Toyomasa Watarai
Simple interface for Mbed Cloud Client
Embed:
(wiki syntax)
Show/hide line numbers
mbedTLSConfig_Linux_PSK.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_CONFIG_H 00029 #define MBEDTLS_CONFIG_H 00030 00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00032 #define _CRT_SECURE_NO_DEPRECATE 1 00033 #endif 00034 00035 /** 00036 * \name SECTION: System support 00037 * 00038 * This section sets system specific settings. 00039 * \{ 00040 */ 00041 #if 1 //Please set to 1 if you are using secure time 00042 /** 00043 * \def MBEDTLS_HAVE_ASM 00044 * 00045 * The compiler has support for asm(). 00046 * 00047 * Requires support for asm() in compiler. 00048 * 00049 * Used in: 00050 * library/timing.c 00051 * library/padlock.c 00052 * include/mbedtls/bn_mul.h 00053 * 00054 * Comment to disable the use of assembly code. 00055 */ 00056 #define MBEDTLS_HAVE_ASM 00057 00058 /** 00059 * \def MBEDTLS_HAVE_SSE2 00060 * 00061 * CPU supports SSE2 instruction set. 00062 * 00063 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00064 */ 00065 //#define MBEDTLS_HAVE_SSE2 00066 00067 /** 00068 * \def MBEDTLS_HAVE_TIME 00069 * 00070 * System has time.h and time(). 00071 * The time does not need to be correct, only time differences are used, 00072 * by contrast with MBEDTLS_HAVE_TIME_DATE 00073 * 00074 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00075 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00076 * MBEDTLS_PLATFORM_STD_TIME. 00077 * 00078 * Comment if your system does not support time functions 00079 */ 00080 #define MBEDTLS_HAVE_TIME 00081 00082 /** 00083 * \def MBEDTLS_HAVE_TIME_DATE 00084 * 00085 * System has time.h and time(), gmtime() and the clock is correct. 00086 * The time needs to be correct (not necesarily very accurate, but at least 00087 * the date should be correct). This is used to verify the validity period of 00088 * X.509 certificates. 00089 * 00090 * Comment if your system does not have a correct clock. 00091 */ 00092 #define MBEDTLS_HAVE_TIME_DATE 00093 00094 /** 00095 * \def MBEDTLS_PLATFORM_MEMORY 00096 * 00097 * Enable the memory allocation layer. 00098 * 00099 * By default mbed TLS uses the system-provided calloc() and free(). 00100 * This allows different allocators (self-implemented or provided) to be 00101 * provided to the platform abstraction layer. 00102 * 00103 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00104 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00105 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00106 * free() function pointer at runtime. 00107 * 00108 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00109 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00110 * alternate function at compile time. 00111 * 00112 * Requires: MBEDTLS_PLATFORM_C 00113 * 00114 * Enable this layer to allow use of alternative memory allocators. 00115 */ 00116 //#define MBEDTLS_PLATFORM_MEMORY 00117 00118 /** 00119 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00120 * 00121 * Do not assign standard functions in the platform layer (e.g. calloc() to 00122 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00123 * 00124 * This makes sure there are no linking errors on platforms that do not support 00125 * these functions. You will HAVE to provide alternatives, either at runtime 00126 * via the platform_set_xxx() functions or at compile time by setting 00127 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00128 * MBEDTLS_PLATFORM_XXX_MACRO. 00129 * 00130 * Requires: MBEDTLS_PLATFORM_C 00131 * 00132 * Uncomment to prevent default assignment of standard functions in the 00133 * platform layer. 00134 */ 00135 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00136 00137 /** 00138 * \def MBEDTLS_PLATFORM_EXIT_ALT 00139 * 00140 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00141 * function in the platform abstraction layer. 00142 * 00143 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00144 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00145 * alternative printf function pointer. 00146 * 00147 * All these define require MBEDTLS_PLATFORM_C to be defined! 00148 * 00149 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00150 * it will be enabled automatically by check_config.h 00151 * 00152 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00153 * MBEDTLS_PLATFORM_XXX_MACRO! 00154 * 00155 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00156 * 00157 * Uncomment a macro to enable alternate implementation of specific base 00158 * platform function 00159 */ 00160 #define MBEDTLS_PLATFORM_TIME_ALT 00161 #endif //0 00162 //#define MBEDTLS_PLATFORM_EXIT_ALT 00163 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00164 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00165 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00166 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00167 00168 /** 00169 * \def MBEDTLS_DEPRECATED_WARNING 00170 * 00171 * Mark deprecated functions so that they generate a warning if used. 00172 * Functions deprecated in one version will usually be removed in the next 00173 * version. You can enable this to help you prepare the transition to a new 00174 * major version by making sure your code is not using these functions. 00175 * 00176 * This only works with GCC and Clang. With other compilers, you may want to 00177 * use MBEDTLS_DEPRECATED_REMOVED 00178 * 00179 * Uncomment to get warnings on using deprecated functions. 00180 */ 00181 //#define MBEDTLS_DEPRECATED_WARNING 00182 00183 /** 00184 * \def MBEDTLS_DEPRECATED_REMOVED 00185 * 00186 * Remove deprecated functions so that they generate an error if used. 00187 * Functions deprecated in one version will usually be removed in the next 00188 * version. You can enable this to help you prepare the transition to a new 00189 * major version by making sure your code is not using these functions. 00190 * 00191 * Uncomment to get errors on using deprecated functions. 00192 */ 00193 //#define MBEDTLS_DEPRECATED_REMOVED 00194 00195 /* \} name SECTION: System support */ 00196 00197 /** 00198 * \name SECTION: mbed TLS feature support 00199 * 00200 * This section sets support for features that are or are not needed 00201 * within the modules that are enabled. 00202 * \{ 00203 */ 00204 00205 /** 00206 * \def MBEDTLS_TIMING_ALT 00207 * 00208 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00209 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00210 * 00211 * Only works if you have MBEDTLS_TIMING_C enabled. 00212 * 00213 * You will need to provide a header "timing_alt.h" and an implementation at 00214 * compile time. 00215 */ 00216 //#define MBEDTLS_TIMING_ALT 00217 00218 /** 00219 * \def MBEDTLS_AES_ALT 00220 * 00221 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00222 * alternate core implementation of a symmetric crypto, an arithmetic or hash 00223 * module (e.g. platform specific assembly optimized implementations). Keep 00224 * in mind that the function prototypes should remain the same. 00225 * 00226 * This replaces the whole module. If you only want to replace one of the 00227 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00228 * 00229 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00230 * provide the "struct mbedtls_aes_context" definition and omit the base 00231 * function declarations and implementations. "aes_alt.h" will be included from 00232 * "aes.h" to include the new function definitions. 00233 * 00234 * Uncomment a macro to enable alternate implementation of the corresponding 00235 * module. 00236 */ 00237 //#define MBEDTLS_AES_ALT 00238 //#define MBEDTLS_ARC4_ALT 00239 //#define MBEDTLS_BLOWFISH_ALT 00240 //#define MBEDTLS_CAMELLIA_ALT 00241 //#define MBEDTLS_DES_ALT 00242 //#define MBEDTLS_XTEA_ALT 00243 //#define MBEDTLS_MD2_ALT 00244 //#define MBEDTLS_MD4_ALT 00245 //#define MBEDTLS_MD5_ALT 00246 //#define MBEDTLS_RIPEMD160_ALT 00247 //#define MBEDTLS_SHA1_ALT 00248 //#define MBEDTLS_SHA256_ALT 00249 //#define MBEDTLS_SHA512_ALT 00250 /* 00251 * When replacing the elliptic curve module, pleace consider, that it is 00252 * implemented with two .c files: 00253 * - ecp.c 00254 * - ecp_curves.c 00255 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT 00256 * macros as described above. The only difference is that you have to make sure 00257 * that you provide functionality for both .c files. 00258 */ 00259 //#define MBEDTLS_ECP_ALT 00260 00261 /** 00262 * \def MBEDTLS_MD2_PROCESS_ALT 00263 * 00264 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00265 * alternate core implementation of symmetric crypto or hash function. Keep in 00266 * mind that function prototypes should remain the same. 00267 * 00268 * This replaces only one function. The header file from mbed TLS is still 00269 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00270 * 00271 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00272 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00273 * the other function (using your mbedtls_sha1_process() function) and the definition 00274 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00275 * with this definition. 00276 * 00277 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00278 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00279 * tables. 00280 * 00281 * Uncomment a macro to enable alternate implementation of the corresponding 00282 * function. 00283 */ 00284 //#define MBEDTLS_MD2_PROCESS_ALT 00285 //#define MBEDTLS_MD4_PROCESS_ALT 00286 //#define MBEDTLS_MD5_PROCESS_ALT 00287 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00288 //#define MBEDTLS_SHA1_PROCESS_ALT 00289 //#define MBEDTLS_SHA256_PROCESS_ALT 00290 //#define MBEDTLS_SHA512_PROCESS_ALT 00291 //#define MBEDTLS_DES_SETKEY_ALT 00292 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00293 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00294 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00295 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00296 //#define MBEDTLS_AES_ENCRYPT_ALT 00297 //#define MBEDTLS_AES_DECRYPT_ALT 00298 00299 /** 00300 * \def MBEDTLS_ECP_INTERNAL_ALT 00301 * 00302 * Expose a part of the internal interface of the Elliptic Curve Point module. 00303 * 00304 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your 00305 * alternative core implementation of elliptic curve arithmetic. Keep in mind 00306 * that function prototypes should remain the same. 00307 * 00308 * This partially replaces one function. The header file from mbed TLS is still 00309 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation 00310 * is still present and it is used for group structures not supported by the 00311 * alternative. 00312 * 00313 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT 00314 * and implementing the following functions: 00315 * unsigned char mbedtls_internal_ecp_grp_capable( 00316 * const mbedtls_ecp_group *grp ) 00317 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) 00318 * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) 00319 * The mbedtls_internal_ecp_grp_capable function should return 1 if the 00320 * replacement functions implement arithmetic for the given group and 0 00321 * otherwise. 00322 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are 00323 * called before and after each point operation and provide an opportunity to 00324 * implement optimized set up and tear down instructions. 