test cli
Dependencies: mbed-os-example-mbed5-lorawan
Fork of Projet_de_bachelor_code by
mbedtls_lora_config.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_LORA_CONFIG_H 00029 #define MBEDTLS_LORA_CONFIG_H 00030 00031 00032 /** 00033 * \name SECTION: System support 00034 * 00035 * This section sets system specific settings. 00036 * \{ 00037 */ 00038 00039 /** 00040 * \def MBEDTLS_HAVE_ASM 00041 * 00042 * The compiler has support for asm(). 00043 * 00044 * Requires support for asm() in compiler. 00045 * 00046 * Used in: 00047 * library/timing.c 00048 * library/padlock.c 00049 * include/mbedtls/bn_mul.h 00050 * 00051 * Comment to disable the use of assembly code. 00052 */ 00053 #define MBEDTLS_HAVE_ASM 00054 00055 /** 00056 * \def MBEDTLS_NO_UDBL_DIVISION 00057 * 00058 * The platform lacks support for double-width integer division (64-bit 00059 * division on a 32-bit platform, 128-bit division on a 64-bit platform). 00060 * 00061 * Used in: 00062 * include/mbedtls/bignum.h 00063 * library/bignum.c 00064 * 00065 * The bignum code uses double-width division to speed up some operations. 00066 * Double-width division is often implemented in software that needs to 00067 * be linked with the program. The presence of a double-width integer 00068 * type is usually detected automatically through preprocessor macros, 00069 * but the automatic detection cannot know whether the code needs to 00070 * and can be linked with an implementation of division for that type. 00071 * By default division is assumed to be usable if the type is present. 00072 * Uncomment this option to prevent the use of double-width division. 00073 * 00074 * Note that division for the native integer type is always required. 00075 * Furthermore, a 64-bit type is always required even on a 32-bit 00076 * platform, but it need not support multiplication or division. In some 00077 * cases it is also desirable to disable some double-width operations. For 00078 * example, if double-width division is implemented in software, disabling 00079 * it can reduce code size in some embedded targets. 00080 */ 00081 //#define MBEDTLS_NO_UDBL_DIVISION 00082 00083 /** 00084 * \def MBEDTLS_HAVE_SSE2 00085 * 00086 * CPU supports SSE2 instruction set. 00087 * 00088 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00089 */ 00090 //#define MBEDTLS_HAVE_SSE2 00091 00092 /** 00093 * \def MBEDTLS_HAVE_TIME 00094 * 00095 * System has time.h and time(). 00096 * The time does not need to be correct, only time differences are used, 00097 * by contrast with MBEDTLS_HAVE_TIME_DATE 00098 * 00099 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00100 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00101 * MBEDTLS_PLATFORM_STD_TIME. 00102 * 00103 * Comment if your system does not support time functions 00104 */ 00105 //#define MBEDTLS_HAVE_TIME 00106 00107 /** 00108 * \def MBEDTLS_HAVE_TIME_DATE 00109 * 00110 * System has time.h and time(), gmtime() and the clock is correct. 00111 * The time needs to be correct (not necesarily very accurate, but at least 00112 * the date should be correct). This is used to verify the validity period of 00113 * X.509 certificates. 00114 * 00115 * Comment if your system does not have a correct clock. 00116 */ 00117 //#define MBEDTLS_HAVE_TIME_DATE 00118 00119 /** 00120 * \def MBEDTLS_PLATFORM_MEMORY 00121 * 00122 * Enable the memory allocation layer. 00123 * 00124 * By default mbed TLS uses the system-provided calloc() and free(). 00125 * This allows different allocators (self-implemented or provided) to be 00126 * provided to the platform abstraction layer. 00127 * 00128 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00129 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00130 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00131 * free() function pointer at runtime. 00132 * 00133 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00134 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00135 * alternate function at compile time. 00136 * 00137 * Requires: MBEDTLS_PLATFORM_C 00138 * 00139 * Enable this layer to allow use of alternative memory allocators. 00140 */ 00141 //#define MBEDTLS_PLATFORM_MEMORY 00142 00143 /** 00144 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00145 * 00146 * Do not assign standard functions in the platform layer (e.g. calloc() to 00147 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00148 * 00149 * This makes sure there are no linking errors on platforms that do not support 00150 * these functions. You will HAVE to provide alternatives, either at runtime 00151 * via the platform_set_xxx() functions or at compile time by setting 00152 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00153 * MBEDTLS_PLATFORM_XXX_MACRO. 00154 * 00155 * Requires: MBEDTLS_PLATFORM_C 00156 * 00157 * Uncomment to prevent default assignment of standard functions in the 00158 * platform layer. 00159 */ 00160 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00161 00162 /** 00163 * \def MBEDTLS_PLATFORM_EXIT_ALT 00164 * 00165 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00166 * function in the platform abstraction layer. 00167 * 00168 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00169 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00170 * alternative printf function pointer. 00171 * 00172 * All these define require MBEDTLS_PLATFORM_C to be defined! 00173 * 00174 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00175 * it will be enabled automatically by check_config.h 00176 * 00177 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00178 * MBEDTLS_PLATFORM_XXX_MACRO! 00179 * 00180 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00181 * 00182 * Uncomment a macro to enable alternate implementation of specific base 00183 * platform function 00184 */ 00185 //#define MBEDTLS_PLATFORM_EXIT_ALT 00186 //#define MBEDTLS_PLATFORM_TIME_ALT 00187 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00188 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00189 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00190 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00191 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT 00192 00193 /** 00194 * \def MBEDTLS_DEPRECATED_WARNING 00195 * 00196 * Mark deprecated functions so that they generate a warning if used. 00197 * Functions deprecated in one version will usually be removed in the next 00198 * version. You can enable this to help you prepare the transition to a new 00199 * major version by making sure your code is not using these functions. 00200 * 00201 * This only works with GCC and Clang. With other compilers, you may want to 00202 * use MBEDTLS_DEPRECATED_REMOVED 00203 * 00204 * Uncomment to get warnings on using deprecated functions. 00205 */ 00206 //#define MBEDTLS_DEPRECATED_WARNING 00207 00208 /** 00209 * \def MBEDTLS_DEPRECATED_REMOVED 00210 * 00211 * Remove deprecated functions so that they generate an error if used. 00212 * Functions deprecated in one version will usually be removed in the next 00213 * version. You can enable this to help you prepare the transition to a new 00214 * major version by making sure your code is not using these functions. 00215 * 00216 * Uncomment to get errors on using deprecated functions. 00217 */ 00218 //#define MBEDTLS_DEPRECATED_REMOVED 00219 00220 /* \} name SECTION: System support */ 00221 00222 /** 00223 * \name SECTION: mbed TLS feature support 00224 * 00225 * This section sets support for features that are or are not needed 00226 * within the modules that are enabled. 00227 * \{ 00228 */ 00229 00230 /** 00231 * \def MBEDTLS_TIMING_ALT 00232 * 00233 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00234 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00235 * 00236 * Only works if you have MBEDTLS_TIMING_C enabled. 00237 * 00238 * You will need to provide a header "timing_alt.h" and an implementation at 00239 * compile time. 00240 */ 00241 //#define MBEDTLS_TIMING_ALT 00242 00243 /** 00244 * \def MBEDTLS_AES_ALT 00245 * 00246 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00247 * alternate core implementation of a symmetric crypto, an arithmetic or hash 00248 * module (e.g. platform specific assembly optimized implementations). Keep 00249 * in mind that the function prototypes should remain the same. 00250 * 00251 * This replaces the whole module. If you only want to replace one of the 00252 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00253 * 00254 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00255 * provide the "struct mbedtls_aes_context" definition and omit the base 00256 * function declarations and implementations. "aes_alt.h" will be included from 00257 * "aes.h" to include the new function definitions. 00258 * 00259 * Uncomment a macro to enable alternate implementation of the corresponding 00260 * module. 00261 */ 00262 //#define MBEDTLS_AES_ALT 00263 //#define MBEDTLS_ARC4_ALT 00264 //#define MBEDTLS_BLOWFISH_ALT 00265 //#define MBEDTLS_CAMELLIA_ALT 00266 //#define MBEDTLS_DES_ALT 00267 //#define MBEDTLS_XTEA_ALT 00268 //#define MBEDTLS_MD2_ALT 00269 //#define MBEDTLS_MD4_ALT 00270 //#define MBEDTLS_MD5_ALT 00271 //#define MBEDTLS_RIPEMD160_ALT 00272 //#define MBEDTLS_SHA1_ALT 00273 //#define MBEDTLS_SHA256_ALT 00274 //#define MBEDTLS_SHA512_ALT 00275 /* 00276 * When replacing the elliptic curve module, pleace consider, that it is 00277 * implemented with two .c files: 00278 * - ecp.c 00279 * - ecp_curves.c 00280 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT 00281 * macros as described above. The only difference is that you have to make sure 00282 * that you provide functionality for both .c files. 00283 */ 00284 //#define MBEDTLS_ECP_ALT 00285 00286 /** 00287 * \def MBEDTLS_MD2_PROCESS_ALT 00288 * 00289 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00290 * alternate core implementation of symmetric crypto or hash function. Keep in 00291 * mind that function prototypes should remain the same. 00292 * 00293 * This replaces only one function. The header file from mbed TLS is still 00294 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00295 * 00296 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00297 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00298 * the other function (using your mbedtls_sha1_process() function) and the definition 00299 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00300 * with this definition. 00301 * 00302 * \note Because of a signature change, the core AES encryption and decryption routines are 00303 * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, 00304 * respectively. When setting up alternative implementations, these functions should 00305 * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt 00306 * must stay untouched. 00307 * 00308 * \note If you use the AES_xxx_ALT macros, then is is recommended to also set 00309 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00310 * tables. 00311 * 00312 * Uncomment a macro to enable alternate implementation of the corresponding 00313 * function. 00314 */ 00315 //#define MBEDTLS_MD2_PROCESS_ALT 00316 //#define MBEDTLS_MD4_PROCESS_ALT 00317 //#define MBEDTLS_MD5_PROCESS_ALT 00318 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00319 //#define MBEDTLS_SHA1_PROCESS_ALT 00320 //#define MBEDTLS_SHA256_PROCESS_ALT 00321 //#define MBEDTLS_SHA512_PROCESS_ALT 00322 //#define MBEDTLS_DES_SETKEY_ALT 00323 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00324 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00325 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00326 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00327 //#define MBEDTLS_AES_ENCRYPT_ALT 00328 //#define MBEDTLS_AES_DECRYPT_ALT 00329 00330 /** 00331 * \def MBEDTLS_ECP_INTERNAL_ALT 00332 * 00333 * Expose a part of the internal interface of the Elliptic Curve Point module. 