Simple interface for Mbed Cloud Client
Embed:
(wiki syntax)
Show/hide line numbers
mbedTLSConfig_Linux.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_CONFIG_H 00029 #define MBEDTLS_CONFIG_H 00030 00031 00032 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00033 #define _CRT_SECURE_NO_DEPRECATE 1 00034 #endif 00035 00036 /** 00037 * \name SECTION: System support 00038 * 00039 * This section sets system specific settings. 00040 * \{ 00041 */ 00042 #if 1 //Please set to 1 if you are using secure time 00043 /** 00044 * \def MBEDTLS_HAVE_ASM 00045 * 00046 * The compiler has support for asm(). 00047 * 00048 * Requires support for asm() in compiler. 00049 * 00050 * Used in: 00051 * library/timing.c 00052 * library/padlock.c 00053 * include/mbedtls/bn_mul.h 00054 * 00055 * Comment to disable the use of assembly code. 00056 */ 00057 #define MBEDTLS_HAVE_ASM 00058 00059 /** 00060 * \def MBEDTLS_HAVE_SSE2 00061 * 00062 * CPU supports SSE2 instruction set. 00063 * 00064 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00065 */ 00066 //#define MBEDTLS_HAVE_SSE2 00067 00068 /** 00069 * \def MBEDTLS_HAVE_TIME 00070 * 00071 * System has time.h and time(). 00072 * The time does not need to be correct, only time differences are used, 00073 * by contrast with MBEDTLS_HAVE_TIME_DATE 00074 * 00075 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00076 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00077 * MBEDTLS_PLATFORM_STD_TIME. 00078 * 00079 * Comment if your system does not support time functions 00080 */ 00081 #define MBEDTLS_HAVE_TIME 00082 00083 /** 00084 * \def MBEDTLS_HAVE_TIME_DATE 00085 * 00086 * System has time.h and time(), gmtime() and the clock is correct. 00087 * The time needs to be correct (not necesarily very accurate, but at least 00088 * the date should be correct). This is used to verify the validity period of 00089 * X.509 certificates. 00090 * 00091 * Comment if your system does not have a correct clock. 00092 */ 00093 #define MBEDTLS_HAVE_TIME_DATE 00094 00095 /** 00096 * \def MBEDTLS_PLATFORM_MEMORY 00097 * 00098 * Enable the memory allocation layer. 00099 * 00100 * By default mbed TLS uses the system-provided calloc() and free(). 00101 * This allows different allocators (self-implemented or provided) to be 00102 * provided to the platform abstraction layer. 00103 * 00104 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00105 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00106 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00107 * free() function pointer at runtime. 00108 * 00109 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00110 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00111 * alternate function at compile time. 00112 * 00113 * Requires: MBEDTLS_PLATFORM_C 00114 * 00115 * Enable this layer to allow use of alternative memory allocators. 00116 */ 00117 //#define MBEDTLS_PLATFORM_MEMORY 00118 00119 /** 00120 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00121 * 00122 * Do not assign standard functions in the platform layer (e.g. calloc() to 00123 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00124 * 00125 * This makes sure there are no linking errors on platforms that do not support 00126 * these functions. You will HAVE to provide alternatives, either at runtime 00127 * via the platform_set_xxx() functions or at compile time by setting 00128 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00129 * MBEDTLS_PLATFORM_XXX_MACRO. 00130 * 00131 * Requires: MBEDTLS_PLATFORM_C 00132 * 00133 * Uncomment to prevent default assignment of standard functions in the 00134 * platform layer. 00135 */ 00136 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00137 00138 /** 00139 * \def MBEDTLS_PLATFORM_EXIT_ALT 00140 * 00141 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00142 * function in the platform abstraction layer. 00143 * 00144 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00145 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00146 * alternative printf function pointer. 00147 * 00148 * All these define require MBEDTLS_PLATFORM_C to be defined! 00149 * 00150 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00151 * it will be enabled automatically by check_config.h 00152 * 00153 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00154 * MBEDTLS_PLATFORM_XXX_MACRO! 00155 * 00156 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00157 * 00158 * Uncomment a macro to enable alternate implementation of specific base 00159 * platform function 00160 */ 00161 #define MBEDTLS_PLATFORM_TIME_ALT 00162 #endif //0 00163 //#define MBEDTLS_PLATFORM_EXIT_ALT 00164 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00165 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00166 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00167 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00168 00169 /** 00170 * \def MBEDTLS_DEPRECATED_WARNING 00171 * 00172 * Mark deprecated functions so that they generate a warning if used. 00173 * Functions deprecated in one version will usually be removed in the next 00174 * version. You can enable this to help you prepare the transition to a new 00175 * major version by making sure your code is not using these functions. 00176 * 00177 * This only works with GCC and Clang. With other compilers, you may want to 00178 * use MBEDTLS_DEPRECATED_REMOVED 00179 * 00180 * Uncomment to get warnings on using deprecated functions. 00181 */ 00182 //#define MBEDTLS_DEPRECATED_WARNING 00183 00184 /** 00185 * \def MBEDTLS_DEPRECATED_REMOVED 00186 * 00187 * Remove deprecated functions so that they generate an error if used. 00188 * Functions deprecated in one version will usually be removed in the next 00189 * version. You can enable this to help you prepare the transition to a new 00190 * major version by making sure your code is not using these functions. 00191 * 00192 * Uncomment to get errors on using deprecated functions. 00193 */ 00194 //#define MBEDTLS_DEPRECATED_REMOVED 00195 00196 /* \} name SECTION: System support */ 00197 00198 /** 00199 * \name SECTION: mbed TLS feature support 00200 * 00201 * This section sets support for features that are or are not needed 00202 * within the modules that are enabled. 00203 * \{ 00204 */ 00205 00206 /** 00207 * \def MBEDTLS_TIMING_ALT 00208 * 00209 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00210 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00211 * 00212 * Only works if you have MBEDTLS_TIMING_C enabled. 00213 * 00214 * You will need to provide a header "timing_alt.h" and an implementation at 00215 * compile time. 00216 */ 00217 //#define MBEDTLS_TIMING_ALT 00218 00219 /** 00220 * \def MBEDTLS_AES_ALT 00221 * 00222 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00223 * alternate core implementation of a symmetric crypto, an arithmetic or hash 00224 * module (e.g. platform specific assembly optimized implementations). Keep 00225 * in mind that the function prototypes should remain the same. 00226 * 00227 * This replaces the whole module. If you only want to replace one of the 00228 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00229 * 00230 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00231 * provide the "struct mbedtls_aes_context" definition and omit the base 00232 * function declarations and implementations. "aes_alt.h" will be included from 00233 * "aes.h" to include the new function definitions. 00234 * 00235 * Uncomment a macro to enable alternate implementation of the corresponding 00236 * module. 00237 */ 00238 //#define MBEDTLS_AES_ALT 00239 //#define MBEDTLS_ARC4_ALT 00240 //#define MBEDTLS_BLOWFISH_ALT 00241 //#define MBEDTLS_CAMELLIA_ALT 00242 //#define MBEDTLS_DES_ALT 00243 //#define MBEDTLS_XTEA_ALT 00244 //#define MBEDTLS_MD2_ALT 00245 //#define MBEDTLS_MD4_ALT 00246 //#define MBEDTLS_MD5_ALT 00247 //#define MBEDTLS_RIPEMD160_ALT 00248 //#define MBEDTLS_SHA1_ALT 00249 //#define MBEDTLS_SHA256_ALT 00250 //#define MBEDTLS_SHA512_ALT 00251 /* 00252 * When replacing the elliptic curve module, pleace consider, that it is 00253 * implemented with two .c files: 00254 * - ecp.c 00255 * - ecp_curves.c 00256 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT 00257 * macros as described above. The only difference is that you have to make sure 00258 * that you provide functionality for both .c files. 00259 */ 00260 //#define MBEDTLS_ECP_ALT 00261 00262 /** 00263 * \def MBEDTLS_MD2_PROCESS_ALT 00264 * 00265 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00266 * alternate core implementation of symmetric crypto or hash function. Keep in 00267 * mind that function prototypes should remain the same. 00268 * 00269 * This replaces only one function. The header file from mbed TLS is still 00270 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00271 * 00272 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00273 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00274 * the other function (using your mbedtls_sha1_process() function) and the definition 00275 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00276 * with this definition. 00277 * 00278 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00279 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00280 * tables. 00281 * 00282 * Uncomment a macro to enable alternate implementation of the corresponding 00283 * function. 00284 */ 00285 //#define MBEDTLS_MD2_PROCESS_ALT 00286 //#define MBEDTLS_MD4_PROCESS_ALT 00287 //#define MBEDTLS_MD5_PROCESS_ALT 00288 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00289 //#define MBEDTLS_SHA1_PROCESS_ALT 00290 //#define MBEDTLS_SHA256_PROCESS_ALT 00291 //#define MBEDTLS_SHA512_PROCESS_ALT 00292 //#define MBEDTLS_DES_SETKEY_ALT 00293 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00294 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00295 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00296 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00297 //#define MBEDTLS_AES_ENCRYPT_ALT 00298 //#define MBEDTLS_AES_DECRYPT_ALT 00299 00300 /** 00301 * \def MBEDTLS_ECP_INTERNAL_ALT 00302 * 00303 * Expose a part of the internal interface of the Elliptic Curve Point module. 00304 * 00305 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your 00306 * alternative core implementation of elliptic curve arithmetic. Keep in mind 00307 * that function prototypes should remain the same. 00308 * 00309 * This partially replaces one function. The header file from mbed TLS is still 00310 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation 00311 * is still present and it is used for group structures not supported by the 00312 * alternative. 00313 * 00314 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT 00315 * and implementing the following functions: 00316 * unsigned char mbedtls_internal_ecp_grp_capable( 00317 * const mbedtls_ecp_group *grp ) 00318 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) 00319 * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) 00320 * The mbedtls_internal_ecp_grp_capable function should return 1 if the 00321 * replacement functions implement arithmetic for the given group and 0 00322 * otherwise. 00323 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are 00324 * called before and after each point operation and provide an opportunity to 00325 * implement optimized set up and tear down instructions. 