b661324be638 | 1221 | * |
Jan Jongboom |
18:b661324be638 | 1222 | * Requires: MBEDTLS_MD5_C |
Jan Jongboom |
18:b661324be638 | 1223 | * MBEDTLS_SHA1_C |
Jan Jongboom |
18:b661324be638 | 1224 | * |
Jan Jongboom |
18:b661324be638 | 1225 | * Comment this macro to disable support for TLS 1.0 |
Jan Jongboom |
18:b661324be638 | 1226 | */ |
Jan Jongboom |
18:b661324be638 | 1227 | //#define MBEDTLS_SSL_PROTO_TLS1 |
Jan Jongboom |
18:b661324be638 | 1228 | |
Jan Jongboom |
18:b661324be638 | 1229 | /** |
Jan Jongboom |
18:b661324be638 | 1230 | * \def MBEDTLS_SSL_PROTO_TLS1_1 |
Jan Jongboom |
18:b661324be638 | 1231 | * |
Jan Jongboom |
18:b661324be638 | 1232 | * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). |
Jan Jongboom |
18:b661324be638 | 1233 | * |
Jan Jongboom |
18:b661324be638 | 1234 | * Requires: MBEDTLS_MD5_C |
Jan Jongboom |
18:b661324be638 | 1235 | * MBEDTLS_SHA1_C |
Jan Jongboom |
18:b661324be638 | 1236 | * |
Jan Jongboom |
18:b661324be638 | 1237 | * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 |
Jan Jongboom |
18:b661324be638 | 1238 | */ |
Jan Jongboom |
18:b661324be638 | 1239 | //#define MBEDTLS_SSL_PROTO_TLS1_1 |
Jan Jongboom |
18:b661324be638 | 1240 | |
Jan Jongboom |
18:b661324be638 | 1241 | /** |
Jan Jongboom |
18:b661324be638 | 1242 | * \def MBEDTLS_SSL_PROTO_TLS1_2 |
Jan Jongboom |
18:b661324be638 | 1243 | * |
Jan Jongboom |
18:b661324be638 | 1244 | * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). |
Jan Jongboom |
18:b661324be638 | 1245 | * |
Jan Jongboom |
18:b661324be638 | 1246 | * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C |
Jan Jongboom |
18:b661324be638 | 1247 | * (Depends on ciphersuites) |
Jan Jongboom |
18:b661324be638 | 1248 | * |
Jan Jongboom |
18:b661324be638 | 1249 | * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 |
Jan Jongboom |
18:b661324be638 | 1250 | */ |
Jan Jongboom |
18:b661324be638 | 1251 | #define MBEDTLS_SSL_PROTO_TLS1_2 |
Jan Jongboom |
18:b661324be638 | 1252 | |
Jan Jongboom |
18:b661324be638 | 1253 | /** |
Jan Jongboom |
18:b661324be638 | 1254 | * \def MBEDTLS_SSL_PROTO_DTLS |
Jan Jongboom |
18:b661324be638 | 1255 | * |
Jan Jongboom |
18:b661324be638 | 1256 | * Enable support for DTLS (all available versions). |
Jan Jongboom |
18:b661324be638 | 1257 | * |
Jan Jongboom |
18:b661324be638 | 1258 | * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, |
Jan Jongboom |
18:b661324be638 | 1259 | * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. |
Jan Jongboom |
18:b661324be638 | 1260 | * |
Jan Jongboom |
18:b661324be638 | 1261 | * Requires: MBEDTLS_SSL_PROTO_TLS1_1 |
Jan Jongboom |
18:b661324be638 | 1262 | * or MBEDTLS_SSL_PROTO_TLS1_2 |
Jan Jongboom |
18:b661324be638 | 1263 | * |
Jan Jongboom |
18:b661324be638 | 1264 | * Comment this macro to disable support for DTLS |
Jan Jongboom |
18:b661324be638 | 1265 | */ |
Jan Jongboom |
18:b661324be638 | 1266 | #define MBEDTLS_SSL_PROTO_DTLS |
Jan Jongboom |
18:b661324be638 | 1267 | |
Jan Jongboom |
18:b661324be638 | 1268 | /** |
Jan Jongboom |
18:b661324be638 | 1269 | * \def MBEDTLS_SSL_ALPN |
Jan Jongboom |
18:b661324be638 | 1270 | * |
Jan Jongboom |
18:b661324be638 | 1271 | * Enable support for RFC 7301 Application Layer Protocol Negotiation. |
Jan Jongboom |
18:b661324be638 | 1272 | * |
Jan Jongboom |
18:b661324be638 | 1273 | * Comment this macro to disable support for ALPN. |
Jan Jongboom |
18:b661324be638 | 1274 | */ |
Jan Jongboom |
18:b661324be638 | 1275 | #define MBEDTLS_SSL_ALPN |
Jan Jongboom |
18:b661324be638 | 1276 | |
Jan Jongboom |
18:b661324be638 | 1277 | /** |
Jan Jongboom |
18:b661324be638 | 1278 | * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY |
Jan Jongboom |
18:b661324be638 | 1279 | * |
Jan Jongboom |
18:b661324be638 | 1280 | * Enable support for the anti-replay mechanism in DTLS. |
Jan Jongboom |
18:b661324be638 | 1281 | * |
Jan Jongboom |
18:b661324be638 | 1282 | * Requires: MBEDTLS_SSL_TLS_C |
Jan Jongboom |
18:b661324be638 | 1283 | * MBEDTLS_SSL_PROTO_DTLS |
Jan Jongboom |
18:b661324be638 | 1284 | * |
Jan Jongboom |
18:b661324be638 | 1285 | * \warning Disabling this is often a security risk! |
Jan Jongboom |
18:b661324be638 | 1286 | * See mbedtls_ssl_conf_dtls_anti_replay() for details. |
Jan Jongboom |
18:b661324be638 | 1287 | * |
Jan Jongboom |
18:b661324be638 | 1288 | * Comment this to disable anti-replay in DTLS. |
Jan Jongboom |
18:b661324be638 | 1289 | */ |
Jan Jongboom |
18:b661324be638 | 1290 | #define MBEDTLS_SSL_DTLS_ANTI_REPLAY |
Jan Jongboom |
18:b661324be638 | 1291 | |
Jan Jongboom |
18:b661324be638 | 1292 | /** |
Jan Jongboom |
18:b661324be638 | 1293 | * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY |
Jan Jongboom |
18:b661324be638 | 1294 | * |
Jan Jongboom |
18:b661324be638 | 1295 | * Enable support for HelloVerifyRequest on DTLS servers. |
Jan Jongboom |
18:b661324be638 | 1296 | * |
Jan Jongboom |
18:b661324be638 | 1297 | * This feature is highly recommended to prevent DTLS servers being used as |
Jan Jongboom |
18:b661324be638 | 1298 | * amplifiers in DoS attacks against other hosts. It should always be enabled |
Jan Jongboom |
18:b661324be638 | 1299 | * unless you know for sure amplification cannot be a problem in the |
Jan Jongboom |
18:b661324be638 | 1300 | * environment in which your server operates. |
Jan Jongboom |
18:b661324be638 | 1301 | * |
Jan Jongboom |
18:b661324be638 | 1302 | * \warning Disabling this can ba a security risk! (see above) |
Jan Jongboom |
18:b661324be638 | 1303 | * |
Jan Jongboom |
18:b661324be638 | 1304 | * Requires: MBEDTLS_SSL_PROTO_DTLS |
Jan Jongboom |
18:b661324be638 | 1305 | * |
Jan Jongboom |
18:b661324be638 | 1306 | * Comment this to disable support for HelloVerifyRequest. |
Jan Jongboom |
18:b661324be638 | 1307 | */ |
Jan Jongboom |
18:b661324be638 | 1308 | #define MBEDTLS_SSL_DTLS_HELLO_VERIFY |
Jan Jongboom |
18:b661324be638 | 1309 | |
Jan Jongboom |
18:b661324be638 | 1310 | /** |
Jan Jongboom |
18:b661324be638 | 1311 | * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE |
Jan Jongboom |
18:b661324be638 | 1312 | * |
Jan Jongboom |
18:b661324be638 | 1313 | * Enable server-side support for clients that reconnect from the same port. |
Jan Jongboom |
18:b661324be638 | 1314 | * |
Jan Jongboom |
18:b661324be638 | 1315 | * Some clients unexpectedly close the connection and try to reconnect using the |
Jan Jongboom |
18:b661324be638 | 1316 | * same source port. This needs special support from the server to handle the |
Jan Jongboom |
18:b661324be638 | 1317 | * new connection securely, as described in section 4.2.8 of RFC 6347. This |
Jan Jongboom |
18:b661324be638 | 1318 | * flag enables that support. |
Jan Jongboom |
18:b661324be638 | 1319 | * |
Jan Jongboom |
18:b661324be638 | 1320 | * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY |
Jan Jongboom |
18:b661324be638 | 1321 | * |
Jan Jongboom |
18:b661324be638 | 1322 | * Comment this to disable support for clients reusing the source port. |
Jan Jongboom |
18:b661324be638 | 1323 | */ |
Jan Jongboom |
18:b661324be638 | 1324 | #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE |
Jan Jongboom |
18:b661324be638 | 1325 | |
Jan Jongboom |
18:b661324be638 | 1326 | /** |
Jan Jongboom |
18:b661324be638 | 1327 | * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT |
Jan Jongboom |
18:b661324be638 | 1328 | * |
Jan Jongboom |
18:b661324be638 | 1329 | * Enable support for a limit of records with bad MAC. |
Jan Jongboom |
18:b661324be638 | 1330 | * |
Jan Jongboom |
18:b661324be638 | 1331 | * See mbedtls_ssl_conf_dtls_badmac_limit(). |
Jan Jongboom |
18:b661324be638 | 1332 | * |
Jan Jongboom |
18:b661324be638 | 1333 | * Requires: MBEDTLS_SSL_PROTO_DTLS |
Jan Jongboom |
18:b661324be638 | 1334 | */ |
Jan Jongboom |
18:b661324be638 | 1335 | #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT |
Jan Jongboom |
18:b661324be638 | 1336 | |
Jan Jongboom |
18:b661324be638 | 1337 | /** |
Jan Jongboom |
18:b661324be638 | 1338 | * \def MBEDTLS_SSL_SESSION_TICKETS |
Jan Jongboom |
18:b661324be638 | 1339 | * |
Jan Jongboom |
18:b661324be638 | 1340 | * Enable support for RFC 5077 session tickets in SSL. |
Jan Jongboom |
18:b661324be638 | 1341 | * Client-side, provides full support for session tickets (maintainance of a |
Jan Jongboom |
18:b661324be638 | 1342 | * session store remains the responsibility of the application, though). |
Jan Jongboom |
18:b661324be638 | 1343 | * Server-side, you also need to provide callbacks for writing and parsing |
Jan Jongboom |
18:b661324be638 | 1344 | * tickets, including authenticated encryption and key management. Example |
Jan Jongboom |
18:b661324be638 | 1345 | * callbacks are provided by MBEDTLS_SSL_TICKET_C. |
Jan Jongboom |
18:b661324be638 | 1346 | * |
Jan Jongboom |
18:b661324be638 | 1347 | * Comment this macro to disable support for SSL session tickets |
Jan Jongboom |
18:b661324be638 | 1348 | */ |
Jan Jongboom |
18:b661324be638 | 1349 | #define MBEDTLS_SSL_SESSION_TICKETS |
Jan Jongboom |
18:b661324be638 | 1350 | |
Jan Jongboom |
18:b661324be638 | 1351 | /** |
Jan Jongboom |
18:b661324be638 | 1352 | * \def MBEDTLS_SSL_EXPORT_KEYS |
Jan Jongboom |
18:b661324be638 | 1353 | * |
Jan Jongboom |
18:b661324be638 | 1354 | * Enable support for exporting key block and master secret. |
Jan Jongboom |
18:b661324be638 | 1355 | * This is required for certain users of TLS, e.g. EAP-TLS. |
Jan Jongboom |
18:b661324be638 | 1356 | * |
Jan Jongboom |
18:b661324be638 | 1357 | * Comment this macro to disable support for key export |
Jan Jongboom |
18:b661324be638 | 1358 | */ |
Jan Jongboom |
18:b661324be638 | 1359 | #define MBEDTLS_SSL_EXPORT_KEYS |
Jan Jongboom |
18:b661324be638 | 1360 | |
Jan Jongboom |
18:b661324be638 | 1361 | /** |
Jan Jongboom |
18:b661324be638 | 1362 | * \def MBEDTLS_SSL_SERVER_NAME_INDICATION |
Jan Jongboom |
18:b661324be638 | 1363 | * |
Jan Jongboom |
18:b661324be638 | 1364 | * Enable support for RFC 6066 server name indication (SNI) in SSL. |
Jan Jongboom |
18:b661324be638 | 1365 | * |
Jan Jongboom |
18:b661324be638 | 1366 | * Requires: MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 1367 | * |
Jan Jongboom |
18:b661324be638 | 1368 | * Comment this macro to disable support for server name indication in SSL |
Jan Jongboom |
18:b661324be638 | 1369 | */ |
Jan Jongboom |
18:b661324be638 | 1370 | #define MBEDTLS_SSL_SERVER_NAME_INDICATION |
Jan Jongboom |
18:b661324be638 | 1371 | |
Jan Jongboom |
18:b661324be638 | 1372 | /** |
Jan Jongboom |
18:b661324be638 | 1373 | * \def MBEDTLS_SSL_TRUNCATED_HMAC |
Jan Jongboom |
18:b661324be638 | 1374 | * |
Jan Jongboom |
18:b661324be638 | 1375 | * Enable support for RFC 6066 truncated HMAC in SSL. |
Jan Jongboom |
18:b661324be638 | 1376 | * |
Jan Jongboom |
18:b661324be638 | 1377 | * Comment this macro to disable support for truncated HMAC in SSL |
Jan Jongboom |
18:b661324be638 | 1378 | */ |
Jan Jongboom |
18:b661324be638 | 1379 | //#define MBEDTLS_SSL_TRUNCATED_HMAC |
Jan Jongboom |
18:b661324be638 | 1380 | |
Jan Jongboom |
18:b661324be638 | 1381 | /** |
Jan Jongboom |
18:b661324be638 | 1382 | * \def MBEDTLS_THREADING_ALT |
Jan Jongboom |
18:b661324be638 | 1383 | * |
Jan Jongboom |
18:b661324be638 | 1384 | * Provide your own alternate threading implementation. |
Jan Jongboom |
18:b661324be638 | 1385 | * |
Jan Jongboom |
18:b661324be638 | 1386 | * Requires: MBEDTLS_THREADING_C |
Jan Jongboom |
18:b661324be638 | 1387 | * |
Jan Jongboom |
18:b661324be638 | 1388 | * Uncomment this to allow your own alternate threading implementation. |
Jan Jongboom |
18:b661324be638 | 1389 | */ |
Jan Jongboom |
18:b661324be638 | 1390 | //#define MBEDTLS_THREADING_ALT |
Jan Jongboom |
18:b661324be638 | 1391 | |
Jan Jongboom |
18:b661324be638 | 1392 | /** |
Jan Jongboom |
18:b661324be638 | 1393 | * \def MBEDTLS_THREADING_PTHREAD |
Jan Jongboom |
18:b661324be638 | 1394 | * |
Jan Jongboom |
18:b661324be638 | 1395 | * Enable the pthread wrapper layer for the threading layer. |
Jan Jongboom |
18:b661324be638 | 1396 | * |
Jan Jongboom |
18:b661324be638 | 1397 | * Requires: MBEDTLS_THREADING_C |
Jan Jongboom |
18:b661324be638 | 1398 | * |
Jan Jongboom |
18:b661324be638 | 1399 | * Uncomment this to enable pthread mutexes. |
Jan Jongboom |
18:b661324be638 | 1400 | */ |
Jan Jongboom |
18:b661324be638 | 1401 | //#define MBEDTLS_THREADING_PTHREAD |
Jan Jongboom |
18:b661324be638 | 1402 | |
Jan Jongboom |
18:b661324be638 | 1403 | /** |
Jan Jongboom |