00334 * 00335 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your 00336 * alternative core implementation of elliptic curve arithmetic. Keep in mind 00337 * that function prototypes should remain the same. 00338 * 00339 * This partially replaces one function. The header file from mbed TLS is still 00340 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation 00341 * is still present and it is used for group structures not supported by the 00342 * alternative. 00343 * 00344 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT 00345 * and implementing the following functions: 00346 * unsigned char mbedtls_internal_ecp_grp_capable( 00347 * const mbedtls_ecp_group *grp ) 00348 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) 00349 * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) 00350 * The mbedtls_internal_ecp_grp_capable function should return 1 if the 00351 * replacement functions implement arithmetic for the given group and 0 00352 * otherwise. 00353 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are 00354 * called before and after each point operation and provide an opportunity to 00355 * implement optimized set up and tear down instructions. 00356 * 00357 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and 00358 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac 00359 * function, but will use your mbedtls_internal_ecp_double_jac if the group is 00360 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when 00361 * receives it as an argument). If the group is not supported then the original 00362 * implementation is used. The other functions and the definition of 00363 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your 00364 * implementation of mbedtls_internal_ecp_double_jac and 00365 * mbedtls_internal_ecp_grp_capable must be compatible with this definition. 00366 * 00367 * Uncomment a macro to enable alternate implementation of the corresponding 00368 * function. 00369 */ 00370 /* Required for all the functions in this section */ 00371 //#define MBEDTLS_ECP_INTERNAL_ALT 00372 /* Support for Weierstrass curves with Jacobi representation */ 00373 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT 00374 //#define MBEDTLS_ECP_ADD_MIXED_ALT 00375 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT 00376 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT 00377 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT 00378 /* Support for curves with Montgomery arithmetic */ 00379 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT 00380 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT 00381 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT 00382 00383 /** 00384 * \def MBEDTLS_TEST_NULL_ENTROPY 00385 * 00386 * Enables testing and use of mbed TLS without any configured entropy sources. 00387 * This permits use of the library on platforms before an entropy source has 00388 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00389 * MBEDTLS_ENTROPY_NV_SEED switches). 00390 * 00391 * WARNING! This switch MUST be disabled in production builds, and is suitable 00392 * only for development. 00393 * Enabling the switch negates any security provided by the library. 00394 * 00395 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00396 * 00397 */ 00398 //#define MBEDTLS_TEST_NULL_ENTROPY 00399 00400 /** 00401 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00402 * 00403 * Uncomment this macro to let mbed TLS use your own implementation of a 00404 * hardware entropy collector. 00405 * 00406 * Your function must be called \c mbedtls_hardware_poll(), have the same 00407 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00408 * 00409 * Uncomment to use your own hardware entropy collector. 00410 */ 00411 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00412 00413 /** 00414 * \def MBEDTLS_AES_ROM_TABLES 00415 * 00416 * Store the AES tables in ROM. 00417 * 00418 * Uncomment this macro to store the AES tables in ROM. 00419 */ 00420 #define MBEDTLS_AES_ROM_TABLES 00421 00422 /** 00423 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00424 * 00425 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00426 * 00427 * Uncomment this macro to use less memory for Camellia. 00428 */ 00429 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00430 00431 /** 00432 * \def MBEDTLS_CIPHER_MODE_CBC 00433 * 00434 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00435 */ 00436 //#define MBEDTLS_CIPHER_MODE_CBC 00437 00438 /** 00439 * \def MBEDTLS_CIPHER_MODE_CFB 00440 * 00441 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00442 */ 00443 //#define MBEDTLS_CIPHER_MODE_CFB 00444 00445 /** 00446 * \def MBEDTLS_CIPHER_MODE_CTR 00447 * 00448 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00449 */ 00450 //#define MBEDTLS_CIPHER_MODE_CTR 00451 00452 /** 00453 * \def MBEDTLS_CIPHER_NULL_CIPHER 00454 * 00455 * Enable NULL cipher. 00456 * Warning: Only do so when you know what you are doing. This allows for 00457 * encryption or channels without any security! 00458 * 00459 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00460 * the following ciphersuites: 00461 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00462 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00463 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00464 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00465 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00466 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00467 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00468 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00469 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00470 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00471 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00472 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00473 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00474 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00475 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00476 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00477 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00478 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00479 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00480 * 00481 * Uncomment this macro to enable the NULL cipher and ciphersuites 00482 */ 00483 //#define MBEDTLS_CIPHER_NULL_CIPHER 00484 00485 /** 00486 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00487 * 00488 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00489 * specific padding modes in the cipher layer with cipher modes that support 00490 * padding (e.g. CBC) 00491 * 00492 * If you disable all padding modes, only full blocks can be used with CBC. 00493 * 00494 * Enable padding modes in the cipher layer. 00495 */ 00496 //#define MBEDTLS_CIPHER_PADDING_PKCS7 00497 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00498 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00499 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00500 00501 /** 00502 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00503 * 00504 * Enable weak ciphersuites in SSL / TLS. 00505 * Warning: Only do so when you know what you are doing. This allows for 00506 * channels with virtually no security at all! 00507 * 00508 * This enables the following ciphersuites: 00509 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00510 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00511 * 00512 * Uncomment this macro to enable weak ciphersuites 00513 */ 00514 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00515 00516 /** 00517 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00518 * 00519 * Remove RC4 ciphersuites by default in SSL / TLS. 00520 * This flag removes the ciphersuites based on RC4 from the default list as 00521 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00522 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00523 * explicitly. 00524 * 00525 * Uncomment this macro to remove RC4 ciphersuites by default. 00526 */ 00527 //#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00528 00529 /** 00530 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00531 * 00532 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00533 * module. By default all supported curves are enabled. 00534 * 00535 * Comment macros to disable the curve and functions for it 00536 */ 00537 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00538 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00539 //#define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00540 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00541 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00542 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00543 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00544 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00545 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00546 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00547 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00548 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00549 00550 /** 00551 * \def MBEDTLS_ECP_NIST_OPTIM 00552 * 00553 * Enable specific 'modulo p' routines for each NIST prime. 00554 * Depending on the prime and architecture, makes operations 4 to 8 times 00555 * faster on the corresponding curve. 00556 * 00557 * Comment this macro to disable NIST curves optimisation. 00558 */ 00559 //#define MBEDTLS_ECP_NIST_OPTIM 00560 00561 /** 00562 * \def MBEDTLS_ECDSA_DETERMINISTIC 00563 * 00564 * Enable deterministic ECDSA (RFC 6979). 00565 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00566 * may result in a compromise of the long-term signing key. This is avoided by 00567 * the deterministic variant. 00568 * 00569 * Requires: MBEDTLS_HMAC_DRBG_C 00570 * 00571 * Comment this macro to disable deterministic ECDSA. 