00326 * 00327 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and 00328 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac 00329 * function, but will use your mbedtls_internal_ecp_double_jac if the group is 00330 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when 00331 * receives it as an argument). If the group is not supported then the original 00332 * implementation is used. The other functions and the definition of 00333 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your 00334 * implementation of mbedtls_internal_ecp_double_jac and 00335 * mbedtls_internal_ecp_grp_capable must be compatible with this definition. 00336 * 00337 * Uncomment a macro to enable alternate implementation of the corresponding 00338 * function. 00339 */ 00340 /* Required for all the functions in this section */ 00341 //#define MBEDTLS_ECP_INTERNAL_ALT 00342 /* Support for Weierstrass curves with Jacobi representation */ 00343 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT 00344 //#define MBEDTLS_ECP_ADD_MIXED_ALT 00345 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT 00346 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT 00347 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT 00348 /* Support for curves with Montgomery arithmetic */ 00349 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT 00350 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT 00351 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT 00352 00353 /** 00354 * \def MBEDTLS_TEST_NULL_ENTROPY 00355 * 00356 * Enables testing and use of mbed TLS without any configured entropy sources. 00357 * This permits use of the library on platforms before an entropy source has 00358 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00359 * MBEDTLS_ENTROPY_NV_SEED switches). 00360 * 00361 * WARNING! This switch MUST be disabled in production builds, and is suitable 00362 * only for development. 00363 * Enabling the switch negates any security provided by the library. 00364 * 00365 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00366 * 00367 */ 00368 //#define MBEDTLS_TEST_NULL_ENTROPY 00369 00370 /** 00371 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00372 * 00373 * Uncomment this macro to let mbed TLS use your own implementation of a 00374 * hardware entropy collector. 00375 * 00376 * Your function must be called \c mbedtls_hardware_poll(), have the same 00377 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00378 * 00379 * Uncomment to use your own hardware entropy collector. 00380 */ 00381 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00382 00383 /** 00384 * \def MBEDTLS_AES_ROM_TABLES 00385 * 00386 * Store the AES tables in ROM. 00387 * 00388 * Uncomment this macro to store the AES tables in ROM. 00389 */ 00390 //#define MBEDTLS_AES_ROM_TABLES 00391 00392 /** 00393 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00394 * 00395 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00396 * 00397 * Uncomment this macro to use less memory for Camellia. 00398 */ 00399 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00400 00401 /** 00402 * \def MBEDTLS_CIPHER_MODE_CBC 00403 * 00404 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00405 */ 00406 #define MBEDTLS_CIPHER_MODE_CBC 00407 00408 /** 00409 * \def MBEDTLS_CIPHER_MODE_CFB 00410 * 00411 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00412 */ 00413 //#define MBEDTLS_CIPHER_MODE_CFB 00414 00415 /** 00416 * \def MBEDTLS_CIPHER_MODE_CTR 00417 * 00418 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00419 */ 00420 #define MBEDTLS_CIPHER_MODE_CTR 00421 00422 /** 00423 * \def MBEDTLS_CIPHER_NULL_CIPHER 00424 * 00425 * Enable NULL cipher. 00426 * Warning: Only do so when you know what you are doing. This allows for 00427 * encryption or channels without any security! 00428 * 00429 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00430 * the following ciphersuites: 00431 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00432 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00433 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00434 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00435 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00436 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00437 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00438 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00439 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00440 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00441 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00442 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00443 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00444 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00445 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00446 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00447 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00448 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00449 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00450 * 00451 * Uncomment this macro to enable the NULL cipher and ciphersuites 00452 */ 00453 //#define MBEDTLS_CIPHER_NULL_CIPHER 00454 00455 /** 00456 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00457 * 00458 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00459 * specific padding modes in the cipher layer with cipher modes that support 00460 * padding (e.g. CBC) 00461 * 00462 * If you disable all padding modes, only full blocks can be used with CBC. 00463 * 00464 * Enable padding modes in the cipher layer. 00465 */ 00466 #define MBEDTLS_CIPHER_PADDING_PKCS7 00467 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00468 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00469 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00470 00471 /** 00472 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00473 * 00474 * Enable weak ciphersuites in SSL / TLS. 00475 * Warning: Only do so when you know what you are doing. This allows for 00476 * channels with virtually no security at all! 00477 * 00478 * This enables the following ciphersuites: 00479 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00480 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00481 * 00482 * Uncomment this macro to enable weak ciphersuites 00483 */ 00484 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00485 00486 /** 00487 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00488 * 00489 * Remove RC4 ciphersuites by default in SSL / TLS. 00490 * This flag removes the ciphersuites based on RC4 from the default list as 00491 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00492 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00493 * explicitly. 00494 * 00495 * Uncomment this macro to remove RC4 ciphersuites by default. 00496 */ 00497 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00498 00499 /** 00500 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00501 * 00502 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00503 * module. By default all supported curves are enabled. 00504 * 00505 * Comment macros to disable the curve and functions for it 00506 */ 00507 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00508 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00509 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00510 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00511 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00512 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00513 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00514 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00515 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00516 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00517 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00518 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00519 00520 /** 00521 * \def MBEDTLS_ECP_NIST_OPTIM 00522 * 00523 * Enable specific 'modulo p' routines for each NIST prime. 00524 * Depending on the prime and architecture, makes operations 4 to 8 times 00525 * faster on the corresponding curve. 00526 * 00527 * Comment this macro to disable NIST curves optimisation. 00528 */ 00529 #define MBEDTLS_ECP_NIST_OPTIM 00530 00531 /** 00532 * \def MBEDTLS_ECDSA_DETERMINISTIC 00533 * 00534 * Enable deterministic ECDSA (RFC 6979). 00535 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00536 * may result in a compromise of the long-term signing key. This is avoided by 00537 * the deterministic variant. 00538 * 00539 * Requires: MBEDTLS_HMAC_DRBG_C 00540 * 00541 * Comment this macro to disable deterministic ECDSA. 00542 */ 00543 #define MBEDTLS_ECDSA_DETERMINISTIC 00544 /** 00545 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00546 * 00547 * Enable the PSK based ciphersuite modes in SSL / TLS. 00548 * 00549 * This enables the following ciphersuites (if other requisites are 00550 * enabled as well): 00551 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00552 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00553 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00554 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00555 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00556 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00557 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00558 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00559 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00560 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00561 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00562 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00563 */ 00564 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00565 00566 /** 00567 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00568 * 00569 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00570 * 00571 * Requires: MBEDTLS_DHM_C 00572 * 00573 * This enables the following ciphersuites (if other requisites are 00574 * enabled as well): 00575 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00576 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00577 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00578 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00579 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00580 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00581 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00582 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00583 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00584 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00585 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00586 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00587 */ 00588 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00589 00590 /** 00591 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00592 * 00593 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00594 * 00595 * Requires: MBEDTLS_ECDH_C 00596 * 00597 * This enables the following ciphersuites (if other requisites are 00598 * enabled as well): 00599 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00600 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00601 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00602 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00603 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00604 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00605 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00606 