00325 * 00326 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and 00327 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac 00328 * function, but will use your mbedtls_internal_ecp_double_jac if the group is 00329 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when 00330 * receives it as an argument). If the group is not supported then the original 00331 * implementation is used. The other functions and the definition of 00332 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your 00333 * implementation of mbedtls_internal_ecp_double_jac and 00334 * mbedtls_internal_ecp_grp_capable must be compatible with this definition. 00335 * 00336 * Uncomment a macro to enable alternate implementation of the corresponding 00337 * function. 00338 */ 00339 /* Required for all the functions in this section */ 00340 //#define MBEDTLS_ECP_INTERNAL_ALT 00341 /* Support for Weierstrass curves with Jacobi representation */ 00342 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT 00343 //#define MBEDTLS_ECP_ADD_MIXED_ALT 00344 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT 00345 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT 00346 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT 00347 /* Support for curves with Montgomery arithmetic */ 00348 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT 00349 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT 00350 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT 00351 00352 /** 00353 * \def MBEDTLS_TEST_NULL_ENTROPY 00354 * 00355 * Enables testing and use of mbed TLS without any configured entropy sources. 00356 * This permits use of the library on platforms before an entropy source has 00357 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00358 * MBEDTLS_ENTROPY_NV_SEED switches). 00359 * 00360 * WARNING! This switch MUST be disabled in production builds, and is suitable 00361 * only for development. 00362 * Enabling the switch negates any security provided by the library. 00363 * 00364 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00365 * 00366 */ 00367 //#define MBEDTLS_TEST_NULL_ENTROPY 00368 00369 /** 00370 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00371 * 00372 * Uncomment this macro to let mbed TLS use your own implementation of a 00373 * hardware entropy collector. 00374 * 00375 * Your function must be called \c mbedtls_hardware_poll(), have the same 00376 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00377 * 00378 * Uncomment to use your own hardware entropy collector. 00379 */ 00380 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00381 00382 /** 00383 * \def MBEDTLS_AES_ROM_TABLES 00384 * 00385 * Store the AES tables in ROM. 00386 * 00387 * Uncomment this macro to store the AES tables in ROM. 00388 */ 00389 //#define MBEDTLS_AES_ROM_TABLES 00390 00391 /** 00392 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00393 * 00394 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00395 * 00396 * Uncomment this macro to use less memory for Camellia. 00397 */ 00398 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00399 00400 /** 00401 * \def MBEDTLS_CIPHER_MODE_CBC 00402 * 00403 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00404 */ 00405 #define MBEDTLS_CIPHER_MODE_CBC 00406 00407 /** 00408 * \def MBEDTLS_CIPHER_MODE_CFB 00409 * 00410 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00411 */ 00412 //#define MBEDTLS_CIPHER_MODE_CFB 00413 00414 /** 00415 * \def MBEDTLS_CIPHER_MODE_CTR 00416 * 00417 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00418 */ 00419 #define MBEDTLS_CIPHER_MODE_CTR 00420 00421 /** 00422 * \def MBEDTLS_CIPHER_NULL_CIPHER 00423 * 00424 * Enable NULL cipher. 00425 * Warning: Only do so when you know what you are doing. This allows for 00426 * encryption or channels without any security! 00427 * 00428 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00429 * the following ciphersuites: 00430 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00431 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00432 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00433 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00434 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00435 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00436 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00437 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00438 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00439 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00440 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00441 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00442 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00443 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00444 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00445 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00446 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00447 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00448 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00449 * 00450 * Uncomment this macro to enable the NULL cipher and ciphersuites 00451 */ 00452 //#define MBEDTLS_CIPHER_NULL_CIPHER 00453 00454 /** 00455 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00456 * 00457 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00458 * specific padding modes in the cipher layer with cipher modes that support 00459 * padding (e.g. CBC) 00460 * 00461 * If you disable all padding modes, only full blocks can be used with CBC. 00462 * 00463 * Enable padding modes in the cipher layer. 00464 */ 00465 #define MBEDTLS_CIPHER_PADDING_PKCS7 00466 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00467 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00468 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00469 00470 /** 00471 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00472 * 00473 * Enable weak ciphersuites in SSL / TLS. 00474 * Warning: Only do so when you know what you are doing. This allows for 00475 * channels with virtually no security at all! 00476 * 00477 * This enables the following ciphersuites: 00478 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00479 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00480 * 00481 * Uncomment this macro to enable weak ciphersuites 00482 */ 00483 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00484 00485 /** 00486 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00487 * 00488 * Remove RC4 ciphersuites by default in SSL / TLS. 00489 * This flag removes the ciphersuites based on RC4 from the default list as 00490 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00491 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00492 * explicitly. 00493 * 00494 * Uncomment this macro to remove RC4 ciphersuites by default. 00495 */ 00496 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00497 00498 /** 00499 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00500 * 00501 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00502 * module. By default all supported curves are enabled. 00503 * 00504 * Comment macros to disable the curve and functions for it 00505 */ 00506 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00507 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00508 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00509 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00510 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00511 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00512 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00513 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00514 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00515 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00516 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00517 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00518 00519 /** 00520 * \def MBEDTLS_ECP_NIST_OPTIM 00521 * 00522 * Enable specific 'modulo p' routines for each NIST prime. 00523 * Depending on the prime and architecture, makes operations 4 to 8 times 00524 * faster on the corresponding curve. 00525 * 00526 * Comment this macro to disable NIST curves optimisation. 00527 */ 00528 #define MBEDTLS_ECP_NIST_OPTIM 00529 00530 /** 00531 * \def MBEDTLS_ECDSA_DETERMINISTIC 00532 * 00533 * Enable deterministic ECDSA (RFC 6979). 00534 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00535 * may result in a compromise of the long-term signing key. This is avoided by 00536 * the deterministic variant. 00537 * 00538 * Requires: MBEDTLS_HMAC_DRBG_C 00539 * 00540 * Comment this macro to disable deterministic ECDSA. 00541 */ 00542 #define MBEDTLS_ECDSA_DETERMINISTIC 00543 /** 00544 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00545 * 00546 * Enable the PSK based ciphersuite modes in SSL / TLS. 00547 * 00548 * This enables the following ciphersuites (if other requisites are 00549 * enabled as well): 00550 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00551 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00552 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00553 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00554 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00555 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00556 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00557 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00558 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00559 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00560 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00561 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00562 */ 00563 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00564 00565 /** 00566 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00567 * 00568 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00569 * 00570 * Requires: MBEDTLS_DHM_C 00571 * 00572 * This enables the following ciphersuites (if other requisites are 00573 * enabled as well): 00574 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00575 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00576 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00577 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00578 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00579 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00580 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00581 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00582 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00583 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00584 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00585 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00586 */ 00587 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00588 00589 /** 00590 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00591 * 00592 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00593 * 00594 * Requires: MBEDTLS_ECDH_C 00595 * 00596 * This enables the following ciphersuites (if other requisites are 00597 * enabled as well): 00598 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00599 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00600 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00601 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00602 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00603 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00604 