18:b661324be638 | 1404 | * \def MBEDTLS_VERSION_FEATURES |
Jan Jongboom |
18:b661324be638 | 1405 | * |
Jan Jongboom |
18:b661324be638 | 1406 | * Allow run-time checking of compile-time enabled features. Thus allowing users |
Jan Jongboom |
18:b661324be638 | 1407 | * to check at run-time if the library is for instance compiled with threading |
Jan Jongboom |
18:b661324be638 | 1408 | * support via mbedtls_version_check_feature(). |
Jan Jongboom |
18:b661324be638 | 1409 | * |
Jan Jongboom |
18:b661324be638 | 1410 | * Requires: MBEDTLS_VERSION_C |
Jan Jongboom |
18:b661324be638 | 1411 | * |
Jan Jongboom |
18:b661324be638 | 1412 | * Comment this to disable run-time checking and save ROM space |
Jan Jongboom |
18:b661324be638 | 1413 | */ |
Jan Jongboom |
18:b661324be638 | 1414 | #define MBEDTLS_VERSION_FEATURES |
Jan Jongboom |
18:b661324be638 | 1415 | |
Jan Jongboom |
18:b661324be638 | 1416 | /** |
Jan Jongboom |
18:b661324be638 | 1417 | * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 |
Jan Jongboom |
18:b661324be638 | 1418 | * |
Jan Jongboom |
18:b661324be638 | 1419 | * If set, the X509 parser will not break-off when parsing an X509 certificate |
Jan Jongboom |
18:b661324be638 | 1420 | * and encountering an extension in a v1 or v2 certificate. |
Jan Jongboom |
18:b661324be638 | 1421 | * |
Jan Jongboom |
18:b661324be638 | 1422 | * Uncomment to prevent an error. |
Jan Jongboom |
18:b661324be638 | 1423 | */ |
Jan Jongboom |
18:b661324be638 | 1424 | //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 |
Jan Jongboom |
18:b661324be638 | 1425 | |
Jan Jongboom |
18:b661324be638 | 1426 | /** |
Jan Jongboom |
18:b661324be638 | 1427 | * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION |
Jan Jongboom |
18:b661324be638 | 1428 | * |
Jan Jongboom |
18:b661324be638 | 1429 | * If set, the X509 parser will not break-off when parsing an X509 certificate |
Jan Jongboom |
18:b661324be638 | 1430 | * and encountering an unknown critical extension. |
Jan Jongboom |
18:b661324be638 | 1431 | * |
Jan Jongboom |
18:b661324be638 | 1432 | * \warning Depending on your PKI use, enabling this can be a security risk! |
Jan Jongboom |
18:b661324be638 | 1433 | * |
Jan Jongboom |
18:b661324be638 | 1434 | * Uncomment to prevent an error. |
Jan Jongboom |
18:b661324be638 | 1435 | */ |
Jan Jongboom |
18:b661324be638 | 1436 | //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION |
Jan Jongboom |
18:b661324be638 | 1437 | |
Jan Jongboom |
18:b661324be638 | 1438 | /** |
Jan Jongboom |
18:b661324be638 | 1439 | * \def MBEDTLS_X509_CHECK_KEY_USAGE |
Jan Jongboom |
18:b661324be638 | 1440 | * |
Jan Jongboom |
18:b661324be638 | 1441 | * Enable verification of the keyUsage extension (CA and leaf certificates). |
Jan Jongboom |
18:b661324be638 | 1442 | * |
Jan Jongboom |
18:b661324be638 | 1443 | * Disabling this avoids problems with mis-issued and/or misused |
Jan Jongboom |
18:b661324be638 | 1444 | * (intermediate) CA and leaf certificates. |
Jan Jongboom |
18:b661324be638 | 1445 | * |
Jan Jongboom |
18:b661324be638 | 1446 | * \warning Depending on your PKI use, disabling this can be a security risk! |
Jan Jongboom |
18:b661324be638 | 1447 | * |
Jan Jongboom |
18:b661324be638 | 1448 | * Comment to skip keyUsage checking for both CA and leaf certificates. |
Jan Jongboom |
18:b661324be638 | 1449 | */ |
Jan Jongboom |
18:b661324be638 | 1450 | #define MBEDTLS_X509_CHECK_KEY_USAGE |
Jan Jongboom |
18:b661324be638 | 1451 | |
Jan Jongboom |
18:b661324be638 | 1452 | /** |
Jan Jongboom |
18:b661324be638 | 1453 | * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE |
Jan Jongboom |
18:b661324be638 | 1454 | * |
Jan Jongboom |
18:b661324be638 | 1455 | * Enable verification of the extendedKeyUsage extension (leaf certificates). |
Jan Jongboom |
18:b661324be638 | 1456 | * |
Jan Jongboom |
18:b661324be638 | 1457 | * Disabling this avoids problems with mis-issued and/or misused certificates. |
Jan Jongboom |
18:b661324be638 | 1458 | * |
Jan Jongboom |
18:b661324be638 | 1459 | * \warning Depending on your PKI use, disabling this can be a security risk! |
Jan Jongboom |
18:b661324be638 | 1460 | * |
Jan Jongboom |
18:b661324be638 | 1461 | * Comment to skip extendedKeyUsage checking for certificates. |
Jan Jongboom |
18:b661324be638 | 1462 | */ |
Jan Jongboom |
18:b661324be638 | 1463 | #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE |
Jan Jongboom |
18:b661324be638 | 1464 | |
Jan Jongboom |
18:b661324be638 | 1465 | /** |
Jan Jongboom |
18:b661324be638 | 1466 | * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT |
Jan Jongboom |
18:b661324be638 | 1467 | * |
Jan Jongboom |
18:b661324be638 | 1468 | * Enable parsing and verification of X.509 certificates, CRLs and CSRS |
Jan Jongboom |
18:b661324be638 | 1469 | * signed with RSASSA-PSS (aka PKCS#1 v2.1). |
Jan Jongboom |
18:b661324be638 | 1470 | * |
Jan Jongboom |
18:b661324be638 | 1471 | * Comment this macro to disallow using RSASSA-PSS in certificates. |
Jan Jongboom |
18:b661324be638 | 1472 | */ |
Jan Jongboom |
18:b661324be638 | 1473 | //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT |
Jan Jongboom |
18:b661324be638 | 1474 | |
Jan Jongboom |
18:b661324be638 | 1475 | /** |
Jan Jongboom |
18:b661324be638 | 1476 | * \def MBEDTLS_ZLIB_SUPPORT |
Jan Jongboom |
18:b661324be638 | 1477 | * |
Jan Jongboom |
18:b661324be638 | 1478 | * If set, the SSL/TLS module uses ZLIB to support compression and |
Jan Jongboom |
18:b661324be638 | 1479 | * decompression of packet data. |
Jan Jongboom |
18:b661324be638 | 1480 | * |
Jan Jongboom |
18:b661324be638 | 1481 | * \warning TLS-level compression MAY REDUCE SECURITY! See for example the |
Jan Jongboom |
18:b661324be638 | 1482 | * CRIME attack. Before enabling this option, you should examine with care if |
Jan Jongboom |
18:b661324be638 | 1483 | * CRIME or similar exploits may be a applicable to your use case. |
Jan Jongboom |
18:b661324be638 | 1484 | * |
Jan Jongboom |
18:b661324be638 | 1485 | * \note Currently compression can't be used with DTLS. |
Jan Jongboom |
18:b661324be638 | 1486 | * |
Jan Jongboom |
18:b661324be638 | 1487 | * Used in: library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 1488 | * library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 1489 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 1490 | * |
Jan Jongboom |
18:b661324be638 | 1491 | * This feature requires zlib library and headers to be present. |
Jan Jongboom |
18:b661324be638 | 1492 | * |
Jan Jongboom |
18:b661324be638 | 1493 | * Uncomment to enable use of ZLIB |
Jan Jongboom |
18:b661324be638 | 1494 | */ |
Jan Jongboom |
18:b661324be638 | 1495 | //#define MBEDTLS_ZLIB_SUPPORT |
Jan Jongboom |
18:b661324be638 | 1496 | /* \} name SECTION: mbed TLS feature support */ |
Jan Jongboom |
18:b661324be638 | 1497 | |
Jan Jongboom |
18:b661324be638 | 1498 | /** |
Jan Jongboom |
18:b661324be638 | 1499 | * \name SECTION: mbed TLS modules |
Jan Jongboom |
18:b661324be638 | 1500 | * |
Jan Jongboom |
18:b661324be638 | 1501 | * This section enables or disables entire modules in mbed TLS |
Jan Jongboom |
18:b661324be638 | 1502 | * \{ |
Jan Jongboom |
18:b661324be638 | 1503 | */ |
Jan Jongboom |
18:b661324be638 | 1504 | |
Jan Jongboom |
18:b661324be638 | 1505 | /** |
Jan Jongboom |
18:b661324be638 | 1506 | * \def MBEDTLS_AESNI_C |
Jan Jongboom |
18:b661324be638 | 1507 | * |
Jan Jongboom |
18:b661324be638 | 1508 | * Enable AES-NI support on x86-64. |
Jan Jongboom |
18:b661324be638 | 1509 | * |
Jan Jongboom |
18:b661324be638 | 1510 | * Module: library/aesni.c |
Jan Jongboom |
18:b661324be638 | 1511 | * Caller: library/aes.c |
Jan Jongboom |
18:b661324be638 | 1512 | * |
Jan Jongboom |
18:b661324be638 | 1513 | * Requires: MBEDTLS_HAVE_ASM |
Jan Jongboom |
18:b661324be638 | 1514 | * |
Jan Jongboom |
18:b661324be638 | 1515 | * This modules adds support for the AES-NI instructions on x86-64 |
Jan Jongboom |
18:b661324be638 | 1516 | */ |
Jan Jongboom |
18:b661324be638 | 1517 | //#define MBEDTLS_AESNI_C |
Jan Jongboom |
18:b661324be638 | 1518 | |
Jan Jongboom |
18:b661324be638 | 1519 | /** |
Jan Jongboom |
18:b661324be638 | 1520 | * \def MBEDTLS_AES_C |
Jan Jongboom |
18:b661324be638 | 1521 | * |
Jan Jongboom |
18:b661324be638 | 1522 | * Enable the AES block cipher. |
Jan Jongboom |
18:b661324be638 | 1523 | * |
Jan Jongboom |
18:b661324be638 | 1524 | * Module: library/aes.c |
Jan Jongboom |
18:b661324be638 | 1525 | * Caller: library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 1526 | * library/pem.c |
Jan Jongboom |
18:b661324be638 | 1527 | * library/ctr_drbg.c |
Jan Jongboom |
18:b661324be638 | 1528 | * |
Jan Jongboom |
18:b661324be638 | 1529 | * This module enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 1530 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 1531 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1532 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1533 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1534 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1535 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1536 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1537 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1538 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1539 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1540 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1541 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1542 | * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1543 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1544 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1545 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1546 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1547 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1548 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1549 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1550 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1551 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1552 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1553 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1554 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1555 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1556 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1557 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1558 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1559 | * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1560 | * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1561 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1562 | * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1563 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1564 | * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1565 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1566 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1567 | * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1568 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1569 | * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1570 | * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1571 | * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1572 | * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1573 | * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1574 | * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1575 | * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1576 | * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1577 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1578 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1579 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1580 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1581 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1582 | * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1583 | * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1584 | * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1585 | * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1586 | * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1587 | * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1588 | * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1589 | * |
Jan Jongboom |
18:b661324be638 | 1590 | * PEM_PARSE uses AES for decrypting encrypted keys. |
Jan Jongboom |
18:b661324be638 | 1591 | */ |
Jan Jongboom |
18:b661324be638 | 1592 | #define MBEDTLS_AES_C |
Jan Jongboom |
18:b661324be638 | 1593 | |