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00607 */ 00608 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00609 00610 /** 00611 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00612 * 00613 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00614 * 00615 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00616 * MBEDTLS_X509_CRT_PARSE_C 00617 * 00618 * This enables the following ciphersuites (if other requisites are 00619 * enabled as well): 00620 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00621 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00622 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00623 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00624 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00625 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00626 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00627 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00628 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00629 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00630 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00631 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00632 */ 00633 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00634 00635 /** 00636 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00637 * 00638 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00639 * 00640 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00641 * MBEDTLS_X509_CRT_PARSE_C 00642 * 00643 * This enables the following ciphersuites (if other requisites are 00644 * enabled as well): 00645 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00646 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00647 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00648 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00649 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00650 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00651 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00652 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00653 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00654 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00655 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00656 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00657 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00658 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00659 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00660 */ 00661 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00662 00663 /** 00664 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00665 * 00666 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00667 * 00668 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00669 * MBEDTLS_X509_CRT_PARSE_C 00670 * 00671 * This enables the following ciphersuites (if other requisites are 00672 * enabled as well): 00673 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00674 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00675 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00676 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00677 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00678 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00679 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00680 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00681 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00682 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00683 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00684 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00685 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00686 */ 00687 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00688 00689 /** 00690 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00691 * 00692 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00693 * 00694 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00695 * MBEDTLS_X509_CRT_PARSE_C 00696 * 00697 * This enables the following ciphersuites (if other requisites are 00698 * enabled as well): 00699 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00700 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00701 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00702 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00703 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00704 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00705 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00706 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00707 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00708 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00709 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00710 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00711 */ 00712 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00713 00714 /** 00715 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00716 * 00717 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00718 * 00719 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00720 * 00721 * This enables the following ciphersuites (if other requisites are 00722 * enabled as well): 00723 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00724 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00725 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00726 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00727 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00728 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00729 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00730 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00731 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00732 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00733 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00734 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00735 */ 00736 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00737 /** 00738 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00739 * 00740 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00741 * 00742 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00743 * 00744 * This enables the following ciphersuites (if other requisites are 00745 * enabled as well): 00746 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00747 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00748 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00749 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00750 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00751 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00752 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00753 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00754 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00755 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00756 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00757 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00758 */ 00759 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00760 00761 /** 00762 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00763 * 00764 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00765 * 00766 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00767 * 00768 * This enables the following ciphersuites (if other requisites are 00769 * enabled as well): 00770 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00771 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00772 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00773 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00774 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00775 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00776 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00777 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00778 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00779 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00780 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00781 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00782 */ 00783 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00784 00785 /** 00786 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00787 * 00788 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00789 * 00790 * \warning This is currently experimental. EC J-PAKE support is based on the 00791 * Thread v1.0.0 specification; incompatible changes to the specification 00792 * might still happen. For this reason, this is disabled by default. 00793 * 00794 * Requires: MBEDTLS_ECJPAKE_C 00795 * MBEDTLS_SHA256_C 00796 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00797 * 00798 * This enables the following ciphersuites (if other requisites are 00799 * enabled as well): 00800 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00801 */ 00802 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00803 00804 /** 00805 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00806 * 00807 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00808 * RFC 5915 and RFC 5480. 00809 * 00810 * Currently this means parsing the SpecifiedECDomain choice of EC 00811 * parameters (only known groups are supported, not arbitrary domains, to 00812 * avoid validation issues). 00813 * 00814 * Disable if you only need to support RFC 5915 + 5480 key formats. 00815 */ 00816 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00817 00818 /** 00819 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00820 * 00821 * Enable a dummy error function to make use of mbedtls_strerror() in 00822 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00823 * (no effect when MBEDTLS_ERROR_C is enabled). 00824 * 00825 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00826 * not using mbedtls_strerror() or error_strerror() in your application. 00827 * 00828 * Disable if you run into name conflicts and want to really remove the 00829 * mbedtls_strerror() 00830 */ 00831 //#define MBEDTLS_ERROR_STRERROR_DUMMY 00832 00833 /** 00834 * \def MBEDTLS_GENPRIME 00835 * 00836 * Enable the prime-number generation code. 00837 * 00838 * Requires: MBEDTLS_BIGNUM_C 00839 */ 00840 //#define MBEDTLS_GENPRIME 00841 00842 /** 00843 * \def MBEDTLS_FS_IO 00844 * 00845 * Enable functions that use the filesystem. 00846 */ 00847 //#define MBEDTLS_FS_IO 00848 00849 /** 00850 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00851 * 00852 * Do not add default entropy sources. These are the platform specific, 00853 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00854 * 00855 * This is useful to have more control over the added entropy sources in an 00856 * application. 00857 * 00858 * Uncomment this macro to prevent loading of default entropy functions. 00859 */ 00860 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00861 00862 /** 00863 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00864 * 00865 * Do not use built-in platform entropy functions. 00866 * This is useful if your platform does not support 00867 * standards like the /dev/urandom or Windows CryptoAPI. 00868 * 00869 * Uncomment this macro to disable the built-in platform entropy functions. 00870 */ 00871 //#define MBEDTLS_NO_PLATFORM_ENTROPY 00872 00873 /** 00874 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00875 * 00876 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00877 * default SHA-512 based one (if both are available). 