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00605 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00606 */ 00607 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00608 00609 /** 00610 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00611 * 00612 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00613 * 00614 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00615 * MBEDTLS_X509_CRT_PARSE_C 00616 * 00617 * This enables the following ciphersuites (if other requisites are 00618 * enabled as well): 00619 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00620 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00621 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00622 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00623 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00624 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00625 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00626 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00627 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00628 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00629 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00630 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00631 */ 00632 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00633 /** 00634 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00635 * 00636 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00637 * 00638 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00639 * MBEDTLS_X509_CRT_PARSE_C 00640 * 00641 * This enables the following ciphersuites (if other requisites are 00642 * enabled as well): 00643 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00644 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00645 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00646 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00647 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00648 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00649 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00650 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00651 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00652 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00653 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00654 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00655 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00656 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00657 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00658 */ 00659 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00660 00661 /** 00662 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00663 * 00664 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00665 * 00666 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00667 * MBEDTLS_X509_CRT_PARSE_C 00668 * 00669 * This enables the following ciphersuites (if other requisites are 00670 * enabled as well): 00671 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00672 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00673 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00674 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00675 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00676 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00677 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00678 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00679 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00680 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00681 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00682 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00683 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00684 */ 00685 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00686 00687 /** 00688 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00689 * 00690 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00691 * 00692 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00693 * MBEDTLS_X509_CRT_PARSE_C 00694 * 00695 * This enables the following ciphersuites (if other requisites are 00696 * enabled as well): 00697 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00698 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00699 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00700 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00701 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00702 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00703 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00704 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00705 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00706 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00707 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00708 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00709 */ 00710 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00711 00712 /** 00713 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00714 * 00715 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00716 * 00717 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00718 * 00719 * This enables the following ciphersuites (if other requisites are 00720 * enabled as well): 00721 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00722 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00723 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00724 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00725 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00726 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00727 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00728 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00729 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00730 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00731 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00732 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00733 */ 00734 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00735 /** 00736 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00737 * 00738 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00739 * 00740 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00741 * 00742 * This enables the following ciphersuites (if other requisites are 00743 * enabled as well): 00744 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00745 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00746 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00747 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00748 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00749 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00750 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00751 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00752 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00753 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00754 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00755 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00756 */ 00757 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00758 00759 /** 00760 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00761 * 00762 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00763 * 00764 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00765 * 00766 * This enables the following ciphersuites (if other requisites are 00767 * enabled as well): 00768 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00769 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00770 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00771 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00772 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00773 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00774 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00775 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00776 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00777 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00778 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00779 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00780 */ 00781 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00782 00783 /** 00784 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00785 * 00786 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00787 * 00788 * \warning This is currently experimental. EC J-PAKE support is based on the 00789 * Thread v1.0.0 specification; incompatible changes to the specification 00790 * might still happen. For this reason, this is disabled by default. 00791 * 00792 * Requires: MBEDTLS_ECJPAKE_C 00793 * MBEDTLS_SHA256_C 00794 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00795 * 00796 * This enables the following ciphersuites (if other requisites are 00797 * enabled as well): 00798 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00799 */ 00800 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00801 00802 /** 00803 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00804 * 00805 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00806 * RFC 5915 and RFC 5480. 00807 * 00808 * Currently this means parsing the SpecifiedECDomain choice of EC 00809 * parameters (only known groups are supported, not arbitrary domains, to 00810 * avoid validation issues). 00811 * 00812 * Disable if you only need to support RFC 5915 + 5480 key formats. 00813 */ 00814 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00815 00816 /** 00817 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00818 * 00819 * Enable a dummy error function to make use of mbedtls_strerror() in 00820 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00821 * (no effect when MBEDTLS_ERROR_C is enabled). 00822 * 00823 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00824 * not using mbedtls_strerror() or error_strerror() in your application. 00825 * 00826 * Disable if you run into name conflicts and want to really remove the 00827 * mbedtls_strerror() 00828 */ 00829 //#define MBEDTLS_ERROR_STRERROR_DUMMY 00830 00831 /** 00832 * \def MBEDTLS_GENPRIME 00833 * 00834 * Enable the prime-number generation code. 00835 * 00836 * Requires: MBEDTLS_BIGNUM_C 00837 */ 00838 //#define MBEDTLS_GENPRIME 00839 00840 /** 00841 * \def MBEDTLS_FS_IO 00842 * 00843 * Enable functions that use the filesystem. 00844 */ 00845 //#define MBEDTLS_FS_IO 00846 00847 /** 00848 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00849 * 00850 * Do not add default entropy sources. These are the platform specific, 00851 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00852 * 00853 * This is useful to have more control over the added entropy sources in an 00854 * application. 00855 * 00856 * Uncomment this macro to prevent loading of default entropy functions. 00857 */ 00858 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00859 00860 /** 00861 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00862 * 00863 * Do not use built-in platform entropy functions. 00864 * This is useful if your platform does not support 00865 * standards like the /dev/urandom or Windows CryptoAPI. 00866 * 00867 * Uncomment this macro to disable the built-in platform entropy functions. 00868 */ 00869 //#define MBEDTLS_NO_PLATFORM_ENTROPY 00870 00871 /** 00872 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00873 * 00874 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00875 * default SHA-512 based one (if both are available). 