Jan Jongboom |
18:b661324be638 | 1594 | /** |
Jan Jongboom |
18:b661324be638 | 1595 | * \def MBEDTLS_ARC4_C |
Jan Jongboom |
18:b661324be638 | 1596 | * |
Jan Jongboom |
18:b661324be638 | 1597 | * Enable the ARCFOUR stream cipher. |
Jan Jongboom |
18:b661324be638 | 1598 | * |
Jan Jongboom |
18:b661324be638 | 1599 | * Module: library/arc4.c |
Jan Jongboom |
18:b661324be638 | 1600 | * Caller: library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 1601 | * |
Jan Jongboom |
18:b661324be638 | 1602 | * This module enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 1603 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 1604 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1605 | * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1606 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1607 | * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1608 | * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1609 | * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1610 | * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1611 | * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 |
Jan Jongboom |
18:b661324be638 | 1612 | * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1613 | * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA |
Jan Jongboom |
18:b661324be638 | 1614 | */ |
Jan Jongboom |
18:b661324be638 | 1615 | //#define MBEDTLS_ARC4_C |
Jan Jongboom |
18:b661324be638 | 1616 | |
Jan Jongboom |
18:b661324be638 | 1617 | /** |
Jan Jongboom |
18:b661324be638 | 1618 | * \def MBEDTLS_ASN1_PARSE_C |
Jan Jongboom |
18:b661324be638 | 1619 | * |
Jan Jongboom |
18:b661324be638 | 1620 | * Enable the generic ASN1 parser. |
Jan Jongboom |
18:b661324be638 | 1621 | * |
Jan Jongboom |
18:b661324be638 | 1622 | * Module: library/asn1.c |
Jan Jongboom |
18:b661324be638 | 1623 | * Caller: library/x509.c |
Jan Jongboom |
18:b661324be638 | 1624 | * library/dhm.c |
Jan Jongboom |
18:b661324be638 | 1625 | * library/pkcs12.c |
Jan Jongboom |
18:b661324be638 | 1626 | * library/pkcs5.c |
Jan Jongboom |
18:b661324be638 | 1627 | * library/pkparse.c |
Jan Jongboom |
18:b661324be638 | 1628 | */ |
Jan Jongboom |
18:b661324be638 | 1629 | #define MBEDTLS_ASN1_PARSE_C |
Jan Jongboom |
18:b661324be638 | 1630 | |
Jan Jongboom |
18:b661324be638 | 1631 | /** |
Jan Jongboom |
18:b661324be638 | 1632 | * \def MBEDTLS_ASN1_WRITE_C |
Jan Jongboom |
18:b661324be638 | 1633 | * |
Jan Jongboom |
18:b661324be638 | 1634 | * Enable the generic ASN1 writer. |
Jan Jongboom |
18:b661324be638 | 1635 | * |
Jan Jongboom |
18:b661324be638 | 1636 | * Module: library/asn1write.c |
Jan Jongboom |
18:b661324be638 | 1637 | * Caller: library/ecdsa.c |
Jan Jongboom |
18:b661324be638 | 1638 | * library/pkwrite.c |
Jan Jongboom |
18:b661324be638 | 1639 | * library/x509_create.c |
Jan Jongboom |
18:b661324be638 | 1640 | * library/x509write_crt.c |
Jan Jongboom |
18:b661324be638 | 1641 | * library/x509write_csr.c |
Jan Jongboom |
18:b661324be638 | 1642 | */ |
Jan Jongboom |
18:b661324be638 | 1643 | // #define MBEDTLS_ASN1_WRITE_C |
Jan Jongboom |
18:b661324be638 | 1644 | |
Jan Jongboom |
18:b661324be638 | 1645 | /** |
Jan Jongboom |
18:b661324be638 | 1646 | * \def MBEDTLS_BASE64_C |
Jan Jongboom |
18:b661324be638 | 1647 | * |
Jan Jongboom |
18:b661324be638 | 1648 | * Enable the Base64 module. |
Jan Jongboom |
18:b661324be638 | 1649 | * |
Jan Jongboom |
18:b661324be638 | 1650 | * Module: library/base64.c |
Jan Jongboom |
18:b661324be638 | 1651 | * Caller: library/pem.c |
Jan Jongboom |
18:b661324be638 | 1652 | * |
Jan Jongboom |
18:b661324be638 | 1653 | * This module is required for PEM support (required by X.509). |
Jan Jongboom |
18:b661324be638 | 1654 | */ |
Jan Jongboom |
18:b661324be638 | 1655 | #define MBEDTLS_BASE64_C |
Jan Jongboom |
18:b661324be638 | 1656 | |
Jan Jongboom |
18:b661324be638 | 1657 | /** |
Jan Jongboom |
18:b661324be638 | 1658 | * \def MBEDTLS_BIGNUM_C |
Jan Jongboom |
18:b661324be638 | 1659 | * |
Jan Jongboom |
18:b661324be638 | 1660 | * Enable the multi-precision integer library. |
Jan Jongboom |
18:b661324be638 | 1661 | * |
Jan Jongboom |
18:b661324be638 | 1662 | * Module: library/bignum.c |
Jan Jongboom |
18:b661324be638 | 1663 | * Caller: library/dhm.c |
Jan Jongboom |
18:b661324be638 | 1664 | * library/ecp.c |
Jan Jongboom |
18:b661324be638 | 1665 | * library/ecdsa.c |
Jan Jongboom |
18:b661324be638 | 1666 | * library/rsa.c |
Jan Jongboom |
18:b661324be638 | 1667 | * library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 1668 | * |
Jan Jongboom |
18:b661324be638 | 1669 | * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. |
Jan Jongboom |
18:b661324be638 | 1670 | */ |
Jan Jongboom |
18:b661324be638 | 1671 | #define MBEDTLS_BIGNUM_C |
Jan Jongboom |
18:b661324be638 | 1672 | |
Jan Jongboom |
18:b661324be638 | 1673 | /** |
Jan Jongboom |
18:b661324be638 | 1674 | * \def MBEDTLS_BLOWFISH_C |
Jan Jongboom |
18:b661324be638 | 1675 | * |
Jan Jongboom |
18:b661324be638 | 1676 | * Enable the Blowfish block cipher. |
Jan Jongboom |
18:b661324be638 | 1677 | * |
Jan Jongboom |
18:b661324be638 | 1678 | * Module: library/blowfish.c |
Jan Jongboom |
18:b661324be638 | 1679 | */ |
Jan Jongboom |
18:b661324be638 | 1680 | //#define MBEDTLS_BLOWFISH_C |
Jan Jongboom |
18:b661324be638 | 1681 | |
Jan Jongboom |
18:b661324be638 | 1682 | /** |
Jan Jongboom |
18:b661324be638 | 1683 | * \def MBEDTLS_CAMELLIA_C |
Jan Jongboom |
18:b661324be638 | 1684 | * |
Jan Jongboom |
18:b661324be638 | 1685 | * Enable the Camellia block cipher. |
Jan Jongboom |
18:b661324be638 | 1686 | * |
Jan Jongboom |
18:b661324be638 | 1687 | * Module: library/camellia.c |
Jan Jongboom |
18:b661324be638 | 1688 | * Caller: library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 1689 | * |
Jan Jongboom |
18:b661324be638 | 1690 | * This module enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 1691 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 1692 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1693 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1694 | * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1695 | * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1696 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1697 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1698 | * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1699 | * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1700 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1701 | * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1702 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1703 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1704 | * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1705 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1706 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1707 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1708 | * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1709 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1710 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1711 | * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1712 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1713 | * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1714 | * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1715 | * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1716 | * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1717 | * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1718 | * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1719 | * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1720 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1721 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1722 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1723 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1724 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1725 | * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1726 | * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1727 | * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1728 | * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1729 | * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1730 | * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
Jan Jongboom |
18:b661324be638 | 1731 | * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
Jan Jongboom |
18:b661324be638 | 1732 | * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 1733 | * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
Jan Jongboom |
18:b661324be638 | 1734 | */ |
Jan Jongboom |
18:b661324be638 | 1735 | //#define MBEDTLS_CAMELLIA_C |
Jan Jongboom |
18:b661324be638 | 1736 | |
Jan Jongboom |
18:b661324be638 | 1737 | /** |
Jan Jongboom |
18:b661324be638 | 1738 | * \def MBEDTLS_CCM_C |
Jan Jongboom |
18:b661324be638 | 1739 | * |
Jan Jongboom |
18:b661324be638 | 1740 | * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. |
Jan Jongboom |
18:b661324be638 | 1741 | * |
Jan Jongboom |
18:b661324be638 | 1742 | * Module: library/ccm.c |
Jan Jongboom |
18:b661324be638 | 1743 | * |
Jan Jongboom |
18:b661324be638 | 1744 | * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C |
Jan Jongboom |
18:b661324be638 | 1745 | * |
Jan Jongboom |
18:b661324be638 | 1746 | * This module enables the AES-CCM ciphersuites, if other requisites are |
Jan Jongboom |
18:b661324be638 | 1747 | * enabled as well. |
Jan Jongboom |
18:b661324be638 | 1748 | */ |
Jan Jongboom |
18:b661324be638 | 1749 | #define MBEDTLS_CCM_C |
Jan Jongboom |
18:b661324be638 | 1750 | |
Jan Jongboom |
18:b661324be638 | 1751 | /** |
Jan Jongboom |
18:b661324be638 | 1752 | * \def MBEDTLS_CERTS_C |
Jan Jongboom |
18:b661324be638 | 1753 | * |
Jan Jongboom |
18:b661324be638 | 1754 | * Enable the test certificates. |
Jan Jongboom |
18:b661324be638 | 1755 | * |
Jan Jongboom |
18:b661324be638 | 1756 | * Module: library/certs.c |
Jan Jongboom |
18:b661324be638 | 1757 | * Caller: |
Jan Jongboom |
18:b661324be638 | 1758 | * |
Jan Jongboom |
18:b661324be638 | 1759 | * This module is used for testing (ssl_client/server). |
Jan Jongboom |
18:b661324be638 | 1760 | */ |
Jan Jongboom |
18:b661324be638 | 1761 | #define MBEDTLS_CERTS_C |
Jan Jongboom |
18:b661324be638 | 1762 | |
Jan Jongboom |
18:b661324be638 | 1763 | /** |
Jan Jongboom |
18:b661324be638 | 1764 | * \def MBEDTLS_CIPHER_C |
Jan Jongboom |
18:b661324be638 | 1765 | * |
Jan Jongboom |
18:b661324be638 | 1766 | * Enable the generic cipher layer. |
Jan Jongboom |
18:b661324be638 | 1767 | * |
Jan Jongboom |
18:b661324be638 | 1768 | * Module: library/cipher.c |
Jan Jongboom |
18:b661324be638 | 1769 | * Caller: library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 1770 | * |
Jan Jongboom |
18:b661324be638 | 1771 | * Uncomment to enable generic cipher wrappers. |
Jan Jongboom |
18:b661324be638 | 1772 | */ |
Jan Jongboom |
18:b661324be638 | 1773 | #define MBEDTLS_CIPHER_C |
Jan Jongboom |
18:b661324be638 | 1774 | |
Jan Jongboom |
18:b661324be638 | 1775 | /** |
Jan Jongboom |
18:b661324be638 | 1776 | * \def MBEDTLS_CMAC_C |
Jan Jongboom |
18:b661324be638 | 1777 | * |
Jan Jongboom |
18:b661324be638 | 1778 | * Enable the CMAC (Cipher-based Message Authentication Code) mode for block |
Jan Jongboom |
18:b661324be638 | 1779 | * ciphers. |
Jan Jongboom |
18:b661324be638 | 1780 | * |
Jan Jongboom |
18:b661324be638 | 1781 | * Module: library/cmac.c |
Jan Jongboom |
18:b661324be638 | 1782 | * |
Jan Jongboom |
18:b661324be638 | 1783 | * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C |
Jan Jongboom |
18:b661324be638 | 1784 | * |
Jan Jongboom |
18:b661324be638 | 1785 | */ |
Jan Jongboom |
18:b661324be638 | 1786 | //#define MBEDTLS_CMAC_C |
Jan Jongboom |
18:b661324be638 | 1787 | |
Jan Jongboom |
18:b661324be638 | 1788 | /** |
Jan Jongboom |
18:b661324be638 | 1789 | * \def MBEDTLS_CTR_DRBG_C |
Jan Jongboom |
18:b661324be638 | 1790 | * |
Jan Jongboom |
18:b661324be638 | 1791 | * Enable the CTR_DRBG AES-256-based random generator. |
Jan Jongboom |
18:b661324be638 | 1792 | * |
Jan Jongboom |
18:b661324be638 | 1793 | * Module: library/ctr_drbg.c |
Jan Jongboom |
18:b661324be638 | 1794 | * Caller: |
Jan Jongboom |
18:b661324be638 | 1795 | * |
Jan Jongboom |
18:b661324be638 | 1796 | * Requires: MBEDTLS_AES_C |
Jan Jongboom |
18:b661324be638 | 1797 | * |
Jan Jongboom |
18:b661324be638 | 1798 | * This module provides the CTR_DRBG AES-256 random number generator. |
Jan Jongboom |
