Rizky Ardi Maulana
/
mbed-os
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
config.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_CONFIG_H 00029 00030 #include "platform/inc/platform_mbed.h" 00031 00032 /* 00033 * Only use features that do not require an entropy source when 00034 * DEVICE_ENTROPY_SOURCE is not defined in mbed OS. 00035 */ 00036 #if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && !defined(MBEDTLS_TEST_NULL_ENTROPY) 00037 #include "mbedtls/config-no-entropy.h" 00038 00039 #if defined(MBEDTLS_USER_CONFIG_FILE) 00040 #include MBEDTLS_USER_CONFIG_FILE 00041 #endif 00042 00043 #else 00044 #define MBEDTLS_CONFIG_H 00045 00046 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00047 #define _CRT_SECURE_NO_DEPRECATE 1 00048 #endif 00049 00050 /** 00051 * \name SECTION: System support 00052 * 00053 * This section sets system specific settings. 00054 * \{ 00055 */ 00056 00057 /** 00058 * \def MBEDTLS_HAVE_ASM 00059 * 00060 * The compiler has support for asm(). 00061 * 00062 * Requires support for asm() in compiler. 00063 * 00064 * Used in: 00065 * library/timing.c 00066 * library/padlock.c 00067 * include/mbedtls/bn_mul.h 00068 * 00069 * Comment to disable the use of assembly code. 00070 */ 00071 #define MBEDTLS_HAVE_ASM 00072 00073 /** 00074 * \def MBEDTLS_HAVE_SSE2 00075 * 00076 * CPU supports SSE2 instruction set. 00077 * 00078 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00079 */ 00080 //#define MBEDTLS_HAVE_SSE2 00081 00082 /** 00083 * \def MBEDTLS_HAVE_TIME 00084 * 00085 * System has time.h and time(). 00086 * The time does not need to be correct, only time differences are used, 00087 * by contrast with MBEDTLS_HAVE_TIME_DATE 00088 * 00089 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00090 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00091 * MBEDTLS_PLATFORM_STD_TIME. 00092 * 00093 * Comment if your system does not support time functions 00094 */ 00095 #define MBEDTLS_HAVE_TIME 00096 00097 /** 00098 * \def MBEDTLS_HAVE_TIME_DATE 00099 * 00100 * System has time.h and time(), gmtime() and the clock is correct. 00101 * The time needs to be correct (not necesarily very accurate, but at least 00102 * the date should be correct). This is used to verify the validity period of 00103 * X.509 certificates. 00104 * 00105 * Comment if your system does not have a correct clock. 00106 */ 00107 //#define MBEDTLS_HAVE_TIME_DATE 00108 00109 /** 00110 * \def MBEDTLS_PLATFORM_MEMORY 00111 * 00112 * Enable the memory allocation layer. 00113 * 00114 * By default mbed TLS uses the system-provided calloc() and free(). 00115 * This allows different allocators (self-implemented or provided) to be 00116 * provided to the platform abstraction layer. 00117 * 00118 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00119 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00120 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00121 * free() function pointer at runtime. 00122 * 00123 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00124 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00125 * alternate function at compile time. 00126 * 00127 * Requires: MBEDTLS_PLATFORM_C 00128 * 00129 * Enable this layer to allow use of alternative memory allocators. 00130 */ 00131 //#define MBEDTLS_PLATFORM_MEMORY 00132 00133 /** 00134 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00135 * 00136 * Do not assign standard functions in the platform layer (e.g. calloc() to 00137 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00138 * 00139 * This makes sure there are no linking errors on platforms that do not support 00140 * these functions. You will HAVE to provide alternatives, either at runtime 00141 * via the platform_set_xxx() functions or at compile time by setting 00142 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00143 * MBEDTLS_PLATFORM_XXX_MACRO. 00144 * 00145 * Requires: MBEDTLS_PLATFORM_C 00146 * 00147 * Uncomment to prevent default assignment of standard functions in the 00148 * platform layer. 00149 */ 00150 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00151 00152 /** 00153 * \def MBEDTLS_PLATFORM_EXIT_ALT 00154 * 00155 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00156 * function in the platform abstraction layer. 00157 * 00158 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00159 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00160 * alternative printf function pointer. 00161 * 00162 * All these define require MBEDTLS_PLATFORM_C to be defined! 00163 * 00164 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00165 * it will be enabled automatically by check_config.h 00166 * 00167 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00168 * MBEDTLS_PLATFORM_XXX_MACRO! 00169 * 00170 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00171 * 00172 * Uncomment a macro to enable alternate implementation of specific base 00173 * platform function 00174 */ 00175 //#define MBEDTLS_PLATFORM_EXIT_ALT 00176 //#define MBEDTLS_PLATFORM_TIME_ALT 00177 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00178 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00179 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00180 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00181 00182 /** 00183 * \def MBEDTLS_DEPRECATED_WARNING 00184 * 00185 * Mark deprecated functions so that they generate a warning if used. 00186 * Functions deprecated in one version will usually be removed in the next 00187 * version. You can enable this to help you prepare the transition to a new 00188 * major version by making sure your code is not using these functions. 00189 * 00190 * This only works with GCC and Clang. With other compilers, you may want to 00191 * use MBEDTLS_DEPRECATED_REMOVED 00192 * 00193 * Uncomment to get warnings on using deprecated functions. 00194 */ 00195 //#define MBEDTLS_DEPRECATED_WARNING 00196 00197 /** 00198 * \def MBEDTLS_DEPRECATED_REMOVED 00199 * 00200 * Remove deprecated functions so that they generate an error if used. 00201 * Functions deprecated in one version will usually be removed in the next 00202 * version. You can enable this to help you prepare the transition to a new 00203 * major version by making sure your code is not using these functions. 00204 * 00205 * Uncomment to get errors on using deprecated functions. 00206 */ 00207 //#define MBEDTLS_DEPRECATED_REMOVED 00208 00209 /* \} name SECTION: System support */ 00210 00211 /** 00212 * \name SECTION: mbed TLS feature support 00213 * 00214 * This section sets support for features that are or are not needed 00215 * within the modules that are enabled. 00216 * \{ 00217 */ 00218 00219 /** 00220 * \def MBEDTLS_TIMING_ALT 00221 * 00222 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00223 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00224 * 00225 * Only works if you have MBEDTLS_TIMING_C enabled. 00226 * 00227 * You will need to provide a header "timing_alt.h" and an implementation at 00228 * compile time. 00229 */ 00230 //#define MBEDTLS_TIMING_ALT 00231 00232 /** 00233 * \def MBEDTLS_AES_ALT 00234 * 00235 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00236 * alternate core implementation of a symmetric crypto or hash module (e.g. 00237 * platform specific assembly optimized implementations). Keep in mind that 00238 * the function prototypes should remain the same. 00239 * 00240 * This replaces the whole module. If you only want to replace one of the 00241 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00242 * 00243 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00244 * provide the "struct mbedtls_aes_context" definition and omit the base function 00245 * declarations and implementations. "aes_alt.h" will be included from 00246 * "aes.h" to include the new function definitions. 00247 * 00248 * Uncomment a macro to enable alternate implementation of the corresponding 00249 * module. 00250 */ 00251 //#define MBEDTLS_AES_ALT 00252 //#define MBEDTLS_ARC4_ALT 00253 //#define MBEDTLS_BLOWFISH_ALT 00254 //#define MBEDTLS_CAMELLIA_ALT 00255 //#define MBEDTLS_DES_ALT 00256 //#define MBEDTLS_XTEA_ALT 00257 //#define MBEDTLS_MD2_ALT 00258 //#define MBEDTLS_MD4_ALT 00259 //#define MBEDTLS_MD5_ALT 00260 //#define MBEDTLS_RIPEMD160_ALT 00261 //#define MBEDTLS_SHA1_ALT 00262 //#define MBEDTLS_SHA256_ALT 00263 //#define MBEDTLS_SHA512_ALT 00264 00265 /** 00266 * \def MBEDTLS_MD2_PROCESS_ALT 00267 * 00268 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00269 * alternate core implementation of symmetric crypto or hash function. Keep in 00270 * mind that function prototypes should remain the same. 00271 * 00272 * This replaces only one function. The header file from mbed TLS is still 00273 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00274 * 00275 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00276 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00277 * the other function (using your mbedtls_sha1_process() function) and the definition 00278 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00279 * with this definition. 00280 * 00281 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00282 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00283 * tables. 00284 * 00285 * Uncomment a macro to enable alternate implementation of the corresponding 00286 * function. 00287 */ 00288 //#define MBEDTLS_MD2_PROCESS_ALT 00289 //#define MBEDTLS_MD4_PROCESS_ALT 00290 //#define MBEDTLS_MD5_PROCESS_ALT 00291 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00292 //#define MBEDTLS_SHA1_PROCESS_ALT 00293 //#define MBEDTLS_SHA256_PROCESS_ALT 00294 //#define MBEDTLS_SHA512_PROCESS_ALT 00295 //#define MBEDTLS_DES_SETKEY_ALT 00296 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00297 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00298 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00299 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00300 //#define MBEDTLS_AES_ENCRYPT_ALT 00301 //#define MBEDTLS_AES_DECRYPT_ALT 00302 00303 /** 00304 * \def MBEDTLS_TEST_NULL_ENTROPY 00305 * 00306 * Enables testing and use of mbed TLS without any configured entropy sources. 00307 * This permits use of the library on platforms before an entropy source has 00308 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00309 * MBEDTLS_ENTROPY_NV_SEED switches). 00310 * 00311 * WARNING! This switch MUST be disabled in production builds, and is suitable 00312 * only for development. 00313 * Enabling the switch negates any security provided by the library. 00314 * 00315 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00316 * 00317 */ 00318 //#define MBEDTLS_TEST_NULL_ENTROPY 00319 00320 /** 00321 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00322 * 00323 * Uncomment this macro to let mbed TLS use your own implementation of a 00324 * hardware entropy collector. 00325 * 00326 * Your function must be called \c mbedtls_hardware_poll(), have the same 00327 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00328 * 00329 * Uncomment to use your own hardware entropy collector. 