00572 */ 00573 //#define MBEDTLS_ECDSA_DETERMINISTIC 00574 00575 /** 00576 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00577 * 00578 * Enable the PSK based ciphersuite modes in SSL / TLS. 00579 * 00580 * This enables the following ciphersuites (if other requisites are 00581 * enabled as well): 00582 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00583 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00584 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00585 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00586 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00587 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00588 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00589 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00590 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00591 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00592 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00593 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00594 */ 00595 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00596 00597 /** 00598 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00599 * 00600 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00601 * 00602 * Requires: MBEDTLS_DHM_C 00603 * 00604 * This enables the following ciphersuites (if other requisites are 00605 * enabled as well): 00606 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00607 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00608 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00609 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00610 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00611 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00612 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00613 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00614 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00615 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00616 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00617 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00618 */ 00619 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00620 00621 /** 00622 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00623 * 00624 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00625 * 00626 * Requires: MBEDTLS_ECDH_C 00627 * 00628 * This enables the following ciphersuites (if other requisites are 00629 * enabled as well): 00630 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00631 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00632 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00633 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00634 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00635 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00636 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00637 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00638 */ 00639 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00640 00641 /** 00642 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00643 * 00644 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00645 * 00646 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00647 * MBEDTLS_X509_CRT_PARSE_C 00648 * 00649 * This enables the following ciphersuites (if other requisites are 00650 * enabled as well): 00651 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00652 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00653 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00654 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00655 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00656 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00657 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00658 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00659 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00660 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00661 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00662 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00663 */ 00664 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00665 00666 /** 00667 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00668 * 00669 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00670 * 00671 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00672 * MBEDTLS_X509_CRT_PARSE_C 00673 * 00674 * This enables the following ciphersuites (if other requisites are 00675 * enabled as well): 00676 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00677 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00678 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00679 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00680 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00681 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00682 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00683 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00684 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00685 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00686 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00687 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00688 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00689 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00690 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00691 */ 00692 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00693 00694 /** 00695 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00696 * 00697 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00698 * 00699 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00700 * MBEDTLS_X509_CRT_PARSE_C 00701 * 00702 * This enables the following ciphersuites (if other requisites are 00703 * enabled as well): 00704 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00705 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00706 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00707 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00708 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00709 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00710 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00711 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00712 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00713 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00714 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00715 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00716 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00717 */ 00718 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00719 00720 /** 00721 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00722 * 00723 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00724 * 00725 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00726 * MBEDTLS_X509_CRT_PARSE_C 00727 * 00728 * This enables the following ciphersuites (if other requisites are 00729 * enabled as well): 00730 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00731 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00732 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00733 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00734 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00735 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00736 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00737 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00738 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00739 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00740 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00741 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00742 */ 00743 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00744 00745 /** 00746 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00747 * 00748 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00749 * 00750 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00751 * 00752 * This enables the following ciphersuites (if other requisites are 00753 * enabled as well): 00754 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00755 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00756 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00757 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00758 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00759 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00760 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00761 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00762 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00763 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00764 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00765 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00766 */ 00767 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00768 00769 /** 00770 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00771 * 00772 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00773 * 00774 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00775 * 00776 * This enables the following ciphersuites (if other requisites are 00777 * enabled as well): 00778 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00779 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00780 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00781 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00782 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00783 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00784 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00785 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00786 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00787 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00788 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00789 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00790 */ 00791 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00792 00793 /** 00794 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00795 * 00796 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00797 * 00798 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00799 * 00800 * This enables the following ciphersuites (if other requisites are 00801 * enabled as well): 00802 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00803 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00804 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00805 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00806 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00807 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00808 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00809 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00810 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00811 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00812 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00813 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00814 */ 00815 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00816 00817 /** 00818 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00819 * 00820 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00821 * 00822 * \warning This is currently experimental. EC J-PAKE support is based on the 00823 * Thread v1.0.0 specification; incompatible changes to the specification 00824 * might still happen. For this reason, this is disabled by default. 00825 * 00826 * Requires: MBEDTLS_ECJPAKE_C 00827 * MBEDTLS_SHA256_C 00828 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00829 * 00830 * This enables the following ciphersuites (if other requisites are 00831 * enabled as well): 00832 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00833 */ 00834 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00835 00836 /** 00837 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00838 * 00839 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00840 * RFC 5915 and RFC 5480. 00841 * 00842 * Currently this means parsing the SpecifiedECDomain choice of EC 00843 * parameters (only known groups are supported, not arbitrary domains, to 00844 * avoid validation issues). 00845 * 00846 * Disable if you only need to support RFC 5915 + 5480 key formats. 00847 */ 00848 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00849 00850 /** 00851 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00852 * 00853 * Enable a dummy error function to make use of mbedtls_strerror() in 00854 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00855 * (no effect when MBEDTLS_ERROR_C is enabled). 00856 * 00857 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00858 * not using mbedtls_strerror() or error_strerror() in your application. 00859 * 00860 * Disable if you run into name conflicts and want to really remove the 00861 * mbedtls_strerror() 00862 */ 00863 //#define MBEDTLS_ERROR_STRERROR_DUMMY 00864 00865 /** 00866 * \def MBEDTLS_GENPRIME 00867 * 00868 * Enable the prime-number generation code. 00869 * 00870 * Requires: MBEDTLS_BIGNUM_C 00871 */ 00872 //#define MBEDTLS_GENPRIME 00873 00874 /** 00875 * \def MBEDTLS_FS_IO 00876 * 00877 * Enable functions that use the filesystem. 00878 */ 00879 //#define MBEDTLS_FS_IO 00880 00881 /** 00882 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00883 * 00884 * Do not add default entropy sources. These are the platform specific, 00885 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00886 * 00887 * This is useful to have more control over the added entropy sources in an 00888 * application. 