00876 * 00877 * Requires: MBEDTLS_SHA256_C 00878 * 00879 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00880 * if you have performance concerns. 00881 * 00882 * This option is only useful if both MBEDTLS_SHA256_C and 00883 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00884 */ 00885 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00886 00887 /** 00888 * \def MBEDTLS_ENTROPY_NV_SEED 00889 * 00890 * Enable the non-volatile (NV) seed file-based entropy source. 00891 * (Also enables the NV seed read/write functions in the platform layer) 00892 * 00893 * This is crucial (if not required) on systems that do not have a 00894 * cryptographic entropy source (in hardware or kernel) available. 00895 * 00896 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00897 * 00898 * \note The read/write functions that are used by the entropy source are 00899 * determined in the platform layer, and can be modified at runtime and/or 00900 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00901 * 00902 * \note If you use the default implementation functions that read a seedfile 00903 * with regular fopen(), please make sure you make a seedfile with the 00904 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00905 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00906 * and written to or you will get an entropy source error! The default 00907 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00908 * bytes from the file. 00909 * 00910 * \note The entropy collector will write to the seed file before entropy is 00911 * given to an external source, to update it. 00912 */ 00913 //#define MBEDTLS_ENTROPY_NV_SEED 00914 00915 /** 00916 * \def MBEDTLS_MEMORY_DEBUG 00917 * 00918 * Enable debugging of buffer allocator memory issues. Automatically prints 00919 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00920 * function for 'debug output' of allocated memory. 00921 * 00922 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00923 * 00924 * Uncomment this macro to let the buffer allocator print out error messages. 00925 */ 00926 //#define MBEDTLS_MEMORY_DEBUG 00927 00928 /** 00929 * \def MBEDTLS_MEMORY_BACKTRACE 00930 * 00931 * Include backtrace information with each allocated block. 00932 * 00933 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00934 * GLIBC-compatible backtrace() an backtrace_symbols() support 00935 * 00936 * Uncomment this macro to include backtrace information 00937 */ 00938 //#define MBEDTLS_MEMORY_BACKTRACE 00939 00940 /** 00941 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00942 * 00943 * Support external private RSA keys (eg from a HSM) in the PK layer. 00944 * 00945 * Comment this macro to disable support for external private RSA keys. 00946 */ 00947 //#define MBEDTLS_PK_RSA_ALT_SUPPORT 00948 00949 /** 00950 * \def MBEDTLS_PKCS1_V15 00951 * 00952 * Enable support for PKCS#1 v1.5 encoding. 00953 * 00954 * Requires: MBEDTLS_RSA_C 00955 * 00956 * This enables support for PKCS#1 v1.5 operations. 00957 */ 00958 #define MBEDTLS_PKCS1_V15 00959 00960 /** 00961 * \def MBEDTLS_PKCS1_V21 00962 * 00963 * Enable support for PKCS#1 v2.1 encoding. 00964 * 00965 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00966 * 00967 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00968 */ 00969 #define MBEDTLS_PKCS1_V21 00970 00971 /** 00972 * \def MBEDTLS_RSA_NO_CRT 00973 * 00974 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00975 * 00976 * Uncomment this macro to disable the use of CRT in RSA. 00977 * 00978 */ 00979 //#define MBEDTLS_RSA_NO_CRT 00980 00981 /** 00982 * \def MBEDTLS_SELF_TEST 00983 * 00984 * Enable the checkup functions (*_self_test). 00985 */ 00986 //#define MBEDTLS_SELF_TEST 00987 00988 /** 00989 * \def MBEDTLS_SHA256_SMALLER 00990 * 00991 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00992 * lower performance. 00993 * 00994 * The default implementation is meant to be a reasonnable compromise between 00995 * performance and size. This version optimizes more aggressively for size at 00996 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00997 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00998 * 30%. 00999 * 01000 * Uncomment to enable the smaller implementation of SHA256. 01001 */ 01002 //#define MBEDTLS_SHA256_SMALLER 01003 01004 /** 01005 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 01006 * 01007 * Enable sending of alert messages in case of encountered errors as per RFC. 01008 * If you choose not to send the alert messages, mbed TLS can still communicate 01009 * with other servers, only debugging of failures is harder. 01010 * 01011 * The advantage of not sending alert messages, is that no information is given 01012 * about reasons for failures thus preventing adversaries of gaining intel. 01013 * 01014 * Enable sending of all alert messages 01015 */ 01016 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 01017 01018 /** 01019 * \def MBEDTLS_SSL_DEBUG_ALL 01020 * 01021 * Enable the debug messages in SSL module for all issues. 01022 * Debug messages have been disabled in some places to prevent timing 01023 * attacks due to (unbalanced) debugging function calls. 01024 * 01025 * If you need all error reporting you should enable this during debugging, 01026 * but remove this for production servers that should log as well. 01027 * 01028 * Uncomment this macro to report all debug messages on errors introducing 01029 * a timing side-channel. 01030 * 01031 */ 01032 //#define MBEDTLS_SSL_DEBUG_ALL 01033 01034 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 01035 * 01036 * Enable support for Encrypt-then-MAC, RFC 7366. 01037 * 01038 * This allows peers that both support it to use a more robust protection for 01039 * ciphersuites using CBC, providing deep resistance against timing attacks 01040 * on the padding or underlying cipher. 01041 * 01042 * This only affects CBC ciphersuites, and is useless if none is defined. 01043 * 01044 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01045 * MBEDTLS_SSL_PROTO_TLS1_1 or 01046 * MBEDTLS_SSL_PROTO_TLS1_2 01047 * 01048 * Comment this macro to disable support for Encrypt-then-MAC 01049 */ 01050 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01051 01052 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01053 * 01054 * Enable support for Extended Master Secret, aka Session Hash 01055 * (draft-ietf-tls-session-hash-02). 01056 * 01057 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01058 * attacks, but it is recommended to always use it (even if you disable 01059 * renegotiation), since it actually fixes a more fundamental issue in the 01060 * original SSL/TLS design, and has implications beyond Triple Handshake. 01061 * 01062 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01063 * MBEDTLS_SSL_PROTO_TLS1_1 or 01064 * MBEDTLS_SSL_PROTO_TLS1_2 01065 * 01066 * Comment this macro to disable support for Extended Master Secret. 01067 */ 01068 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01069 01070 /** 01071 * \def MBEDTLS_SSL_FALLBACK_SCSV 01072 * 01073 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01074 * 01075 * For servers, it is recommended to always enable this, unless you support 01076 * only one version of TLS, or know for sure that none of your clients 01077 * implements a fallback strategy. 01078 * 01079 * For clients, you only need this if you're using a fallback strategy, which 01080 * is not recommended in the first place, unless you absolutely need it to 01081 * interoperate with buggy (version-intolerant) servers. 01082 * 01083 * Comment this macro to disable support for FALLBACK_SCSV 01084 */ 01085 //#define MBEDTLS_SSL_FALLBACK_SCSV 01086 01087 /** 01088 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01089 * 01090 * Enable hooking functions in SSL module for hardware acceleration of 01091 * individual records. 01092 * 01093 * Uncomment this macro to enable hooking functions. 01094 */ 01095 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01096 01097 /** 01098 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01099 * 01100 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01101 * 01102 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01103 * of interoperability issues compared to sending 0-length records. 01104 * 01105 * Comment this macro to disable 1/n-1 record splitting. 01106 */ 01107 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01108 01109 /** 01110 * \def MBEDTLS_SSL_RENEGOTIATION 01111 * 01112 * Disable support for TLS renegotiation. 01113 * 01114 * The two main uses of renegotiation are (1) refresh keys on long-lived 01115 * connections and (2) client authentication after the initial handshake. 01116 * If you don't need renegotiation, it's probably better to disable it, since 01117 * it has been associated with security issues in the past and is easy to 01118 * misuse/misunderstand. 01119 * 01120 * Comment this to disable support for renegotiation. 01121 */ 01122 #define MBEDTLS_SSL_RENEGOTIATION 01123 01124 /** 01125 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01126 * 01127 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01128 * SSL Server module (MBEDTLS_SSL_SRV_C). 01129 * 01130 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01131 */ 01132 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01133 01134 /** 01135 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01136 * 01137 * Pick the ciphersuite according to the client's preferences rather than ours 01138 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01139 * 01140 * Uncomment this macro to respect client's ciphersuite order 01141 */ 01142 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01143 01144 /** 01145 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01146 * 01147 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01148 * 01149 * Comment this macro to disable support for the max_fragment_length extension 01150 */ 01151 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01152 01153 /** 01154 * \def MBEDTLS_SSL_PROTO_SSL3 01155 * 01156 * Enable support for SSL 3.0. 01157 * 01158 * Requires: MBEDTLS_MD5_C 01159 * MBEDTLS_SHA1_C 01160 * 01161 * Comment this macro to disable support for SSL 3.0 01162 */ 01163 //#define MBEDTLS_SSL_PROTO_SSL3 01164 01165 /** 01166 * \def MBEDTLS_SSL_PROTO_TLS1 01167 * 01168 * Enable support for TLS 1.0. 01169 * 01170 * Requires: MBEDTLS_MD5_C 01171 * MBEDTLS_SHA1_C 01172 * 01173 * Comment this macro to disable support for TLS 1.0 01174 */ 01175 //#define MBEDTLS_SSL_PROTO_TLS1 01176 01177 /** 01178 * \def MBEDTLS_SSL_PROTO_TLS1_1 01179 * 01180 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01181 * 01182 * Requires: MBEDTLS_MD5_C 01183 * MBEDTLS_SHA1_C 01184 * 01185 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01186 */ 01187 //#define MBEDTLS_SSL_PROTO_TLS1_1 01188 01189 /** 01190 * \def MBEDTLS_SSL_PROTO_TLS1_2 01191 * 01192 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01193 * 01194 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01195 * (Depends on ciphersuites) 01196 * 01197 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01198 */ 01199 #define MBEDTLS_SSL_PROTO_TLS1_2 01200 01201 /** 01202 * \def MBEDTLS_SSL_PROTO_DTLS 01203 * 01204 * Enable support for DTLS (all available versions). 