00330 */ 00331 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00332 00333 /** 00334 * \def MBEDTLS_AES_ROM_TABLES 00335 * 00336 * Store the AES tables in ROM. 00337 * 00338 * Uncomment this macro to store the AES tables in ROM. 00339 */ 00340 //#define MBEDTLS_AES_ROM_TABLES 00341 00342 /** 00343 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00344 * 00345 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00346 * 00347 * Uncomment this macro to use less memory for Camellia. 00348 */ 00349 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00350 00351 /** 00352 * \def MBEDTLS_CIPHER_MODE_CBC 00353 * 00354 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00355 */ 00356 #define MBEDTLS_CIPHER_MODE_CBC 00357 00358 /** 00359 * \def MBEDTLS_CIPHER_MODE_CFB 00360 * 00361 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00362 */ 00363 //#define MBEDTLS_CIPHER_MODE_CFB 00364 00365 /** 00366 * \def MBEDTLS_CIPHER_MODE_CTR 00367 * 00368 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00369 */ 00370 //#define MBEDTLS_CIPHER_MODE_CTR 00371 00372 /** 00373 * \def MBEDTLS_CIPHER_NULL_CIPHER 00374 * 00375 * Enable NULL cipher. 00376 * Warning: Only do so when you know what you are doing. This allows for 00377 * encryption or channels without any security! 00378 * 00379 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00380 * the following ciphersuites: 00381 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00382 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00383 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00384 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00385 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00386 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00387 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00388 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00389 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00390 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00391 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00392 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00393 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00394 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00395 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00396 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00397 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00398 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00399 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00400 * 00401 * Uncomment this macro to enable the NULL cipher and ciphersuites 00402 */ 00403 //#define MBEDTLS_CIPHER_NULL_CIPHER 00404 00405 /** 00406 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00407 * 00408 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00409 * specific padding modes in the cipher layer with cipher modes that support 00410 * padding (e.g. CBC) 00411 * 00412 * If you disable all padding modes, only full blocks can be used with CBC. 00413 * 00414 * Enable padding modes in the cipher layer. 00415 */ 00416 #define MBEDTLS_CIPHER_PADDING_PKCS7 00417 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00418 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00419 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00420 00421 /** 00422 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00423 * 00424 * Enable weak ciphersuites in SSL / TLS. 00425 * Warning: Only do so when you know what you are doing. This allows for 00426 * channels with virtually no security at all! 00427 * 00428 * This enables the following ciphersuites: 00429 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00430 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00431 * 00432 * Uncomment this macro to enable weak ciphersuites 00433 */ 00434 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00435 00436 /** 00437 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00438 * 00439 * Remove RC4 ciphersuites by default in SSL / TLS. 00440 * This flag removes the ciphersuites based on RC4 from the default list as 00441 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00442 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00443 * explicitly. 00444 * 00445 * Uncomment this macro to remove RC4 ciphersuites by default. 00446 */ 00447 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00448 00449 /** 00450 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00451 * 00452 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00453 * module. By default all supported curves are enabled. 00454 * 00455 * Comment macros to disable the curve and functions for it 00456 */ 00457 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00458 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00459 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00460 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00461 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00462 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00463 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00464 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00465 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00466 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00467 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00468 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00469 00470 /** 00471 * \def MBEDTLS_ECP_NIST_OPTIM 00472 * 00473 * Enable specific 'modulo p' routines for each NIST prime. 00474 * Depending on the prime and architecture, makes operations 4 to 8 times 00475 * faster on the corresponding curve. 00476 * 00477 * Comment this macro to disable NIST curves optimisation. 00478 */ 00479 #define MBEDTLS_ECP_NIST_OPTIM 00480 00481 /** 00482 * \def MBEDTLS_ECDSA_DETERMINISTIC 00483 * 00484 * Enable deterministic ECDSA (RFC 6979). 00485 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00486 * may result in a compromise of the long-term signing key. This is avoided by 00487 * the deterministic variant. 00488 * 00489 * Requires: MBEDTLS_HMAC_DRBG_C 00490 * 00491 * Comment this macro to disable deterministic ECDSA. 00492 */ 00493 #define MBEDTLS_ECDSA_DETERMINISTIC 00494 00495 /** 00496 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00497 * 00498 * Enable the PSK based ciphersuite modes in SSL / TLS. 00499 * 00500 * This enables the following ciphersuites (if other requisites are 00501 * enabled as well): 00502 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00503 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00504 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00505 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00506 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00507 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00508 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00509 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00510 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00511 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00512 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00513 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00514 */ 00515 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00516 00517 /** 00518 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00519 * 00520 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00521 * 00522 * Requires: MBEDTLS_DHM_C 00523 * 00524 * This enables the following ciphersuites (if other requisites are 00525 * enabled as well): 00526 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00527 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00528 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00529 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00530 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00531 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00532 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00533 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00534 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00535 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00536 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00537 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00538 */ 00539 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00540 00541 /** 00542 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00543 * 00544 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00545 * 00546 * Requires: MBEDTLS_ECDH_C 00547 * 00548 * This enables the following ciphersuites (if other requisites are 00549 * enabled as well): 00550 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00551 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00552 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00553 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00554 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00555 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00556 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00557 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00558 */ 00559 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00560 00561 /** 00562 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00563 * 00564 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00565 * 00566 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00567 * MBEDTLS_X509_CRT_PARSE_C 00568 * 00569 * This enables the following ciphersuites (if other requisites are 00570 * enabled as well): 00571 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00572 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00573 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00574 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00575 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00576 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00577 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00578 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00579 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00580 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00581 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00582 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00583 */ 00584 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00585 00586 /** 00587 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00588 * 00589 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00590 * 00591 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00592 * MBEDTLS_X509_CRT_PARSE_C 00593 * 00594 * This enables the following ciphersuites (if other requisites are 00595 * enabled as well): 00596 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00597 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00598 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00599 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00600 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00601 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00602 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00603 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00604 