00889 * 00890 * Uncomment this macro to prevent loading of default entropy functions. 00891 */ 00892 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00893 00894 /** 00895 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00896 * 00897 * Do not use built-in platform entropy functions. 00898 * This is useful if your platform does not support 00899 * standards like the /dev/urandom or Windows CryptoAPI. 00900 * 00901 * Uncomment this macro to disable the built-in platform entropy functions. 00902 */ 00903 #define MBEDTLS_NO_PLATFORM_ENTROPY 00904 00905 /** 00906 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00907 * 00908 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00909 * default SHA-512 based one (if both are available). 00910 * 00911 * Requires: MBEDTLS_SHA256_C 00912 * 00913 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00914 * if you have performance concerns. 00915 * 00916 * This option is only useful if both MBEDTLS_SHA256_C and 00917 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00918 */ 00919 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00920 00921 /** 00922 * \def MBEDTLS_ENTROPY_NV_SEED 00923 * 00924 * Enable the non-volatile (NV) seed file-based entropy source. 00925 * (Also enables the NV seed read/write functions in the platform layer) 00926 * 00927 * This is crucial (if not required) on systems that do not have a 00928 * cryptographic entropy source (in hardware or kernel) available. 00929 * 00930 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00931 * 00932 * \note The read/write functions that are used by the entropy source are 00933 * determined in the platform layer, and can be modified at runtime and/or 00934 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00935 * 00936 * \note If you use the default implementation functions that read a seedfile 00937 * with regular fopen(), please make sure you make a seedfile with the 00938 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00939 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00940 * and written to or you will get an entropy source error! The default 00941 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00942 * bytes from the file. 00943 * 00944 * \note The entropy collector will write to the seed file before entropy is 00945 * given to an external source, to update it. 00946 */ 00947 //#define MBEDTLS_ENTROPY_NV_SEED 00948 00949 /** 00950 * \def MBEDTLS_MEMORY_DEBUG 00951 * 00952 * Enable debugging of buffer allocator memory issues. Automatically prints 00953 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00954 * function for 'debug output' of allocated memory. 00955 * 00956 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00957 * 00958 * Uncomment this macro to let the buffer allocator print out error messages. 00959 */ 00960 //#define MBEDTLS_MEMORY_DEBUG 00961 00962 /** 00963 * \def MBEDTLS_MEMORY_BACKTRACE 00964 * 00965 * Include backtrace information with each allocated block. 00966 * 00967 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00968 * GLIBC-compatible backtrace() an backtrace_symbols() support 00969 * 00970 * Uncomment this macro to include backtrace information 00971 */ 00972 //#define MBEDTLS_MEMORY_BACKTRACE 00973 00974 /** 00975 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00976 * 00977 * Support external private RSA keys (eg from a HSM) in the PK layer. 00978 * 00979 * Comment this macro to disable support for external private RSA keys. 00980 */ 00981 //#define MBEDTLS_PK_RSA_ALT_SUPPORT 00982 00983 /** 00984 * \def MBEDTLS_PKCS1_V15 00985 * 00986 * Enable support for PKCS#1 v1.5 encoding. 00987 * 00988 * Requires: MBEDTLS_RSA_C 00989 * 00990 * This enables support for PKCS#1 v1.5 operations. 00991 */ 00992 //#define MBEDTLS_PKCS1_V15 00993 00994 /** 00995 * \def MBEDTLS_PKCS1_V21 00996 * 00997 * Enable support for PKCS#1 v2.1 encoding. 00998 * 00999 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 01000 * 01001 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 01002 */ 01003 //#define MBEDTLS_PKCS1_V21 01004 01005 /** 01006 * \def MBEDTLS_RSA_NO_CRT 01007 * 01008 * Do not use the Chinese Remainder Theorem for the RSA private operation. 01009 * 01010 * Uncomment this macro to disable the use of CRT in RSA. 01011 * 01012 */ 01013 //#define MBEDTLS_RSA_NO_CRT 01014 01015 /** 01016 * \def MBEDTLS_SELF_TEST 01017 * 01018 * Enable the checkup functions (*_self_test). 01019 */ 01020 //#define MBEDTLS_SELF_TEST 01021 01022 /** 01023 * \def MBEDTLS_SHA256_SMALLER 01024 * 01025 * Enable an implementation of SHA-256 that has lower ROM footprint but also 01026 * lower performance. 01027 * 01028 * The default implementation is meant to be a reasonnable compromise between 01029 * performance and size. This version optimizes more aggressively for size at 01030 * the expense of performance. Eg on Cortex-M4 it reduces the size of 01031 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 01032 * 30%. 01033 * 01034 * Uncomment to enable the smaller implementation of SHA256. 01035 */ 01036 //#define MBEDTLS_SHA256_SMALLER 01037 01038 /** 01039 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 01040 * 01041 * Enable sending of alert messages in case of encountered errors as per RFC. 01042 * If you choose not to send the alert messages, mbed TLS can still communicate 01043 * with other servers, only debugging of failures is harder. 01044 * 01045 * The advantage of not sending alert messages, is that no information is given 01046 * about reasons for failures thus preventing adversaries of gaining intel. 01047 * 01048 * Enable sending of all alert messages 01049 */ 01050 //#define MBEDTLS_SSL_ALL_ALERT_MESSAGES 01051 01052 /** 01053 * \def MBEDTLS_SSL_DEBUG_ALL 01054 * 01055 * Enable the debug messages in SSL module for all issues. 01056 * Debug messages have been disabled in some places to prevent timing 01057 * attacks due to (unbalanced) debugging function calls. 01058 * 01059 * If you need all error reporting you should enable this during debugging, 01060 * but remove this for production servers that should log as well. 01061 * 01062 * Uncomment this macro to report all debug messages on errors introducing 01063 * a timing side-channel. 01064 * 01065 */ 01066 //#define MBEDTLS_SSL_DEBUG_ALL 01067 01068 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 01069 * 01070 * Enable support for Encrypt-then-MAC, RFC 7366. 01071 * 01072 * This allows peers that both support it to use a more robust protection for 01073 * ciphersuites using CBC, providing deep resistance against timing attacks 01074 * on the padding or underlying cipher. 01075 * 01076 * This only affects CBC ciphersuites, and is useless if none is defined. 01077 * 01078 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01079 * MBEDTLS_SSL_PROTO_TLS1_1 or 01080 * MBEDTLS_SSL_PROTO_TLS1_2 01081 * 01082 * Comment this macro to disable support for Encrypt-then-MAC 01083 */ 01084 //#define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01085 01086 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01087 * 01088 * Enable support for Extended Master Secret, aka Session Hash 01089 * (draft-ietf-tls-session-hash-02). 01090 * 01091 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01092 * attacks, but it is recommended to always use it (even if you disable 01093 * renegotiation), since it actually fixes a more fundamental issue in the 01094 * original SSL/TLS design, and has implications beyond Triple Handshake. 01095 * 01096 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01097 * MBEDTLS_SSL_PROTO_TLS1_1 or 01098 * MBEDTLS_SSL_PROTO_TLS1_2 01099 * 01100 * Comment this macro to disable support for Extended Master Secret. 01101 */ 01102 //#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01103 01104 /** 01105 * \def MBEDTLS_SSL_FALLBACK_SCSV 01106 * 01107 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01108 * 01109 * For servers, it is recommended to always enable this, unless you support 01110 * only one version of TLS, or know for sure that none of your clients 01111 * implements a fallback strategy. 01112 * 01113 * For clients, you only need this if you're using a fallback strategy, which 01114 * is not recommended in the first place, unless you absolutely need it to 01115 * interoperate with buggy (version-intolerant) servers. 01116 * 01117 * Comment this macro to disable support for FALLBACK_SCSV 01118 */ 01119 //#define MBEDTLS_SSL_FALLBACK_SCSV 01120 01121 /** 01122 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01123 * 01124 * Enable hooking functions in SSL module for hardware acceleration of 01125 * individual records. 01126 * 01127 * Uncomment this macro to enable hooking functions. 01128 */ 01129 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01130 01131 /** 01132 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01133 * 01134 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01135 * 01136 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01137 * of interoperability issues compared to sending 0-length records. 01138 * 01139 * Comment this macro to disable 1/n-1 record splitting. 01140 */ 01141 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01142 01143 /** 01144 * \def MBEDTLS_SSL_RENEGOTIATION 01145 * 01146 * Disable support for TLS renegotiation. 01147 * 01148 * The two main uses of renegotiation are (1) refresh keys on long-lived 01149 * connections and (2) client authentication after the initial handshake. 01150 * If you don't need renegotiation, it's probably better to disable it, since 01151 * it has been associated with security issues in the past and is easy to 01152 * misuse/misunderstand. 01153 * 01154 * Comment this to disable support for renegotiation. 01155 */ 01156 //#define MBEDTLS_SSL_RENEGOTIATION 01157 01158 /** 01159 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01160 * 01161 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01162 * SSL Server module (MBEDTLS_SSL_SRV_C). 01163 * 01164 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01165 */ 01166 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01167 01168 /** 01169 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01170 * 01171 * Pick the ciphersuite according to the client's preferences rather than ours 01172 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01173 * 01174 * Uncomment this macro to respect client's ciphersuite order 01175 */ 01176 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01177 01178 /** 01179 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01180 * 01181 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01182 * 01183 * Comment this macro to disable support for the max_fragment_length extension 01184 */ 01185 //#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01186 01187 /** 01188 * \def MBEDTLS_SSL_PROTO_SSL3 01189 * 01190 * Enable support for SSL 3.0. 01191 * 01192 * Requires: MBEDTLS_MD5_C 01193 * MBEDTLS_SHA1_C 01194 * 01195 * Comment this macro to disable support for SSL 3.0 01196 */ 01197 //#define MBEDTLS_SSL_PROTO_SSL3 01198 01199 /** 01200 * \def MBEDTLS_SSL_PROTO_TLS1 01201 * 01202 * Enable support for TLS 1.0. 