00878 * 00879 * Requires: MBEDTLS_SHA256_C 00880 * 00881 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00882 * if you have performance concerns. 00883 * 00884 * This option is only useful if both MBEDTLS_SHA256_C and 00885 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00886 */ 00887 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00888 00889 /** 00890 * \def MBEDTLS_ENTROPY_NV_SEED 00891 * 00892 * Enable the non-volatile (NV) seed file-based entropy source. 00893 * (Also enables the NV seed read/write functions in the platform layer) 00894 * 00895 * This is crucial (if not required) on systems that do not have a 00896 * cryptographic entropy source (in hardware or kernel) available. 00897 * 00898 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00899 * 00900 * \note The read/write functions that are used by the entropy source are 00901 * determined in the platform layer, and can be modified at runtime and/or 00902 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00903 * 00904 * \note If you use the default implementation functions that read a seedfile 00905 * with regular fopen(), please make sure you make a seedfile with the 00906 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00907 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00908 * and written to or you will get an entropy source error! The default 00909 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00910 * bytes from the file. 00911 * 00912 * \note The entropy collector will write to the seed file before entropy is 00913 * given to an external source, to update it. 00914 */ 00915 //#define MBEDTLS_ENTROPY_NV_SEED 00916 00917 /** 00918 * \def MBEDTLS_MEMORY_DEBUG 00919 * 00920 * Enable debugging of buffer allocator memory issues. Automatically prints 00921 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00922 * function for 'debug output' of allocated memory. 00923 * 00924 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00925 * 00926 * Uncomment this macro to let the buffer allocator print out error messages. 00927 */ 00928 //#define MBEDTLS_MEMORY_DEBUG 00929 00930 /** 00931 * \def MBEDTLS_MEMORY_BACKTRACE 00932 * 00933 * Include backtrace information with each allocated block. 00934 * 00935 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00936 * GLIBC-compatible backtrace() an backtrace_symbols() support 00937 * 00938 * Uncomment this macro to include backtrace information 00939 */ 00940 //#define MBEDTLS_MEMORY_BACKTRACE 00941 00942 /** 00943 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00944 * 00945 * Support external private RSA keys (eg from a HSM) in the PK layer. 00946 * 00947 * Comment this macro to disable support for external private RSA keys. 00948 */ 00949 //#define MBEDTLS_PK_RSA_ALT_SUPPORT 00950 00951 /** 00952 * \def MBEDTLS_PKCS1_V15 00953 * 00954 * Enable support for PKCS#1 v1.5 encoding. 00955 * 00956 * Requires: MBEDTLS_RSA_C 00957 * 00958 * This enables support for PKCS#1 v1.5 operations. 00959 */ 00960 #define MBEDTLS_PKCS1_V15 00961 00962 /** 00963 * \def MBEDTLS_PKCS1_V21 00964 * 00965 * Enable support for PKCS#1 v2.1 encoding. 00966 * 00967 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00968 * 00969 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00970 */ 00971 #define MBEDTLS_PKCS1_V21 00972 00973 /** 00974 * \def MBEDTLS_RSA_NO_CRT 00975 * 00976 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00977 * 00978 * Uncomment this macro to disable the use of CRT in RSA. 00979 * 00980 */ 00981 //#define MBEDTLS_RSA_NO_CRT 00982 00983 /** 00984 * \def MBEDTLS_SELF_TEST 00985 * 00986 * Enable the checkup functions (*_self_test). 00987 */ 00988 //#define MBEDTLS_SELF_TEST 00989 00990 /** 00991 * \def MBEDTLS_SHA256_SMALLER 00992 * 00993 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00994 * lower performance. 00995 * 00996 * The default implementation is meant to be a reasonnable compromise between 00997 * performance and size. This version optimizes more aggressively for size at 00998 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00999 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 01000 * 30%. 01001 * 01002 * Uncomment to enable the smaller implementation of SHA256. 01003 */ 01004 //#define MBEDTLS_SHA256_SMALLER 01005 01006 /** 01007 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 01008 * 01009 * Enable sending of alert messages in case of encountered errors as per RFC. 01010 * If you choose not to send the alert messages, mbed TLS can still communicate 01011 * with other servers, only debugging of failures is harder. 01012 * 01013 * The advantage of not sending alert messages, is that no information is given 01014 * about reasons for failures thus preventing adversaries of gaining intel. 01015 * 01016 * Enable sending of all alert messages 01017 */ 01018 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 01019 01020 /** 01021 * \def MBEDTLS_SSL_DEBUG_ALL 01022 * 01023 * Enable the debug messages in SSL module for all issues. 01024 * Debug messages have been disabled in some places to prevent timing 01025 * attacks due to (unbalanced) debugging function calls. 01026 * 01027 * If you need all error reporting you should enable this during debugging, 01028 * but remove this for production servers that should log as well. 01029 * 01030 * Uncomment this macro to report all debug messages on errors introducing 01031 * a timing side-channel. 01032 * 01033 */ 01034 //#define MBEDTLS_SSL_DEBUG_ALL 01035 01036 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 01037 * 01038 * Enable support for Encrypt-then-MAC, RFC 7366. 01039 * 01040 * This allows peers that both support it to use a more robust protection for 01041 * ciphersuites using CBC, providing deep resistance against timing attacks 01042 * on the padding or underlying cipher. 01043 * 01044 * This only affects CBC ciphersuites, and is useless if none is defined. 01045 * 01046 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01047 * MBEDTLS_SSL_PROTO_TLS1_1 or 01048 * MBEDTLS_SSL_PROTO_TLS1_2 01049 * 01050 * Comment this macro to disable support for Encrypt-then-MAC 01051 */ 01052 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01053 01054 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01055 * 01056 * Enable support for Extended Master Secret, aka Session Hash 01057 * (draft-ietf-tls-session-hash-02). 01058 * 01059 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01060 * attacks, but it is recommended to always use it (even if you disable 01061 * renegotiation), since it actually fixes a more fundamental issue in the 01062 * original SSL/TLS design, and has implications beyond Triple Handshake. 01063 * 01064 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01065 * MBEDTLS_SSL_PROTO_TLS1_1 or 01066 * MBEDTLS_SSL_PROTO_TLS1_2 01067 * 01068 * Comment this macro to disable support for Extended Master Secret. 01069 */ 01070 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01071 01072 /** 01073 * \def MBEDTLS_SSL_FALLBACK_SCSV 01074 * 01075 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01076 * 01077 * For servers, it is recommended to always enable this, unless you support 01078 * only one version of TLS, or know for sure that none of your clients 01079 * implements a fallback strategy. 01080 * 01081 * For clients, you only need this if you're using a fallback strategy, which 01082 * is not recommended in the first place, unless you absolutely need it to 01083 * interoperate with buggy (version-intolerant) servers. 01084 * 01085 * Comment this macro to disable support for FALLBACK_SCSV 01086 */ 01087 //#define MBEDTLS_SSL_FALLBACK_SCSV 01088 01089 /** 01090 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01091 * 01092 * Enable hooking functions in SSL module for hardware acceleration of 01093 * individual records. 01094 * 01095 * Uncomment this macro to enable hooking functions. 01096 */ 01097 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01098 01099 /** 01100 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01101 * 01102 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01103 * 01104 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01105 * of interoperability issues compared to sending 0-length records. 01106 * 01107 * Comment this macro to disable 1/n-1 record splitting. 01108 */ 01109 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01110 01111 /** 01112 * \def MBEDTLS_SSL_RENEGOTIATION 01113 * 01114 * Disable support for TLS renegotiation. 01115 * 01116 * The two main uses of renegotiation are (1) refresh keys on long-lived 01117 * connections and (2) client authentication after the initial handshake. 01118 * If you don't need renegotiation, it's probably better to disable it, since 01119 * it has been associated with security issues in the past and is easy to 01120 * misuse/misunderstand. 01121 * 01122 * Comment this to disable support for renegotiation. 01123 */ 01124 #define MBEDTLS_SSL_RENEGOTIATION 01125 01126 /** 01127 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01128 * 01129 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01130 * SSL Server module (MBEDTLS_SSL_SRV_C). 01131 * 01132 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01133 */ 01134 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01135 01136 /** 01137 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01138 * 01139 * Pick the ciphersuite according to the client's preferences rather than ours 01140 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01141 * 01142 * Uncomment this macro to respect client's ciphersuite order 01143 */ 01144 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01145 01146 /** 01147 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01148 * 01149 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01150 * 01151 * Comment this macro to disable support for the max_fragment_length extension 01152 */ 01153 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01154 01155 /** 01156 * \def MBEDTLS_SSL_PROTO_SSL3 01157 * 01158 * Enable support for SSL 3.0. 01159 * 01160 * Requires: MBEDTLS_MD5_C 01161 * MBEDTLS_SHA1_C 01162 * 01163 * Comment this macro to disable support for SSL 3.0 01164 */ 01165 //#define MBEDTLS_SSL_PROTO_SSL3 01166 01167 /** 01168 * \def MBEDTLS_SSL_PROTO_TLS1 01169 * 01170 * Enable support for TLS 1.0. 01171 * 01172 * Requires: MBEDTLS_MD5_C 01173 * MBEDTLS_SHA1_C 01174 * 01175 * Comment this macro to disable support for TLS 1.0 01176 */ 01177 //#define MBEDTLS_SSL_PROTO_TLS1 01178 01179 /** 01180 * \def MBEDTLS_SSL_PROTO_TLS1_1 01181 * 01182 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01183 * 01184 * Requires: MBEDTLS_MD5_C 01185 * MBEDTLS_SHA1_C 01186 * 01187 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01188 */ 01189 //#define MBEDTLS_SSL_PROTO_TLS1_1 01190 01191 /** 01192 * \def MBEDTLS_SSL_PROTO_TLS1_2 01193 * 01194 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01195 * 01196 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01197 * (Depends on ciphersuites) 01198 * 01199 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01200 */ 01201 #define MBEDTLS_SSL_PROTO_TLS1_2 01202 01203 /** 01204 * \def MBEDTLS_SSL_PROTO_DTLS 01205 * 01206 * Enable support for DTLS (all available versions). 