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00605 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00606 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00607 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00608 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00609 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00610 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00611 */ 00612 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00613 00614 /** 00615 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00616 * 00617 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00618 * 00619 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00620 * MBEDTLS_X509_CRT_PARSE_C 00621 * 00622 * This enables the following ciphersuites (if other requisites are 00623 * enabled as well): 00624 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00625 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00626 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00627 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00628 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00629 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00630 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00631 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00632 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00633 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00634 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00635 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00636 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00637 */ 00638 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00639 00640 /** 00641 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00642 * 00643 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00644 * 00645 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00646 * MBEDTLS_X509_CRT_PARSE_C 00647 * 00648 * This enables the following ciphersuites (if other requisites are 00649 * enabled as well): 00650 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00651 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00652 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00653 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00654 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00655 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00656 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00657 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00658 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00659 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00660 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00661 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00662 */ 00663 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00664 00665 /** 00666 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00667 * 00668 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00669 * 00670 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00671 * 00672 * This enables the following ciphersuites (if other requisites are 00673 * enabled as well): 00674 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00675 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00676 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00677 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00678 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00679 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00680 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00681 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00682 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00683 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00684 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00685 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00686 */ 00687 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00688 00689 /** 00690 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00691 * 00692 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00693 * 00694 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00695 * 00696 * This enables the following ciphersuites (if other requisites are 00697 * enabled as well): 00698 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00699 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00700 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00701 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00702 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00703 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00704 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00705 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00706 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00707 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00708 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00709 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00710 */ 00711 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00712 00713 /** 00714 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00715 * 00716 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00717 * 00718 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00719 * 00720 * This enables the following ciphersuites (if other requisites are 00721 * enabled as well): 00722 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00723 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00724 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00725 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00726 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00727 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00728 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00729 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00730 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00731 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00732 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00733 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00734 */ 00735 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00736 00737 /** 00738 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00739 * 00740 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00741 * 00742 * \warning This is currently experimental. EC J-PAKE support is based on the 00743 * Thread v1.0.0 specification; incompatible changes to the specification 00744 * might still happen. For this reason, this is disabled by default. 00745 * 00746 * Requires: MBEDTLS_ECJPAKE_C 00747 * MBEDTLS_SHA256_C 00748 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00749 * 00750 * This enables the following ciphersuites (if other requisites are 00751 * enabled as well): 00752 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00753 */ 00754 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00755 00756 /** 00757 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00758 * 00759 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00760 * RFC 5915 and RFC 5480. 00761 * 00762 * Currently this means parsing the SpecifiedECDomain choice of EC 00763 * parameters (only known groups are supported, not arbitrary domains, to 00764 * avoid validation issues). 00765 * 00766 * Disable if you only need to support RFC 5915 + 5480 key formats. 00767 */ 00768 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00769 00770 /** 00771 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00772 * 00773 * Enable a dummy error function to make use of mbedtls_strerror() in 00774 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00775 * (no effect when MBEDTLS_ERROR_C is enabled). 00776 * 00777 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00778 * not using mbedtls_strerror() or error_strerror() in your application. 00779 * 00780 * Disable if you run into name conflicts and want to really remove the 00781 * mbedtls_strerror() 00782 */ 00783 #define MBEDTLS_ERROR_STRERROR_DUMMY 00784 00785 /** 00786 * \def MBEDTLS_GENPRIME 00787 * 00788 * Enable the prime-number generation code. 00789 * 00790 * Requires: MBEDTLS_BIGNUM_C 00791 */ 00792 //#define MBEDTLS_GENPRIME 00793 00794 /** 00795 * \def MBEDTLS_FS_IO 00796 * 00797 * Enable functions that use the filesystem. 00798 */ 00799 //#define MBEDTLS_FS_IO 00800 00801 /** 00802 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00803 * 00804 * Do not add default entropy sources. These are the platform specific, 00805 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00806 * 00807 * This is useful to have more control over the added entropy sources in an 00808 * application. 00809 * 00810 * Uncomment this macro to prevent loading of default entropy functions. 00811 */ 00812 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00813 00814 /** 00815 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00816 * 00817 * Do not use built-in platform entropy functions. 00818 * This is useful if your platform does not support 00819 * standards like the /dev/urandom or Windows CryptoAPI. 00820 * 00821 * Uncomment this macro to disable the built-in platform entropy functions. 00822 */ 00823 #define MBEDTLS_NO_PLATFORM_ENTROPY 00824 00825 /** 00826 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00827 * 00828 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00829 * default SHA-512 based one (if both are available). 00830 * 00831 * Requires: MBEDTLS_SHA256_C 00832 * 00833 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00834 * if you have performance concerns. 00835 * 00836 * This option is only useful if both MBEDTLS_SHA256_C and 00837 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00838 */ 00839 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00840 00841 /** 00842 * \def MBEDTLS_ENTROPY_NV_SEED 00843 * 00844 * Enable the non-volatile (NV) seed file-based entropy source. 00845 * (Also enables the NV seed read/write functions in the platform layer) 00846 * 00847 * This is crucial (if not required) on systems that do not have a 00848 * cryptographic entropy source (in hardware or kernel) available. 00849 * 00850 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00851 * 00852 * \note The read/write functions that are used by the entropy source are 00853 * determined in the platform layer, and can be modified at runtime and/or 00854 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00855 * 00856 * \note If you use the default implementation functions that read a seedfile 00857 * with regular fopen(), please make sure you make a seedfile with the 00858 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00859 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00860 * and written to or you will get an entropy source error! The default 00861 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00862 * bytes from the file. 00863 * 00864 * \note The entropy collector will write to the seed file before entropy is 00865 * given to an external source, to update it. 00866 */ 00867 //#define MBEDTLS_ENTROPY_NV_SEED 00868 00869 /** 00870 * \def MBEDTLS_MEMORY_DEBUG 00871 * 00872 * Enable debugging of buffer allocator memory issues. Automatically prints 00873 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00874 * function for 'debug output' of allocated memory. 