01203 * 01204 * Requires: MBEDTLS_MD5_C 01205 * MBEDTLS_SHA1_C 01206 * 01207 * Comment this macro to disable support for TLS 1.0 01208 */ 01209 //#define MBEDTLS_SSL_PROTO_TLS1 01210 01211 /** 01212 * \def MBEDTLS_SSL_PROTO_TLS1_1 01213 * 01214 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01215 * 01216 * Requires: MBEDTLS_MD5_C 01217 * MBEDTLS_SHA1_C 01218 * 01219 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01220 */ 01221 //#define MBEDTLS_SSL_PROTO_TLS1_1 01222 01223 /** 01224 * \def MBEDTLS_SSL_PROTO_TLS1_2 01225 * 01226 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01227 * 01228 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01229 * (Depends on ciphersuites) 01230 * 01231 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01232 */ 01233 //#define MBEDTLS_SSL_PROTO_TLS1_2 01234 01235 /** 01236 * \def MBEDTLS_SSL_PROTO_DTLS 01237 * 01238 * Enable support for DTLS (all available versions). 01239 * 01240 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01241 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01242 * 01243 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01244 * or MBEDTLS_SSL_PROTO_TLS1_2 01245 * 01246 * Comment this macro to disable support for DTLS 01247 */ 01248 //#define MBEDTLS_SSL_PROTO_DTLS 01249 01250 /** 01251 * \def MBEDTLS_SSL_ALPN 01252 * 01253 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01254 * 01255 * Comment this macro to disable support for ALPN. 01256 */ 01257 //#define MBEDTLS_SSL_ALPN 01258 01259 /** 01260 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01261 * 01262 * Enable support for the anti-replay mechanism in DTLS. 01263 * 01264 * Requires: MBEDTLS_SSL_TLS_C 01265 * MBEDTLS_SSL_PROTO_DTLS 01266 * 01267 * \warning Disabling this is often a security risk! 01268 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01269 * 01270 * Comment this to disable anti-replay in DTLS. 01271 */ 01272 //#define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01273 01274 /** 01275 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01276 * 01277 * Enable support for HelloVerifyRequest on DTLS servers. 01278 * 01279 * This feature is highly recommended to prevent DTLS servers being used as 01280 * amplifiers in DoS attacks against other hosts. It should always be enabled 01281 * unless you know for sure amplification cannot be a problem in the 01282 * environment in which your server operates. 01283 * 01284 * \warning Disabling this can ba a security risk! (see above) 01285 * 01286 * Requires: MBEDTLS_SSL_PROTO_DTLS 01287 * 01288 * Comment this to disable support for HelloVerifyRequest. 01289 */ 01290 //#define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01291 01292 /** 01293 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01294 * 01295 * Enable server-side support for clients that reconnect from the same port. 01296 * 01297 * Some clients unexpectedly close the connection and try to reconnect using the 01298 * same source port. This needs special support from the server to handle the 01299 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01300 * flag enables that support. 01301 * 01302 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01303 * 01304 * Comment this to disable support for clients reusing the source port. 01305 */ 01306 //#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01307 01308 /** 01309 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01310 * 01311 * Enable support for a limit of records with bad MAC. 01312 * 01313 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01314 * 01315 * Requires: MBEDTLS_SSL_PROTO_DTLS 01316 */ 01317 //#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01318 01319 /** 01320 * \def MBEDTLS_SSL_SESSION_TICKETS 01321 * 01322 * Enable support for RFC 5077 session tickets in SSL. 01323 * Client-side, provides full support for session tickets (maintainance of a 01324 * session store remains the responsibility of the application, though). 01325 * Server-side, you also need to provide callbacks for writing and parsing 01326 * tickets, including authenticated encryption and key management. Example 01327 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01328 * 01329 * Comment this macro to disable support for SSL session tickets 01330 */ 01331 //#define MBEDTLS_SSL_SESSION_TICKETS 01332 01333 /** 01334 * \def MBEDTLS_SSL_EXPORT_KEYS 01335 * 01336 * Enable support for exporting key block and master secret. 01337 * This is required for certain users of TLS, e.g. EAP-TLS. 01338 * 01339 * Comment this macro to disable support for key export 01340 */ 01341 //#define MBEDTLS_SSL_EXPORT_KEYS 01342 01343 /** 01344 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01345 * 01346 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01347 * 01348 * Requires: MBEDTLS_X509_CRT_PARSE_C 01349 * 01350 * Comment this macro to disable support for server name indication in SSL 01351 */ 01352 //#define MBEDTLS_SSL_SERVER_NAME_INDICATION 01353 01354 /** 01355 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01356 * 01357 * Enable support for RFC 6066 truncated HMAC in SSL. 01358 * 01359 * Comment this macro to disable support for truncated HMAC in SSL 01360 */ 01361 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01362 01363 /** 01364 * \def MBEDTLS_THREADING_ALT 01365 * 01366 * Provide your own alternate threading implementation. 01367 * 01368 * Requires: MBEDTLS_THREADING_C 01369 * 01370 * Uncomment this to allow your own alternate threading implementation. 01371 */ 01372 //#define MBEDTLS_THREADING_ALT 01373 01374 /** 01375 * \def MBEDTLS_THREADING_PTHREAD 01376 * 01377 * Enable the pthread wrapper layer for the threading layer. 01378 * 01379 * Requires: MBEDTLS_THREADING_C 01380 * 01381 * Uncomment this to enable pthread mutexes. 01382 */ 01383 //#define MBEDTLS_THREADING_PTHREAD 01384 01385 /** 01386 * \def MBEDTLS_VERSION_FEATURES 01387 * 01388 * Allow run-time checking of compile-time enabled features. Thus allowing users 01389 * to check at run-time if the library is for instance compiled with threading 01390 * support via mbedtls_version_check_feature(). 01391 * 01392 * Requires: MBEDTLS_VERSION_C 01393 * 01394 * Comment this to disable run-time checking and save ROM space 01395 */ 01396 //#define MBEDTLS_VERSION_FEATURES 01397 01398 /** 01399 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01400 * 01401 * If set, the X509 parser will not break-off when parsing an X509 certificate 01402 * and encountering an extension in a v1 or v2 certificate. 01403 * 01404 * Uncomment to prevent an error. 01405 */ 01406 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01407 01408 /** 01409 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01410 * 01411 * If set, the X509 parser will not break-off when parsing an X509 certificate 01412 * and encountering an unknown critical extension. 01413 * 01414 * \warning Depending on your PKI use, enabling this can be a security risk! 01415 * 01416 * Uncomment to prevent an error. 01417 */ 01418 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01419 01420 /** 01421 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01422 * 01423 * Enable verification of the keyUsage extension (CA and leaf certificates). 01424 * 01425 * Disabling this avoids problems with mis-issued and/or misused 01426 * (intermediate) CA and leaf certificates. 01427 * 01428 * \warning Depending on your PKI use, disabling this can be a security risk! 01429 * 01430 * Comment to skip keyUsage checking for both CA and leaf certificates. 01431 */ 01432 //#define MBEDTLS_X509_CHECK_KEY_USAGE 01433 01434 /** 01435 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01436 * 01437 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01438 * 01439 * Disabling this avoids problems with mis-issued and/or misused certificates. 01440 * 01441 * \warning Depending on your PKI use, disabling this can be a security risk! 01442 * 01443 * Comment to skip extendedKeyUsage checking for certificates. 01444 */ 01445 //#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01446 01447 /** 01448 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01449 * 01450 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01451 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01452 * 01453 * Comment this macro to disallow using RSASSA-PSS in certificates. 01454 */ 01455 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01456 01457 /** 01458 * \def MBEDTLS_ZLIB_SUPPORT 01459 * 01460 * If set, the SSL/TLS module uses ZLIB to support compression and 01461 * decompression of packet data. 01462 * 01463 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01464 * CRIME attack. Before enabling this option, you should examine with care if 01465 * CRIME or similar exploits may be a applicable to your use case. 01466 * 01467 * \note Currently compression can't be used with DTLS. 01468 * 01469 * Used in: library/ssl_tls.c 01470 * library/ssl_cli.c 01471 * library/ssl_srv.c 01472 * 01473 * This feature requires zlib library and headers to be present. 01474 * 01475 * Uncomment to enable use of ZLIB 01476 */ 01477 //#define MBEDTLS_ZLIB_SUPPORT 01478 /* \} name SECTION: mbed TLS feature support */ 01479 01480 /** 01481 * \name SECTION: mbed TLS modules 01482 * 01483 * This section enables or disables entire modules in mbed TLS 01484 * \{ 01485 */ 01486 01487 /** 01488 * \def MBEDTLS_AESNI_C 01489 * 01490 * Enable AES-NI support on x86-64. 01491 * 01492 * Module: library/aesni.c 01493 * Caller: library/aes.c 01494 * 01495 * Requires: MBEDTLS_HAVE_ASM 01496 * 01497 * This modules adds support for the AES-NI instructions on x86-64 01498 */ 01499 //#define MBEDTLS_AESNI_C 01500 01501 /** 01502 * \def MBEDTLS_AES_C 01503 * 01504 * Enable the AES block cipher. 01505 * 01506 * Module: library/aes.c 01507 * Caller: library/ssl_tls.c 01508 * library/pem.c 01509 * library/ctr_drbg.c 01510 * 01511 * This module enables the following ciphersuites (if other requisites are 01512 * enabled as well): 01513 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01514 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01515 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01516 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01517 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01518 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01519 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01520 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01521 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01522 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01523 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01524 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01525 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01526 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01527 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01528 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01529 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01530 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01531 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01532 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01533 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01534 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01535 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01536 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01537 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01538 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01539 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01540 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01541 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01542 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01543 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01544 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01545 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01546 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01547 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01548 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01549 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01550 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01551 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01552 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01553 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01554 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01555 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01556 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01557 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01558 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01559 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01560 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01561 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01562 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01563 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01564 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01565 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01566 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01567 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01568 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01569 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01570 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01571 * 01572 * PEM_PARSE uses AES for decrypting encrypted keys. 01573 */ 01574 #define MBEDTLS_AES_C 01575 01576 /** 01577 * \def MBEDTLS_ARC4_C 01578 * 01579 * Enable the ARCFOUR stream cipher. 