01205 * 01206 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01207 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01208 * 01209 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01210 * or MBEDTLS_SSL_PROTO_TLS1_2 01211 * 01212 * Comment this macro to disable support for DTLS 01213 */ 01214 #define MBEDTLS_SSL_PROTO_DTLS 01215 01216 /** 01217 * \def MBEDTLS_SSL_ALPN 01218 * 01219 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01220 * 01221 * Comment this macro to disable support for ALPN. 01222 */ 01223 #define MBEDTLS_SSL_ALPN 01224 01225 /** 01226 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01227 * 01228 * Enable support for the anti-replay mechanism in DTLS. 01229 * 01230 * Requires: MBEDTLS_SSL_TLS_C 01231 * MBEDTLS_SSL_PROTO_DTLS 01232 * 01233 * \warning Disabling this is often a security risk! 01234 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01235 * 01236 * Comment this to disable anti-replay in DTLS. 01237 */ 01238 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01239 01240 /** 01241 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01242 * 01243 * Enable support for HelloVerifyRequest on DTLS servers. 01244 * 01245 * This feature is highly recommended to prevent DTLS servers being used as 01246 * amplifiers in DoS attacks against other hosts. It should always be enabled 01247 * unless you know for sure amplification cannot be a problem in the 01248 * environment in which your server operates. 01249 * 01250 * \warning Disabling this can ba a security risk! (see above) 01251 * 01252 * Requires: MBEDTLS_SSL_PROTO_DTLS 01253 * 01254 * Comment this to disable support for HelloVerifyRequest. 01255 */ 01256 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01257 01258 /** 01259 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01260 * 01261 * Enable server-side support for clients that reconnect from the same port. 01262 * 01263 * Some clients unexpectedly close the connection and try to reconnect using the 01264 * same source port. This needs special support from the server to handle the 01265 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01266 * flag enables that support. 01267 * 01268 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01269 * 01270 * Comment this to disable support for clients reusing the source port. 01271 */ 01272 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01273 01274 /** 01275 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01276 * 01277 * Enable support for a limit of records with bad MAC. 01278 * 01279 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01280 * 01281 * Requires: MBEDTLS_SSL_PROTO_DTLS 01282 */ 01283 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01284 01285 /** 01286 * \def MBEDTLS_SSL_SESSION_TICKETS 01287 * 01288 * Enable support for RFC 5077 session tickets in SSL. 01289 * Client-side, provides full support for session tickets (maintainance of a 01290 * session store remains the responsibility of the application, though). 01291 * Server-side, you also need to provide callbacks for writing and parsing 01292 * tickets, including authenticated encryption and key management. Example 01293 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01294 * 01295 * Comment this macro to disable support for SSL session tickets 01296 */ 01297 #define MBEDTLS_SSL_SESSION_TICKETS 01298 01299 /** 01300 * \def MBEDTLS_SSL_EXPORT_KEYS 01301 * 01302 * Enable support for exporting key block and master secret. 01303 * This is required for certain users of TLS, e.g. EAP-TLS. 01304 * 01305 * Comment this macro to disable support for key export 01306 */ 01307 #define MBEDTLS_SSL_EXPORT_KEYS 01308 01309 /** 01310 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01311 * 01312 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01313 * 01314 * Requires: MBEDTLS_X509_CRT_PARSE_C 01315 * 01316 * Comment this macro to disable support for server name indication in SSL 01317 */ 01318 //#define MBEDTLS_SSL_SERVER_NAME_INDICATION 01319 /** 01320 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01321 * 01322 * Enable support for RFC 6066 truncated HMAC in SSL. 01323 * 01324 * Comment this macro to disable support for truncated HMAC in SSL 01325 */ 01326 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01327 01328 /** 01329 * \def MBEDTLS_THREADING_ALT 01330 * 01331 * Provide your own alternate threading implementation. 01332 * 01333 * Requires: MBEDTLS_THREADING_C 01334 * 01335 * Uncomment this to allow your own alternate threading implementation. 01336 */ 01337 //#define MBEDTLS_THREADING_ALT 01338 01339 /** 01340 * \def MBEDTLS_THREADING_PTHREAD 01341 * 01342 * Enable the pthread wrapper layer for the threading layer. 01343 * 01344 * Requires: MBEDTLS_THREADING_C 01345 * 01346 * Uncomment this to enable pthread mutexes. 01347 */ 01348 //#define MBEDTLS_THREADING_PTHREAD 01349 01350 /** 01351 * \def MBEDTLS_VERSION_FEATURES 01352 * 01353 * Allow run-time checking of compile-time enabled features. Thus allowing users 01354 * to check at run-time if the library is for instance compiled with threading 01355 * support via mbedtls_version_check_feature(). 01356 * 01357 * Requires: MBEDTLS_VERSION_C 01358 * 01359 * Comment this to disable run-time checking and save ROM space 01360 */ 01361 //#define MBEDTLS_VERSION_FEATURES 01362 /** 01363 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01364 * 01365 * If set, the X509 parser will not break-off when parsing an X509 certificate 01366 * and encountering an extension in a v1 or v2 certificate. 01367 * 01368 * Uncomment to prevent an error. 01369 */ 01370 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01371 01372 /** 01373 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01374 * 01375 * If set, the X509 parser will not break-off when parsing an X509 certificate 01376 * and encountering an unknown critical extension. 01377 * 01378 * \warning Depending on your PKI use, enabling this can be a security risk! 01379 * 01380 * Uncomment to prevent an error. 01381 */ 01382 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01383 01384 /** 01385 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01386 * 01387 * Enable verification of the keyUsage extension (CA and leaf certificates). 01388 * 01389 * Disabling this avoids problems with mis-issued and/or misused 01390 * (intermediate) CA and leaf certificates. 01391 * 01392 * \warning Depending on your PKI use, disabling this can be a security risk! 01393 * 01394 * Comment to skip keyUsage checking for both CA and leaf certificates. 01395 */ 01396 #define MBEDTLS_X509_CHECK_KEY_USAGE 01397 01398 /** 01399 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01400 * 01401 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01402 * 01403 * Disabling this avoids problems with mis-issued and/or misused certificates. 01404 * 01405 * \warning Depending on your PKI use, disabling this can be a security risk! 01406 * 01407 * Comment to skip extendedKeyUsage checking for certificates. 01408 */ 01409 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01410 01411 /** 01412 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01413 * 01414 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01415 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01416 * 01417 * Comment this macro to disallow using RSASSA-PSS in certificates. 01418 */ 01419 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01420 /** 01421 * \def MBEDTLS_ZLIB_SUPPORT 01422 * 01423 * If set, the SSL/TLS module uses ZLIB to support compression and 01424 * decompression of packet data. 01425 * 01426 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01427 * CRIME attack. Before enabling this option, you should examine with care if 01428 * CRIME or similar exploits may be a applicable to your use case. 01429 * 01430 * \note Currently compression can't be used with DTLS. 01431 * 01432 * Used in: library/ssl_tls.c 01433 * library/ssl_cli.c 01434 * library/ssl_srv.c 01435 * 01436 * This feature requires zlib library and headers to be present. 01437 * 01438 * Uncomment to enable use of ZLIB 01439 */ 01440 //#define MBEDTLS_ZLIB_SUPPORT 01441 /* \} name SECTION: mbed TLS feature support */ 01442 01443 /** 01444 * \name SECTION: mbed TLS modules 01445 * 01446 * This section enables or disables entire modules in mbed TLS 01447 * \{ 01448 */ 01449 01450 /** 01451 * \def MBEDTLS_AESNI_C 01452 * 01453 * Enable AES-NI support on x86-64. 01454 * 01455 * Module: library/aesni.c 01456 * Caller: library/aes.c 01457 * 01458 * Requires: MBEDTLS_HAVE_ASM 01459 * 01460 * This modules adds support for the AES-NI instructions on x86-64 01461 */ 01462 //#define MBEDTLS_AESNI_C 01463 01464 /** 01465 * \def MBEDTLS_AES_C 01466 * 01467 * Enable the AES block cipher. 01468 * 01469 * Module: library/aes.c 01470 * Caller: library/ssl_tls.c 01471 * library/pem.c 01472 * library/ctr_drbg.c 01473 * 01474 * This module enables the following ciphersuites (if other requisites are 01475 * enabled as well): 01476 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01477 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01478 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01479 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01480 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01481 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01482 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01483 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01484 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01485 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01486 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01487 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01488 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01489 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01490 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01491 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01492 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01493 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01494 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01495 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01496 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01497 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01498 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01499 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01500 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01501 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01502 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01503 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01504 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01505 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01506 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01507 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01508 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01509 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01510 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01511 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01512 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01513 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01514 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01515 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01516 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01517 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01518 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01519 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01520 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01521 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01522 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01523 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01524 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01525 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01526 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01527 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01528 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01529 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01530 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01531 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01532 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01533 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01534 * 01535 * PEM_PARSE uses AES for decrypting encrypted keys. 01536 */ 01537 #define MBEDTLS_AES_C 01538 01539 /** 01540 * \def MBEDTLS_ARC4_C 01541 * 01542 * Enable the ARCFOUR stream cipher. 