00875 * 00876 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00877 * 00878 * Uncomment this macro to let the buffer allocator print out error messages. 00879 */ 00880 //#define MBEDTLS_MEMORY_DEBUG 00881 00882 /** 00883 * \def MBEDTLS_MEMORY_BACKTRACE 00884 * 00885 * Include backtrace information with each allocated block. 00886 * 00887 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00888 * GLIBC-compatible backtrace() an backtrace_symbols() support 00889 * 00890 * Uncomment this macro to include backtrace information 00891 */ 00892 //#define MBEDTLS_MEMORY_BACKTRACE 00893 00894 /** 00895 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00896 * 00897 * Support external private RSA keys (eg from a HSM) in the PK layer. 00898 * 00899 * Comment this macro to disable support for external private RSA keys. 00900 */ 00901 #define MBEDTLS_PK_RSA_ALT_SUPPORT 00902 00903 /** 00904 * \def MBEDTLS_PKCS1_V15 00905 * 00906 * Enable support for PKCS#1 v1.5 encoding. 00907 * 00908 * Requires: MBEDTLS_RSA_C 00909 * 00910 * This enables support for PKCS#1 v1.5 operations. 00911 */ 00912 #define MBEDTLS_PKCS1_V15 00913 00914 /** 00915 * \def MBEDTLS_PKCS1_V21 00916 * 00917 * Enable support for PKCS#1 v2.1 encoding. 00918 * 00919 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00920 * 00921 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00922 */ 00923 #define MBEDTLS_PKCS1_V21 00924 00925 /** 00926 * \def MBEDTLS_RSA_NO_CRT 00927 * 00928 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00929 * 00930 * Uncomment this macro to disable the use of CRT in RSA. 00931 * 00932 */ 00933 //#define MBEDTLS_RSA_NO_CRT 00934 00935 /** 00936 * \def MBEDTLS_SELF_TEST 00937 * 00938 * Enable the checkup functions (*_self_test). 00939 */ 00940 #define MBEDTLS_SELF_TEST 00941 00942 /** 00943 * \def MBEDTLS_SHA256_SMALLER 00944 * 00945 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00946 * lower performance. 00947 * 00948 * The default implementation is meant to be a reasonnable compromise between 00949 * performance and size. This version optimizes more aggressively for size at 00950 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00951 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00952 * 30%. 00953 * 00954 * Uncomment to enable the smaller implementation of SHA256. 00955 */ 00956 //#define MBEDTLS_SHA256_SMALLER 00957 00958 /** 00959 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00960 * 00961 * Enable sending of alert messages in case of encountered errors as per RFC. 00962 * If you choose not to send the alert messages, mbed TLS can still communicate 00963 * with other servers, only debugging of failures is harder. 00964 * 00965 * The advantage of not sending alert messages, is that no information is given 00966 * about reasons for failures thus preventing adversaries of gaining intel. 00967 * 00968 * Enable sending of all alert messages 00969 */ 00970 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 00971 00972 /** 00973 * \def MBEDTLS_SSL_DEBUG_ALL 00974 * 00975 * Enable the debug messages in SSL module for all issues. 00976 * Debug messages have been disabled in some places to prevent timing 00977 * attacks due to (unbalanced) debugging function calls. 00978 * 00979 * If you need all error reporting you should enable this during debugging, 00980 * but remove this for production servers that should log as well. 00981 * 00982 * Uncomment this macro to report all debug messages on errors introducing 00983 * a timing side-channel. 00984 * 00985 */ 00986 //#define MBEDTLS_SSL_DEBUG_ALL 00987 00988 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 00989 * 00990 * Enable support for Encrypt-then-MAC, RFC 7366. 00991 * 00992 * This allows peers that both support it to use a more robust protection for 00993 * ciphersuites using CBC, providing deep resistance against timing attacks 00994 * on the padding or underlying cipher. 00995 * 00996 * This only affects CBC ciphersuites, and is useless if none is defined. 00997 * 00998 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 00999 * MBEDTLS_SSL_PROTO_TLS1_1 or 01000 * MBEDTLS_SSL_PROTO_TLS1_2 01001 * 01002 * Comment this macro to disable support for Encrypt-then-MAC 01003 */ 01004 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01005 01006 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01007 * 01008 * Enable support for Extended Master Secret, aka Session Hash 01009 * (draft-ietf-tls-session-hash-02). 01010 * 01011 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01012 * attacks, but it is recommended to always use it (even if you disable 01013 * renegotiation), since it actually fixes a more fundamental issue in the 01014 * original SSL/TLS design, and has implications beyond Triple Handshake. 01015 * 01016 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01017 * MBEDTLS_SSL_PROTO_TLS1_1 or 01018 * MBEDTLS_SSL_PROTO_TLS1_2 01019 * 01020 * Comment this macro to disable support for Extended Master Secret. 01021 */ 01022 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01023 01024 /** 01025 * \def MBEDTLS_SSL_FALLBACK_SCSV 01026 * 01027 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01028 * 01029 * For servers, it is recommended to always enable this, unless you support 01030 * only one version of TLS, or know for sure that none of your clients 01031 * implements a fallback strategy. 01032 * 01033 * For clients, you only need this if you're using a fallback strategy, which 01034 * is not recommended in the first place, unless you absolutely need it to 01035 * interoperate with buggy (version-intolerant) servers. 01036 * 01037 * Comment this macro to disable support for FALLBACK_SCSV 01038 */ 01039 //#define MBEDTLS_SSL_FALLBACK_SCSV 01040 01041 /** 01042 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01043 * 01044 * Enable hooking functions in SSL module for hardware acceleration of 01045 * individual records. 01046 * 01047 * Uncomment this macro to enable hooking functions. 01048 */ 01049 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01050 01051 /** 01052 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01053 * 01054 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01055 * 01056 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01057 * of interoperability issues compared to sending 0-length records. 01058 * 01059 * Comment this macro to disable 1/n-1 record splitting. 01060 */ 01061 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01062 01063 /** 01064 * \def MBEDTLS_SSL_RENEGOTIATION 01065 * 01066 * Disable support for TLS renegotiation. 01067 * 01068 * The two main uses of renegotiation are (1) refresh keys on long-lived 01069 * connections and (2) client authentication after the initial handshake. 01070 * If you don't need renegotiation, it's probably better to disable it, since 01071 * it has been associated with security issues in the past and is easy to 01072 * misuse/misunderstand. 01073 * 01074 * Comment this to disable support for renegotiation. 01075 */ 01076 #define MBEDTLS_SSL_RENEGOTIATION 01077 01078 /** 01079 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01080 * 01081 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01082 * SSL Server module (MBEDTLS_SSL_SRV_C). 01083 * 01084 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01085 */ 01086 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01087 01088 /** 01089 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01090 * 01091 * Pick the ciphersuite according to the client's preferences rather than ours 01092 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01093 * 01094 * Uncomment this macro to respect client's ciphersuite order 01095 */ 01096 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01097 01098 /** 01099 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01100 * 01101 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01102 * 01103 * Comment this macro to disable support for the max_fragment_length extension 01104 */ 01105 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01106 01107 /** 01108 * \def MBEDTLS_SSL_PROTO_SSL3 01109 * 01110 * Enable support for SSL 3.0. 01111 * 01112 * Requires: MBEDTLS_MD5_C 01113 * MBEDTLS_SHA1_C 01114 * 01115 * Comment this macro to disable support for SSL 3.0 01116 */ 01117 //#define MBEDTLS_SSL_PROTO_SSL3 01118 01119 /** 01120 * \def MBEDTLS_SSL_PROTO_TLS1 01121 * 01122 * Enable support for TLS 1.0. 01123 * 01124 * Requires: MBEDTLS_MD5_C 01125 * MBEDTLS_SHA1_C 01126 * 01127 * Comment this macro to disable support for TLS 1.0 01128 */ 01129 //#define MBEDTLS_SSL_PROTO_TLS1 01130 01131 /** 01132 * \def MBEDTLS_SSL_PROTO_TLS1_1 01133 * 01134 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01135 * 01136 * Requires: MBEDTLS_MD5_C 01137 * MBEDTLS_SHA1_C 01138 * 01139 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01140 */ 01141 //#define MBEDTLS_SSL_PROTO_TLS1_1 01142 01143 /** 01144 * \def MBEDTLS_SSL_PROTO_TLS1_2 01145 * 01146 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01147 * 01148 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01149 * (Depends on ciphersuites) 01150 * 01151 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01152 */ 01153 #define MBEDTLS_SSL_PROTO_TLS1_2 01154 01155 /** 01156 * \def MBEDTLS_SSL_PROTO_DTLS 01157 * 01158 * Enable support for DTLS (all available versions). 01159 * 01160 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01161 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01162 * 01163 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01164 * or MBEDTLS_SSL_PROTO_TLS1_2 01165 * 01166 * Comment this macro to disable support for DTLS 01167 */ 01168 #define MBEDTLS_SSL_PROTO_DTLS 01169 01170 /** 01171 * \def MBEDTLS_SSL_ALPN 01172 * 01173 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01174 * 01175 * Comment this macro to disable support for ALPN. 01176 */ 01177 #define MBEDTLS_SSL_ALPN 01178 01179 /** 01180 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01181 * 01182 * Enable support for the anti-replay mechanism in DTLS. 01183 * 01184 * Requires: MBEDTLS_SSL_TLS_C 01185 * MBEDTLS_SSL_PROTO_DTLS 01186 * 01187 * \warning Disabling this is often a security risk! 01188 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01189 * 01190 * Comment this to disable anti-replay in DTLS. 01191 */ 01192 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01193 01194 /** 01195 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01196 * 01197 * Enable support for HelloVerifyRequest on DTLS servers. 01198 * 01199 * This feature is highly recommended to prevent DTLS servers being used as 01200 * amplifiers in DoS attacks against other hosts. It should always be enabled 01201 * unless you know for sure amplification cannot be a problem in the 01202 * environment in which your server operates. 