01580 * 01581 * Module: library/arc4.c 01582 * Caller: library/ssl_tls.c 01583 * 01584 * This module enables the following ciphersuites (if other requisites are 01585 * enabled as well): 01586 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01587 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01588 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01589 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01590 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01591 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01592 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01593 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01594 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01595 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01596 */ 01597 //#define MBEDTLS_ARC4_C 01598 01599 /** 01600 * \def MBEDTLS_ASN1_PARSE_C 01601 * 01602 * Enable the generic ASN1 parser. 01603 * 01604 * Module: library/asn1.c 01605 * Caller: library/x509.c 01606 * library/dhm.c 01607 * library/pkcs12.c 01608 * library/pkcs5.c 01609 * library/pkparse.c 01610 */ 01611 //#define MBEDTLS_ASN1_PARSE_C 01612 01613 /** 01614 * \def MBEDTLS_ASN1_WRITE_C 01615 * 01616 * Enable the generic ASN1 writer. 01617 * 01618 * Module: library/asn1write.c 01619 * Caller: library/ecdsa.c 01620 * library/pkwrite.c 01621 * library/x509_create.c 01622 * library/x509write_crt.c 01623 * library/x509write_csr.c 01624 */ 01625 //#define MBEDTLS_ASN1_WRITE_C 01626 01627 /** 01628 * \def MBEDTLS_BASE64_C 01629 * 01630 * Enable the Base64 module. 01631 * 01632 * Module: library/base64.c 01633 * Caller: library/pem.c 01634 * 01635 * This module is required for PEM support (required by X.509). 01636 */ 01637 #define MBEDTLS_BASE64_C 01638 01639 /** 01640 * \def MBEDTLS_BIGNUM_C 01641 * 01642 * Enable the multi-precision integer library. 01643 * 01644 * Module: library/bignum.c 01645 * Caller: library/dhm.c 01646 * library/ecp.c 01647 * library/ecdsa.c 01648 * library/rsa.c 01649 * library/ssl_tls.c 01650 * 01651 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01652 */ 01653 //#define MBEDTLS_BIGNUM_C 01654 01655 /** 01656 * \def MBEDTLS_BLOWFISH_C 01657 * 01658 * Enable the Blowfish block cipher. 01659 * 01660 * Module: library/blowfish.c 01661 */ 01662 //#define MBEDTLS_BLOWFISH_C 01663 01664 /** 01665 * \def MBEDTLS_CAMELLIA_C 01666 * 01667 * Enable the Camellia block cipher. 01668 * 01669 * Module: library/camellia.c 01670 * Caller: library/ssl_tls.c 01671 * 01672 * This module enables the following ciphersuites (if other requisites are 01673 * enabled as well): 01674 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01675 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01676 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01677 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01678 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01679 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01680 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01681 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01682 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01683 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01684 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01685 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01686 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01687 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01688 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01689 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01690 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01691 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01692 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01693 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01694 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01695 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01696 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01697 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01698 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01699 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01700 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01701 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01702 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01703 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01704 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01705 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01706 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01707 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01708 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01709 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01710 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01711 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01712 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01713 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01714 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01715 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01716 */ 01717 //#define MBEDTLS_CAMELLIA_C 01718 01719 /** 01720 * \def MBEDTLS_CCM_C 01721 * 01722 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01723 * 01724 * Module: library/ccm.c 01725 * 01726 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01727 * 01728 * This module enables the AES-CCM ciphersuites, if other requisites are 01729 * enabled as well. 01730 */ 01731 //#define MBEDTLS_CCM_C 01732 01733 /** 01734 * \def MBEDTLS_CERTS_C 01735 * 01736 * Enable the test certificates. 01737 * 01738 * Module: library/certs.c 01739 * Caller: 01740 * 01741 * This module is used for testing (ssl_client/server). 01742 */ 01743 //#define MBEDTLS_CERTS_C 01744 01745 /** 01746 * \def MBEDTLS_CIPHER_C 01747 * 01748 * Enable the generic cipher layer. 01749 * 01750 * Module: library/cipher.c 01751 * Caller: library/ssl_tls.c 01752 * 01753 * Uncomment to enable generic cipher wrappers. 01754 */ 01755 #define MBEDTLS_CIPHER_C 01756 01757 /** 01758 * \def MBEDTLS_CMAC_C 01759 * 01760 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01761 * ciphers. 01762 * 01763 * Module: library/cmac.c 01764 * 01765 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01766 * 01767 */ 01768 #define MBEDTLS_CMAC_C 01769 01770 /** 01771 * \def MBEDTLS_CTR_DRBG_C 01772 * 01773 * Enable the CTR_DRBG AES-256-based random generator. 01774 * 01775 * Module: library/ctr_drbg.c 01776 * Caller: 01777 * 01778 * Requires: MBEDTLS_AES_C 01779 * 01780 * This module provides the CTR_DRBG AES-256 random number generator. 01781 */ 01782 //#define MBEDTLS_CTR_DRBG_C 01783 01784 /** 01785 * \def MBEDTLS_DEBUG_C 01786 * 01787 * Enable the debug functions. 01788 * 01789 * Module: library/debug.c 01790 * Caller: library/ssl_cli.c 01791 * library/ssl_srv.c 01792 * library/ssl_tls.c 01793 * 01794 * This module provides debugging functions. 01795 */ 01796 //#define MBEDTLS_DEBUG_C 01797 01798 /** 01799 * \def MBEDTLS_DES_C 01800 * 01801 * Enable the DES block cipher. 01802 * 01803 * Module: library/des.c 01804 * Caller: library/pem.c 01805 * library/ssl_tls.c 01806 * 01807 * This module enables the following ciphersuites (if other requisites are 01808 * enabled as well): 01809 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01810 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01811 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01812 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01813 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01814 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01815 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01816 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01817 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01818 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01819 * 01820 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01821 */ 01822 //#define MBEDTLS_DES_C 01823 01824 /** 01825 * \def MBEDTLS_DHM_C 01826 * 01827 * Enable the Diffie-Hellman-Merkle module. 01828 * 01829 * Module: library/dhm.c 01830 * Caller: library/ssl_cli.c 01831 * library/ssl_srv.c 01832 * 01833 * This module is used by the following key exchanges: 01834 * DHE-RSA, DHE-PSK 01835 */ 01836 //#define MBEDTLS_DHM_C 01837 01838 /** 01839 * \def MBEDTLS_ECDH_C 01840 * 01841 * Enable the elliptic curve Diffie-Hellman library. 01842 * 01843 * Module: library/ecdh.c 01844 * Caller: library/ssl_cli.c 01845 * library/ssl_srv.c 01846 * 01847 * This module is used by the following key exchanges: 01848 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01849 * 01850 * Requires: MBEDTLS_ECP_C 01851 */ 01852 //#define MBEDTLS_ECDH_C 01853 01854 /** 01855 * \def MBEDTLS_ECDSA_C 01856 * 01857 * Enable the elliptic curve DSA library. 01858 * 01859 * Module: library/ecdsa.c 01860 * Caller: 01861 * 01862 * This module is used by the following key exchanges: 01863 * ECDHE-ECDSA 01864 * 01865 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01866 */ 01867 //#define MBEDTLS_ECDSA_C 01868 01869 /** 01870 * \def MBEDTLS_ECJPAKE_C 01871 * 01872 * Enable the elliptic curve J-PAKE library. 01873 * 01874 * \warning This is currently experimental. EC J-PAKE support is based on the 01875 * Thread v1.0.0 specification; incompatible changes to the specification 01876 * might still happen. For this reason, this is disabled by default. 01877 * 01878 * Module: library/ecjpake.c 01879 * Caller: 01880 * 01881 * This module is used by the following key exchanges: 01882 * ECJPAKE 01883 * 01884 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01885 */ 01886 //#define MBEDTLS_ECJPAKE_C 01887 01888 /** 01889 * \def MBEDTLS_ECP_C 01890 * 01891 * Enable the elliptic curve over GF(p) library. 01892 * 01893 * Module: library/ecp.c 01894 * Caller: library/ecdh.c 01895 * library/ecdsa.c 01896 * library/ecjpake.c 01897 * 01898 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01899 */ 01900 //#define MBEDTLS_ECP_C 01901 01902 /** 01903 * \def MBEDTLS_ENTROPY_C 01904 * 01905 * Enable the platform-specific entropy code. 01906 * 01907 * Module: library/entropy.c 01908 * Caller: 01909 * 01910 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01911 * 01912 * This module provides a generic entropy pool 01913 */ 01914 //#define MBEDTLS_ENTROPY_C 01915 01916 /** 01917 * \def MBEDTLS_ERROR_C 01918 * 01919 * Enable error code to error string conversion. 