01207 * 01208 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01209 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01210 * 01211 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01212 * or MBEDTLS_SSL_PROTO_TLS1_2 01213 * 01214 * Comment this macro to disable support for DTLS 01215 */ 01216 #define MBEDTLS_SSL_PROTO_DTLS 01217 01218 /** 01219 * \def MBEDTLS_SSL_ALPN 01220 * 01221 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01222 * 01223 * Comment this macro to disable support for ALPN. 01224 */ 01225 #define MBEDTLS_SSL_ALPN 01226 01227 /** 01228 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01229 * 01230 * Enable support for the anti-replay mechanism in DTLS. 01231 * 01232 * Requires: MBEDTLS_SSL_TLS_C 01233 * MBEDTLS_SSL_PROTO_DTLS 01234 * 01235 * \warning Disabling this is often a security risk! 01236 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01237 * 01238 * Comment this to disable anti-replay in DTLS. 01239 */ 01240 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01241 01242 /** 01243 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01244 * 01245 * Enable support for HelloVerifyRequest on DTLS servers. 01246 * 01247 * This feature is highly recommended to prevent DTLS servers being used as 01248 * amplifiers in DoS attacks against other hosts. It should always be enabled 01249 * unless you know for sure amplification cannot be a problem in the 01250 * environment in which your server operates. 01251 * 01252 * \warning Disabling this can ba a security risk! (see above) 01253 * 01254 * Requires: MBEDTLS_SSL_PROTO_DTLS 01255 * 01256 * Comment this to disable support for HelloVerifyRequest. 01257 */ 01258 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01259 01260 /** 01261 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01262 * 01263 * Enable server-side support for clients that reconnect from the same port. 01264 * 01265 * Some clients unexpectedly close the connection and try to reconnect using the 01266 * same source port. This needs special support from the server to handle the 01267 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01268 * flag enables that support. 01269 * 01270 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01271 * 01272 * Comment this to disable support for clients reusing the source port. 01273 */ 01274 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01275 01276 /** 01277 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01278 * 01279 * Enable support for a limit of records with bad MAC. 01280 * 01281 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01282 * 01283 * Requires: MBEDTLS_SSL_PROTO_DTLS 01284 */ 01285 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01286 01287 /** 01288 * \def MBEDTLS_SSL_SESSION_TICKETS 01289 * 01290 * Enable support for RFC 5077 session tickets in SSL. 01291 * Client-side, provides full support for session tickets (maintainance of a 01292 * session store remains the responsibility of the application, though). 01293 * Server-side, you also need to provide callbacks for writing and parsing 01294 * tickets, including authenticated encryption and key management. Example 01295 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01296 * 01297 * Comment this macro to disable support for SSL session tickets 01298 */ 01299 #define MBEDTLS_SSL_SESSION_TICKETS 01300 01301 /** 01302 * \def MBEDTLS_SSL_EXPORT_KEYS 01303 * 01304 * Enable support for exporting key block and master secret. 01305 * This is required for certain users of TLS, e.g. EAP-TLS. 01306 * 01307 * Comment this macro to disable support for key export 01308 */ 01309 #define MBEDTLS_SSL_EXPORT_KEYS 01310 01311 /** 01312 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01313 * 01314 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01315 * 01316 * Requires: MBEDTLS_X509_CRT_PARSE_C 01317 * 01318 * Comment this macro to disable support for server name indication in SSL 01319 */ 01320 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01321 /** s 01322 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01323 * 01324 * Enable support for RFC 6066 truncated HMAC in SSL. 01325 * 01326 * Comment this macro to disable support for truncated HMAC in SSL 01327 */ 01328 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01329 01330 /** 01331 * \def MBEDTLS_THREADING_ALT 01332 * 01333 * Provide your own alternate threading implementation. 01334 * 01335 * Requires: MBEDTLS_THREADING_C 01336 * 01337 * Uncomment this to allow your own alternate threading implementation. 01338 */ 01339 //#define MBEDTLS_THREADING_ALT 01340 01341 /** 01342 * \def MBEDTLS_THREADING_PTHREAD 01343 * 01344 * Enable the pthread wrapper layer for the threading layer. 01345 * 01346 * Requires: MBEDTLS_THREADING_C 01347 * 01348 * Uncomment this to enable pthread mutexes. 01349 */ 01350 //#define MBEDTLS_THREADING_PTHREAD 01351 01352 /** 01353 * \def MBEDTLS_VERSION_FEATURES 01354 * 01355 * Allow run-time checking of compile-time enabled features. Thus allowing users 01356 * to check at run-time if the library is for instance compiled with threading 01357 * support via mbedtls_version_check_feature(). 01358 * 01359 * Requires: MBEDTLS_VERSION_C 01360 * 01361 * Comment this to disable run-time checking and save ROM space 01362 */ 01363 //#define MBEDTLS_VERSION_FEATURES 01364 /** 01365 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01366 * 01367 * If set, the X509 parser will not break-off when parsing an X509 certificate 01368 * and encountering an extension in a v1 or v2 certificate. 01369 * 01370 * Uncomment to prevent an error. 01371 */ 01372 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01373 01374 /** 01375 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01376 * 01377 * If set, the X509 parser will not break-off when parsing an X509 certificate 01378 * and encountering an unknown critical extension. 01379 * 01380 * \warning Depending on your PKI use, enabling this can be a security risk! 01381 * 01382 * Uncomment to prevent an error. 01383 */ 01384 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01385 01386 /** 01387 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01388 * 01389 * Enable verification of the keyUsage extension (CA and leaf certificates). 01390 * 01391 * Disabling this avoids problems with mis-issued and/or misused 01392 * (intermediate) CA and leaf certificates. 01393 * 01394 * \warning Depending on your PKI use, disabling this can be a security risk! 01395 * 01396 * Comment to skip keyUsage checking for both CA and leaf certificates. 01397 */ 01398 #define MBEDTLS_X509_CHECK_KEY_USAGE 01399 01400 /** 01401 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01402 * 01403 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01404 * 01405 * Disabling this avoids problems with mis-issued and/or misused certificates. 01406 * 01407 * \warning Depending on your PKI use, disabling this can be a security risk! 01408 * 01409 * Comment to skip extendedKeyUsage checking for certificates. 01410 */ 01411 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01412 01413 /** 01414 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01415 * 01416 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01417 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01418 * 01419 * Comment this macro to disallow using RSASSA-PSS in certificates. 01420 */ 01421 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01422 /** 01423 * \def MBEDTLS_ZLIB_SUPPORT 01424 * 01425 * If set, the SSL/TLS module uses ZLIB to support compression and 01426 * decompression of packet data. 01427 * 01428 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01429 * CRIME attack. Before enabling this option, you should examine with care if 01430 * CRIME or similar exploits may be a applicable to your use case. 01431 * 01432 * \note Currently compression can't be used with DTLS. 01433 * 01434 * Used in: library/ssl_tls.c 01435 * library/ssl_cli.c 01436 * library/ssl_srv.c 01437 * 01438 * This feature requires zlib library and headers to be present. 01439 * 01440 * Uncomment to enable use of ZLIB 01441 */ 01442 //#define MBEDTLS_ZLIB_SUPPORT 01443 /* \} name SECTION: mbed TLS feature support */ 01444 01445 /** 01446 * \name SECTION: mbed TLS modules 01447 * 01448 * This section enables or disables entire modules in mbed TLS 01449 * \{ 01450 */ 01451 01452 /** 01453 * \def MBEDTLS_AESNI_C 01454 * 01455 * Enable AES-NI support on x86-64. 01456 * 01457 * Module: library/aesni.c 01458 * Caller: library/aes.c 01459 * 01460 * Requires: MBEDTLS_HAVE_ASM 01461 * 01462 * This modules adds support for the AES-NI instructions on x86-64 01463 */ 01464 //#define MBEDTLS_AESNI_C 01465 01466 /** 01467 * \def MBEDTLS_AES_C 01468 * 01469 * Enable the AES block cipher. 01470 * 01471 * Module: library/aes.c 01472 * Caller: library/ssl_tls.c 01473 * library/pem.c 01474 * library/ctr_drbg.c 01475 * 01476 * This module enables the following ciphersuites (if other requisites are 01477 * enabled as well): 01478 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01479 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01480 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01481 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01482 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01483 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01484 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01485 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01486 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01487 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01488 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01489 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01490 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01491 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01492 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01493 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01494 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01495 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01496 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01497 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01498 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01499 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01500 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01501 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01502 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01503 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01504 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01505 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01506 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01507 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01508 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01509 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01510 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01511 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01512 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01513 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01514 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01515 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01516 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01517 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01518 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01519 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01520 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01521 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01522 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01523 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01524 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01525 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01526 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01527 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01528 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01529 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01530 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01531 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01532 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01533 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01534 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01535 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01536 * 01537 * PEM_PARSE uses AES for decrypting encrypted keys. 01538 */ 01539 #define MBEDTLS_AES_C 01540 01541 /** 01542 * \def MBEDTLS_ARC4_C 01543 * 01544 * Enable the ARCFOUR stream cipher. 