01203 * 01204 * \warning Disabling this can ba a security risk! (see above) 01205 * 01206 * Requires: MBEDTLS_SSL_PROTO_DTLS 01207 * 01208 * Comment this to disable support for HelloVerifyRequest. 01209 */ 01210 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01211 01212 /** 01213 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01214 * 01215 * Enable server-side support for clients that reconnect from the same port. 01216 * 01217 * Some clients unexpectedly close the connection and try to reconnect using the 01218 * same source port. This needs special support from the server to handle the 01219 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01220 * flag enables that support. 01221 * 01222 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01223 * 01224 * Comment this to disable support for clients reusing the source port. 01225 */ 01226 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01227 01228 /** 01229 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01230 * 01231 * Enable support for a limit of records with bad MAC. 01232 * 01233 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01234 * 01235 * Requires: MBEDTLS_SSL_PROTO_DTLS 01236 */ 01237 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01238 01239 /** 01240 * \def MBEDTLS_SSL_SESSION_TICKETS 01241 * 01242 * Enable support for RFC 5077 session tickets in SSL. 01243 * Client-side, provides full support for session tickets (maintainance of a 01244 * session store remains the responsibility of the application, though). 01245 * Server-side, you also need to provide callbacks for writing and parsing 01246 * tickets, including authenticated encryption and key management. Example 01247 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01248 * 01249 * Comment this macro to disable support for SSL session tickets 01250 */ 01251 #define MBEDTLS_SSL_SESSION_TICKETS 01252 01253 /** 01254 * \def MBEDTLS_SSL_EXPORT_KEYS 01255 * 01256 * Enable support for exporting key block and master secret. 01257 * This is required for certain users of TLS, e.g. EAP-TLS. 01258 * 01259 * Comment this macro to disable support for key export 01260 */ 01261 #define MBEDTLS_SSL_EXPORT_KEYS 01262 01263 /** 01264 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01265 * 01266 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01267 * 01268 * Requires: MBEDTLS_X509_CRT_PARSE_C 01269 * 01270 * Comment this macro to disable support for server name indication in SSL 01271 */ 01272 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01273 01274 /** 01275 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01276 * 01277 * Enable support for RFC 6066 truncated HMAC in SSL. 01278 * 01279 * Comment this macro to disable support for truncated HMAC in SSL 01280 */ 01281 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01282 01283 /** 01284 * \def MBEDTLS_THREADING_ALT 01285 * 01286 * Provide your own alternate threading implementation. 01287 * 01288 * Requires: MBEDTLS_THREADING_C 01289 * 01290 * Uncomment this to allow your own alternate threading implementation. 01291 */ 01292 //#define MBEDTLS_THREADING_ALT 01293 01294 /** 01295 * \def MBEDTLS_THREADING_PTHREAD 01296 * 01297 * Enable the pthread wrapper layer for the threading layer. 01298 * 01299 * Requires: MBEDTLS_THREADING_C 01300 * 01301 * Uncomment this to enable pthread mutexes. 01302 */ 01303 //#define MBEDTLS_THREADING_PTHREAD 01304 01305 /** 01306 * \def MBEDTLS_VERSION_FEATURES 01307 * 01308 * Allow run-time checking of compile-time enabled features. Thus allowing users 01309 * to check at run-time if the library is for instance compiled with threading 01310 * support via mbedtls_version_check_feature(). 01311 * 01312 * Requires: MBEDTLS_VERSION_C 01313 * 01314 * Comment this to disable run-time checking and save ROM space 01315 */ 01316 #define MBEDTLS_VERSION_FEATURES 01317 01318 /** 01319 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01320 * 01321 * If set, the X509 parser will not break-off when parsing an X509 certificate 01322 * and encountering an extension in a v1 or v2 certificate. 01323 * 01324 * Uncomment to prevent an error. 01325 */ 01326 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01327 01328 /** 01329 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01330 * 01331 * If set, the X509 parser will not break-off when parsing an X509 certificate 01332 * and encountering an unknown critical extension. 01333 * 01334 * \warning Depending on your PKI use, enabling this can be a security risk! 01335 * 01336 * Uncomment to prevent an error. 01337 */ 01338 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01339 01340 /** 01341 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01342 * 01343 * Enable verification of the keyUsage extension (CA and leaf certificates). 01344 * 01345 * Disabling this avoids problems with mis-issued and/or misused 01346 * (intermediate) CA and leaf certificates. 01347 * 01348 * \warning Depending on your PKI use, disabling this can be a security risk! 01349 * 01350 * Comment to skip keyUsage checking for both CA and leaf certificates. 01351 */ 01352 #define MBEDTLS_X509_CHECK_KEY_USAGE 01353 01354 /** 01355 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01356 * 01357 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01358 * 01359 * Disabling this avoids problems with mis-issued and/or misused certificates. 01360 * 01361 * \warning Depending on your PKI use, disabling this can be a security risk! 01362 * 01363 * Comment to skip extendedKeyUsage checking for certificates. 01364 */ 01365 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01366 01367 /** 01368 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01369 * 01370 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01371 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01372 * 01373 * Comment this macro to disallow using RSASSA-PSS in certificates. 01374 */ 01375 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01376 01377 /** 01378 * \def MBEDTLS_ZLIB_SUPPORT 01379 * 01380 * If set, the SSL/TLS module uses ZLIB to support compression and 01381 * decompression of packet data. 01382 * 01383 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01384 * CRIME attack. Before enabling this option, you should examine with care if 01385 * CRIME or similar exploits may be a applicable to your use case. 01386 * 01387 * \note Currently compression can't be used with DTLS. 01388 * 01389 * Used in: library/ssl_tls.c 01390 * library/ssl_cli.c 01391 * library/ssl_srv.c 01392 * 01393 * This feature requires zlib library and headers to be present. 01394 * 01395 * Uncomment to enable use of ZLIB 01396 */ 01397 //#define MBEDTLS_ZLIB_SUPPORT 01398 /* \} name SECTION: mbed TLS feature support */ 01399 01400 /** 01401 * \name SECTION: mbed TLS modules 01402 * 01403 * This section enables or disables entire modules in mbed TLS 01404 * \{ 01405 */ 01406 01407 /** 01408 * \def MBEDTLS_AESNI_C 01409 * 01410 * Enable AES-NI support on x86-64. 01411 * 01412 * Module: library/aesni.c 01413 * Caller: library/aes.c 01414 * 01415 * Requires: MBEDTLS_HAVE_ASM 01416 * 01417 * This modules adds support for the AES-NI instructions on x86-64 01418 */ 01419 //#define MBEDTLS_AESNI_C 01420 01421 /** 01422 * \def MBEDTLS_AES_C 01423 * 01424 * Enable the AES block cipher. 01425 * 01426 * Module: library/aes.c 01427 * Caller: library/ssl_tls.c 01428 * library/pem.c 01429 * library/ctr_drbg.c 01430 * 01431 * This module enables the following ciphersuites (if other requisites are 01432 * enabled as well): 01433 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01434 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01435 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01436 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01437 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01438 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01439 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01440 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01441 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01442 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01443 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01444 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01445 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01446 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01447 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01448 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01449 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01450 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01451 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01452 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01453 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01454 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01455 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01456 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01457 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01458 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01459 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01460 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01461 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01462 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01463 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01464 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01465 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01466 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01467 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01468 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01469 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01470 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01471 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01472 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01473 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01474 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01475 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01476 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01477 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01478 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01479 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01480 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01481 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01482 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01483 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01484 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01485 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01486 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01487 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01488 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01489 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01490 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01491 * 01492 * PEM_PARSE uses AES for decrypting encrypted keys. 01493 */ 01494 #define MBEDTLS_AES_C 01495 01496 /** 01497 * \def MBEDTLS_ARC4_C 01498 * 01499 * Enable the ARCFOUR stream cipher. 