01920 * 01921 * Module: library/error.c 01922 * Caller: 01923 * 01924 * This module enables mbedtls_strerror(). 01925 */ 01926 //#define MBEDTLS_ERROR_C 01927 01928 /** 01929 * \def MBEDTLS_GCM_C 01930 * 01931 * Enable the Galois/Counter Mode (GCM) for AES. 01932 * 01933 * Module: library/gcm.c 01934 * 01935 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01936 * 01937 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01938 * requisites are enabled as well. 01939 */ 01940 //#define MBEDTLS_GCM_C 01941 01942 /** 01943 * \def MBEDTLS_HAVEGE_C 01944 * 01945 * Enable the HAVEGE random generator. 01946 * 01947 * Warning: the HAVEGE random generator is not suitable for virtualized 01948 * environments 01949 * 01950 * Warning: the HAVEGE random generator is dependent on timing and specific 01951 * processor traits. It is therefore not advised to use HAVEGE as 01952 * your applications primary random generator or primary entropy pool 01953 * input. As a secondary input to your entropy pool, it IS able add 01954 * the (limited) extra entropy it provides. 01955 * 01956 * Module: library/havege.c 01957 * Caller: 01958 * 01959 * Requires: MBEDTLS_TIMING_C 01960 * 01961 * Uncomment to enable the HAVEGE random generator. 01962 */ 01963 //#define MBEDTLS_HAVEGE_C 01964 01965 /** 01966 * \def MBEDTLS_HMAC_DRBG_C 01967 * 01968 * Enable the HMAC_DRBG random generator. 01969 * 01970 * Module: library/hmac_drbg.c 01971 * Caller: 01972 * 01973 * Requires: MBEDTLS_MD_C 01974 * 01975 * Uncomment to enable the HMAC_DRBG random number geerator. 01976 */ 01977 //#define MBEDTLS_HMAC_DRBG_C 01978 01979 /** 01980 * \def MBEDTLS_MD_C 01981 * 01982 * Enable the generic message digest layer. 01983 * 01984 * Module: library/md.c 01985 * Caller: 01986 * 01987 * Uncomment to enable generic message digest wrappers. 01988 */ 01989 //#define MBEDTLS_MD_C 01990 01991 /** 01992 * \def MBEDTLS_MD2_C 01993 * 01994 * Enable the MD2 hash algorithm. 01995 * 01996 * Module: library/md2.c 01997 * Caller: 01998 * 01999 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 02000 */ 02001 //#define MBEDTLS_MD2_C 02002 02003 /** 02004 * \def MBEDTLS_MD4_C 02005 * 02006 * Enable the MD4 hash algorithm. 02007 * 02008 * Module: library/md4.c 02009 * Caller: 02010 * 02011 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 02012 */ 02013 //#define MBEDTLS_MD4_C 02014 02015 /** 02016 * \def MBEDTLS_MD5_C 02017 * 02018 * Enable the MD5 hash algorithm. 02019 * 02020 * Module: library/md5.c 02021 * Caller: library/md.c 02022 * library/pem.c 02023 * library/ssl_tls.c 02024 * 02025 * This module is required for SSL/TLS and X.509. 02026 * PEM_PARSE uses MD5 for decrypting encrypted keys. 02027 */ 02028 //#define MBEDTLS_MD5_C 02029 02030 /** 02031 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 02032 * 02033 * Enable the buffer allocator implementation that makes use of a (stack) 02034 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 02035 * calls) 02036 * 02037 * Module: library/memory_buffer_alloc.c 02038 * 02039 * Requires: MBEDTLS_PLATFORM_C 02040 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 02041 * 02042 * Enable this module to enable the buffer memory allocator. 02043 */ 02044 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 02045 02046 /** 02047 * \def MBEDTLS_NET_C 02048 * 02049 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 02050 * 02051 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 02052 * and Windows. For other platforms, you'll want to disable it, and write your 02053 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 02054 * 02055 * \note See also our Knowledge Base article about porting to a new 02056 * environment: 02057 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02058 * 02059 * Module: library/net_sockets.c 02060 * 02061 * This module provides networking routines. 02062 */ 02063 //#define MBEDTLS_NET_C 02064 02065 /** 02066 * \def MBEDTLS_OID_C 02067 * 02068 * Enable the OID database. 02069 * 02070 * Module: library/oid.c 02071 * Caller: library/asn1write.c 02072 * library/pkcs5.c 02073 * library/pkparse.c 02074 * library/pkwrite.c 02075 * library/rsa.c 02076 * library/x509.c 02077 * library/x509_create.c 02078 * library/x509_crl.c 02079 * library/x509_crt.c 02080 * library/x509_csr.c 02081 * library/x509write_crt.c 02082 * library/x509write_csr.c 02083 * 02084 * This modules translates between OIDs and internal values. 02085 */ 02086 //#define MBEDTLS_OID_C 02087 02088 /** 02089 * \def MBEDTLS_PADLOCK_C 02090 * 02091 * Enable VIA Padlock support on x86. 02092 * 02093 * Module: library/padlock.c 02094 * Caller: library/aes.c 02095 * 02096 * Requires: MBEDTLS_HAVE_ASM 02097 * 02098 * This modules adds support for the VIA PadLock on x86. 02099 */ 02100 //#define MBEDTLS_PADLOCK_C 02101 02102 /** 02103 * \def MBEDTLS_PEM_PARSE_C 02104 * 02105 * Enable PEM decoding / parsing. 02106 * 02107 * Module: library/pem.c 02108 * Caller: library/dhm.c 02109 * library/pkparse.c 02110 * library/x509_crl.c 02111 * library/x509_crt.c 02112 * library/x509_csr.c 02113 * 02114 * Requires: MBEDTLS_BASE64_C 02115 * 02116 * This modules adds support for decoding / parsing PEM files. 02117 */ 02118 //#define MBEDTLS_PEM_PARSE_C 02119 02120 /** 02121 * \def MBEDTLS_PEM_WRITE_C 02122 * 02123 * Enable PEM encoding / writing. 02124 * 02125 * Module: library/pem.c 02126 * Caller: library/pkwrite.c 02127 * library/x509write_crt.c 02128 * library/x509write_csr.c 02129 * 02130 * Requires: MBEDTLS_BASE64_C 02131 * 02132 * This modules adds support for encoding / writing PEM files. 02133 */ 02134 //#define MBEDTLS_PEM_WRITE_C 02135 02136 /** 02137 * \def MBEDTLS_PK_C 02138 * 02139 * Enable the generic public (asymetric) key layer. 02140 * 02141 * Module: library/pk.c 02142 * Caller: library/ssl_tls.c 02143 * library/ssl_cli.c 02144 * library/ssl_srv.c 02145 * 02146 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02147 * 02148 * Uncomment to enable generic public key wrappers. 02149 */ 02150 //#define MBEDTLS_PK_C 02151 02152 /** 02153 * \def MBEDTLS_PK_PARSE_C 02154 * 02155 * Enable the generic public (asymetric) key parser. 02156 * 02157 * Module: library/pkparse.c 02158 * Caller: library/x509_crt.c 02159 * library/x509_csr.c 02160 * 02161 * Requires: MBEDTLS_PK_C 02162 * 02163 * Uncomment to enable generic public key parse functions. 02164 */ 02165 //#define MBEDTLS_PK_PARSE_C 02166 02167 /** 02168 * \def MBEDTLS_PK_WRITE_C 02169 * 02170 * Enable the generic public (asymetric) key writer. 02171 * 02172 * Module: library/pkwrite.c 02173 * Caller: library/x509write.c 02174 * 02175 * Requires: MBEDTLS_PK_C 02176 * 02177 * Uncomment to enable generic public key write functions. 02178 */ 02179 //#define MBEDTLS_PK_WRITE_C 02180 02181 /** 02182 * \def MBEDTLS_PKCS5_C 02183 * 02184 * Enable PKCS#5 functions. 02185 * 02186 * Module: library/pkcs5.c 02187 * 02188 * Requires: MBEDTLS_MD_C 02189 * 02190 * This module adds support for the PKCS#5 functions. 02191 */ 02192 //#define MBEDTLS_PKCS5_C 02193 02194 /** 02195 * \def MBEDTLS_PKCS11_C 02196 * 02197 * Enable wrapper for PKCS#11 smartcard support. 02198 * 02199 * Module: library/pkcs11.c 02200 * Caller: library/pk.c 02201 * 02202 * Requires: MBEDTLS_PK_C 02203 * 02204 * This module enables SSL/TLS PKCS #11 smartcard support. 02205 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02206 */ 02207 //#define MBEDTLS_PKCS11_C 02208 02209 /** 02210 * \def MBEDTLS_PKCS12_C 02211 * 02212 * Enable PKCS#12 PBE functions. 02213 * Adds algorithms for parsing PKCS#8 encrypted private keys 02214 * 02215 * Module: library/pkcs12.c 02216 * Caller: library/pkparse.c 02217 * 02218 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02219 * Can use: MBEDTLS_ARC4_C 02220 * 02221 * This module enables PKCS#12 functions. 02222 */ 02223 //#define MBEDTLS_PKCS12_C 02224 02225 /** 02226 * \def MBEDTLS_PLATFORM_C 02227 * 02228 * Enable the platform abstraction layer that allows you to re-assign 02229 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02230 * 02231 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02232 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02233 * above to be specified at runtime or compile time respectively. 02234 * 02235 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02236 * as other module rely on it for a fixed snprintf implementation. 02237 * 02238 * Module: library/platform.c 02239 * Caller: Most other .c files 02240 * 02241 * This module enables abstraction of common (libc) functions. 02242 */ 02243 //#define MBEDTLS_PLATFORM_C 02244 02245 /** 02246 * \def MBEDTLS_RIPEMD160_C 02247 * 02248 * Enable the RIPEMD-160 hash algorithm. 02249 * 02250 * Module: library/ripemd160.c 02251 * Caller: library/md.c 02252 * 02253 */ 02254 //#define MBEDTLS_RIPEMD160_C 02255 02256 /** 02257 * \def MBEDTLS_RSA_C 02258 * 02259 * Enable the RSA public-key cryptosystem. 02260 * 02261 * Module: library/rsa.c 02262 * Caller: library/ssl_cli.c 02263 * library/ssl_srv.c 02264 * library/ssl_tls.c 02265 * library/x509.c 02266 * 02267 * This module is used by the following key exchanges: 02268 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02269 * 02270 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02271 */ 02272 //#define MBEDTLS_RSA_C 02273 02274 /** 02275 * \def MBEDTLS_SHA1_C 02276 * 02277 * Enable the SHA1 cryptographic hash algorithm. 02278 * 02279 * Module: library/sha1.c 02280 * Caller: library/md.c 02281 * library/ssl_cli.c 02282 * library/ssl_srv.c 02283 * library/ssl_tls.c 02284 * library/x509write_crt.c 02285 * 02286 * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 02287 * depending on the handshake parameters, and for SHA1-signed certificates. 02288 */ 02289 //#define MBEDTLS_SHA1_C 02290 02291 /** 02292 * \def MBEDTLS_SHA256_C 02293 * 02294 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02295 * 02296 * Module: library/sha256.c 02297 * Caller: library/entropy.c 02298 * library/md.c 02299 * library/ssl_cli.c 02300 * library/ssl_srv.c 02301 * library/ssl_tls.c 02302 * 02303 * This module adds support for SHA-224 and SHA-256. 02304 * This module is required for the SSL/TLS 1.2 PRF function. 02305 */ 02306 //#define MBEDTLS_SHA256_C 02307 02308 /** 02309 * \def MBEDTLS_SHA512_C 02310 * 02311 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02312 * 02313 * Module: library/sha512.c 02314 * Caller: library/entropy.c 02315 * library/md.c 02316 * library/ssl_cli.c 02317 * library/ssl_srv.c 02318 * 02319 * This module adds support for SHA-384 and SHA-512. 02320 */ 02321 //#define MBEDTLS_SHA512_C 02322 02323 /** 02324 * \def MBEDTLS_SSL_CACHE_C 02325 * 02326 * Enable simple SSL cache implementation. 02327 * 02328 * Module: library/ssl_cache.c 02329 * Caller: 02330 * 02331 * Requires: MBEDTLS_SSL_CACHE_C 02332 */ 02333 //#define MBEDTLS_SSL_CACHE_C 02334 02335 /** 02336 * \def MBEDTLS_SSL_COOKIE_C 02337 * 02338 * Enable basic implementation of DTLS cookies for hello verification. 02339 * 02340 * Module: library/ssl_cookie.c 02341 * Caller: 02342 */ 02343 //#define MBEDTLS_SSL_COOKIE_C 02344 02345 /** 02346 * \def MBEDTLS_SSL_TICKET_C 02347 * 02348 * Enable an implementation of TLS server-side callbacks for session tickets. 02349 * 02350 * Module: library/ssl_ticket.c 02351 * Caller: 02352 * 02353 * Requires: MBEDTLS_CIPHER_C 02354 */ 02355 //#define MBEDTLS_SSL_TICKET_C 02356 02357 /** 02358 * \def MBEDTLS_SSL_CLI_C 02359 * 02360 * Enable the SSL/TLS client code. 02361 * 02362 * Module: library/ssl_cli.c 02363 * Caller: 02364 * 02365 * Requires: MBEDTLS_SSL_TLS_C 02366 * 02367 * This module is required for SSL/TLS client support. 