18:b661324be638 | 1799 | */ |
Jan Jongboom |
18:b661324be638 | 1800 | #define MBEDTLS_CTR_DRBG_C |
Jan Jongboom |
18:b661324be638 | 1801 | |
Jan Jongboom |
18:b661324be638 | 1802 | /** |
Jan Jongboom |
18:b661324be638 | 1803 | * \def MBEDTLS_DEBUG_C |
Jan Jongboom |
18:b661324be638 | 1804 | * |
Jan Jongboom |
18:b661324be638 | 1805 | * Enable the debug functions. |
Jan Jongboom |
18:b661324be638 | 1806 | * |
Jan Jongboom |
18:b661324be638 | 1807 | * Module: library/debug.c |
Jan Jongboom |
18:b661324be638 | 1808 | * Caller: library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 1809 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 1810 | * library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 1811 | * |
Jan Jongboom |
18:b661324be638 | 1812 | * This module provides debugging functions. |
Jan Jongboom |
18:b661324be638 | 1813 | */ |
Jan Jongboom |
18:b661324be638 | 1814 | // #define MBEDTLS_DEBUG_C |
Jan Jongboom |
18:b661324be638 | 1815 | |
Jan Jongboom |
18:b661324be638 | 1816 | /** |
Jan Jongboom |
18:b661324be638 | 1817 | * \def MBEDTLS_DES_C |
Jan Jongboom |
18:b661324be638 | 1818 | * |
Jan Jongboom |
18:b661324be638 | 1819 | * Enable the DES block cipher. |
Jan Jongboom |
18:b661324be638 | 1820 | * |
Jan Jongboom |
18:b661324be638 | 1821 | * Module: library/des.c |
Jan Jongboom |
18:b661324be638 | 1822 | * Caller: library/pem.c |
Jan Jongboom |
18:b661324be638 | 1823 | * library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 1824 | * |
Jan Jongboom |
18:b661324be638 | 1825 | * This module enables the following ciphersuites (if other requisites are |
Jan Jongboom |
18:b661324be638 | 1826 | * enabled as well): |
Jan Jongboom |
18:b661324be638 | 1827 | * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1828 | * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1829 | * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1830 | * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1831 | * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1832 | * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1833 | * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1834 | * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1835 | * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1836 | * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA |
Jan Jongboom |
18:b661324be638 | 1837 | * |
Jan Jongboom |
18:b661324be638 | 1838 | * PEM_PARSE uses DES/3DES for decrypting encrypted keys. |
Jan Jongboom |
18:b661324be638 | 1839 | */ |
Jan Jongboom |
18:b661324be638 | 1840 | //#define MBEDTLS_DES_C |
Jan Jongboom |
18:b661324be638 | 1841 | |
Jan Jongboom |
18:b661324be638 | 1842 | /** |
Jan Jongboom |
18:b661324be638 | 1843 | * \def MBEDTLS_DHM_C |
Jan Jongboom |
18:b661324be638 | 1844 | * |
Jan Jongboom |
18:b661324be638 | 1845 | * Enable the Diffie-Hellman-Merkle module. |
Jan Jongboom |
18:b661324be638 | 1846 | * |
Jan Jongboom |
18:b661324be638 | 1847 | * Module: library/dhm.c |
Jan Jongboom |
18:b661324be638 | 1848 | * Caller: library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 1849 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 1850 | * |
Jan Jongboom |
18:b661324be638 | 1851 | * This module is used by the following key exchanges: |
Jan Jongboom |
18:b661324be638 | 1852 | * DHE-RSA, DHE-PSK |
Jan Jongboom |
18:b661324be638 | 1853 | */ |
Jan Jongboom |
18:b661324be638 | 1854 | //#define MBEDTLS_DHM_C |
Jan Jongboom |
18:b661324be638 | 1855 | |
Jan Jongboom |
18:b661324be638 | 1856 | /** |
Jan Jongboom |
18:b661324be638 | 1857 | * \def MBEDTLS_ECDH_C |
Jan Jongboom |
18:b661324be638 | 1858 | * |
Jan Jongboom |
18:b661324be638 | 1859 | * Enable the elliptic curve Diffie-Hellman library. |
Jan Jongboom |
18:b661324be638 | 1860 | * |
Jan Jongboom |
18:b661324be638 | 1861 | * Module: library/ecdh.c |
Jan Jongboom |
18:b661324be638 | 1862 | * Caller: library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 1863 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 1864 | * |
Jan Jongboom |
18:b661324be638 | 1865 | * This module is used by the following key exchanges: |
Jan Jongboom |
18:b661324be638 | 1866 | * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK |
Jan Jongboom |
18:b661324be638 | 1867 | * |
Jan Jongboom |
18:b661324be638 | 1868 | * Requires: MBEDTLS_ECP_C |
Jan Jongboom |
18:b661324be638 | 1869 | */ |
Jan Jongboom |
18:b661324be638 | 1870 | // #define MBEDTLS_ECDH_C |
Jan Jongboom |
18:b661324be638 | 1871 | |
Jan Jongboom |
18:b661324be638 | 1872 | /** |
Jan Jongboom |
18:b661324be638 | 1873 | * \def MBEDTLS_ECDSA_C |
Jan Jongboom |
18:b661324be638 | 1874 | * |
Jan Jongboom |
18:b661324be638 | 1875 | * Enable the elliptic curve DSA library. |
Jan Jongboom |
18:b661324be638 | 1876 | * |
Jan Jongboom |
18:b661324be638 | 1877 | * Module: library/ecdsa.c |
Jan Jongboom |
18:b661324be638 | 1878 | * Caller: |
Jan Jongboom |
18:b661324be638 | 1879 | * |
Jan Jongboom |
18:b661324be638 | 1880 | * This module is used by the following key exchanges: |
Jan Jongboom |
18:b661324be638 | 1881 | * ECDHE-ECDSA |
Jan Jongboom |
18:b661324be638 | 1882 | * |
Jan Jongboom |
18:b661324be638 | 1883 | * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C |
Jan Jongboom |
18:b661324be638 | 1884 | */ |
Jan Jongboom |
18:b661324be638 | 1885 | // #define MBEDTLS_ECDSA_C |
Jan Jongboom |
18:b661324be638 | 1886 | |
Jan Jongboom |
18:b661324be638 | 1887 | /** |
Jan Jongboom |
18:b661324be638 | 1888 | * \def MBEDTLS_ECJPAKE_C |
Jan Jongboom |
18:b661324be638 | 1889 | * |
Jan Jongboom |
18:b661324be638 | 1890 | * Enable the elliptic curve J-PAKE library. |
Jan Jongboom |
18:b661324be638 | 1891 | * |
Jan Jongboom |
18:b661324be638 | 1892 | * \warning This is currently experimental. EC J-PAKE support is based on the |
Jan Jongboom |
18:b661324be638 | 1893 | * Thread v1.0.0 specification; incompatible changes to the specification |
Jan Jongboom |
18:b661324be638 | 1894 | * might still happen. For this reason, this is disabled by default. |
Jan Jongboom |
18:b661324be638 | 1895 | * |
Jan Jongboom |
18:b661324be638 | 1896 | * Module: library/ecjpake.c |
Jan Jongboom |
18:b661324be638 | 1897 | * Caller: |
Jan Jongboom |
18:b661324be638 | 1898 | * |
Jan Jongboom |
18:b661324be638 | 1899 | * This module is used by the following key exchanges: |
Jan Jongboom |
18:b661324be638 | 1900 | * ECJPAKE |
Jan Jongboom |
18:b661324be638 | 1901 | * |
Jan Jongboom |
18:b661324be638 | 1902 | * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C |
Jan Jongboom |
18:b661324be638 | 1903 | */ |
Jan Jongboom |
18:b661324be638 | 1904 | //#define MBEDTLS_ECJPAKE_C |
Jan Jongboom |
18:b661324be638 | 1905 | |
Jan Jongboom |
18:b661324be638 | 1906 | /** |
Jan Jongboom |
18:b661324be638 | 1907 | * \def MBEDTLS_ECP_C |
Jan Jongboom |
18:b661324be638 | 1908 | * |
Jan Jongboom |
18:b661324be638 | 1909 | * Enable the elliptic curve over GF(p) library. |
Jan Jongboom |
18:b661324be638 | 1910 | * |
Jan Jongboom |
18:b661324be638 | 1911 | * Module: library/ecp.c |
Jan Jongboom |
18:b661324be638 | 1912 | * Caller: library/ecdh.c |
Jan Jongboom |
18:b661324be638 | 1913 | * library/ecdsa.c |
Jan Jongboom |
18:b661324be638 | 1914 | * library/ecjpake.c |
Jan Jongboom |
18:b661324be638 | 1915 | * |
Jan Jongboom |
18:b661324be638 | 1916 | * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED |
Jan Jongboom |
18:b661324be638 | 1917 | */ |
Jan Jongboom |
18:b661324be638 | 1918 | // #define MBEDTLS_ECP_C |
Jan Jongboom |
18:b661324be638 | 1919 | |
Jan Jongboom |
18:b661324be638 | 1920 | /** |
Jan Jongboom |
18:b661324be638 | 1921 | * \def MBEDTLS_ENTROPY_C |
Jan Jongboom |
18:b661324be638 | 1922 | * |
Jan Jongboom |
18:b661324be638 | 1923 | * Enable the platform-specific entropy code. |
Jan Jongboom |
18:b661324be638 | 1924 | * |
Jan Jongboom |
18:b661324be638 | 1925 | * Module: library/entropy.c |
Jan Jongboom |
18:b661324be638 | 1926 | * Caller: |
Jan Jongboom |
18:b661324be638 | 1927 | * |
Jan Jongboom |
18:b661324be638 | 1928 | * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C |
Jan Jongboom |
18:b661324be638 | 1929 | * |
Jan Jongboom |
18:b661324be638 | 1930 | * This module provides a generic entropy pool |
Jan Jongboom |
18:b661324be638 | 1931 | */ |
Jan Jongboom |
18:b661324be638 | 1932 | #define MBEDTLS_ENTROPY_C |
Jan Jongboom |
18:b661324be638 | 1933 | |
Jan Jongboom |
18:b661324be638 | 1934 | /** |
Jan Jongboom |
18:b661324be638 | 1935 | * \def MBEDTLS_ERROR_C |
Jan Jongboom |
18:b661324be638 | 1936 | * |
Jan Jongboom |
18:b661324be638 | 1937 | * Enable error code to error string conversion. |
Jan Jongboom |
18:b661324be638 | 1938 | * |
Jan Jongboom |
18:b661324be638 | 1939 | * Module: library/error.c |
Jan Jongboom |
18:b661324be638 | 1940 | * Caller: |
Jan Jongboom |
18:b661324be638 | 1941 | * |
Jan Jongboom |
18:b661324be638 | 1942 | * This module enables mbedtls_strerror(). |
Jan Jongboom |
18:b661324be638 | 1943 | */ |
Jan Jongboom |
18:b661324be638 | 1944 | // #define MBEDTLS_ERROR_C |
Jan Jongboom |
18:b661324be638 | 1945 | |
Jan Jongboom |
18:b661324be638 | 1946 | /** |
Jan Jongboom |
18:b661324be638 | 1947 | * \def MBEDTLS_GCM_C |
Jan Jongboom |
18:b661324be638 | 1948 | * |
Jan Jongboom |
18:b661324be638 | 1949 | * Enable the Galois/Counter Mode (GCM) for AES. |
Jan Jongboom |
18:b661324be638 | 1950 | * |
Jan Jongboom |
18:b661324be638 | 1951 | * Module: library/gcm.c |
Jan Jongboom |
18:b661324be638 | 1952 | * |
Jan Jongboom |
18:b661324be638 | 1953 | * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C |
Jan Jongboom |
18:b661324be638 | 1954 | * |
Jan Jongboom |
18:b661324be638 | 1955 | * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other |
Jan Jongboom |
18:b661324be638 | 1956 | * requisites are enabled as well. |
Jan Jongboom |
18:b661324be638 | 1957 | */ |
Jan Jongboom |
18:b661324be638 | 1958 | // #define MBEDTLS_GCM_C |
Jan Jongboom |
18:b661324be638 | 1959 | |
Jan Jongboom |
18:b661324be638 | 1960 | /** |
Jan Jongboom |
18:b661324be638 | 1961 | * \def MBEDTLS_HAVEGE_C |
Jan Jongboom |
18:b661324be638 | 1962 | * |
Jan Jongboom |
18:b661324be638 | 1963 | * Enable the HAVEGE random generator. |
Jan Jongboom |
18:b661324be638 | 1964 | * |
Jan Jongboom |
18:b661324be638 | 1965 | * Warning: the HAVEGE random generator is not suitable for virtualized |
Jan Jongboom |
18:b661324be638 | 1966 | * environments |
Jan Jongboom |
18:b661324be638 | 1967 | * |
Jan Jongboom |
18:b661324be638 | 1968 | * Warning: the HAVEGE random generator is dependent on timing and specific |
Jan Jongboom |
18:b661324be638 | 1969 | * processor traits. It is therefore not advised to use HAVEGE as |
Jan Jongboom |
18:b661324be638 | 1970 | * your applications primary random generator or primary entropy pool |
Jan Jongboom |
18:b661324be638 | 1971 | * input. As a secondary input to your entropy pool, it IS able add |
Jan Jongboom |
18:b661324be638 | 1972 | * the (limited) extra entropy it provides. |
Jan Jongboom |
18:b661324be638 | 1973 | * |
Jan Jongboom |
18:b661324be638 | 1974 | * Module: library/havege.c |
Jan Jongboom |
18:b661324be638 | 1975 | * Caller: |
Jan Jongboom |
18:b661324be638 | 1976 | * |
Jan Jongboom |
18:b661324be638 | 1977 | * Requires: MBEDTLS_TIMING_C |
Jan Jongboom |
18:b661324be638 | 1978 | * |
Jan Jongboom |
18:b661324be638 | 1979 | * Uncomment to enable the HAVEGE random generator. |
Jan Jongboom |
18:b661324be638 | 1980 | */ |
Jan Jongboom |
18:b661324be638 | 1981 | //#define MBEDTLS_HAVEGE_C |
Jan Jongboom |
18:b661324be638 | 1982 | |
Jan Jongboom |
18:b661324be638 | 1983 | /** |
Jan Jongboom |
18:b661324be638 | 1984 | * \def MBEDTLS_HMAC_DRBG_C |
Jan Jongboom |
18:b661324be638 | 1985 | * |
Jan Jongboom |
18:b661324be638 | 1986 | * Enable the HMAC_DRBG random generator. |
Jan Jongboom |
18:b661324be638 | 1987 | * |
Jan Jongboom |
18:b661324be638 | 1988 | * Module: library/hmac_drbg.c |
Jan Jongboom |
18:b661324be638 | 1989 | * Caller: |
Jan Jongboom |
18:b661324be638 | 1990 | * |
Jan Jongboom |
18:b661324be638 | 1991 | * Requires: MBEDTLS_MD_C |
Jan Jongboom |
18:b661324be638 | 1992 | * |
Jan Jongboom |
18:b661324be638 | 1993 | * Uncomment to enable the HMAC_DRBG random number geerator. |
Jan Jongboom |
18:b661324be638 | 1994 | */ |
Jan Jongboom |
18:b661324be638 | 1995 | #define MBEDTLS_HMAC_DRBG_C |
Jan Jongboom |
18:b661324be638 | 1996 | |
Jan Jongboom |
18:b661324be638 | 1997 | /** |
Jan Jongboom |
18:b661324be638 | 1998 | * \def MBEDTLS_MD_C |
Jan Jongboom |