01500 * 01501 * Module: library/arc4.c 01502 * Caller: library/ssl_tls.c 01503 * 01504 * This module enables the following ciphersuites (if other requisites are 01505 * enabled as well): 01506 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01507 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01508 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01509 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01510 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01511 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01512 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01513 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01514 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01515 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01516 */ 01517 //#define MBEDTLS_ARC4_C 01518 01519 /** 01520 * \def MBEDTLS_ASN1_PARSE_C 01521 * 01522 * Enable the generic ASN1 parser. 01523 * 01524 * Module: library/asn1.c 01525 * Caller: library/x509.c 01526 * library/dhm.c 01527 * library/pkcs12.c 01528 * library/pkcs5.c 01529 * library/pkparse.c 01530 */ 01531 #define MBEDTLS_ASN1_PARSE_C 01532 01533 /** 01534 * \def MBEDTLS_ASN1_WRITE_C 01535 * 01536 * Enable the generic ASN1 writer. 01537 * 01538 * Module: library/asn1write.c 01539 * Caller: library/ecdsa.c 01540 * library/pkwrite.c 01541 * library/x509_create.c 01542 * library/x509write_crt.c 01543 * library/mbedtls_x509write_csr.c 01544 */ 01545 #define MBEDTLS_ASN1_WRITE_C 01546 01547 /** 01548 * \def MBEDTLS_BASE64_C 01549 * 01550 * Enable the Base64 module. 01551 * 01552 * Module: library/base64.c 01553 * Caller: library/pem.c 01554 * 01555 * This module is required for PEM support (required by X.509). 01556 */ 01557 #define MBEDTLS_BASE64_C 01558 01559 /** 01560 * \def MBEDTLS_BIGNUM_C 01561 * 01562 * Enable the multi-precision integer library. 01563 * 01564 * Module: library/bignum.c 01565 * Caller: library/dhm.c 01566 * library/ecp.c 01567 * library/ecdsa.c 01568 * library/rsa.c 01569 * library/ssl_tls.c 01570 * 01571 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01572 */ 01573 #define MBEDTLS_BIGNUM_C 01574 01575 /** 01576 * \def MBEDTLS_BLOWFISH_C 01577 * 01578 * Enable the Blowfish block cipher. 01579 * 01580 * Module: library/blowfish.c 01581 */ 01582 //#define MBEDTLS_BLOWFISH_C 01583 01584 /** 01585 * \def MBEDTLS_CAMELLIA_C 01586 * 01587 * Enable the Camellia block cipher. 01588 * 01589 * Module: library/camellia.c 01590 * Caller: library/ssl_tls.c 01591 * 01592 * This module enables the following ciphersuites (if other requisites are 01593 * enabled as well): 01594 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01595 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01596 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01597 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01598 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01599 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01600 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01601 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01602 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01603 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01604 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01605 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01606 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01607 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01608 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01609 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01610 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01611 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01612 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01613 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01614 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01615 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01616 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01617 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01618 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01619 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01620 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01621 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01622 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01623 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01624 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01625 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01626 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01627 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01628 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01629 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01630 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01631 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01632 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01633 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01634 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01635 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01636 */ 01637 //#define MBEDTLS_CAMELLIA_C 01638 01639 /** 01640 * \def MBEDTLS_CCM_C 01641 * 01642 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01643 * 01644 * Module: library/ccm.c 01645 * 01646 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01647 * 01648 * This module enables the AES-CCM ciphersuites, if other requisites are 01649 * enabled as well. 01650 */ 01651 #define MBEDTLS_CCM_C 01652 01653 /** 01654 * \def MBEDTLS_CERTS_C 01655 * 01656 * Enable the test certificates. 01657 * 01658 * Module: library/certs.c 01659 * Caller: 01660 * 01661 * This module is used for testing (ssl_client/server). 01662 */ 01663 #define MBEDTLS_CERTS_C 01664 01665 /** 01666 * \def MBEDTLS_CIPHER_C 01667 * 01668 * Enable the generic cipher layer. 01669 * 01670 * Module: library/cipher.c 01671 * Caller: library/ssl_tls.c 01672 * 01673 * Uncomment to enable generic cipher wrappers. 01674 */ 01675 #define MBEDTLS_CIPHER_C 01676 01677 /** 01678 * \def MBEDTLS_CMAC_C 01679 * 01680 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01681 * ciphers. 01682 * 01683 * Module: library/cmac.c 01684 * 01685 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01686 * 01687 */ 01688 //#define MBEDTLS_CMAC_C 01689 01690 /** 01691 * \def MBEDTLS_CTR_DRBG_C 01692 * 01693 * Enable the CTR_DRBG AES-256-based random generator. 01694 * 01695 * Module: library/ctr_drbg.c 01696 * Caller: 01697 * 01698 * Requires: MBEDTLS_AES_C 01699 * 01700 * This module provides the CTR_DRBG AES-256 random number generator. 01701 */ 01702 #define MBEDTLS_CTR_DRBG_C 01703 01704 /** 01705 * \def MBEDTLS_DEBUG_C 01706 * 01707 * Enable the debug functions. 01708 * 01709 * Module: library/debug.c 01710 * Caller: library/ssl_cli.c 01711 * library/ssl_srv.c 01712 * library/ssl_tls.c 01713 * 01714 * This module provides debugging functions. 01715 */ 01716 #define MBEDTLS_DEBUG_C 01717 01718 /** 01719 * \def MBEDTLS_DES_C 01720 * 01721 * Enable the DES block cipher. 01722 * 01723 * Module: library/des.c 01724 * Caller: library/pem.c 01725 * library/ssl_tls.c 01726 * 01727 * This module enables the following ciphersuites (if other requisites are 01728 * enabled as well): 01729 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01730 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01731 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01732 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01733 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01734 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01735 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01736 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01737 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01738 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01739 * 01740 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01741 */ 01742 //#define MBEDTLS_DES_C 01743 01744 /** 01745 * \def MBEDTLS_DHM_C 01746 * 01747 * Enable the Diffie-Hellman-Merkle module. 01748 * 01749 * Module: library/dhm.c 01750 * Caller: library/ssl_cli.c 01751 * library/ssl_srv.c 01752 * 01753 * This module is used by the following key exchanges: 01754 * DHE-RSA, DHE-PSK 01755 */ 01756 //#define MBEDTLS_DHM_C 01757 01758 /** 01759 * \def MBEDTLS_ECDH_C 01760 * 01761 * Enable the elliptic curve Diffie-Hellman library. 01762 * 01763 * Module: library/ecdh.c 01764 * Caller: library/ssl_cli.c 01765 * library/ssl_srv.c 01766 * 01767 * This module is used by the following key exchanges: 01768 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01769 * 01770 * Requires: MBEDTLS_ECP_C 01771 */ 01772 #define MBEDTLS_ECDH_C 01773 01774 /** 01775 * \def MBEDTLS_ECDSA_C 01776 * 01777 * Enable the elliptic curve DSA library. 01778 * 01779 * Module: library/ecdsa.c 01780 * Caller: 01781 * 01782 * This module is used by the following key exchanges: 01783 * ECDHE-ECDSA 01784 * 01785 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01786 */ 01787 #define MBEDTLS_ECDSA_C 01788 01789 /** 01790 * \def MBEDTLS_ECJPAKE_C 01791 * 01792 * Enable the elliptic curve J-PAKE library. 01793 * 01794 * \warning This is currently experimental. EC J-PAKE support is based on the 01795 * Thread v1.0.0 specification; incompatible changes to the specification 01796 * might still happen. For this reason, this is disabled by default. 01797 * 01798 * Module: library/ecjpake.c 01799 * Caller: 01800 * 01801 * This module is used by the following key exchanges: 01802 * ECJPAKE 01803 * 01804 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01805 */ 01806 //#define MBEDTLS_ECJPAKE_C 01807 01808 /** 01809 * \def MBEDTLS_ECP_C 01810 * 01811 * Enable the elliptic curve over GF(p) library. 01812 * 01813 * Module: library/ecp.c 01814 * Caller: library/ecdh.c 01815 * library/ecdsa.c 01816 * library/ecjpake.c 01817 * 01818 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01819 */ 01820 #define MBEDTLS_ECP_C 01821 01822 /** 01823 * \def MBEDTLS_ENTROPY_C 01824 * 01825 * Enable the platform-specific entropy code. 01826 * 01827 * Module: library/entropy.c 01828 * Caller: 01829 * 01830 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01831 * 01832 * This module provides a generic entropy pool 01833 */ 01834 #define MBEDTLS_ENTROPY_C 01835 01836 /** 01837 * \def MBEDTLS_ERROR_C 01838 * 01839 * Enable error code to error string conversion. 01840 * 01841 * Module: library/error.c 01842 * Caller: 01843 * 01844 * This module enables mbedtls_strerror(). 01845 */ 01846 #define MBEDTLS_ERROR_C 01847 01848 /** 01849 * \def MBEDTLS_GCM_C 01850 * 01851 * Enable the Galois/Counter Mode (GCM) for AES. 01852 * 01853 * Module: library/gcm.c 01854 * 01855 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01856 * 01857 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01858 * requisites are enabled as well. 01859 */ 01860 #define MBEDTLS_GCM_C 01861 01862 /** 01863 * \def MBEDTLS_HAVEGE_C 01864 * 01865 * Enable the HAVEGE random generator. 