02368 */ 02369 //#define MBEDTLS_SSL_CLI_C 02370 02371 /** 02372 * \def MBEDTLS_SSL_SRV_C 02373 * 02374 * Enable the SSL/TLS server code. 02375 * 02376 * Module: library/ssl_srv.c 02377 * Caller: 02378 * 02379 * Requires: MBEDTLS_SSL_TLS_C 02380 * 02381 * This module is required for SSL/TLS server support. 02382 */ 02383 //#define MBEDTLS_SSL_SRV_C 02384 02385 /** 02386 * \def MBEDTLS_SSL_TLS_C 02387 * 02388 * Enable the generic SSL/TLS code. 02389 * 02390 * Module: library/ssl_tls.c 02391 * Caller: library/ssl_cli.c 02392 * library/ssl_srv.c 02393 * 02394 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02395 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02396 * 02397 * This module is required for SSL/TLS. 02398 */ 02399 //#define MBEDTLS_SSL_TLS_C 02400 02401 /** 02402 * \def MBEDTLS_THREADING_C 02403 * 02404 * Enable the threading abstraction layer. 02405 * By default mbed TLS assumes it is used in a non-threaded environment or that 02406 * contexts are not shared between threads. If you do intend to use contexts 02407 * between threads, you will need to enable this layer to prevent race 02408 * conditions. See also our Knowledge Base article about threading: 02409 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02410 * 02411 * Module: library/threading.c 02412 * 02413 * This allows different threading implementations (self-implemented or 02414 * provided). 02415 * 02416 * You will have to enable either MBEDTLS_THREADING_ALT or 02417 * MBEDTLS_THREADING_PTHREAD. 02418 * 02419 * Enable this layer to allow use of mutexes within mbed TLS 02420 */ 02421 //#define MBEDTLS_THREADING_C 02422 02423 /** 02424 * \def MBEDTLS_TIMING_C 02425 * 02426 * Enable the semi-portable timing interface. 02427 * 02428 * \note The provided implementation only works on POSIX/Unix (including Linux, 02429 * BSD and OS X) and Windows. On other platforms, you can either disable that 02430 * module and provide your own implementations of the callbacks needed by 02431 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02432 * your own implementation of the whole module by setting 02433 * \c MBEDTLS_TIMING_ALT in the current file. 02434 * 02435 * \note See also our Knowledge Base article about porting to a new 02436 * environment: 02437 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02438 * 02439 * Module: library/timing.c 02440 * Caller: library/havege.c 02441 * 02442 * This module is used by the HAVEGE random number generator. 02443 */ 02444 //#define MBEDTLS_TIMING_C 02445 02446 /** 02447 * \def MBEDTLS_VERSION_C 02448 * 02449 * Enable run-time version information. 02450 * 02451 * Module: library/version.c 02452 * 02453 * This module provides run-time version information. 02454 */ 02455 //#define MBEDTLS_VERSION_C 02456 02457 /** 02458 * \def MBEDTLS_X509_USE_C 02459 * 02460 * Enable X.509 core for using certificates. 02461 * 02462 * Module: library/x509.c 02463 * Caller: library/x509_crl.c 02464 * library/x509_crt.c 02465 * library/x509_csr.c 02466 * 02467 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02468 * MBEDTLS_PK_PARSE_C 02469 * 02470 * This module is required for the X.509 parsing modules. 02471 */ 02472 //#define MBEDTLS_X509_USE_C 02473 02474 /** 02475 * \def MBEDTLS_X509_CRT_PARSE_C 02476 * 02477 * Enable X.509 certificate parsing. 02478 * 02479 * Module: library/x509_crt.c 02480 * Caller: library/ssl_cli.c 02481 * library/ssl_srv.c 02482 * library/ssl_tls.c 02483 * 02484 * Requires: MBEDTLS_X509_USE_C 02485 * 02486 * This module is required for X.509 certificate parsing. 02487 */ 02488 //#define MBEDTLS_X509_CRT_PARSE_C 02489 02490 /** 02491 * \def MBEDTLS_X509_CRL_PARSE_C 02492 * 02493 * Enable X.509 CRL parsing. 02494 * 02495 * Module: library/x509_crl.c 02496 * Caller: library/x509_crt.c 02497 * 02498 * Requires: MBEDTLS_X509_USE_C 02499 * 02500 * This module is required for X.509 CRL parsing. 02501 */ 02502 //#define MBEDTLS_X509_CRL_PARSE_C 02503 02504 /** 02505 * \def MBEDTLS_X509_CSR_PARSE_C 02506 * 02507 * Enable X.509 Certificate Signing Request (CSR) parsing. 02508 * 02509 * Module: library/x509_csr.c 02510 * Caller: library/x509_crt_write.c 02511 * 02512 * Requires: MBEDTLS_X509_USE_C 02513 * 02514 * This module is used for reading X.509 certificate request. 02515 */ 02516 //#define MBEDTLS_X509_CSR_PARSE_C 02517 02518 /** 02519 * \def MBEDTLS_X509_CREATE_C 02520 * 02521 * Enable X.509 core for creating certificates. 02522 * 02523 * Module: library/x509_create.c 02524 * 02525 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02526 * 02527 * This module is the basis for creating X.509 certificates and CSRs. 02528 */ 02529 //#define MBEDTLS_X509_CREATE_C 02530 02531 /** 02532 * \def MBEDTLS_X509_CRT_WRITE_C 02533 * 02534 * Enable creating X.509 certificates. 02535 * 02536 * Module: library/x509_crt_write.c 02537 * 02538 * Requires: MBEDTLS_X509_CREATE_C 02539 * 02540 * This module is required for X.509 certificate creation. 02541 */ 02542 //#define MBEDTLS_X509_CRT_WRITE_C 02543 02544 /** 02545 * \def MBEDTLS_X509_CSR_WRITE_C 02546 * 02547 * Enable creating X.509 Certificate Signing Requests (CSR). 02548 * 02549 * Module: library/x509_csr_write.c 02550 * 02551 * Requires: MBEDTLS_X509_CREATE_C 02552 * 02553 * This module is required for X.509 certificate request writing. 02554 */ 02555 //#define MBEDTLS_X509_CSR_WRITE_C 02556 02557 /** 02558 * \def MBEDTLS_XTEA_C 02559 * 02560 * Enable the XTEA block cipher. 02561 * 02562 * Module: library/xtea.c 02563 * Caller: 02564 */ 02565 //#define MBEDTLS_XTEA_C 02566 02567 /* \} name SECTION: mbed TLS modules */ 02568 02569 /** 02570 * \name SECTION: Module configuration options 02571 * 02572 * This section allows for the setting of module specific sizes and 02573 * configuration options. The default values are already present in the 02574 * relevant header files and should suffice for the regular use cases. 02575 * 02576 * Our advice is to enable options and change their values here 02577 * only if you have a good reason and know the consequences. 02578 * 02579 * Please check the respective header file for documentation on these 02580 * parameters (to prevent duplicate documentation). 02581 * \{ 02582 */ 02583 02584 /* MPI / BIGNUM options */ 02585 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02586 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02587 02588 /* CTR_DRBG options */ 02589 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02590 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02591 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02592 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02593 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02594 02595 /* HMAC_DRBG options */ 02596 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02597 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02598 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02599 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02600 02601 /* ECP options */ 02602 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02603 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02604 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02605 02606 /* Entropy options */ 02607 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02608 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02609 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02610 02611 /* Memory buffer allocator options */ 02612 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02613 02614 /* Platform options */ 02615 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02616 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02617 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02618 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02619 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02620 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02621 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02622 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02623 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02624 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02625 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02626 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02627 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02628 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02629 02630 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02631 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02632 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02633 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02634 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02635 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02636 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02637 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02638 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02639 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02640 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02641 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02642 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02643 02644 /* SSL Cache options */ 02645 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02646 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02647 02648 /* SSL options */ 02649 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02650 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02651 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02652 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02653 02654 /** 02655 * Complete list of ciphersuites to use, in order of preference. 02656 * 02657 * \warning No dependency checking is done on that field! This option can only 02658 * be used to restrict the set of available ciphersuites. It is your 02659 * responsibility to make sure the needed modules are active. 02660 * 02661 * Use this to save a few hundred bytes of ROM (default ordering of all 02662 * available ciphersuites) and a few to a few hundred bytes of RAM. 02663 * 02664 * The value below is only an example, not the default. 02665 */ 02666 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02667 02668 /* X509 options */ 02669 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02670 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02671 02672 /** 02673 * Allow SHA-1 in the default TLS configuration for certificate signing. 02674 * Without this build-time option, SHA-1 support must be activated explicitly 02675 * through mbedtls_ssl_conf_cert_profile. Turning on this option is not 02676 * recommended because of it is possible to generte SHA-1 collisions, however 02677 * this may be safe for legacy infrastructure where additional controls apply. 02678 */ 02679 // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 02680 02681 /** 02682 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake 02683 * signature and ciphersuite selection. Without this build-time option, SHA-1 02684 * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. 02685 * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by 02686 * default. At the time of writing, there is no practical attack on the use 02687 * of SHA-1 in handshake signatures, hence this option is turned on by default 02688 * for compatibility with existing peers. 02689 */ 02690 //#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE 02691 02692 02693 #include "check_config.h" 02694 02695 #endif /* MBEDTLS_LORA_CONFIG_H */
Generated on Thu Jul 14 2022 11:45:28 by 1.7.2