01545 * 01546 * Module: library/arc4.c 01547 * Caller: library/ssl_tls.c 01548 * 01549 * This module enables the following ciphersuites (if other requisites are 01550 * enabled as well): 01551 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01552 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01553 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01554 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01555 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01556 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01557 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01558 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01559 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01560 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01561 */ 01562 //#define MBEDTLS_ARC4_C 01563 01564 /** 01565 * \def MBEDTLS_ASN1_PARSE_C 01566 * 01567 * Enable the generic ASN1 parser. 01568 * 01569 * Module: library/asn1.c 01570 * Caller: library/x509.c 01571 * library/dhm.c 01572 * library/pkcs12.c 01573 * library/pkcs5.c 01574 * library/pkparse.c 01575 */ 01576 #define MBEDTLS_ASN1_PARSE_C 01577 01578 /** 01579 * \def MBEDTLS_ASN1_WRITE_C 01580 * 01581 * Enable the generic ASN1 writer. 01582 * 01583 * Module: library/asn1write.c 01584 * Caller: library/ecdsa.c 01585 * library/pkwrite.c 01586 * library/x509_create.c 01587 * library/x509write_crt.c 01588 * library/x509write_csr.c 01589 */ 01590 #define MBEDTLS_ASN1_WRITE_C 01591 01592 /** 01593 * \def MBEDTLS_BASE64_C 01594 * 01595 * Enable the Base64 module. 01596 * 01597 * Module: library/base64.c 01598 * Caller: library/pem.c 01599 * 01600 * This module is required for PEM support (required by X.509). 01601 */ 01602 //#define MBEDTLS_BASE64_C 01603 01604 /** 01605 * \def MBEDTLS_BIGNUM_C 01606 * 01607 * Enable the multi-precision integer library. 01608 * 01609 * Module: library/bignum.c 01610 * Caller: library/dhm.c 01611 * library/ecp.c 01612 * library/ecdsa.c 01613 * library/rsa.c 01614 * library/ssl_tls.c 01615 * 01616 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01617 */ 01618 #define MBEDTLS_BIGNUM_C 01619 01620 /** 01621 * \def MBEDTLS_BLOWFISH_C 01622 * 01623 * Enable the Blowfish block cipher. 01624 * 01625 * Module: library/blowfish.c 01626 */ 01627 //#define MBEDTLS_BLOWFISH_C 01628 01629 /** 01630 * \def MBEDTLS_CAMELLIA_C 01631 * 01632 * Enable the Camellia block cipher. 01633 * 01634 * Module: library/camellia.c 01635 * Caller: library/ssl_tls.c 01636 * 01637 * This module enables the following ciphersuites (if other requisites are 01638 * enabled as well): 01639 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01640 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01641 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01642 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01643 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01644 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01645 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01646 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01647 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01648 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01649 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01650 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01651 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01652 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01653 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01654 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01655 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01656 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01657 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01658 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01659 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01660 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01661 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01662 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01663 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01664 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01665 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01666 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01667 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01668 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01669 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01670 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01671 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01672 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01673 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01674 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01675 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01676 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01677 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01678 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01679 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01680 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01681 */ 01682 //#define MBEDTLS_CAMELLIA_C 01683 01684 /** 01685 * \def MBEDTLS_CCM_C 01686 * 01687 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01688 * 01689 * Module: library/ccm.c 01690 * 01691 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01692 * 01693 * This module enables the AES-CCM ciphersuites, if other requisites are 01694 * enabled as well. 01695 */ 01696 #define MBEDTLS_CCM_C 01697 01698 /** 01699 * \def MBEDTLS_CERTS_C 01700 * 01701 * Enable the test certificates. 01702 * 01703 * Module: library/certs.c 01704 * Caller: 01705 * 01706 * This module is used for testing (ssl_client/server). 01707 */ 01708 //#define MBEDTLS_CERTS_C 01709 01710 /** 01711 * \def MBEDTLS_CIPHER_C 01712 * 01713 * Enable the generic cipher layer. 01714 * 01715 * Module: library/cipher.c 01716 * Caller: library/ssl_tls.c 01717 * 01718 * Uncomment to enable generic cipher wrappers. 01719 */ 01720 #define MBEDTLS_CIPHER_C 01721 01722 /** 01723 * \def MBEDTLS_CMAC_C 01724 * 01725 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01726 * ciphers. 01727 * 01728 * Module: library/cmac.c 01729 * 01730 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01731 * 01732 */ 01733 #define MBEDTLS_CMAC_C 01734 01735 /** 01736 * \def MBEDTLS_CTR_DRBG_C 01737 * 01738 * Enable the CTR_DRBG AES-256-based random generator. 01739 * 01740 * Module: library/ctr_drbg.c 01741 * Caller: 01742 * 01743 * Requires: MBEDTLS_AES_C 01744 * 01745 * This module provides the CTR_DRBG AES-256 random number generator. 01746 */ 01747 #define MBEDTLS_CTR_DRBG_C 01748 01749 /** 01750 * \def MBEDTLS_DEBUG_C 01751 * 01752 * Enable the debug functions. 01753 * 01754 * Module: library/debug.c 01755 * Caller: library/ssl_cli.c 01756 * library/ssl_srv.c 01757 * library/ssl_tls.c 01758 * 01759 * This module provides debugging functions. 01760 */ 01761 //#define MBEDTLS_DEBUG_C 01762 01763 /** 01764 * \def MBEDTLS_DES_C 01765 * 01766 * Enable the DES block cipher. 01767 * 01768 * Module: library/des.c 01769 * Caller: library/pem.c 01770 * library/ssl_tls.c 01771 * 01772 * This module enables the following ciphersuites (if other requisites are 01773 * enabled as well): 01774 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01775 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01776 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01777 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01778 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01779 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01780 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01781 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01782 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01783 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01784 * 01785 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01786 */ 01787 //#define MBEDTLS_DES_C 01788 01789 /** 01790 * \def MBEDTLS_DHM_C 01791 * 01792 * Enable the Diffie-Hellman-Merkle module. 01793 * 01794 * Module: library/dhm.c 01795 * Caller: library/ssl_cli.c 01796 * library/ssl_srv.c 01797 * 01798 * This module is used by the following key exchanges: 01799 * DHE-RSA, DHE-PSK 01800 */ 01801 //#define MBEDTLS_DHM_C 01802 01803 /** 01804 * \def MBEDTLS_ECDH_C 01805 * 01806 * Enable the elliptic curve Diffie-Hellman library. 01807 * 01808 * Module: library/ecdh.c 01809 * Caller: library/ssl_cli.c 01810 * library/ssl_srv.c 01811 * 01812 * This module is used by the following key exchanges: 01813 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01814 * 01815 * Requires: MBEDTLS_ECP_C 01816 */ 01817 #define MBEDTLS_ECDH_C 01818 01819 /** 01820 * \def MBEDTLS_ECDSA_C 01821 * 01822 * Enable the elliptic curve DSA library. 01823 * 01824 * Module: library/ecdsa.c 01825 * Caller: 01826 * 01827 * This module is used by the following key exchanges: 01828 * ECDHE-ECDSA 01829 * 01830 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01831 */ 01832 #define MBEDTLS_ECDSA_C 01833 01834 /** 01835 * \def MBEDTLS_ECJPAKE_C 01836 * 01837 * Enable the elliptic curve J-PAKE library. 01838 * 01839 * \warning This is currently experimental. EC J-PAKE support is based on the 01840 * Thread v1.0.0 specification; incompatible changes to the specification 01841 * might still happen. For this reason, this is disabled by default. 01842 * 01843 * Module: library/ecjpake.c 01844 * Caller: 01845 * 01846 * This module is used by the following key exchanges: 01847 * ECJPAKE 01848 * 01849 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01850 */ 01851 //#define MBEDTLS_ECJPAKE_C 01852 01853 /** 01854 * \def MBEDTLS_ECP_C 01855 * 01856 * Enable the elliptic curve over GF(p) library. 01857 * 01858 * Module: library/ecp.c 01859 * Caller: library/ecdh.c 01860 * library/ecdsa.c 01861 * library/ecjpake.c 01862 * 01863 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01864 */ 01865 #define MBEDTLS_ECP_C 01866 01867 /** 01868 * \def MBEDTLS_ENTROPY_C 01869 * 01870 * Enable the platform-specific entropy code. 01871 * 01872 * Module: library/entropy.c 01873 * Caller: 01874 * 01875 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01876 * 01877 * This module provides a generic entropy pool 01878 */ 01879 #define MBEDTLS_ENTROPY_C 01880 01881 /** 01882 * \def MBEDTLS_ERROR_C 01883 * 01884 * Enable error code to error string conversion. 