18:b661324be638 | 1999 | * |
Jan Jongboom |
18:b661324be638 | 2000 | * Enable the generic message digest layer. |
Jan Jongboom |
18:b661324be638 | 2001 | * |
Jan Jongboom |
18:b661324be638 | 2002 | * Module: library/md.c |
Jan Jongboom |
18:b661324be638 | 2003 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2004 | * |
Jan Jongboom |
18:b661324be638 | 2005 | * Uncomment to enable generic message digest wrappers. |
Jan Jongboom |
18:b661324be638 | 2006 | */ |
Jan Jongboom |
18:b661324be638 | 2007 | #define MBEDTLS_MD_C |
Jan Jongboom |
18:b661324be638 | 2008 | |
Jan Jongboom |
18:b661324be638 | 2009 | /** |
Jan Jongboom |
18:b661324be638 | 2010 | * \def MBEDTLS_MD2_C |
Jan Jongboom |
18:b661324be638 | 2011 | * |
Jan Jongboom |
18:b661324be638 | 2012 | * Enable the MD2 hash algorithm. |
Jan Jongboom |
18:b661324be638 | 2013 | * |
Jan Jongboom |
18:b661324be638 | 2014 | * Module: library/md2.c |
Jan Jongboom |
18:b661324be638 | 2015 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2016 | * |
Jan Jongboom |
18:b661324be638 | 2017 | * Uncomment to enable support for (rare) MD2-signed X.509 certs. |
Jan Jongboom |
18:b661324be638 | 2018 | */ |
Jan Jongboom |
18:b661324be638 | 2019 | //#define MBEDTLS_MD2_C |
Jan Jongboom |
18:b661324be638 | 2020 | |
Jan Jongboom |
18:b661324be638 | 2021 | /** |
Jan Jongboom |
18:b661324be638 | 2022 | * \def MBEDTLS_MD4_C |
Jan Jongboom |
18:b661324be638 | 2023 | * |
Jan Jongboom |
18:b661324be638 | 2024 | * Enable the MD4 hash algorithm. |
Jan Jongboom |
18:b661324be638 | 2025 | * |
Jan Jongboom |
18:b661324be638 | 2026 | * Module: library/md4.c |
Jan Jongboom |
18:b661324be638 | 2027 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2028 | * |
Jan Jongboom |
18:b661324be638 | 2029 | * Uncomment to enable support for (rare) MD4-signed X.509 certs. |
Jan Jongboom |
18:b661324be638 | 2030 | */ |
Jan Jongboom |
18:b661324be638 | 2031 | //#define MBEDTLS_MD4_C |
Jan Jongboom |
18:b661324be638 | 2032 | |
Jan Jongboom |
18:b661324be638 | 2033 | /** |
Jan Jongboom |
18:b661324be638 | 2034 | * \def MBEDTLS_MD5_C |
Jan Jongboom |
18:b661324be638 | 2035 | * |
Jan Jongboom |
18:b661324be638 | 2036 | * Enable the MD5 hash algorithm. |
Jan Jongboom |
18:b661324be638 | 2037 | * |
Jan Jongboom |
18:b661324be638 | 2038 | * Module: library/md5.c |
Jan Jongboom |
18:b661324be638 | 2039 | * Caller: library/md.c |
Jan Jongboom |
18:b661324be638 | 2040 | * library/pem.c |
Jan Jongboom |
18:b661324be638 | 2041 | * library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 2042 | * |
Jan Jongboom |
18:b661324be638 | 2043 | * This module is required for SSL/TLS and X.509. |
Jan Jongboom |
18:b661324be638 | 2044 | * PEM_PARSE uses MD5 for decrypting encrypted keys. |
Jan Jongboom |
18:b661324be638 | 2045 | */ |
Jan Jongboom |
18:b661324be638 | 2046 | //#define MBEDTLS_MD5_C |
Jan Jongboom |
18:b661324be638 | 2047 | |
Jan Jongboom |
18:b661324be638 | 2048 | /** |
Jan Jongboom |
18:b661324be638 | 2049 | * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C |
Jan Jongboom |
18:b661324be638 | 2050 | * |
Jan Jongboom |
18:b661324be638 | 2051 | * Enable the buffer allocator implementation that makes use of a (stack) |
Jan Jongboom |
18:b661324be638 | 2052 | * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() |
Jan Jongboom |
18:b661324be638 | 2053 | * calls) |
Jan Jongboom |
18:b661324be638 | 2054 | * |
Jan Jongboom |
18:b661324be638 | 2055 | * Module: library/memory_buffer_alloc.c |
Jan Jongboom |
18:b661324be638 | 2056 | * |
Jan Jongboom |
18:b661324be638 | 2057 | * Requires: MBEDTLS_PLATFORM_C |
Jan Jongboom |
18:b661324be638 | 2058 | * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) |
Jan Jongboom |
18:b661324be638 | 2059 | * |
Jan Jongboom |
18:b661324be638 | 2060 | * Enable this module to enable the buffer memory allocator. |
Jan Jongboom |
18:b661324be638 | 2061 | */ |
Jan Jongboom |
18:b661324be638 | 2062 | //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C |
Jan Jongboom |
18:b661324be638 | 2063 | |
Jan Jongboom |
18:b661324be638 | 2064 | /** |
Jan Jongboom |
18:b661324be638 | 2065 | * \def MBEDTLS_NET_C |
Jan Jongboom |
18:b661324be638 | 2066 | * |
Jan Jongboom |
18:b661324be638 | 2067 | * Enable the TCP and UDP over IPv6/IPv4 networking routines. |
Jan Jongboom |
18:b661324be638 | 2068 | * |
Jan Jongboom |
18:b661324be638 | 2069 | * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) |
Jan Jongboom |
18:b661324be638 | 2070 | * and Windows. For other platforms, you'll want to disable it, and write your |
Jan Jongboom |
18:b661324be638 | 2071 | * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). |
Jan Jongboom |
18:b661324be638 | 2072 | * |
Jan Jongboom |
18:b661324be638 | 2073 | * \note See also our Knowledge Base article about porting to a new |
Jan Jongboom |
18:b661324be638 | 2074 | * environment: |
Jan Jongboom |
18:b661324be638 | 2075 | * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS |
Jan Jongboom |
18:b661324be638 | 2076 | * |
Jan Jongboom |
18:b661324be638 | 2077 | * Module: library/net_sockets.c |
Jan Jongboom |
18:b661324be638 | 2078 | * |
Jan Jongboom |
18:b661324be638 | 2079 | * This module provides networking routines. |
Jan Jongboom |
18:b661324be638 | 2080 | */ |
Jan Jongboom |
18:b661324be638 | 2081 | //#define MBEDTLS_NET_C |
Jan Jongboom |
18:b661324be638 | 2082 | |
Jan Jongboom |
18:b661324be638 | 2083 | /** |
Jan Jongboom |
18:b661324be638 | 2084 | * \def MBEDTLS_OID_C |
Jan Jongboom |
18:b661324be638 | 2085 | * |
Jan Jongboom |
18:b661324be638 | 2086 | * Enable the OID database. |
Jan Jongboom |
18:b661324be638 | 2087 | * |
Jan Jongboom |
18:b661324be638 | 2088 | * Module: library/oid.c |
Jan Jongboom |
18:b661324be638 | 2089 | * Caller: library/asn1write.c |
Jan Jongboom |
18:b661324be638 | 2090 | * library/pkcs5.c |
Jan Jongboom |
18:b661324be638 | 2091 | * library/pkparse.c |
Jan Jongboom |
18:b661324be638 | 2092 | * library/pkwrite.c |
Jan Jongboom |
18:b661324be638 | 2093 | * library/rsa.c |
Jan Jongboom |
18:b661324be638 | 2094 | * library/x509.c |
Jan Jongboom |
18:b661324be638 | 2095 | * library/x509_create.c |
Jan Jongboom |
18:b661324be638 | 2096 | * library/x509_crl.c |
Jan Jongboom |
18:b661324be638 | 2097 | * library/x509_crt.c |
Jan Jongboom |
18:b661324be638 | 2098 | * library/x509_csr.c |
Jan Jongboom |
18:b661324be638 | 2099 | * library/x509write_crt.c |
Jan Jongboom |
18:b661324be638 | 2100 | * library/x509write_csr.c |
Jan Jongboom |
18:b661324be638 | 2101 | * |
Jan Jongboom |
18:b661324be638 | 2102 | * This modules translates between OIDs and internal values. |
Jan Jongboom |
18:b661324be638 | 2103 | */ |
Jan Jongboom |
18:b661324be638 | 2104 | #define MBEDTLS_OID_C |
Jan Jongboom |
18:b661324be638 | 2105 | |
Jan Jongboom |
18:b661324be638 | 2106 | /** |
Jan Jongboom |
18:b661324be638 | 2107 | * \def MBEDTLS_PADLOCK_C |
Jan Jongboom |
18:b661324be638 | 2108 | * |
Jan Jongboom |
18:b661324be638 | 2109 | * Enable VIA Padlock support on x86. |
Jan Jongboom |
18:b661324be638 | 2110 | * |
Jan Jongboom |
18:b661324be638 | 2111 | * Module: library/padlock.c |
Jan Jongboom |
18:b661324be638 | 2112 | * Caller: library/aes.c |
Jan Jongboom |
18:b661324be638 | 2113 | * |
Jan Jongboom |
18:b661324be638 | 2114 | * Requires: MBEDTLS_HAVE_ASM |
Jan Jongboom |
18:b661324be638 | 2115 | * |
Jan Jongboom |
18:b661324be638 | 2116 | * This modules adds support for the VIA PadLock on x86. |
Jan Jongboom |
18:b661324be638 | 2117 | */ |
Jan Jongboom |
18:b661324be638 | 2118 | //#define MBEDTLS_PADLOCK_C |
Jan Jongboom |
18:b661324be638 | 2119 | |
Jan Jongboom |
18:b661324be638 | 2120 | /** |
Jan Jongboom |
18:b661324be638 | 2121 | * \def MBEDTLS_PEM_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2122 | * |
Jan Jongboom |
18:b661324be638 | 2123 | * Enable PEM decoding / parsing. |
Jan Jongboom |
18:b661324be638 | 2124 | * |
Jan Jongboom |
18:b661324be638 | 2125 | * Module: library/pem.c |
Jan Jongboom |
18:b661324be638 | 2126 | * Caller: library/dhm.c |
Jan Jongboom |
18:b661324be638 | 2127 | * library/pkparse.c |
Jan Jongboom |
18:b661324be638 | 2128 | * library/x509_crl.c |
Jan Jongboom |
18:b661324be638 | 2129 | * library/x509_crt.c |
Jan Jongboom |
18:b661324be638 | 2130 | * library/x509_csr.c |
Jan Jongboom |
18:b661324be638 | 2131 | * |
Jan Jongboom |
18:b661324be638 | 2132 | * Requires: MBEDTLS_BASE64_C |
Jan Jongboom |
18:b661324be638 | 2133 | * |
Jan Jongboom |
18:b661324be638 | 2134 | * This modules adds support for decoding / parsing PEM files. |
Jan Jongboom |
18:b661324be638 | 2135 | */ |
Jan Jongboom |
18:b661324be638 | 2136 | #define MBEDTLS_PEM_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2137 | |
Jan Jongboom |
18:b661324be638 | 2138 | /** |
Jan Jongboom |
18:b661324be638 | 2139 | * \def MBEDTLS_PEM_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2140 | * |
Jan Jongboom |
18:b661324be638 | 2141 | * Enable PEM encoding / writing. |
Jan Jongboom |
18:b661324be638 | 2142 | * |
Jan Jongboom |
18:b661324be638 | 2143 | * Module: library/pem.c |
Jan Jongboom |
18:b661324be638 | 2144 | * Caller: library/pkwrite.c |
Jan Jongboom |
18:b661324be638 | 2145 | * library/x509write_crt.c |
Jan Jongboom |
18:b661324be638 | 2146 | * library/x509write_csr.c |
Jan Jongboom |
18:b661324be638 | 2147 | * |
Jan Jongboom |
18:b661324be638 | 2148 | * Requires: MBEDTLS_BASE64_C |
Jan Jongboom |
18:b661324be638 | 2149 | * |
Jan Jongboom |
18:b661324be638 | 2150 | * This modules adds support for encoding / writing PEM files. |
Jan Jongboom |
18:b661324be638 | 2151 | */ |
Jan Jongboom |
18:b661324be638 | 2152 | //#define MBEDTLS_PEM_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2153 | |
Jan Jongboom |
18:b661324be638 | 2154 | /** |
Jan Jongboom |
18:b661324be638 | 2155 | * \def MBEDTLS_PK_C |
Jan Jongboom |
18:b661324be638 | 2156 | * |
Jan Jongboom |
18:b661324be638 | 2157 | * Enable the generic public (asymetric) key layer. |
Jan Jongboom |
18:b661324be638 | 2158 | * |
Jan Jongboom |
18:b661324be638 | 2159 | * Module: library/pk.c |
Jan Jongboom |
18:b661324be638 | 2160 | * Caller: library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 2161 | * library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 2162 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 2163 | * |
Jan Jongboom |
18:b661324be638 | 2164 | * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C |
Jan Jongboom |
18:b661324be638 | 2165 | * |
Jan Jongboom |
18:b661324be638 | 2166 | * Uncomment to enable generic public key wrappers. |
Jan Jongboom |
18:b661324be638 | 2167 | */ |
Jan Jongboom |
18:b661324be638 | 2168 | #define MBEDTLS_PK_C |
Jan Jongboom |
18:b661324be638 | 2169 | |
Jan Jongboom |
18:b661324be638 | 2170 | /** |
Jan Jongboom |
18:b661324be638 | 2171 | * \def MBEDTLS_PK_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2172 | * |
Jan Jongboom |
18:b661324be638 | 2173 | * Enable the generic public (asymetric) key parser. |
Jan Jongboom |
18:b661324be638 | 2174 | * |
Jan Jongboom |
18:b661324be638 | 2175 | * Module: library/pkparse.c |
Jan Jongboom |
18:b661324be638 | 2176 | * Caller: library/x509_crt.c |
Jan Jongboom |
18:b661324be638 | 2177 | * library/x509_csr.c |
Jan Jongboom |
18:b661324be638 | 2178 | * |
Jan Jongboom |
18:b661324be638 | 2179 | * Requires: MBEDTLS_PK_C |
Jan Jongboom |
18:b661324be638 | 2180 | * |
Jan Jongboom |
18:b661324be638 | 2181 | * Uncomment to enable generic public key parse functions. |
Jan Jongboom |
18:b661324be638 | 2182 | */ |
Jan Jongboom |
18:b661324be638 | 2183 | #define MBEDTLS_PK_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2184 | |
Jan Jongboom |
18:b661324be638 | 2185 | /** |
Jan Jongboom |
18:b661324be638 | 2186 | * \def MBEDTLS_PK_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2187 | * |
Jan Jongboom |
18:b661324be638 | 2188 | * Enable the generic public (asymetric) key writer. |
Jan Jongboom |
18:b661324be638 | 2189 | * |
Jan Jongboom |
18:b661324be638 | 2190 | * Module: library/pkwrite.c |
Jan Jongboom |
18:b661324be638 | 2191 | * Caller: library/x509write.c |
Jan Jongboom |
18:b661324be638 | 2192 | * |
Jan Jongboom |
18:b661324be638 | 2193 | * Requires: MBEDTLS_PK_C |
Jan Jongboom |
18:b661324be638 | 2194 | * |
Jan Jongboom |
18:b661324be638 | 2195 | * Uncomment to enable generic public key write functions. |
Jan Jongboom |
18:b661324be638 | 2196 | */ |
Jan Jongboom |
18:b661324be638 | 2197 | // #define MBEDTLS_PK_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2198 | |