01866 * 01867 * Warning: the HAVEGE random generator is not suitable for virtualized 01868 * environments 01869 * 01870 * Warning: the HAVEGE random generator is dependent on timing and specific 01871 * processor traits. It is therefore not advised to use HAVEGE as 01872 * your applications primary random generator or primary entropy pool 01873 * input. As a secondary input to your entropy pool, it IS able add 01874 * the (limited) extra entropy it provides. 01875 * 01876 * Module: library/havege.c 01877 * Caller: 01878 * 01879 * Requires: MBEDTLS_TIMING_C 01880 * 01881 * Uncomment to enable the HAVEGE random generator. 01882 */ 01883 //#define MBEDTLS_HAVEGE_C 01884 01885 /** 01886 * \def MBEDTLS_HMAC_DRBG_C 01887 * 01888 * Enable the HMAC_DRBG random generator. 01889 * 01890 * Module: library/hmac_drbg.c 01891 * Caller: 01892 * 01893 * Requires: MBEDTLS_MD_C 01894 * 01895 * Uncomment to enable the HMAC_DRBG random number geerator. 01896 */ 01897 #define MBEDTLS_HMAC_DRBG_C 01898 01899 /** 01900 * \def MBEDTLS_MD_C 01901 * 01902 * Enable the generic message digest layer. 01903 * 01904 * Module: library/mbedtls_md.c 01905 * Caller: 01906 * 01907 * Uncomment to enable generic message digest wrappers. 01908 */ 01909 #define MBEDTLS_MD_C 01910 01911 /** 01912 * \def MBEDTLS_MD2_C 01913 * 01914 * Enable the MD2 hash algorithm. 01915 * 01916 * Module: library/mbedtls_md2.c 01917 * Caller: 01918 * 01919 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01920 */ 01921 //#define MBEDTLS_MD2_C 01922 01923 /** 01924 * \def MBEDTLS_MD4_C 01925 * 01926 * Enable the MD4 hash algorithm. 01927 * 01928 * Module: library/mbedtls_md4.c 01929 * Caller: 01930 * 01931 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01932 */ 01933 //#define MBEDTLS_MD4_C 01934 01935 /** 01936 * \def MBEDTLS_MD5_C 01937 * 01938 * Enable the MD5 hash algorithm. 01939 * 01940 * Module: library/mbedtls_md5.c 01941 * Caller: library/mbedtls_md.c 01942 * library/pem.c 01943 * library/ssl_tls.c 01944 * 01945 * This module is required for SSL/TLS and X.509. 01946 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01947 */ 01948 //#define MBEDTLS_MD5_C 01949 01950 /** 01951 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 01952 * 01953 * Enable the buffer allocator implementation that makes use of a (stack) 01954 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 01955 * calls) 01956 * 01957 * Module: library/memory_buffer_alloc.c 01958 * 01959 * Requires: MBEDTLS_PLATFORM_C 01960 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 01961 * 01962 * Enable this module to enable the buffer memory allocator. 01963 */ 01964 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 01965 01966 /** 01967 * \def MBEDTLS_NET_C 01968 * 01969 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 01970 * 01971 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 01972 * and Windows. For other platforms, you'll want to disable it, and write your 01973 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 01974 * 01975 * \note See also our Knowledge Base article about porting to a new 01976 * environment: 01977 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 01978 * 01979 * Module: library/net_sockets.c 01980 * 01981 * This module provides networking routines. 01982 */ 01983 //#define MBEDTLS_NET_C 01984 01985 /** 01986 * \def MBEDTLS_OID_C 01987 * 01988 * Enable the OID database. 01989 * 01990 * Module: library/oid.c 01991 * Caller: library/asn1write.c 01992 * library/pkcs5.c 01993 * library/pkparse.c 01994 * library/pkwrite.c 01995 * library/rsa.c 01996 * library/x509.c 01997 * library/x509_create.c 01998 * library/mbedtls_x509_crl.c 01999 * library/mbedtls_x509_crt.c 02000 * library/mbedtls_x509_csr.c 02001 * library/x509write_crt.c 02002 * library/mbedtls_x509write_csr.c 02003 * 02004 * This modules translates between OIDs and internal values. 02005 */ 02006 #define MBEDTLS_OID_C 02007 02008 /** 02009 * \def MBEDTLS_PADLOCK_C 02010 * 02011 * Enable VIA Padlock support on x86. 02012 * 02013 * Module: library/padlock.c 02014 * Caller: library/aes.c 02015 * 02016 * Requires: MBEDTLS_HAVE_ASM 02017 * 02018 * This modules adds support for the VIA PadLock on x86. 02019 */ 02020 //#define MBEDTLS_PADLOCK_C 02021 02022 /** 02023 * \def MBEDTLS_PEM_PARSE_C 02024 * 02025 * Enable PEM decoding / parsing. 02026 * 02027 * Module: library/pem.c 02028 * Caller: library/dhm.c 02029 * library/pkparse.c 02030 * library/mbedtls_x509_crl.c 02031 * library/mbedtls_x509_crt.c 02032 * library/mbedtls_x509_csr.c 02033 * 02034 * Requires: MBEDTLS_BASE64_C 02035 * 02036 * This modules adds support for decoding / parsing PEM files. 02037 */ 02038 #define MBEDTLS_PEM_PARSE_C 02039 02040 /** 02041 * \def MBEDTLS_PEM_WRITE_C 02042 * 02043 * Enable PEM encoding / writing. 02044 * 02045 * Module: library/pem.c 02046 * Caller: library/pkwrite.c 02047 * library/x509write_crt.c 02048 * library/mbedtls_x509write_csr.c 02049 * 02050 * Requires: MBEDTLS_BASE64_C 02051 * 02052 * This modules adds support for encoding / writing PEM files. 02053 */ 02054 //#define MBEDTLS_PEM_WRITE_C 02055 02056 /** 02057 * \def MBEDTLS_PK_C 02058 * 02059 * Enable the generic public (asymetric) key layer. 02060 * 02061 * Module: library/pk.c 02062 * Caller: library/ssl_tls.c 02063 * library/ssl_cli.c 02064 * library/ssl_srv.c 02065 * 02066 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02067 * 02068 * Uncomment to enable generic public key wrappers. 02069 */ 02070 #define MBEDTLS_PK_C 02071 02072 /** 02073 * \def MBEDTLS_PK_PARSE_C 02074 * 02075 * Enable the generic public (asymetric) key parser. 02076 * 02077 * Module: library/pkparse.c 02078 * Caller: library/mbedtls_x509_crt.c 02079 * library/mbedtls_x509_csr.c 02080 * 02081 * Requires: MBEDTLS_PK_C 02082 * 02083 * Uncomment to enable generic public key parse functions. 02084 */ 02085 #define MBEDTLS_PK_PARSE_C 02086 02087 /** 02088 * \def MBEDTLS_PK_WRITE_C 02089 * 02090 * Enable the generic public (asymetric) key writer. 02091 * 02092 * Module: library/pkwrite.c 02093 * Caller: library/x509write.c 02094 * 02095 * Requires: MBEDTLS_PK_C 02096 * 02097 * Uncomment to enable generic public key write functions. 02098 */ 02099 #define MBEDTLS_PK_WRITE_C 02100 02101 /** 02102 * \def MBEDTLS_PKCS5_C 02103 * 02104 * Enable PKCS#5 functions. 02105 * 02106 * Module: library/pkcs5.c 02107 * 02108 * Requires: MBEDTLS_MD_C 02109 * 02110 * This module adds support for the PKCS#5 functions. 02111 */ 02112 //#define MBEDTLS_PKCS5_C 02113 02114 /** 02115 * \def MBEDTLS_PKCS11_C 02116 * 02117 * Enable wrapper for PKCS#11 smartcard support. 02118 * 02119 * Module: library/pkcs11.c 02120 * Caller: library/pk.c 02121 * 02122 * Requires: MBEDTLS_PK_C 02123 * 02124 * This module enables SSL/TLS PKCS #11 smartcard support. 02125 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02126 */ 02127 //#define MBEDTLS_PKCS11_C 02128 02129 /** 02130 * \def MBEDTLS_PKCS12_C 02131 * 02132 * Enable PKCS#12 PBE functions. 02133 * Adds algorithms for parsing PKCS#8 encrypted private keys 02134 * 02135 * Module: library/pkcs12.c 02136 * Caller: library/pkparse.c 02137 * 02138 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02139 * Can use: MBEDTLS_ARC4_C 02140 * 02141 * This module enables PKCS#12 functions. 02142 */ 02143 //#define MBEDTLS_PKCS12_C 02144 02145 /** 02146 * \def MBEDTLS_PLATFORM_C 02147 * 02148 * Enable the platform abstraction layer that allows you to re-assign 02149 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02150 * 02151 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02152 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02153 * above to be specified at runtime or compile time respectively. 02154 * 02155 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02156 * as other module rely on it for a fixed snprintf implementation. 02157 * 02158 * Module: library/platform.c 02159 * Caller: Most other .c files 02160 * 02161 * This module enables abstraction of common (libc) functions. 02162 */ 02163 #define MBEDTLS_PLATFORM_C 02164 02165 /** 02166 * \def MBEDTLS_RIPEMD160_C 02167 * 02168 * Enable the RIPEMD-160 hash algorithm. 02169 * 02170 * Module: library/mbedtls_ripemd160.c 02171 * Caller: library/mbedtls_md.c 02172 * 02173 */ 02174 //#define MBEDTLS_RIPEMD160_C 02175 02176 /** 02177 * \def MBEDTLS_RSA_C 02178 * 02179 * Enable the RSA public-key cryptosystem. 02180 * 02181 * Module: library/rsa.c 02182 * Caller: library/ssl_cli.c 02183 * library/ssl_srv.c 02184 * library/ssl_tls.c 02185 * library/x509.c 02186 * 02187 * This module is used by the following key exchanges: 02188 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02189 * 02190 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02191 */ 02192 #define MBEDTLS_RSA_C 02193 02194 /** 02195 * \def MBEDTLS_SHA1_C 02196 * 02197 * Enable the SHA1 cryptographic hash algorithm. 02198 * 02199 * Module: library/mbedtls_sha1.c 02200 * Caller: library/mbedtls_md.c 02201 * library/ssl_cli.c 02202 * library/ssl_srv.c 02203 * library/ssl_tls.c 02204 * library/x509write_crt.c 02205 * 02206 * This module is required for SSL/TLS and SHA1-signed certificates. 02207 */ 02208 //#define MBEDTLS_SHA1_C 02209 02210 /** 02211 * \def MBEDTLS_SHA256_C 02212 * 02213 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02214 * 02215 * Module: library/mbedtls_sha256.c 02216 * Caller: library/entropy.c 02217 * library/mbedtls_md.c 02218 * library/ssl_cli.c 02219 * library/ssl_srv.c 02220 * library/ssl_tls.c 02221 * 02222 * This module adds support for SHA-224 and SHA-256. 02223 * This module is required for the SSL/TLS 1.2 PRF function. 02224 */ 02225 #define MBEDTLS_SHA256_C 02226 02227 /** 02228 * \def MBEDTLS_SHA512_C 02229 * 02230 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02231 * 02232 * Module: library/mbedtls_sha512.c 02233 * Caller: library/entropy.c 02234 * library/mbedtls_md.c 02235 * library/ssl_cli.c 02236 * library/ssl_srv.c 02237 * 02238 * This module adds support for SHA-384 and SHA-512. 02239 */ 02240 #define MBEDTLS_SHA512_C 02241 02242 /** 02243 * \def MBEDTLS_SSL_CACHE_C 02244 * 02245 * Enable simple SSL cache implementation. 02246 * 02247 * Module: library/ssl_cache.c 02248 * Caller: 02249 * 02250 * Requires: MBEDTLS_SSL_CACHE_C 02251 */ 02252 #define MBEDTLS_SSL_CACHE_C 02253 02254 /** 02255 * \def MBEDTLS_SSL_COOKIE_C 02256 * 02257 * Enable basic implementation of DTLS cookies for hello verification. 02258 * 02259 * Module: library/ssl_cookie.c 02260 * Caller: 02261 */ 02262 #define MBEDTLS_SSL_COOKIE_C 02263 02264 /** 02265 * \def MBEDTLS_SSL_TICKET_C 02266 * 02267 * Enable an implementation of TLS server-side callbacks for session tickets. 02268 * 02269 * Module: library/ssl_ticket.c 02270 * Caller: 02271 * 02272 * Requires: MBEDTLS_CIPHER_C 02273 */ 02274 #define MBEDTLS_SSL_TICKET_C 02275 02276 /** 02277 * \def MBEDTLS_SSL_CLI_C 02278 * 02279 * Enable the SSL/TLS client code. 02280 * 02281 * Module: library/ssl_cli.c 02282 * Caller: 02283 * 02284 * Requires: MBEDTLS_SSL_TLS_C 02285 * 02286 * This module is required for SSL/TLS client support. 