01543 * 01544 * Module: library/arc4.c 01545 * Caller: library/ssl_tls.c 01546 * 01547 * This module enables the following ciphersuites (if other requisites are 01548 * enabled as well): 01549 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01550 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01551 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01552 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01553 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01554 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01555 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01556 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01557 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01558 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01559 */ 01560 //#define MBEDTLS_ARC4_C 01561 01562 /** 01563 * \def MBEDTLS_ASN1_PARSE_C 01564 * 01565 * Enable the generic ASN1 parser. 01566 * 01567 * Module: library/asn1.c 01568 * Caller: library/x509.c 01569 * library/dhm.c 01570 * library/pkcs12.c 01571 * library/pkcs5.c 01572 * library/pkparse.c 01573 */ 01574 #define MBEDTLS_ASN1_PARSE_C 01575 01576 /** 01577 * \def MBEDTLS_ASN1_WRITE_C 01578 * 01579 * Enable the generic ASN1 writer. 01580 * 01581 * Module: library/asn1write.c 01582 * Caller: library/ecdsa.c 01583 * library/pkwrite.c 01584 * library/x509_create.c 01585 * library/x509write_crt.c 01586 * library/x509write_csr.c 01587 */ 01588 #define MBEDTLS_ASN1_WRITE_C 01589 01590 /** 01591 * \def MBEDTLS_BASE64_C 01592 * 01593 * Enable the Base64 module. 01594 * 01595 * Module: library/base64.c 01596 * Caller: library/pem.c 01597 * 01598 * This module is required for PEM support (required by X.509). 01599 */ 01600 //#define MBEDTLS_BASE64_C 01601 01602 /** 01603 * \def MBEDTLS_BIGNUM_C 01604 * 01605 * Enable the multi-precision integer library. 01606 * 01607 * Module: library/bignum.c 01608 * Caller: library/dhm.c 01609 * library/ecp.c 01610 * library/ecdsa.c 01611 * library/rsa.c 01612 * library/ssl_tls.c 01613 * 01614 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01615 */ 01616 #define MBEDTLS_BIGNUM_C 01617 01618 /** 01619 * \def MBEDTLS_BLOWFISH_C 01620 * 01621 * Enable the Blowfish block cipher. 01622 * 01623 * Module: library/blowfish.c 01624 */ 01625 //#define MBEDTLS_BLOWFISH_C 01626 01627 /** 01628 * \def MBEDTLS_CAMELLIA_C 01629 * 01630 * Enable the Camellia block cipher. 01631 * 01632 * Module: library/camellia.c 01633 * Caller: library/ssl_tls.c 01634 * 01635 * This module enables the following ciphersuites (if other requisites are 01636 * enabled as well): 01637 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01638 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01639 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01640 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01641 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01642 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01643 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01644 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01645 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01646 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01647 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01648 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01649 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01650 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01651 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01652 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01653 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01654 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01655 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01656 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01657 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01658 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01659 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01660 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01661 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01662 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01663 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01664 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01665 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01666 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01667 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01668 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01669 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01670 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01671 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01672 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01673 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01674 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01675 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01676 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01677 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01678 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01679 */ 01680 //#define MBEDTLS_CAMELLIA_C 01681 01682 /** 01683 * \def MBEDTLS_CCM_C 01684 * 01685 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01686 * 01687 * Module: library/ccm.c 01688 * 01689 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01690 * 01691 * This module enables the AES-CCM ciphersuites, if other requisites are 01692 * enabled as well. 01693 */ 01694 #define MBEDTLS_CCM_C 01695 01696 /** 01697 * \def MBEDTLS_CERTS_C 01698 * 01699 * Enable the test certificates. 01700 * 01701 * Module: library/certs.c 01702 * Caller: 01703 * 01704 * This module is used for testing (ssl_client/server). 01705 */ 01706 //#define MBEDTLS_CERTS_C 01707 01708 /** 01709 * \def MBEDTLS_CIPHER_C 01710 * 01711 * Enable the generic cipher layer. 01712 * 01713 * Module: library/cipher.c 01714 * Caller: library/ssl_tls.c 01715 * 01716 * Uncomment to enable generic cipher wrappers. 01717 */ 01718 #define MBEDTLS_CIPHER_C 01719 01720 /** 01721 * \def MBEDTLS_CMAC_C 01722 * 01723 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01724 * ciphers. 01725 * 01726 * Module: library/cmac.c 01727 * 01728 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01729 * 01730 */ 01731 #define MBEDTLS_CMAC_C 01732 01733 /** 01734 * \def MBEDTLS_CTR_DRBG_C 01735 * 01736 * Enable the CTR_DRBG AES-256-based random generator. 01737 * 01738 * Module: library/ctr_drbg.c 01739 * Caller: 01740 * 01741 * Requires: MBEDTLS_AES_C 01742 * 01743 * This module provides the CTR_DRBG AES-256 random number generator. 01744 */ 01745 #define MBEDTLS_CTR_DRBG_C 01746 01747 /** 01748 * \def MBEDTLS_DEBUG_C 01749 * 01750 * Enable the debug functions. 01751 * 01752 * Module: library/debug.c 01753 * Caller: library/ssl_cli.c 01754 * library/ssl_srv.c 01755 * library/ssl_tls.c 01756 * 01757 * This module provides debugging functions. 01758 */ 01759 //#define MBEDTLS_DEBUG_C 01760 01761 /** 01762 * \def MBEDTLS_DES_C 01763 * 01764 * Enable the DES block cipher. 01765 * 01766 * Module: library/des.c 01767 * Caller: library/pem.c 01768 * library/ssl_tls.c 01769 * 01770 * This module enables the following ciphersuites (if other requisites are 01771 * enabled as well): 01772 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01773 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01774 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01775 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01776 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01777 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01778 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01779 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01780 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01781 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01782 * 01783 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01784 */ 01785 //#define MBEDTLS_DES_C 01786 01787 /** 01788 * \def MBEDTLS_DHM_C 01789 * 01790 * Enable the Diffie-Hellman-Merkle module. 01791 * 01792 * Module: library/dhm.c 01793 * Caller: library/ssl_cli.c 01794 * library/ssl_srv.c 01795 * 01796 * This module is used by the following key exchanges: 01797 * DHE-RSA, DHE-PSK 01798 */ 01799 //#define MBEDTLS_DHM_C 01800 01801 /** 01802 * \def MBEDTLS_ECDH_C 01803 * 01804 * Enable the elliptic curve Diffie-Hellman library. 01805 * 01806 * Module: library/ecdh.c 01807 * Caller: library/ssl_cli.c 01808 * library/ssl_srv.c 01809 * 01810 * This module is used by the following key exchanges: 01811 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01812 * 01813 * Requires: MBEDTLS_ECP_C 01814 */ 01815 #define MBEDTLS_ECDH_C 01816 01817 /** 01818 * \def MBEDTLS_ECDSA_C 01819 * 01820 * Enable the elliptic curve DSA library. 01821 * 01822 * Module: library/ecdsa.c 01823 * Caller: 01824 * 01825 * This module is used by the following key exchanges: 01826 * ECDHE-ECDSA 01827 * 01828 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01829 */ 01830 #define MBEDTLS_ECDSA_C 01831 01832 /** 01833 * \def MBEDTLS_ECJPAKE_C 01834 * 01835 * Enable the elliptic curve J-PAKE library. 01836 * 01837 * \warning This is currently experimental. EC J-PAKE support is based on the 01838 * Thread v1.0.0 specification; incompatible changes to the specification 01839 * might still happen. For this reason, this is disabled by default. 01840 * 01841 * Module: library/ecjpake.c 01842 * Caller: 01843 * 01844 * This module is used by the following key exchanges: 01845 * ECJPAKE 01846 * 01847 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01848 */ 01849 //#define MBEDTLS_ECJPAKE_C 01850 01851 /** 01852 * \def MBEDTLS_ECP_C 01853 * 01854 * Enable the elliptic curve over GF(p) library. 01855 * 01856 * Module: library/ecp.c 01857 * Caller: library/ecdh.c 01858 * library/ecdsa.c 01859 * library/ecjpake.c 01860 * 01861 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01862 */ 01863 #define MBEDTLS_ECP_C 01864 01865 /** 01866 * \def MBEDTLS_ENTROPY_C 01867 * 01868 * Enable the platform-specific entropy code. 01869 * 01870 * Module: library/entropy.c 01871 * Caller: 01872 * 01873 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01874 * 01875 * This module provides a generic entropy pool 01876 */ 01877 #define MBEDTLS_ENTROPY_C 01878 01879 /** 01880 * \def MBEDTLS_ERROR_C 01881 * 01882 * Enable error code to error string conversion. 