01885 * 01886 * Module: library/error.c 01887 * Caller: 01888 * 01889 * This module enables mbedtls_strerror(). 01890 */ 01891 //#define MBEDTLS_ERROR_C 01892 01893 /** 01894 * \def MBEDTLS_GCM_C 01895 * 01896 * Enable the Galois/Counter Mode (GCM) for AES. 01897 * 01898 * Module: library/gcm.c 01899 * 01900 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01901 * 01902 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01903 * requisites are enabled as well. 01904 */ 01905 #define MBEDTLS_GCM_C 01906 01907 /** 01908 * \def MBEDTLS_HAVEGE_C 01909 * 01910 * Enable the HAVEGE random generator. 01911 * 01912 * Warning: the HAVEGE random generator is not suitable for virtualized 01913 * environments 01914 * 01915 * Warning: the HAVEGE random generator is dependent on timing and specific 01916 * processor traits. It is therefore not advised to use HAVEGE as 01917 * your applications primary random generator or primary entropy pool 01918 * input. As a secondary input to your entropy pool, it IS able add 01919 * the (limited) extra entropy it provides. 01920 * 01921 * Module: library/havege.c 01922 * Caller: 01923 * 01924 * Requires: MBEDTLS_TIMING_C 01925 * 01926 * Uncomment to enable the HAVEGE random generator. 01927 */ 01928 //#define MBEDTLS_HAVEGE_C 01929 01930 /** 01931 * \def MBEDTLS_HMAC_DRBG_C 01932 * 01933 * Enable the HMAC_DRBG random generator. 01934 * 01935 * Module: library/hmac_drbg.c 01936 * Caller: 01937 * 01938 * Requires: MBEDTLS_MD_C 01939 * 01940 * Uncomment to enable the HMAC_DRBG random number geerator. 01941 */ 01942 #define MBEDTLS_HMAC_DRBG_C 01943 01944 /** 01945 * \def MBEDTLS_MD_C 01946 * 01947 * Enable the generic message digest layer. 01948 * 01949 * Module: library/md.c 01950 * Caller: 01951 * 01952 * Uncomment to enable generic message digest wrappers. 01953 */ 01954 #define MBEDTLS_MD_C 01955 01956 /** 01957 * \def MBEDTLS_MD2_C 01958 * 01959 * Enable the MD2 hash algorithm. 01960 * 01961 * Module: library/md2.c 01962 * Caller: 01963 * 01964 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01965 */ 01966 //#define MBEDTLS_MD2_C 01967 01968 /** 01969 * \def MBEDTLS_MD4_C 01970 * 01971 * Enable the MD4 hash algorithm. 01972 * 01973 * Module: library/md4.c 01974 * Caller: 01975 * 01976 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01977 */ 01978 //#define MBEDTLS_MD4_C 01979 01980 /** 01981 * \def MBEDTLS_MD5_C 01982 * 01983 * Enable the MD5 hash algorithm. 01984 * 01985 * Module: library/md5.c 01986 * Caller: library/md.c 01987 * library/pem.c 01988 * library/ssl_tls.c 01989 * 01990 * This module is required for SSL/TLS and X.509. 01991 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01992 */ 01993 //#define MBEDTLS_MD5_C 01994 01995 /** 01996 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01997 * 01998 * Enable the buffer allocator implementation that makes use of a (stack) 01999 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 02000 * calls) 02001 * 02002 * Module: library/memory_buffer_alloc.c 02003 * 02004 * Requires: MBEDTLS_PLATFORM_C 02005 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 02006 * 02007 * Enable this module to enable the buffer memory allocator. 02008 */ 02009 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 02010 02011 /** 02012 * \def MBEDTLS_NET_C 02013 * 02014 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 02015 * 02016 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 02017 * and Windows. For other platforms, you'll want to disable it, and write your 02018 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 02019 * 02020 * \note See also our Knowledge Base article about porting to a new 02021 * environment: 02022 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02023 * 02024 * Module: library/net_sockets.c 02025 * 02026 * This module provides networking routines. 02027 */ 02028 //#define MBEDTLS_NET_C 02029 02030 /** 02031 * \def MBEDTLS_OID_C 02032 * 02033 * Enable the OID database. 02034 * 02035 * Module: library/oid.c 02036 * Caller: library/asn1write.c 02037 * library/pkcs5.c 02038 * library/pkparse.c 02039 * library/pkwrite.c 02040 * library/rsa.c 02041 * library/x509.c 02042 * library/x509_create.c 02043 * library/x509_crl.c 02044 * library/x509_crt.c 02045 * library/x509_csr.c 02046 * library/x509write_crt.c 02047 * library/x509write_csr.c 02048 * 02049 * This modules translates between OIDs and internal values. 02050 */ 02051 #define MBEDTLS_OID_C 02052 02053 /** 02054 * \def MBEDTLS_PADLOCK_C 02055 * 02056 * Enable VIA Padlock support on x86. 02057 * 02058 * Module: library/padlock.c 02059 * Caller: library/aes.c 02060 * 02061 * Requires: MBEDTLS_HAVE_ASM 02062 * 02063 * This modules adds support for the VIA PadLock on x86. 02064 */ 02065 //#define MBEDTLS_PADLOCK_C 02066 02067 /** 02068 * \def MBEDTLS_PEM_PARSE_C 02069 * 02070 * Enable PEM decoding / parsing. 02071 * 02072 * Module: library/pem.c 02073 * Caller: library/dhm.c 02074 * library/pkparse.c 02075 * library/x509_crl.c 02076 * library/x509_crt.c 02077 * library/x509_csr.c 02078 * 02079 * Requires: MBEDTLS_BASE64_C 02080 * 02081 * This modules adds support for decoding / parsing PEM files. 02082 */ 02083 //#define MBEDTLS_PEM_PARSE_C 02084 02085 /** 02086 * \def MBEDTLS_PEM_WRITE_C 02087 * 02088 * Enable PEM encoding / writing. 02089 * 02090 * Module: library/pem.c 02091 * Caller: library/pkwrite.c 02092 * library/x509write_crt.c 02093 * library/x509write_csr.c 02094 * 02095 * Requires: MBEDTLS_BASE64_C 02096 * 02097 * This modules adds support for encoding / writing PEM files. 02098 */ 02099 //#define MBEDTLS_PEM_WRITE_C 02100 02101 /** 02102 * \def MBEDTLS_PK_C 02103 * 02104 * Enable the generic public (asymetric) key layer. 02105 * 02106 * Module: library/pk.c 02107 * Caller: library/ssl_tls.c 02108 * library/ssl_cli.c 02109 * library/ssl_srv.c 02110 * 02111 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02112 * 02113 * Uncomment to enable generic public key wrappers. 02114 */ 02115 #define MBEDTLS_PK_C 02116 02117 /** 02118 * \def MBEDTLS_PK_PARSE_C 02119 * 02120 * Enable the generic public (asymetric) key parser. 02121 * 02122 * Module: library/pkparse.c 02123 * Caller: library/x509_crt.c 02124 * library/x509_csr.c 02125 * 02126 * Requires: MBEDTLS_PK_C 02127 * 02128 * Uncomment to enable generic public key parse functions. 02129 */ 02130 #define MBEDTLS_PK_PARSE_C 02131 02132 /** 02133 * \def MBEDTLS_PK_WRITE_C 02134 * 02135 * Enable the generic public (asymetric) key writer. 02136 * 02137 * Module: library/pkwrite.c 02138 * Caller: library/x509write.c 02139 * 02140 * Requires: MBEDTLS_PK_C 02141 * 02142 * Uncomment to enable generic public key write functions. 02143 */ 02144 #define MBEDTLS_PK_WRITE_C 02145 02146 /** 02147 * \def MBEDTLS_PKCS5_C 02148 * 02149 * Enable PKCS#5 functions. 02150 * 02151 * Module: library/pkcs5.c 02152 * 02153 * Requires: MBEDTLS_MD_C 02154 * 02155 * This module adds support for the PKCS#5 functions. 02156 */ 02157 //#define MBEDTLS_PKCS5_C 02158 02159 /** 02160 * \def MBEDTLS_PKCS11_C 02161 * 02162 * Enable wrapper for PKCS#11 smartcard support. 02163 * 02164 * Module: library/pkcs11.c 02165 * Caller: library/pk.c 02166 * 02167 * Requires: MBEDTLS_PK_C 02168 * 02169 * This module enables SSL/TLS PKCS #11 smartcard support. 02170 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02171 */ 02172 //#define MBEDTLS_PKCS11_C 02173 02174 /** 02175 * \def MBEDTLS_PKCS12_C 02176 * 02177 * Enable PKCS#12 PBE functions. 02178 * Adds algorithms for parsing PKCS#8 encrypted private keys 02179 * 02180 * Module: library/pkcs12.c 02181 * Caller: library/pkparse.c 02182 * 02183 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02184 * Can use: MBEDTLS_ARC4_C 02185 * 02186 * This module enables PKCS#12 functions. 02187 */ 02188 //#define MBEDTLS_PKCS12_C 02189 02190 /** 02191 * \def MBEDTLS_PLATFORM_C 02192 * 02193 * Enable the platform abstraction layer that allows you to re-assign 02194 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02195 * 02196 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02197 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02198 * above to be specified at runtime or compile time respectively. 02199 * 02200 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02201 * as other module rely on it for a fixed snprintf implementation. 02202 * 02203 * Module: library/platform.c 02204 * Caller: Most other .c files 02205 * 02206 * This module enables abstraction of common (libc) functions. 02207 */ 02208 #define MBEDTLS_PLATFORM_C 02209 02210 /** 02211 * \def MBEDTLS_RIPEMD160_C 02212 * 02213 * Enable the RIPEMD-160 hash algorithm. 02214 * 02215 * Module: library/ripemd160.c 02216 * Caller: library/md.c 02217 * 02218 */ 02219 //#define MBEDTLS_RIPEMD160_C 02220 02221 /** 02222 * \def MBEDTLS_RSA_C 02223 * 02224 * Enable the RSA public-key cryptosystem. 02225 * 02226 * Module: library/rsa.c 02227 * Caller: library/ssl_cli.c 02228 * library/ssl_srv.c 02229 * library/ssl_tls.c 02230 * library/x509.c 02231 * 02232 * This module is used by the following key exchanges: 02233 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02234 * 02235 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02236 */ 02237 //#define MBEDTLS_RSA_C 02238 02239 /** 02240 * \def MBEDTLS_SHA1_C 02241 * 02242 * Enable the SHA1 cryptographic hash algorithm. 02243 * 02244 * Module: library/sha1.c 02245 * Caller: library/md.c 02246 * library/ssl_cli.c 02247 * library/ssl_srv.c 02248 * library/ssl_tls.c 02249 * library/x509write_crt.c 02250 * 02251 * This module is required for SSL/TLS and SHA1-signed certificates. 02252 */ 02253 //#define MBEDTLS_SHA1_C 02254 02255 /** 02256 * \def MBEDTLS_SHA256_C 02257 * 02258 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02259 * 02260 * Module: library/sha256.c 02261 * Caller: library/entropy.c 02262 * library/md.c 02263 * library/ssl_cli.c 02264 * library/ssl_srv.c 02265 * library/ssl_tls.c 02266 * 02267 * This module adds support for SHA-224 and SHA-256. 02268 * This module is required for the SSL/TLS 1.2 PRF function. 02269 */ 02270 #define MBEDTLS_SHA256_C 02271 02272 /** 02273 * \def MBEDTLS_SHA512_C 02274 * 02275 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02276 * 02277 * Module: library/sha512.c 02278 * Caller: library/entropy.c 02279 * library/md.c 02280 * library/ssl_cli.c 02281 * library/ssl_srv.c 02282 * 02283 * This module adds support for SHA-384 and SHA-512. 02284 */ 02285 //#define MBEDTLS_SHA512_C 02286 02287 /** 02288 * \def MBEDTLS_SSL_CACHE_C 02289 * 02290 * Enable simple SSL cache implementation. 02291 * 02292 * Module: library/ssl_cache.c 02293 * Caller: 02294 * 02295 * Requires: MBEDTLS_SSL_CACHE_C 02296 */ 02297 #define MBEDTLS_SSL_CACHE_C 02298 02299 /** 02300 * \def MBEDTLS_SSL_COOKIE_C 02301 * 02302 * Enable basic implementation of DTLS cookies for hello verification. 02303 * 02304 * Module: library/ssl_cookie.c 02305 * Caller: 02306 */ 02307 #define MBEDTLS_SSL_COOKIE_C 02308 02309 /** 02310 * \def MBEDTLS_SSL_TICKET_C 02311 * 02312 * Enable an implementation of TLS server-side callbacks for session tickets. 02313 * 02314 * Module: library/ssl_ticket.c 02315 * Caller: 02316 * 02317 * Requires: MBEDTLS_CIPHER_C 02318 */ 02319 #define MBEDTLS_SSL_TICKET_C 02320 02321 /** 02322 * \def MBEDTLS_SSL_CLI_C 02323 * 02324 * Enable the SSL/TLS client code. 02325 * 02326 * Module: library/ssl_cli.c 02327 * Caller: 02328 * 02329 * Requires: MBEDTLS_SSL_TLS_C 02330 * 02331 * This module is required for SSL/TLS client support. 