Jan Jongboom |
18:b661324be638 | 2199 | /** |
Jan Jongboom |
18:b661324be638 | 2200 | * \def MBEDTLS_PKCS5_C |
Jan Jongboom |
18:b661324be638 | 2201 | * |
Jan Jongboom |
18:b661324be638 | 2202 | * Enable PKCS#5 functions. |
Jan Jongboom |
18:b661324be638 | 2203 | * |
Jan Jongboom |
18:b661324be638 | 2204 | * Module: library/pkcs5.c |
Jan Jongboom |
18:b661324be638 | 2205 | * |
Jan Jongboom |
18:b661324be638 | 2206 | * Requires: MBEDTLS_MD_C |
Jan Jongboom |
18:b661324be638 | 2207 | * |
Jan Jongboom |
18:b661324be638 | 2208 | * This module adds support for the PKCS#5 functions. |
Jan Jongboom |
18:b661324be638 | 2209 | */ |
Jan Jongboom |
18:b661324be638 | 2210 | //#define MBEDTLS_PKCS5_C |
Jan Jongboom |
18:b661324be638 | 2211 | |
Jan Jongboom |
18:b661324be638 | 2212 | /** |
Jan Jongboom |
18:b661324be638 | 2213 | * \def MBEDTLS_PKCS11_C |
Jan Jongboom |
18:b661324be638 | 2214 | * |
Jan Jongboom |
18:b661324be638 | 2215 | * Enable wrapper for PKCS#11 smartcard support. |
Jan Jongboom |
18:b661324be638 | 2216 | * |
Jan Jongboom |
18:b661324be638 | 2217 | * Module: library/pkcs11.c |
Jan Jongboom |
18:b661324be638 | 2218 | * Caller: library/pk.c |
Jan Jongboom |
18:b661324be638 | 2219 | * |
Jan Jongboom |
18:b661324be638 | 2220 | * Requires: MBEDTLS_PK_C |
Jan Jongboom |
18:b661324be638 | 2221 | * |
Jan Jongboom |
18:b661324be638 | 2222 | * This module enables SSL/TLS PKCS #11 smartcard support. |
Jan Jongboom |
18:b661324be638 | 2223 | * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) |
Jan Jongboom |
18:b661324be638 | 2224 | */ |
Jan Jongboom |
18:b661324be638 | 2225 | //#define MBEDTLS_PKCS11_C |
Jan Jongboom |
18:b661324be638 | 2226 | |
Jan Jongboom |
18:b661324be638 | 2227 | /** |
Jan Jongboom |
18:b661324be638 | 2228 | * \def MBEDTLS_PKCS12_C |
Jan Jongboom |
18:b661324be638 | 2229 | * |
Jan Jongboom |
18:b661324be638 | 2230 | * Enable PKCS#12 PBE functions. |
Jan Jongboom |
18:b661324be638 | 2231 | * Adds algorithms for parsing PKCS#8 encrypted private keys |
Jan Jongboom |
18:b661324be638 | 2232 | * |
Jan Jongboom |
18:b661324be638 | 2233 | * Module: library/pkcs12.c |
Jan Jongboom |
18:b661324be638 | 2234 | * Caller: library/pkparse.c |
Jan Jongboom |
18:b661324be638 | 2235 | * |
Jan Jongboom |
18:b661324be638 | 2236 | * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C |
Jan Jongboom |
18:b661324be638 | 2237 | * Can use: MBEDTLS_ARC4_C |
Jan Jongboom |
18:b661324be638 | 2238 | * |
Jan Jongboom |
18:b661324be638 | 2239 | * This module enables PKCS#12 functions. |
Jan Jongboom |
18:b661324be638 | 2240 | */ |
Jan Jongboom |
18:b661324be638 | 2241 | //#define MBEDTLS_PKCS12_C |
Jan Jongboom |
18:b661324be638 | 2242 | |
Jan Jongboom |
18:b661324be638 | 2243 | /** |
Jan Jongboom |
18:b661324be638 | 2244 | * \def MBEDTLS_PLATFORM_C |
Jan Jongboom |
18:b661324be638 | 2245 | * |
Jan Jongboom |
18:b661324be638 | 2246 | * Enable the platform abstraction layer that allows you to re-assign |
Jan Jongboom |
18:b661324be638 | 2247 | * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). |
Jan Jongboom |
18:b661324be638 | 2248 | * |
Jan Jongboom |
18:b661324be638 | 2249 | * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT |
Jan Jongboom |
18:b661324be638 | 2250 | * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned |
Jan Jongboom |
18:b661324be638 | 2251 | * above to be specified at runtime or compile time respectively. |
Jan Jongboom |
18:b661324be638 | 2252 | * |
Jan Jongboom |
18:b661324be638 | 2253 | * \note This abstraction layer must be enabled on Windows (including MSYS2) |
Jan Jongboom |
18:b661324be638 | 2254 | * as other module rely on it for a fixed snprintf implementation. |
Jan Jongboom |
18:b661324be638 | 2255 | * |
Jan Jongboom |
18:b661324be638 | 2256 | * Module: library/platform.c |
Jan Jongboom |
18:b661324be638 | 2257 | * Caller: Most other .c files |
Jan Jongboom |
18:b661324be638 | 2258 | * |
Jan Jongboom |
18:b661324be638 | 2259 | * This module enables abstraction of common (libc) functions. |
Jan Jongboom |
18:b661324be638 | 2260 | */ |
Jan Jongboom |
18:b661324be638 | 2261 | #define MBEDTLS_PLATFORM_C |
Jan Jongboom |
18:b661324be638 | 2262 | |
Jan Jongboom |
18:b661324be638 | 2263 | /** |
Jan Jongboom |
18:b661324be638 | 2264 | * \def MBEDTLS_RIPEMD160_C |
Jan Jongboom |
18:b661324be638 | 2265 | * |
Jan Jongboom |
18:b661324be638 | 2266 | * Enable the RIPEMD-160 hash algorithm. |
Jan Jongboom |
18:b661324be638 | 2267 | * |
Jan Jongboom |
18:b661324be638 | 2268 | * Module: library/ripemd160.c |
Jan Jongboom |
18:b661324be638 | 2269 | * Caller: library/md.c |
Jan Jongboom |
18:b661324be638 | 2270 | * |
Jan Jongboom |
18:b661324be638 | 2271 | */ |
Jan Jongboom |
18:b661324be638 | 2272 | //#define MBEDTLS_RIPEMD160_C |
Jan Jongboom |
18:b661324be638 | 2273 | |
Jan Jongboom |
18:b661324be638 | 2274 | /** |
Jan Jongboom |
18:b661324be638 | 2275 | * \def MBEDTLS_RSA_C |
Jan Jongboom |
18:b661324be638 | 2276 | * |
Jan Jongboom |
18:b661324be638 | 2277 | * Enable the RSA public-key cryptosystem. |
Jan Jongboom |
18:b661324be638 | 2278 | * |
Jan Jongboom |
18:b661324be638 | 2279 | * Module: library/rsa.c |
Jan Jongboom |
18:b661324be638 | 2280 | * Caller: library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 2281 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 2282 | * library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 2283 | * library/x509.c |
Jan Jongboom |
18:b661324be638 | 2284 | * |
Jan Jongboom |
18:b661324be638 | 2285 | * This module is used by the following key exchanges: |
Jan Jongboom |
18:b661324be638 | 2286 | * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK |
Jan Jongboom |
18:b661324be638 | 2287 | * |
Jan Jongboom |
18:b661324be638 | 2288 | * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C |
Jan Jongboom |
18:b661324be638 | 2289 | */ |
Jan Jongboom |
18:b661324be638 | 2290 | #define MBEDTLS_RSA_C |
Jan Jongboom |
18:b661324be638 | 2291 | |
Jan Jongboom |
18:b661324be638 | 2292 | /** |
Jan Jongboom |
18:b661324be638 | 2293 | * \def MBEDTLS_SHA1_C |
Jan Jongboom |
18:b661324be638 | 2294 | * |
Jan Jongboom |
18:b661324be638 | 2295 | * Enable the SHA1 cryptographic hash algorithm. |
Jan Jongboom |
18:b661324be638 | 2296 | * |
Jan Jongboom |
18:b661324be638 | 2297 | * Module: library/sha1.c |
Jan Jongboom |
18:b661324be638 | 2298 | * Caller: library/md.c |
Jan Jongboom |
18:b661324be638 | 2299 | * library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 2300 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 2301 | * library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 2302 | * library/x509write_crt.c |
Jan Jongboom |
18:b661324be638 | 2303 | * |
Jan Jongboom |
18:b661324be638 | 2304 | * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 |
Jan Jongboom |
18:b661324be638 | 2305 | * depending on the handshake parameters, and for SHA1-signed certificates. |
Jan Jongboom |
18:b661324be638 | 2306 | */ |
Jan Jongboom |
18:b661324be638 | 2307 | //#define MBEDTLS_SHA1_C |
Jan Jongboom |
18:b661324be638 | 2308 | |
Jan Jongboom |
18:b661324be638 | 2309 | /** |
Jan Jongboom |
18:b661324be638 | 2310 | * \def MBEDTLS_SHA256_C |
Jan Jongboom |
18:b661324be638 | 2311 | * |
Jan Jongboom |
18:b661324be638 | 2312 | * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. |
Jan Jongboom |
18:b661324be638 | 2313 | * |
Jan Jongboom |
18:b661324be638 | 2314 | * Module: library/sha256.c |
Jan Jongboom |
18:b661324be638 | 2315 | * Caller: library/entropy.c |
Jan Jongboom |
18:b661324be638 | 2316 | * library/md.c |
Jan Jongboom |
18:b661324be638 | 2317 | * library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 2318 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 2319 | * library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 2320 | * |
Jan Jongboom |
18:b661324be638 | 2321 | * This module adds support for SHA-224 and SHA-256. |
Jan Jongboom |
18:b661324be638 | 2322 | * This module is required for the SSL/TLS 1.2 PRF function. |
Jan Jongboom |
18:b661324be638 | 2323 | */ |
Jan Jongboom |
18:b661324be638 | 2324 | #define MBEDTLS_SHA256_C |
Jan Jongboom |
18:b661324be638 | 2325 | |
Jan Jongboom |
18:b661324be638 | 2326 | /** |
Jan Jongboom |
18:b661324be638 | 2327 | * \def MBEDTLS_SHA512_C |
Jan Jongboom |
18:b661324be638 | 2328 | * |
Jan Jongboom |
18:b661324be638 | 2329 | * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. |
Jan Jongboom |
18:b661324be638 | 2330 | * |
Jan Jongboom |
18:b661324be638 | 2331 | * Module: library/sha512.c |
Jan Jongboom |
18:b661324be638 | 2332 | * Caller: library/entropy.c |
Jan Jongboom |
18:b661324be638 | 2333 | * library/md.c |
Jan Jongboom |
18:b661324be638 | 2334 | * library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 2335 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 2336 | * |
Jan Jongboom |
18:b661324be638 | 2337 | * This module adds support for SHA-384 and SHA-512. |
Jan Jongboom |
18:b661324be638 | 2338 | */ |
Jan Jongboom |
18:b661324be638 | 2339 | // #define MBEDTLS_SHA512_C |
Jan Jongboom |
18:b661324be638 | 2340 | |
Jan Jongboom |
18:b661324be638 | 2341 | /** |
Jan Jongboom |
18:b661324be638 | 2342 | * \def MBEDTLS_SSL_CACHE_C |
Jan Jongboom |
18:b661324be638 | 2343 | * |
Jan Jongboom |
18:b661324be638 | 2344 | * Enable simple SSL cache implementation. |
Jan Jongboom |
18:b661324be638 | 2345 | * |
Jan Jongboom |
18:b661324be638 | 2346 | * Module: library/ssl_cache.c |
Jan Jongboom |
18:b661324be638 | 2347 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2348 | * |
Jan Jongboom |
18:b661324be638 | 2349 | * Requires: MBEDTLS_SSL_CACHE_C |
Jan Jongboom |
18:b661324be638 | 2350 | */ |
Jan Jongboom |
18:b661324be638 | 2351 | #define MBEDTLS_SSL_CACHE_C |
Jan Jongboom |
18:b661324be638 | 2352 | |
Jan Jongboom |
18:b661324be638 | 2353 | /** |
Jan Jongboom |
18:b661324be638 | 2354 | * \def MBEDTLS_SSL_COOKIE_C |
Jan Jongboom |
18:b661324be638 | 2355 | * |
Jan Jongboom |
18:b661324be638 | 2356 | * Enable basic implementation of DTLS cookies for hello verification. |
Jan Jongboom |
18:b661324be638 | 2357 | * |
Jan Jongboom |
18:b661324be638 | 2358 | * Module: library/ssl_cookie.c |
Jan Jongboom |
18:b661324be638 | 2359 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2360 | */ |
Jan Jongboom |
18:b661324be638 | 2361 | #define MBEDTLS_SSL_COOKIE_C |
Jan Jongboom |
18:b661324be638 | 2362 | |
Jan Jongboom |
18:b661324be638 | 2363 | /** |
Jan Jongboom |
18:b661324be638 | 2364 | * \def MBEDTLS_SSL_TICKET_C |
Jan Jongboom |
18:b661324be638 | 2365 | * |
Jan Jongboom |
18:b661324be638 | 2366 | * Enable an implementation of TLS server-side callbacks for session tickets. |
Jan Jongboom |
18:b661324be638 | 2367 | * |
Jan Jongboom |
18:b661324be638 | 2368 | * Module: library/ssl_ticket.c |
Jan Jongboom |
18:b661324be638 | 2369 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2370 | * |
Jan Jongboom |
18:b661324be638 | 2371 | * Requires: MBEDTLS_CIPHER_C |
Jan Jongboom |
18:b661324be638 | 2372 | */ |
Jan Jongboom |
18:b661324be638 | 2373 | #define MBEDTLS_SSL_TICKET_C |
Jan Jongboom |
18:b661324be638 | 2374 | |
Jan Jongboom |
18:b661324be638 | 2375 | /** |
Jan Jongboom |
18:b661324be638 | 2376 | * \def MBEDTLS_SSL_CLI_C |
Jan Jongboom |
18:b661324be638 | 2377 | * |
Jan Jongboom |
18:b661324be638 | 2378 | * Enable the SSL/TLS client code. |
Jan Jongboom |
18:b661324be638 | 2379 | * |
Jan Jongboom |
18:b661324be638 | 2380 | * Module: library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 2381 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2382 | * |
Jan Jongboom |
18:b661324be638 | 2383 | * Requires: MBEDTLS_SSL_TLS_C |
Jan Jongboom |
18:b661324be638 | 2384 | * |
Jan Jongboom |
18:b661324be638 | 2385 | * This module is required for SSL/TLS client support. |
Jan Jongboom |
18:b661324be638 | 2386 | */ |
Jan Jongboom |
18:b661324be638 | 2387 | // #define MBEDTLS_SSL_CLI_C |
Jan Jongboom |
18:b661324be638 | 2388 | |
Jan Jongboom |
18:b661324be638 | 2389 | /** |
Jan Jongboom |
18:b661324be638 | 2390 | * \def MBEDTLS_SSL_SRV_C |
Jan Jongboom |
18:b661324be638 | 2391 | * |
Jan Jongboom |
18:b661324be638 | 2392 | * Enable the SSL/TLS server code. |
Jan Jongboom |
18:b661324be638 | 2393 | * |
Jan Jongboom |
18:b661324be638 | 2394 | * Module: library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 2395 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2396 | * |
Jan Jongboom |
18:b661324be638 | 2397 | * Requires: MBEDTLS_SSL_TLS_C |