01883 * 01884 * Module: library/error.c 01885 * Caller: 01886 * 01887 * This module enables mbedtls_strerror(). 01888 */ 01889 //#define MBEDTLS_ERROR_C 01890 01891 /** 01892 * \def MBEDTLS_GCM_C 01893 * 01894 * Enable the Galois/Counter Mode (GCM) for AES. 01895 * 01896 * Module: library/gcm.c 01897 * 01898 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01899 * 01900 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01901 * requisites are enabled as well. 01902 */ 01903 #define MBEDTLS_GCM_C 01904 01905 /** 01906 * \def MBEDTLS_HAVEGE_C 01907 * 01908 * Enable the HAVEGE random generator. 01909 * 01910 * Warning: the HAVEGE random generator is not suitable for virtualized 01911 * environments 01912 * 01913 * Warning: the HAVEGE random generator is dependent on timing and specific 01914 * processor traits. It is therefore not advised to use HAVEGE as 01915 * your applications primary random generator or primary entropy pool 01916 * input. As a secondary input to your entropy pool, it IS able add 01917 * the (limited) extra entropy it provides. 01918 * 01919 * Module: library/havege.c 01920 * Caller: 01921 * 01922 * Requires: MBEDTLS_TIMING_C 01923 * 01924 * Uncomment to enable the HAVEGE random generator. 01925 */ 01926 //#define MBEDTLS_HAVEGE_C 01927 01928 /** 01929 * \def MBEDTLS_HMAC_DRBG_C 01930 * 01931 * Enable the HMAC_DRBG random generator. 01932 * 01933 * Module: library/hmac_drbg.c 01934 * Caller: 01935 * 01936 * Requires: MBEDTLS_MD_C 01937 * 01938 * Uncomment to enable the HMAC_DRBG random number geerator. 01939 */ 01940 #define MBEDTLS_HMAC_DRBG_C 01941 01942 /** 01943 * \def MBEDTLS_MD_C 01944 * 01945 * Enable the generic message digest layer. 01946 * 01947 * Module: library/md.c 01948 * Caller: 01949 * 01950 * Uncomment to enable generic message digest wrappers. 01951 */ 01952 #define MBEDTLS_MD_C 01953 01954 /** 01955 * \def MBEDTLS_MD2_C 01956 * 01957 * Enable the MD2 hash algorithm. 01958 * 01959 * Module: library/md2.c 01960 * Caller: 01961 * 01962 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01963 */ 01964 //#define MBEDTLS_MD2_C 01965 01966 /** 01967 * \def MBEDTLS_MD4_C 01968 * 01969 * Enable the MD4 hash algorithm. 01970 * 01971 * Module: library/md4.c 01972 * Caller: 01973 * 01974 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01975 */ 01976 //#define MBEDTLS_MD4_C 01977 01978 /** 01979 * \def MBEDTLS_MD5_C 01980 * 01981 * Enable the MD5 hash algorithm. 01982 * 01983 * Module: library/md5.c 01984 * Caller: library/md.c 01985 * library/pem.c 01986 * library/ssl_tls.c 01987 * 01988 * This module is required for SSL/TLS and X.509. 01989 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01990 */ 01991 //#define MBEDTLS_MD5_C 01992 01993 /** 01994 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01995 * 01996 * Enable the buffer allocator implementation that makes use of a (stack) 01997 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01998 * calls) 01999 * 02000 * Module: library/memory_buffer_alloc.c 02001 * 02002 * Requires: MBEDTLS_PLATFORM_C 02003 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 02004 * 02005 * Enable this module to enable the buffer memory allocator. 02006 */ 02007 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 02008 02009 /** 02010 * \def MBEDTLS_NET_C 02011 * 02012 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 02013 * 02014 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 02015 * and Windows. For other platforms, you'll want to disable it, and write your 02016 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 02017 * 02018 * \note See also our Knowledge Base article about porting to a new 02019 * environment: 02020 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02021 * 02022 * Module: library/net_sockets.c 02023 * 02024 * This module provides networking routines. 02025 */ 02026 //#define MBEDTLS_NET_C 02027 02028 /** 02029 * \def MBEDTLS_OID_C 02030 * 02031 * Enable the OID database. 02032 * 02033 * Module: library/oid.c 02034 * Caller: library/asn1write.c 02035 * library/pkcs5.c 02036 * library/pkparse.c 02037 * library/pkwrite.c 02038 * library/rsa.c 02039 * library/x509.c 02040 * library/x509_create.c 02041 * library/x509_crl.c 02042 * library/x509_crt.c 02043 * library/x509_csr.c 02044 * library/x509write_crt.c 02045 * library/x509write_csr.c 02046 * 02047 * This modules translates between OIDs and internal values. 02048 */ 02049 #define MBEDTLS_OID_C 02050 02051 /** 02052 * \def MBEDTLS_PADLOCK_C 02053 * 02054 * Enable VIA Padlock support on x86. 02055 * 02056 * Module: library/padlock.c 02057 * Caller: library/aes.c 02058 * 02059 * Requires: MBEDTLS_HAVE_ASM 02060 * 02061 * This modules adds support for the VIA PadLock on x86. 02062 */ 02063 //#define MBEDTLS_PADLOCK_C 02064 02065 /** 02066 * \def MBEDTLS_PEM_PARSE_C 02067 * 02068 * Enable PEM decoding / parsing. 02069 * 02070 * Module: library/pem.c 02071 * Caller: library/dhm.c 02072 * library/pkparse.c 02073 * library/x509_crl.c 02074 * library/x509_crt.c 02075 * library/x509_csr.c 02076 * 02077 * Requires: MBEDTLS_BASE64_C 02078 * 02079 * This modules adds support for decoding / parsing PEM files. 02080 */ 02081 //#define MBEDTLS_PEM_PARSE_C 02082 02083 /** 02084 * \def MBEDTLS_PEM_WRITE_C 02085 * 02086 * Enable PEM encoding / writing. 02087 * 02088 * Module: library/pem.c 02089 * Caller: library/pkwrite.c 02090 * library/x509write_crt.c 02091 * library/x509write_csr.c 02092 * 02093 * Requires: MBEDTLS_BASE64_C 02094 * 02095 * This modules adds support for encoding / writing PEM files. 02096 */ 02097 //#define MBEDTLS_PEM_WRITE_C 02098 02099 /** 02100 * \def MBEDTLS_PK_C 02101 * 02102 * Enable the generic public (asymetric) key layer. 02103 * 02104 * Module: library/pk.c 02105 * Caller: library/ssl_tls.c 02106 * library/ssl_cli.c 02107 * library/ssl_srv.c 02108 * 02109 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02110 * 02111 * Uncomment to enable generic public key wrappers. 02112 */ 02113 #define MBEDTLS_PK_C 02114 02115 /** 02116 * \def MBEDTLS_PK_PARSE_C 02117 * 02118 * Enable the generic public (asymetric) key parser. 02119 * 02120 * Module: library/pkparse.c 02121 * Caller: library/x509_crt.c 02122 * library/x509_csr.c 02123 * 02124 * Requires: MBEDTLS_PK_C 02125 * 02126 * Uncomment to enable generic public key parse functions. 02127 */ 02128 #define MBEDTLS_PK_PARSE_C 02129 02130 /** 02131 * \def MBEDTLS_PK_WRITE_C 02132 * 02133 * Enable the generic public (asymetric) key writer. 02134 * 02135 * Module: library/pkwrite.c 02136 * Caller: library/x509write.c 02137 * 02138 * Requires: MBEDTLS_PK_C 02139 * 02140 * Uncomment to enable generic public key write functions. 02141 */ 02142 #define MBEDTLS_PK_WRITE_C 02143 02144 /** 02145 * \def MBEDTLS_PKCS5_C 02146 * 02147 * Enable PKCS#5 functions. 02148 * 02149 * Module: library/pkcs5.c 02150 * 02151 * Requires: MBEDTLS_MD_C 02152 * 02153 * This module adds support for the PKCS#5 functions. 02154 */ 02155 //#define MBEDTLS_PKCS5_C 02156 02157 /** 02158 * \def MBEDTLS_PKCS11_C 02159 * 02160 * Enable wrapper for PKCS#11 smartcard support. 02161 * 02162 * Module: library/pkcs11.c 02163 * Caller: library/pk.c 02164 * 02165 * Requires: MBEDTLS_PK_C 02166 * 02167 * This module enables SSL/TLS PKCS #11 smartcard support. 02168 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02169 */ 02170 //#define MBEDTLS_PKCS11_C 02171 02172 /** 02173 * \def MBEDTLS_PKCS12_C 02174 * 02175 * Enable PKCS#12 PBE functions. 02176 * Adds algorithms for parsing PKCS#8 encrypted private keys 02177 * 02178 * Module: library/pkcs12.c 02179 * Caller: library/pkparse.c 02180 * 02181 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02182 * Can use: MBEDTLS_ARC4_C 02183 * 02184 * This module enables PKCS#12 functions. 02185 */ 02186 //#define MBEDTLS_PKCS12_C 02187 02188 /** 02189 * \def MBEDTLS_PLATFORM_C 02190 * 02191 * Enable the platform abstraction layer that allows you to re-assign 02192 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02193 * 02194 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02195 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02196 * above to be specified at runtime or compile time respectively. 02197 * 02198 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02199 * as other module rely on it for a fixed snprintf implementation. 02200 * 02201 * Module: library/platform.c 02202 * Caller: Most other .c files 02203 * 02204 * This module enables abstraction of common (libc) functions. 02205 */ 02206 #define MBEDTLS_PLATFORM_C 02207 02208 /** 02209 * \def MBEDTLS_RIPEMD160_C 02210 * 02211 * Enable the RIPEMD-160 hash algorithm. 02212 * 02213 * Module: library/ripemd160.c 02214 * Caller: library/md.c 02215 * 02216 */ 02217 //#define MBEDTLS_RIPEMD160_C 02218 02219 /** 02220 * \def MBEDTLS_RSA_C 02221 * 02222 * Enable the RSA public-key cryptosystem. 02223 * 02224 * Module: library/rsa.c 02225 * Caller: library/ssl_cli.c 02226 * library/ssl_srv.c 02227 * library/ssl_tls.c 02228 * library/x509.c 02229 * 02230 * This module is used by the following key exchanges: 02231 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02232 * 02233 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02234 */ 02235 //#define MBEDTLS_RSA_C 02236 02237 /** 02238 * \def MBEDTLS_SHA1_C 02239 * 02240 * Enable the SHA1 cryptographic hash algorithm. 02241 * 02242 * Module: library/sha1.c 02243 * Caller: library/md.c 02244 * library/ssl_cli.c 02245 * library/ssl_srv.c 02246 * library/ssl_tls.c 02247 * library/x509write_crt.c 02248 * 02249 * This module is required for SSL/TLS and SHA1-signed certificates. 02250 */ 02251 //#define MBEDTLS_SHA1_C 02252 02253 /** 02254 * \def MBEDTLS_SHA256_C 02255 * 02256 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02257 * 02258 * Module: library/sha256.c 02259 * Caller: library/entropy.c 02260 * library/md.c 02261 * library/ssl_cli.c 02262 * library/ssl_srv.c 02263 * library/ssl_tls.c 02264 * 02265 * This module adds support for SHA-224 and SHA-256. 02266 * This module is required for the SSL/TLS 1.2 PRF function. 02267 */ 02268 #define MBEDTLS_SHA256_C 02269 02270 /** 02271 * \def MBEDTLS_SHA512_C 02272 * 02273 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02274 * 02275 * Module: library/sha512.c 02276 * Caller: library/entropy.c 02277 * library/md.c 02278 * library/ssl_cli.c 02279 * library/ssl_srv.c 02280 * 02281 * This module adds support for SHA-384 and SHA-512. 02282 */ 02283 //#define MBEDTLS_SHA512_C 02284 /** 02285 * \def MBEDTLS_SSL_CACHE_C 02286 * 02287 * Enable simple SSL cache implementation. 02288 * 02289 * Module: library/ssl_cache.c 02290 * Caller: 02291 * 02292 * Requires: MBEDTLS_SSL_CACHE_C 02293 */ 02294 #define MBEDTLS_SSL_CACHE_C 02295 02296 /** 02297 * \def MBEDTLS_SSL_COOKIE_C 02298 * 02299 * Enable basic implementation of DTLS cookies for hello verification. 02300 * 02301 * Module: library/ssl_cookie.c 02302 * Caller: 02303 */ 02304 #define MBEDTLS_SSL_COOKIE_C 02305 02306 /** 02307 * \def MBEDTLS_SSL_TICKET_C 02308 * 02309 * Enable an implementation of TLS server-side callbacks for session tickets. 02310 * 02311 * Module: library/ssl_ticket.c 02312 * Caller: 02313 * 02314 * Requires: MBEDTLS_CIPHER_C 02315 */ 02316 #define MBEDTLS_SSL_TICKET_C 02317 02318 /** 02319 * \def MBEDTLS_SSL_CLI_C 02320 * 02321 * Enable the SSL/TLS client code. 02322 * 02323 * Module: library/ssl_cli.c 02324 * Caller: 02325 * 02326 * Requires: MBEDTLS_SSL_TLS_C 02327 * 02328 * This module is required for SSL/TLS client support. 