02332 */ 02333 #define MBEDTLS_SSL_CLI_C 02334 02335 /** 02336 * \def MBEDTLS_SSL_SRV_C 02337 * 02338 * Enable the SSL/TLS server code. 02339 * 02340 * Module: library/ssl_srv.c 02341 * Caller: 02342 * 02343 * Requires: MBEDTLS_SSL_TLS_C 02344 * 02345 * This module is required for SSL/TLS server support. 02346 */ 02347 //#define MBEDTLS_SSL_SRV_C 02348 02349 /** 02350 * \def MBEDTLS_SSL_TLS_C 02351 * 02352 * Enable the generic SSL/TLS code. 02353 * 02354 * Module: library/ssl_tls.c 02355 * Caller: library/ssl_cli.c 02356 * library/ssl_srv.c 02357 * 02358 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02359 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02360 * 02361 * This module is required for SSL/TLS. 02362 */ 02363 #define MBEDTLS_SSL_TLS_C 02364 02365 /** 02366 * \def MBEDTLS_THREADING_C 02367 * 02368 * Enable the threading abstraction layer. 02369 * By default mbed TLS assumes it is used in a non-threaded environment or that 02370 * contexts are not shared between threads. If you do intend to use contexts 02371 * between threads, you will need to enable this layer to prevent race 02372 * conditions. See also our Knowledge Base article about threading: 02373 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02374 * 02375 * Module: library/threading.c 02376 * 02377 * This allows different threading implementations (self-implemented or 02378 * provided). 02379 * 02380 * You will have to enable either MBEDTLS_THREADING_ALT or 02381 * MBEDTLS_THREADING_PTHREAD. 02382 * 02383 * Enable this layer to allow use of mutexes within mbed TLS 02384 */ 02385 //#define MBEDTLS_THREADING_C 02386 02387 /** 02388 * \def MBEDTLS_TIMING_C 02389 * 02390 * Enable the semi-portable timing interface. 02391 * 02392 * \note The provided implementation only works on POSIX/Unix (including Linux, 02393 * BSD and OS X) and Windows. On other platforms, you can either disable that 02394 * module and provide your own implementations of the callbacks needed by 02395 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02396 * your own implementation of the whole module by setting 02397 * \c MBEDTLS_TIMING_ALT in the current file. 02398 * 02399 * \note See also our Knowledge Base article about porting to a new 02400 * environment: 02401 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02402 * 02403 * Module: library/timing.c 02404 * Caller: library/havege.c 02405 * 02406 * This module is used by the HAVEGE random number generator. 02407 */ 02408 //#define MBEDTLS_TIMING_C 02409 02410 /** 02411 * \def MBEDTLS_VERSION_C 02412 * 02413 * Enable run-time version information. 02414 * 02415 * Module: library/version.c 02416 * 02417 * This module provides run-time version information. 02418 */ 02419 #define MBEDTLS_VERSION_C 02420 /** 02421 * \def MBEDTLS_X509_USE_C 02422 * 02423 * Enable X.509 core for using certificates. 02424 * 02425 * Module: library/x509.c 02426 * Caller: library/x509_crl.c 02427 * library/x509_crt.c 02428 * library/x509_csr.c 02429 * 02430 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02431 * MBEDTLS_PK_PARSE_C 02432 * 02433 * This module is required for the X.509 parsing modules. 02434 */ 02435 #define MBEDTLS_X509_USE_C 02436 02437 /** 02438 * \def MBEDTLS_X509_CRT_PARSE_C 02439 * 02440 * Enable X.509 certificate parsing. 02441 * 02442 * Module: library/x509_crt.c 02443 * Caller: library/ssl_cli.c 02444 * library/ssl_srv.c 02445 * library/ssl_tls.c 02446 * 02447 * Requires: MBEDTLS_X509_USE_C 02448 * 02449 * This module is required for X.509 certificate parsing. 02450 */ 02451 #define MBEDTLS_X509_CRT_PARSE_C 02452 02453 /** 02454 * \def MBEDTLS_X509_CRL_PARSE_C 02455 * 02456 * Enable X.509 CRL parsing. 02457 * 02458 * Module: library/x509_crl.c 02459 * Caller: library/x509_crt.c 02460 * 02461 * Requires: MBEDTLS_X509_USE_C 02462 * 02463 * This module is required for X.509 CRL parsing. 02464 */ 02465 #define MBEDTLS_X509_CRL_PARSE_C 02466 02467 /** 02468 * \def MBEDTLS_X509_CSR_PARSE_C 02469 * 02470 * Enable X.509 Certificate Signing Request (CSR) parsing. 02471 * 02472 * Module: library/x509_csr.c 02473 * Caller: library/x509_crt_write.c 02474 * 02475 * Requires: MBEDTLS_X509_USE_C 02476 * 02477 * This module is used for reading X.509 certificate request. 02478 */ 02479 #define MBEDTLS_X509_CSR_PARSE_C 02480 02481 /** 02482 * \def MBEDTLS_X509_CREATE_C 02483 * 02484 * Enable X.509 core for creating certificates. 02485 * 02486 * Module: library/x509_create.c 02487 * 02488 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02489 * 02490 * This module is the basis for creating X.509 certificates and CSRs. 02491 */ 02492 #define MBEDTLS_X509_CREATE_C 02493 02494 /** 02495 * \def MBEDTLS_X509_CRT_WRITE_C 02496 * 02497 * Enable creating X.509 certificates. 02498 * 02499 * Module: library/x509_crt_write.c 02500 * 02501 * Requires: MBEDTLS_X509_CREATE_C 02502 * 02503 * This module is required for X.509 certificate creation. 02504 */ 02505 //#define MBEDTLS_X509_CRT_WRITE_C 02506 02507 /** 02508 * \def MBEDTLS_X509_CSR_WRITE_C 02509 * 02510 * Enable creating X.509 Certificate Signing Requests (CSR). 02511 * 02512 * Module: library/x509_csr_write.c 02513 * 02514 * Requires: MBEDTLS_X509_CREATE_C 02515 * 02516 * This module is required for X.509 certificate request writing. 02517 */ 02518 #define MBEDTLS_X509_CSR_WRITE_C 02519 /** 02520 * \def MBEDTLS_XTEA_C 02521 * 02522 * Enable the XTEA block cipher. 02523 * 02524 * Module: library/xtea.c 02525 * Caller: 02526 */ 02527 //#define MBEDTLS_XTEA_C 02528 02529 /* \} name SECTION: mbed TLS modules */ 02530 02531 /** 02532 * \name SECTION: Module configuration options 02533 * 02534 * This section allows for the setting of module specific sizes and 02535 * configuration options. The default values are already present in the 02536 * relevant header files and should suffice for the regular use cases. 02537 * 02538 * Our advice is to enable options and change their values here 02539 * only if you have a good reason and know the consequences. 02540 * 02541 * Please check the respective header file for documentation on these 02542 * parameters (to prevent duplicate documentation). 02543 * \{ 02544 */ 02545 02546 /* MPI / BIGNUM options */ 02547 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02548 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02549 02550 /* CTR_DRBG options */ 02551 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02552 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02553 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02554 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02555 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02556 02557 /* HMAC_DRBG options */ 02558 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02559 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02560 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02561 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02562 02563 /* ECP options */ 02564 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02565 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02566 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02567 02568 /* Entropy options */ 02569 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02570 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02571 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02572 02573 /* Memory buffer allocator options */ 02574 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02575 02576 /* Platform options */ 02577 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02578 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02579 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02580 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02581 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02582 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02583 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02584 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02585 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02586 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02587 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02588 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02589 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02590 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02591 02592 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02593 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02594 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02595 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02596 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02597 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02598 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02599 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02600 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02601 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02602 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02603 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02604 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02605 02606 /* SSL Cache options */ 02607 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02608 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02609 02610 /* SSL options */ 02611 #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02612 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02613 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02614 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02615 02616 /** 02617 * Complete list of ciphersuites to use, in order of preference. 02618 * 02619 * \warning No dependency checking is done on that field! This option can only 02620 * be used to restrict the set of available ciphersuites. It is your 02621 * responsibility to make sure the needed modules are active. 02622 * 02623 * Use this to save a few hundred bytes of ROM (default ordering of all 02624 * available ciphersuites) and a few to a few hundred bytes of RAM. 02625 * 02626 * The value below is only an example, not the default. 02627 */ 02628 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \ 02629 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \ 02630 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ 02631 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \ 02632 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 02633 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 02634 /* X509 options */ 02635 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02636 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02637 02638 /* \} name SECTION: Customisation configuration options */ 02639 02640 /* Target and application specific configurations */ 02641 //#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" 02642 02643 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) 02644 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE 02645 #endif 02646 02647 02648 #include "check_config.h" 02649 02650 #if defined(MBEDTLS_TEST_NULL_ENTROPY) 02651 #warning "MBEDTLS_TEST_NULL_ENTROPY has been enabled. This " \ 02652 "configuration is not secure and is not suitable for production use" 02653 #endif 02654 02655 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 19:01:35 by 1.7.2