Jan Jongboom |
18:b661324be638 | 2398 | * |
Jan Jongboom |
18:b661324be638 | 2399 | * This module is required for SSL/TLS server support. |
Jan Jongboom |
18:b661324be638 | 2400 | */ |
Jan Jongboom |
18:b661324be638 | 2401 | // #define MBEDTLS_SSL_SRV_C |
Jan Jongboom |
18:b661324be638 | 2402 | |
Jan Jongboom |
18:b661324be638 | 2403 | /** |
Jan Jongboom |
18:b661324be638 | 2404 | * \def MBEDTLS_SSL_TLS_C |
Jan Jongboom |
18:b661324be638 | 2405 | * |
Jan Jongboom |
18:b661324be638 | 2406 | * Enable the generic SSL/TLS code. |
Jan Jongboom |
18:b661324be638 | 2407 | * |
Jan Jongboom |
18:b661324be638 | 2408 | * Module: library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 2409 | * Caller: library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 2410 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 2411 | * |
Jan Jongboom |
18:b661324be638 | 2412 | * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C |
Jan Jongboom |
18:b661324be638 | 2413 | * and at least one of the MBEDTLS_SSL_PROTO_XXX defines |
Jan Jongboom |
18:b661324be638 | 2414 | * |
Jan Jongboom |
18:b661324be638 | 2415 | * This module is required for SSL/TLS. |
Jan Jongboom |
18:b661324be638 | 2416 | */ |
Jan Jongboom |
18:b661324be638 | 2417 | #define MBEDTLS_SSL_TLS_C |
Jan Jongboom |
18:b661324be638 | 2418 | |
Jan Jongboom |
18:b661324be638 | 2419 | /** |
Jan Jongboom |
18:b661324be638 | 2420 | * \def MBEDTLS_THREADING_C |
Jan Jongboom |
18:b661324be638 | 2421 | * |
Jan Jongboom |
18:b661324be638 | 2422 | * Enable the threading abstraction layer. |
Jan Jongboom |
18:b661324be638 | 2423 | * By default mbed TLS assumes it is used in a non-threaded environment or that |
Jan Jongboom |
18:b661324be638 | 2424 | * contexts are not shared between threads. If you do intend to use contexts |
Jan Jongboom |
18:b661324be638 | 2425 | * between threads, you will need to enable this layer to prevent race |
Jan Jongboom |
18:b661324be638 | 2426 | * conditions. See also our Knowledge Base article about threading: |
Jan Jongboom |
18:b661324be638 | 2427 | * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading |
Jan Jongboom |
18:b661324be638 | 2428 | * |
Jan Jongboom |
18:b661324be638 | 2429 | * Module: library/threading.c |
Jan Jongboom |
18:b661324be638 | 2430 | * |
Jan Jongboom |
18:b661324be638 | 2431 | * This allows different threading implementations (self-implemented or |
Jan Jongboom |
18:b661324be638 | 2432 | * provided). |
Jan Jongboom |
18:b661324be638 | 2433 | * |
Jan Jongboom |
18:b661324be638 | 2434 | * You will have to enable either MBEDTLS_THREADING_ALT or |
Jan Jongboom |
18:b661324be638 | 2435 | * MBEDTLS_THREADING_PTHREAD. |
Jan Jongboom |
18:b661324be638 | 2436 | * |
Jan Jongboom |
18:b661324be638 | 2437 | * Enable this layer to allow use of mutexes within mbed TLS |
Jan Jongboom |
18:b661324be638 | 2438 | */ |
Jan Jongboom |
18:b661324be638 | 2439 | //#define MBEDTLS_THREADING_C |
Jan Jongboom |
18:b661324be638 | 2440 | |
Jan Jongboom |
18:b661324be638 | 2441 | /** |
Jan Jongboom |
18:b661324be638 | 2442 | * \def MBEDTLS_TIMING_C |
Jan Jongboom |
18:b661324be638 | 2443 | * |
Jan Jongboom |
18:b661324be638 | 2444 | * Enable the semi-portable timing interface. |
Jan Jongboom |
18:b661324be638 | 2445 | * |
Jan Jongboom |
18:b661324be638 | 2446 | * \note The provided implementation only works on POSIX/Unix (including Linux, |
Jan Jongboom |
18:b661324be638 | 2447 | * BSD and OS X) and Windows. On other platforms, you can either disable that |
Jan Jongboom |
18:b661324be638 | 2448 | * module and provide your own implementations of the callbacks needed by |
Jan Jongboom |
18:b661324be638 | 2449 | * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide |
Jan Jongboom |
18:b661324be638 | 2450 | * your own implementation of the whole module by setting |
Jan Jongboom |
18:b661324be638 | 2451 | * \c MBEDTLS_TIMING_ALT in the current file. |
Jan Jongboom |
18:b661324be638 | 2452 | * |
Jan Jongboom |
18:b661324be638 | 2453 | * \note See also our Knowledge Base article about porting to a new |
Jan Jongboom |
18:b661324be638 | 2454 | * environment: |
Jan Jongboom |
18:b661324be638 | 2455 | * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS |
Jan Jongboom |
18:b661324be638 | 2456 | * |
Jan Jongboom |
18:b661324be638 | 2457 | * Module: library/timing.c |
Jan Jongboom |
18:b661324be638 | 2458 | * Caller: library/havege.c |
Jan Jongboom |
18:b661324be638 | 2459 | * |
Jan Jongboom |
18:b661324be638 | 2460 | * This module is used by the HAVEGE random number generator. |
Jan Jongboom |
18:b661324be638 | 2461 | */ |
Jan Jongboom |
18:b661324be638 | 2462 | //#define MBEDTLS_TIMING_C |
Jan Jongboom |
18:b661324be638 | 2463 | |
Jan Jongboom |
18:b661324be638 | 2464 | /** |
Jan Jongboom |
18:b661324be638 | 2465 | * \def MBEDTLS_VERSION_C |
Jan Jongboom |
18:b661324be638 | 2466 | * |
Jan Jongboom |
18:b661324be638 | 2467 | * Enable run-time version information. |
Jan Jongboom |
18:b661324be638 | 2468 | * |
Jan Jongboom |
18:b661324be638 | 2469 | * Module: library/version.c |
Jan Jongboom |
18:b661324be638 | 2470 | * |
Jan Jongboom |
18:b661324be638 | 2471 | * This module provides run-time version information. |
Jan Jongboom |
18:b661324be638 | 2472 | */ |
Jan Jongboom |
18:b661324be638 | 2473 | #define MBEDTLS_VERSION_C |
Jan Jongboom |
18:b661324be638 | 2474 | |
Jan Jongboom |
18:b661324be638 | 2475 | /** |
Jan Jongboom |
18:b661324be638 | 2476 | * \def MBEDTLS_X509_USE_C |
Jan Jongboom |
18:b661324be638 | 2477 | * |
Jan Jongboom |
18:b661324be638 | 2478 | * Enable X.509 core for using certificates. |
Jan Jongboom |
18:b661324be638 | 2479 | * |
Jan Jongboom |
18:b661324be638 | 2480 | * Module: library/x509.c |
Jan Jongboom |
18:b661324be638 | 2481 | * Caller: library/x509_crl.c |
Jan Jongboom |
18:b661324be638 | 2482 | * library/x509_crt.c |
Jan Jongboom |
18:b661324be638 | 2483 | * library/x509_csr.c |
Jan Jongboom |
18:b661324be638 | 2484 | * |
Jan Jongboom |
18:b661324be638 | 2485 | * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, |
Jan Jongboom |
18:b661324be638 | 2486 | * MBEDTLS_PK_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2487 | * |
Jan Jongboom |
18:b661324be638 | 2488 | * This module is required for the X.509 parsing modules. |
Jan Jongboom |
18:b661324be638 | 2489 | */ |
Jan Jongboom |
18:b661324be638 | 2490 | #define MBEDTLS_X509_USE_C |
Jan Jongboom |
18:b661324be638 | 2491 | |
Jan Jongboom |
18:b661324be638 | 2492 | /** |
Jan Jongboom |
18:b661324be638 | 2493 | * \def MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2494 | * |
Jan Jongboom |
18:b661324be638 | 2495 | * Enable X.509 certificate parsing. |
Jan Jongboom |
18:b661324be638 | 2496 | * |
Jan Jongboom |
18:b661324be638 | 2497 | * Module: library/x509_crt.c |
Jan Jongboom |
18:b661324be638 | 2498 | * Caller: library/ssl_cli.c |
Jan Jongboom |
18:b661324be638 | 2499 | * library/ssl_srv.c |
Jan Jongboom |
18:b661324be638 | 2500 | * library/ssl_tls.c |
Jan Jongboom |
18:b661324be638 | 2501 | * |
Jan Jongboom |
18:b661324be638 | 2502 | * Requires: MBEDTLS_X509_USE_C |
Jan Jongboom |
18:b661324be638 | 2503 | * |
Jan Jongboom |
18:b661324be638 | 2504 | * This module is required for X.509 certificate parsing. |
Jan Jongboom |
18:b661324be638 | 2505 | */ |
Jan Jongboom |
18:b661324be638 | 2506 | #define MBEDTLS_X509_CRT_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2507 | |
Jan Jongboom |
18:b661324be638 | 2508 | /** |
Jan Jongboom |
18:b661324be638 | 2509 | * \def MBEDTLS_X509_CRL_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2510 | * |
Jan Jongboom |
18:b661324be638 | 2511 | * Enable X.509 CRL parsing. |
Jan Jongboom |
18:b661324be638 | 2512 | * |
Jan Jongboom |
18:b661324be638 | 2513 | * Module: library/x509_crl.c |
Jan Jongboom |
18:b661324be638 | 2514 | * Caller: library/x509_crt.c |
Jan Jongboom |
18:b661324be638 | 2515 | * |
Jan Jongboom |
18:b661324be638 | 2516 | * Requires: MBEDTLS_X509_USE_C |
Jan Jongboom |
18:b661324be638 | 2517 | * |
Jan Jongboom |
18:b661324be638 | 2518 | * This module is required for X.509 CRL parsing. |
Jan Jongboom |
18:b661324be638 | 2519 | */ |
Jan Jongboom |
18:b661324be638 | 2520 | #define MBEDTLS_X509_CRL_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2521 | |
Jan Jongboom |
18:b661324be638 | 2522 | /** |
Jan Jongboom |
18:b661324be638 | 2523 | * \def MBEDTLS_X509_CSR_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2524 | * |
Jan Jongboom |
18:b661324be638 | 2525 | * Enable X.509 Certificate Signing Request (CSR) parsing. |
Jan Jongboom |
18:b661324be638 | 2526 | * |
Jan Jongboom |
18:b661324be638 | 2527 | * Module: library/x509_csr.c |
Jan Jongboom |
18:b661324be638 | 2528 | * Caller: library/x509_crt_write.c |
Jan Jongboom |
18:b661324be638 | 2529 | * |
Jan Jongboom |
18:b661324be638 | 2530 | * Requires: MBEDTLS_X509_USE_C |
Jan Jongboom |
18:b661324be638 | 2531 | * |
Jan Jongboom |
18:b661324be638 | 2532 | * This module is used for reading X.509 certificate request. |
Jan Jongboom |
18:b661324be638 | 2533 | */ |
Jan Jongboom |
18:b661324be638 | 2534 | //#define MBEDTLS_X509_CSR_PARSE_C |
Jan Jongboom |
18:b661324be638 | 2535 | |
Jan Jongboom |
18:b661324be638 | 2536 | /** |
Jan Jongboom |
18:b661324be638 | 2537 | * \def MBEDTLS_X509_CREATE_C |
Jan Jongboom |
18:b661324be638 | 2538 | * |
Jan Jongboom |
18:b661324be638 | 2539 | * Enable X.509 core for creating certificates. |
Jan Jongboom |
18:b661324be638 | 2540 | * |
Jan Jongboom |
18:b661324be638 | 2541 | * Module: library/x509_create.c |
Jan Jongboom |
18:b661324be638 | 2542 | * |
Jan Jongboom |
18:b661324be638 | 2543 | * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2544 | * |
Jan Jongboom |
18:b661324be638 | 2545 | * This module is the basis for creating X.509 certificates and CSRs. |
Jan Jongboom |
18:b661324be638 | 2546 | */ |
Jan Jongboom |
18:b661324be638 | 2547 | //#define MBEDTLS_X509_CREATE_C |
Jan Jongboom |
18:b661324be638 | 2548 | |
Jan Jongboom |
18:b661324be638 | 2549 | /** |
Jan Jongboom |
18:b661324be638 | 2550 | * \def MBEDTLS_X509_CRT_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2551 | * |
Jan Jongboom |
18:b661324be638 | 2552 | * Enable creating X.509 certificates. |
Jan Jongboom |
18:b661324be638 | 2553 | * |
Jan Jongboom |
18:b661324be638 | 2554 | * Module: library/x509_crt_write.c |
Jan Jongboom |
18:b661324be638 | 2555 | * |
Jan Jongboom |
18:b661324be638 | 2556 | * Requires: MBEDTLS_X509_CREATE_C |
Jan Jongboom |
18:b661324be638 | 2557 | * |
Jan Jongboom |
18:b661324be638 | 2558 | * This module is required for X.509 certificate creation. |
Jan Jongboom |
18:b661324be638 | 2559 | */ |
Jan Jongboom |
18:b661324be638 | 2560 | //#define MBEDTLS_X509_CRT_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2561 | |
Jan Jongboom |
18:b661324be638 | 2562 | /** |
Jan Jongboom |
18:b661324be638 | 2563 | * \def MBEDTLS_X509_CSR_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2564 | * |
Jan Jongboom |
18:b661324be638 | 2565 | * Enable creating X.509 Certificate Signing Requests (CSR). |
Jan Jongboom |
18:b661324be638 | 2566 | * |
Jan Jongboom |
18:b661324be638 | 2567 | * Module: library/x509_csr_write.c |
Jan Jongboom |
18:b661324be638 | 2568 | * |
Jan Jongboom |
18:b661324be638 | 2569 | * Requires: MBEDTLS_X509_CREATE_C |
Jan Jongboom |
18:b661324be638 | 2570 | * |
Jan Jongboom |
18:b661324be638 | 2571 | * This module is required for X.509 certificate request writing. |
Jan Jongboom |
18:b661324be638 | 2572 | */ |
Jan Jongboom |
18:b661324be638 | 2573 | //#define MBEDTLS_X509_CSR_WRITE_C |
Jan Jongboom |
18:b661324be638 | 2574 | |
Jan Jongboom |
18:b661324be638 | 2575 | /** |
Jan Jongboom |
18:b661324be638 | 2576 | * \def MBEDTLS_XTEA_C |
Jan Jongboom |
18:b661324be638 | 2577 | * |
Jan Jongboom |
18:b661324be638 | 2578 | * Enable the XTEA block cipher. |
Jan Jongboom |
18:b661324be638 | 2579 | * |
Jan Jongboom |
18:b661324be638 | 2580 | * Module: library/xtea.c |
Jan Jongboom |
18:b661324be638 | 2581 | * Caller: |
Jan Jongboom |
18:b661324be638 | 2582 | */ |
Jan Jongboom |
18:b661324be638 | 2583 | //#define MBEDTLS_XTEA_C |
Jan Jongboom |
18:b661324be638 | 2584 | |
Jan Jongboom |
18:b661324be638 | 2585 | /* \} name SECTION: mbed TLS modules */ |
Jan Jongboom |
18:b661324be638 | 2586 | |
Jan Jongboom |
18:b661324be638 | 2587 | /** |
Jan Jongboom |
18:b661324be638 | 2588 | * \name SECTION: Module configuration options |
Jan Jongboom |
18:b661324be638 | 2589 | * |