02329 */ 02330 #define MBEDTLS_SSL_CLI_C 02331 02332 /** 02333 * \def MBEDTLS_SSL_SRV_C 02334 * 02335 * Enable the SSL/TLS server code. 02336 * 02337 * Module: library/ssl_srv.c 02338 * Caller: 02339 * 02340 * Requires: MBEDTLS_SSL_TLS_C 02341 * 02342 * This module is required for SSL/TLS server support. 02343 */ 02344 //#define MBEDTLS_SSL_SRV_C 02345 02346 /** 02347 * \def MBEDTLS_SSL_TLS_C 02348 * 02349 * Enable the generic SSL/TLS code. 02350 * 02351 * Module: library/ssl_tls.c 02352 * Caller: library/ssl_cli.c 02353 * library/ssl_srv.c 02354 * 02355 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02356 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02357 * 02358 * This module is required for SSL/TLS. 02359 */ 02360 #define MBEDTLS_SSL_TLS_C 02361 02362 /** 02363 * \def MBEDTLS_THREADING_C 02364 * 02365 * Enable the threading abstraction layer. 02366 * By default mbed TLS assumes it is used in a non-threaded environment or that 02367 * contexts are not shared between threads. If you do intend to use contexts 02368 * between threads, you will need to enable this layer to prevent race 02369 * conditions. See also our Knowledge Base article about threading: 02370 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02371 * 02372 * Module: library/threading.c 02373 * 02374 * This allows different threading implementations (self-implemented or 02375 * provided). 02376 * 02377 * You will have to enable either MBEDTLS_THREADING_ALT or 02378 * MBEDTLS_THREADING_PTHREAD. 02379 * 02380 * Enable this layer to allow use of mutexes within mbed TLS 02381 */ 02382 //#define MBEDTLS_THREADING_C 02383 02384 /** 02385 * \def MBEDTLS_TIMING_C 02386 * 02387 * Enable the semi-portable timing interface. 02388 * 02389 * \note The provided implementation only works on POSIX/Unix (including Linux, 02390 * BSD and OS X) and Windows. On other platforms, you can either disable that 02391 * module and provide your own implementations of the callbacks needed by 02392 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02393 * your own implementation of the whole module by setting 02394 * \c MBEDTLS_TIMING_ALT in the current file. 02395 * 02396 * \note See also our Knowledge Base article about porting to a new 02397 * environment: 02398 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02399 * 02400 * Module: library/timing.c 02401 * Caller: library/havege.c 02402 * 02403 * This module is used by the HAVEGE random number generator. 02404 */ 02405 //#define MBEDTLS_TIMING_C 02406 02407 /** 02408 * \def MBEDTLS_VERSION_C 02409 * 02410 * Enable run-time version information. 02411 * 02412 * Module: library/version.c 02413 * 02414 * This module provides run-time version information. 02415 */ 02416 #define MBEDTLS_VERSION_C 02417 /** 02418 * \def MBEDTLS_X509_USE_C 02419 * 02420 * Enable X.509 core for using certificates. 02421 * 02422 * Module: library/x509.c 02423 * Caller: library/x509_crl.c 02424 * library/x509_crt.c 02425 * library/x509_csr.c 02426 * 02427 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02428 * MBEDTLS_PK_PARSE_C 02429 * 02430 * This module is required for the X.509 parsing modules. 02431 */ 02432 //#define MBEDTLS_X509_USE_C 02433 02434 /** 02435 * \def MBEDTLS_X509_CRT_PARSE_C 02436 * 02437 * Enable X.509 certificate parsing. 02438 * 02439 * Module: library/x509_crt.c 02440 * Caller: library/ssl_cli.c 02441 * library/ssl_srv.c 02442 * library/ssl_tls.c 02443 * 02444 * Requires: MBEDTLS_X509_USE_C 02445 * 02446 * This module is required for X.509 certificate parsing. 02447 */ 02448 //#define MBEDTLS_X509_CRT_PARSE_C 02449 02450 /** 02451 * \def MBEDTLS_X509_CRL_PARSE_C 02452 * 02453 * Enable X.509 CRL parsing. 02454 * 02455 * Module: library/x509_crl.c 02456 * Caller: library/x509_crt.c 02457 * 02458 * Requires: MBEDTLS_X509_USE_C 02459 * 02460 * This module is required for X.509 CRL parsing. 02461 */ 02462 //#define MBEDTLS_X509_CRL_PARSE_C 02463 02464 /** 02465 * \def MBEDTLS_X509_CSR_PARSE_C 02466 * 02467 * Enable X.509 Certificate Signing Request (CSR) parsing. 02468 * 02469 * Module: library/x509_csr.c 02470 * Caller: library/x509_crt_write.c 02471 * 02472 * Requires: MBEDTLS_X509_USE_C 02473 * 02474 * This module is used for reading X.509 certificate request. 02475 */ 02476 //#define MBEDTLS_X509_CSR_PARSE_C 02477 02478 /** 02479 * \def MBEDTLS_X509_CREATE_C 02480 * 02481 * Enable X.509 core for creating certificates. 02482 * 02483 * Module: library/x509_create.c 02484 * 02485 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02486 * 02487 * This module is the basis for creating X.509 certificates and CSRs. 02488 */ 02489 //#define MBEDTLS_X509_CREATE_C 02490 02491 /** 02492 * \def MBEDTLS_X509_CRT_WRITE_C 02493 * 02494 * Enable creating X.509 certificates. 02495 * 02496 * Module: library/x509_crt_write.c 02497 * 02498 * Requires: MBEDTLS_X509_CREATE_C 02499 * 02500 * This module is required for X.509 certificate creation. 02501 */ 02502 //#define MBEDTLS_X509_CRT_WRITE_C 02503 02504 /** 02505 * \def MBEDTLS_X509_CSR_WRITE_C 02506 * 02507 * Enable creating X.509 Certificate Signing Requests (CSR). 02508 * 02509 * Module: library/x509_csr_write.c 02510 * 02511 * Requires: MBEDTLS_X509_CREATE_C 02512 * 02513 * This module is required for X.509 certificate request writing. 02514 */ 02515 //#define MBEDTLS_X509_CSR_WRITE_C 02516 /** 02517 * \def MBEDTLS_XTEA_C 02518 * 02519 * Enable the XTEA block cipher. 02520 * 02521 * Module: library/xtea.c 02522 * Caller: 02523 */ 02524 //#define MBEDTLS_XTEA_C 02525 02526 /* \} name SECTION: mbed TLS modules */ 02527 02528 /** 02529 * \name SECTION: Module configuration options 02530 * 02531 * This section allows for the setting of module specific sizes and 02532 * configuration options. The default values are already present in the 02533 * relevant header files and should suffice for the regular use cases. 02534 * 02535 * Our advice is to enable options and change their values here 02536 * only if you have a good reason and know the consequences. 02537 * 02538 * Please check the respective header file for documentation on these 02539 * parameters (to prevent duplicate documentation). 02540 * \{ 02541 */ 02542 02543 /* MPI / BIGNUM options */ 02544 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02545 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02546 02547 /* CTR_DRBG options */ 02548 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02549 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02550 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02551 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02552 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02553 02554 /* HMAC_DRBG options */ 02555 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02556 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02557 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02558 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02559 02560 /* ECP options */ 02561 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02562 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02563 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02564 02565 /* Entropy options */ 02566 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02567 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02568 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02569 02570 /* Memory buffer allocator options */ 02571 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02572 02573 /* Platform options */ 02574 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02575 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02576 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02577 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02578 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02579 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02580 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02581 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02582 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02583 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02584 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02585 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02586 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02587 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02588 02589 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02590 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02591 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02592 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02593 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02594 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02595 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02596 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02597 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02598 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02599 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02600 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02601 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02602 02603 /* SSL Cache options */ 02604 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02605 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02606 02607 /* SSL options */ 02608 #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02609 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02610 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02611 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02612 02613 /** 02614 * Complete list of ciphersuites to use, in order of preference. 02615 * 02616 * \warning No dependency checking is done on that field! This option can only 02617 * be used to restrict the set of available ciphersuites. It is your 02618 * responsibility to make sure the needed modules are active. 02619 * 02620 * Use this to save a few hundred bytes of ROM (default ordering of all 02621 * available ciphersuites) and a few to a few hundred bytes of RAM. 02622 * 02623 * The value below is only an example, not the default. 02624 */ 02625 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \ 02626 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \ 02627 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ 02628 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \ 02629 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 02630 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 02631 /* X509 options */ 02632 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02633 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02634 02635 /* \} name SECTION: Customisation configuration options */ 02636 02637 /* Target and application specific configurations */ 02638 //#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" 02639 02640 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) 02641 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE 02642 #endif 02643 02644 02645 #include "check_config.h" 02646 02647 #if defined(MBEDTLS_TEST_NULL_ENTROPY) 02648 #warning "MBEDTLS_TEST_NULL_ENTROPY has been enabled. This " \ 02649 "configuration is not secure and is not suitable for production use" 02650 #endif 02651 02652 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 19:01:35 by
1.7.2