Jan Jongboom |
18:b661324be638 | 2590 | * This section allows for the setting of module specific sizes and |
Jan Jongboom |
18:b661324be638 | 2591 | * configuration options. The default values are already present in the |
Jan Jongboom |
18:b661324be638 | 2592 | * relevant header files and should suffice for the regular use cases. |
Jan Jongboom |
18:b661324be638 | 2593 | * |
Jan Jongboom |
18:b661324be638 | 2594 | * Our advice is to enable options and change their values here |
Jan Jongboom |
18:b661324be638 | 2595 | * only if you have a good reason and know the consequences. |
Jan Jongboom |
18:b661324be638 | 2596 | * |
Jan Jongboom |
18:b661324be638 | 2597 | * Please check the respective header file for documentation on these |
Jan Jongboom |
18:b661324be638 | 2598 | * parameters (to prevent duplicate documentation). |
Jan Jongboom |
18:b661324be638 | 2599 | * \{ |
Jan Jongboom |
18:b661324be638 | 2600 | */ |
Jan Jongboom |
18:b661324be638 | 2601 | |
Jan Jongboom |
18:b661324be638 | 2602 | /* MPI / BIGNUM options */ |
Jan Jongboom |
18:b661324be638 | 2603 | //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ |
Jan Jongboom |
18:b661324be638 | 2604 | //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ |
Jan Jongboom |
18:b661324be638 | 2605 | |
Jan Jongboom |
18:b661324be638 | 2606 | /* CTR_DRBG options */ |
Jan Jongboom |
18:b661324be638 | 2607 | //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ |
Jan Jongboom |
18:b661324be638 | 2608 | //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ |
Jan Jongboom |
18:b661324be638 | 2609 | //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ |
Jan Jongboom |
18:b661324be638 | 2610 | //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ |
Jan Jongboom |
18:b661324be638 | 2611 | //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ |
Jan Jongboom |
18:b661324be638 | 2612 | |
Jan Jongboom |
18:b661324be638 | 2613 | /* HMAC_DRBG options */ |
Jan Jongboom |
18:b661324be638 | 2614 | //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ |
Jan Jongboom |
18:b661324be638 | 2615 | //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ |
Jan Jongboom |
18:b661324be638 | 2616 | //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ |
Jan Jongboom |
18:b661324be638 | 2617 | //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ |
Jan Jongboom |
18:b661324be638 | 2618 | |
Jan Jongboom |
18:b661324be638 | 2619 | /* ECP options */ |
Jan Jongboom |
18:b661324be638 | 2620 | //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ |
Jan Jongboom |
18:b661324be638 | 2621 | //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ |
Jan Jongboom |
18:b661324be638 | 2622 | //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ |
Jan Jongboom |
18:b661324be638 | 2623 | |
Jan Jongboom |
18:b661324be638 | 2624 | /* Entropy options */ |
Jan Jongboom |
18:b661324be638 | 2625 | //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ |
Jan Jongboom |
18:b661324be638 | 2626 | //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ |
Jan Jongboom |
18:b661324be638 | 2627 | //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ |
Jan Jongboom |
18:b661324be638 | 2628 | |
Jan Jongboom |
18:b661324be638 | 2629 | /* Memory buffer allocator options */ |
Jan Jongboom |
18:b661324be638 | 2630 | //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ |
Jan Jongboom |
18:b661324be638 | 2631 | |
Jan Jongboom |
18:b661324be638 | 2632 | /* Platform options */ |
Jan Jongboom |
18:b661324be638 | 2633 | //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ |
Jan Jongboom |
18:b661324be638 | 2634 | //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2635 | //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2636 | //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2637 | //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ |
Jan Jongboom |
18:b661324be638 | 2638 | //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2639 | //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2640 | /* Note: your snprintf must correclty zero-terminate the buffer! */ |
Jan Jongboom |
18:b661324be638 | 2641 | //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2642 | //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2643 | //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2644 | //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2645 | //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2646 | //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ |
Jan Jongboom |
18:b661324be638 | 2647 | |
Jan Jongboom |
18:b661324be638 | 2648 | /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ |
Jan Jongboom |
18:b661324be638 | 2649 | /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ |
Jan Jongboom |
18:b661324be638 | 2650 | //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2651 | //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2652 | //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2653 | //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ |
Jan Jongboom |
18:b661324be638 | 2654 | //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ |
Jan Jongboom |
18:b661324be638 | 2655 | //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2656 | //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2657 | /* Note: your snprintf must correclty zero-terminate the buffer! */ |
Jan Jongboom |
18:b661324be638 | 2658 | //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2659 | //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2660 | //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ |
Jan Jongboom |
18:b661324be638 | 2661 | |
Jan Jongboom |
18:b661324be638 | 2662 | /* SSL Cache options */ |
Jan Jongboom |
18:b661324be638 | 2663 | //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ |
Jan Jongboom |
18:b661324be638 | 2664 | //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ |
Jan Jongboom |
18:b661324be638 | 2665 | |
Jan Jongboom |
18:b661324be638 | 2666 | /* SSL options */ |
Jan Jongboom |
18:b661324be638 | 2667 | #define MBEDTLS_SSL_MAX_CONTENT_LEN 512 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ |
Jan Jongboom |
18:b661324be638 | 2668 | //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ |
Jan Jongboom |
18:b661324be638 | 2669 | //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ |
Jan Jongboom |
18:b661324be638 | 2670 | //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ |
Jan Jongboom |
18:b661324be638 | 2671 | |
Jan Jongboom |
18:b661324be638 | 2672 | /** |
Jan Jongboom |
18:b661324be638 | 2673 | * Complete list of ciphersuites to use, in order of preference. |
Jan Jongboom |
18:b661324be638 | 2674 | * |
Jan Jongboom |
18:b661324be638 | 2675 | * \warning No dependency checking is done on that field! This option can only |
Jan Jongboom |
18:b661324be638 | 2676 | * be used to restrict the set of available ciphersuites. It is your |
Jan Jongboom |
18:b661324be638 | 2677 | * responsibility to make sure the needed modules are active. |
Jan Jongboom |
18:b661324be638 | 2678 | * |
Jan Jongboom |
18:b661324be638 | 2679 | * Use this to save a few hundred bytes of ROM (default ordering of all |
Jan Jongboom |
18:b661324be638 | 2680 | * available ciphersuites) and a few to a few hundred bytes of RAM. |
Jan Jongboom |
18:b661324be638 | 2681 | * |
Jan Jongboom |
18:b661324be638 | 2682 | * The value below is only an example, not the default. |
Jan Jongboom |
18:b661324be638 | 2683 | */ |
Jan Jongboom |
18:b661324be638 | 2684 | //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
Jan Jongboom |
18:b661324be638 | 2685 | |
Jan Jongboom |
18:b661324be638 | 2686 | /* X509 options */ |
Jan Jongboom |
18:b661324be638 | 2687 | //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ |
Jan Jongboom |
18:b661324be638 | 2688 | //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ |
Jan Jongboom |
18:b661324be638 | 2689 | |
Jan Jongboom |
18:b661324be638 | 2690 | /** |
Jan Jongboom |
18:b661324be638 | 2691 | * Allow SHA-1 in the default TLS configuration for certificate signing. |
Jan Jongboom |
18:b661324be638 | 2692 | * Without this build-time option, SHA-1 support must be activated explicitly |
Jan Jongboom |
18:b661324be638 | 2693 | * through mbedtls_ssl_conf_cert_profile. Turning on this option is not |
Jan Jongboom |
18:b661324be638 | 2694 | * recommended because of it is possible to generte SHA-1 collisions, however |
Jan Jongboom |
18:b661324be638 | 2695 | * this may be safe for legacy infrastructure where additional controls apply. |
Jan Jongboom |
18:b661324be638 | 2696 | */ |
Jan Jongboom |
18:b661324be638 | 2697 | // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES |
Jan Jongboom |
18:b661324be638 | 2698 | |
Jan Jongboom |
18:b661324be638 | 2699 | /** |
Jan Jongboom |
18:b661324be638 | 2700 | * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake |
Jan Jongboom |
18:b661324be638 | 2701 | * signature and ciphersuite selection. Without this build-time option, SHA-1 |
Jan Jongboom |
18:b661324be638 | 2702 | * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. |
Jan Jongboom |
18:b661324be638 | 2703 | * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by |
Jan Jongboom |
18:b661324be638 | 2704 | * default. At the time of writing, there is no practical attack on the use |
Jan Jongboom |
18:b661324be638 | 2705 | * of SHA-1 in handshake signatures, hence this option is turned on by default |
Jan Jongboom |
18:b661324be638 | 2706 | * for compatibility with existing peers. |
Jan Jongboom |
18:b661324be638 | 2707 | */ |
Jan Jongboom |
18:b661324be638 | 2708 | // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE |
Jan Jongboom |
18:b661324be638 | 2709 | |
Jan Jongboom |
18:b661324be638 | 2710 | /* \} name SECTION: Customisation configuration options */ |
Jan Jongboom |
18:b661324be638 | 2711 | |
Jan Jongboom |
18:b661324be638 | 2712 | /* Target and application specific configurations */ |
Jan Jongboom |
18:b661324be638 | 2713 | //#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" |
Jan Jongboom |
18:b661324be638 | 2714 | |
Jan Jongboom |
18:b661324be638 | 2715 | #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) |
Jan Jongboom |
18:b661324be638 | 2716 | #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE |
Jan Jongboom |
18:b661324be638 | 2717 | #endif |
Jan Jongboom |
18:b661324be638 | 2718 | |
Jan Jongboom |
18:b661324be638 | 2719 | /* |
Jan Jongboom |
18:b661324be638 | 2720 | * Allow user to override any previous default. |
Jan Jongboom |
18:b661324be638 | 2721 | * |
Jan Jongboom |
18:b661324be638 | 2722 | * Use two macro names for that, as: |
Jan Jongboom |
18:b661324be638 | 2723 | * - with yotta the prefix YOTTA_CFG_ is forced |
Jan Jongboom |
18:b661324be638 | 2724 | * - without yotta is looks weird to have a YOTTA prefix. |
Jan Jongboom |
18:b661324be638 | 2725 | */ |
Jan Jongboom |
18:b661324be638 | 2726 | #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) |
Jan Jongboom |
18:b661324be638 | 2727 | #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE |
Jan Jongboom |
18:b661324be638 | 2728 | #elif defined(MBEDTLS_USER_CONFIG_FILE) |
Jan Jongboom |
18:b661324be638 | 2729 | #include MBEDTLS_USER_CONFIG_FILE |
Jan Jongboom |
18:b661324be638 | 2730 | #endif |
Jan Jongboom |
18:b661324be638 | 2731 | |
Jan Jongboom |
18:b661324be638 | 2732 | #include "check_config.h" |
Jan Jongboom |
18:b661324be638 | 2733 | |
Jan Jongboom |
18:b661324be638 | 2734 | #endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY */ |
Jan Jongboom |
18:b661324be638 | 2735 | |
Jan Jongboom |
18:b661324be638 | 2736 | #if defined(MBEDTLS_TEST_NULL_ENTROPY) |
Jan Jongboom |
18:b661324be638 | 2737 | #warning "MBEDTLS_TEST_NULL_ENTROPY has been enabled. This " \ |
Jan Jongboom |
18:b661324be638 | 2738 | "configuration is not secure and is not suitable for production use" |
Jan Jongboom |
18:b661324be638 | 2739 | #endif |
Jan Jongboom |
18:b661324be638 | 2740 | |
Jan Jongboom |
18:b661324be638 | 2741 | #if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \ |
Jan Jongboom |
18:b661324be638 | 2742 | !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) |
Jan Jongboom |
18:b661324be638 | 2743 | #error "No entropy source was found at build time, so TLS " \ |
Jan Jongboom |
18:b661324be638 | 2744 | "functionality is not available" |
Jan Jongboom |
18:b661324be638 | 2745 | #endif |
Jan Jongboom |
18:b661324be638 | 2746 | |
Jan Jongboom |
18:b661324be638 | 2747 | #endif /* MBEDTLS_CONFIG_H */ |