02287 */ 02288 #define MBEDTLS_SSL_CLI_C 02289 02290 /** 02291 * \def MBEDTLS_SSL_SRV_C 02292 * 02293 * Enable the SSL/TLS server code. 02294 * 02295 * Module: library/ssl_srv.c 02296 * Caller: 02297 * 02298 * Requires: MBEDTLS_SSL_TLS_C 02299 * 02300 * This module is required for SSL/TLS server support. 02301 */ 02302 #define MBEDTLS_SSL_SRV_C 02303 02304 /** 02305 * \def MBEDTLS_SSL_TLS_C 02306 * 02307 * Enable the generic SSL/TLS code. 02308 * 02309 * Module: library/ssl_tls.c 02310 * Caller: library/ssl_cli.c 02311 * library/ssl_srv.c 02312 * 02313 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02314 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02315 * 02316 * This module is required for SSL/TLS. 02317 */ 02318 #define MBEDTLS_SSL_TLS_C 02319 02320 /** 02321 * \def MBEDTLS_THREADING_C 02322 * 02323 * Enable the threading abstraction layer. 02324 * By default mbed TLS assumes it is used in a non-threaded environment or that 02325 * contexts are not shared between threads. If you do intend to use contexts 02326 * between threads, you will need to enable this layer to prevent race 02327 * conditions. See also our Knowledge Base article about threading: 02328 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02329 * 02330 * Module: library/threading.c 02331 * 02332 * This allows different threading implementations (self-implemented or 02333 * provided). 02334 * 02335 * You will have to enable either MBEDTLS_THREADING_ALT or 02336 * MBEDTLS_THREADING_PTHREAD. 02337 * 02338 * Enable this layer to allow use of mutexes within mbed TLS 02339 */ 02340 //#define MBEDTLS_THREADING_C 02341 02342 /** 02343 * \def MBEDTLS_TIMING_C 02344 * 02345 * Enable the semi-portable timing interface. 02346 * 02347 * \note The provided implementation only works on POSIX/Unix (including Linux, 02348 * BSD and OS X) and Windows. On other platforms, you can either disable that 02349 * module and provide your own implementations of the callbacks needed by 02350 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02351 * your own implementation of the whole module by setting 02352 * \c MBEDTLS_TIMING_ALT in the current file. 02353 * 02354 * \note See also our Knowledge Base article about porting to a new 02355 * environment: 02356 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02357 * 02358 * Module: library/timing.c 02359 * Caller: library/havege.c 02360 * 02361 * This module is used by the HAVEGE random number generator. 02362 */ 02363 //#define MBEDTLS_TIMING_C 02364 02365 /** 02366 * \def MBEDTLS_VERSION_C 02367 * 02368 * Enable run-time version information. 02369 * 02370 * Module: library/version.c 02371 * 02372 * This module provides run-time version information. 02373 */ 02374 #define MBEDTLS_VERSION_C 02375 02376 /** 02377 * \def MBEDTLS_X509_USE_C 02378 * 02379 * Enable X.509 core for using certificates. 02380 * 02381 * Module: library/x509.c 02382 * Caller: library/mbedtls_x509_crl.c 02383 * library/mbedtls_x509_crt.c 02384 * library/mbedtls_x509_csr.c 02385 * 02386 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02387 * MBEDTLS_PK_PARSE_C 02388 * 02389 * This module is required for the X.509 parsing modules. 02390 */ 02391 #define MBEDTLS_X509_USE_C 02392 02393 /** 02394 * \def MBEDTLS_X509_CRT_PARSE_C 02395 * 02396 * Enable X.509 certificate parsing. 02397 * 02398 * Module: library/mbedtls_x509_crt.c 02399 * Caller: library/ssl_cli.c 02400 * library/ssl_srv.c 02401 * library/ssl_tls.c 02402 * 02403 * Requires: MBEDTLS_X509_USE_C 02404 * 02405 * This module is required for X.509 certificate parsing. 02406 */ 02407 #define MBEDTLS_X509_CRT_PARSE_C 02408 02409 /** 02410 * \def MBEDTLS_X509_CRL_PARSE_C 02411 * 02412 * Enable X.509 CRL parsing. 02413 * 02414 * Module: library/mbedtls_x509_crl.c 02415 * Caller: library/mbedtls_x509_crt.c 02416 * 02417 * Requires: MBEDTLS_X509_USE_C 02418 * 02419 * This module is required for X.509 CRL parsing. 02420 */ 02421 #define MBEDTLS_X509_CRL_PARSE_C 02422 02423 /** 02424 * \def MBEDTLS_X509_CSR_PARSE_C 02425 * 02426 * Enable X.509 Certificate Signing Request (CSR) parsing. 02427 * 02428 * Module: library/mbedtls_x509_csr.c 02429 * Caller: library/x509_crt_write.c 02430 * 02431 * Requires: MBEDTLS_X509_USE_C 02432 * 02433 * This module is used for reading X.509 certificate request. 02434 */ 02435 //#define MBEDTLS_X509_CSR_PARSE_C 02436 02437 /** 02438 * \def MBEDTLS_X509_CREATE_C 02439 * 02440 * Enable X.509 core for creating certificates. 02441 * 02442 * Module: library/x509_create.c 02443 * 02444 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02445 * 02446 * This module is the basis for creating X.509 certificates and CSRs. 02447 */ 02448 //#define MBEDTLS_X509_CREATE_C 02449 02450 /** 02451 * \def MBEDTLS_X509_CRT_WRITE_C 02452 * 02453 * Enable creating X.509 certificates. 02454 * 02455 * Module: library/x509_crt_write.c 02456 * 02457 * Requires: MBEDTLS_X509_CREATE_C 02458 * 02459 * This module is required for X.509 certificate creation. 02460 */ 02461 //#define MBEDTLS_X509_CRT_WRITE_C 02462 02463 /** 02464 * \def MBEDTLS_X509_CSR_WRITE_C 02465 * 02466 * Enable creating X.509 Certificate Signing Requests (CSR). 02467 * 02468 * Module: library/x509_csr_write.c 02469 * 02470 * Requires: MBEDTLS_X509_CREATE_C 02471 * 02472 * This module is required for X.509 certificate request writing. 02473 */ 02474 //#define MBEDTLS_X509_CSR_WRITE_C 02475 02476 /** 02477 * \def MBEDTLS_XTEA_C 02478 * 02479 * Enable the XTEA block cipher. 02480 * 02481 * Module: library/xtea.c 02482 * Caller: 02483 */ 02484 //#define MBEDTLS_XTEA_C 02485 02486 /* \} name SECTION: mbed TLS modules */ 02487 02488 /** 02489 * \name SECTION: Module configuration options 02490 * 02491 * This section allows for the setting of module specific sizes and 02492 * configuration options. The default values are already present in the 02493 * relevant header files and should suffice for the regular use cases. 02494 * 02495 * Our advice is to enable options and change their values here 02496 * only if you have a good reason and know the consequences. 02497 * 02498 * Please check the respective header file for documentation on these 02499 * parameters (to prevent duplicate documentation). 02500 * \{ 02501 */ 02502 02503 /* MPI / BIGNUM options */ 02504 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02505 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02506 02507 /* CTR_DRBG options */ 02508 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02509 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02510 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02511 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02512 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02513 02514 /* HMAC_DRBG options */ 02515 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02516 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02517 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02518 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02519 02520 /* ECP options */ 02521 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02522 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02523 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02524 02525 /* Entropy options */ 02526 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02527 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02528 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02529 02530 /* Memory buffer allocator options */ 02531 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02532 02533 /* Platform options */ 02534 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02535 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02536 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02537 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02538 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02539 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02540 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02541 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02542 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02543 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02544 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02545 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02546 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02547 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02548 02549 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02550 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02551 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02552 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02553 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02554 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02555 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02556 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02557 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02558 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02559 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02560 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02561 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02562 02563 /* SSL Cache options */ 02564 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02565 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02566 02567 /* SSL options */ 02568 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02569 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02570 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02571 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02572 02573 /** 02574 * Complete list of ciphersuites to use, in order of preference. 02575 * 02576 * \warning No dependency checking is done on that field! This option can only 02577 * be used to restrict the set of available ciphersuites. It is your 02578 * responsibility to make sure the needed modules are active. 02579 * 02580 * Use this to save a few hundred bytes of ROM (default ordering of all 02581 * available ciphersuites) and a few to a few hundred bytes of RAM. 02582 * 02583 * The value below is only an example, not the default. 02584 */ 02585 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02586 02587 /* X509 options */ 02588 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02589 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02590 02591 /* \} name SECTION: Customisation configuration options */ 02592 02593 /* Target and application specific configurations */ 02594 //#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" 02595 02596 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) 02597 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE 02598 #endif 02599 02600 /* 02601 * Allow user to override any previous default. 02602 * 02603 * Use two macro names for that, as: 02604 * - with yotta the prefix YOTTA_CFG_ is forced 02605 * - without yotta is looks weird to have a YOTTA prefix. 02606 */ 02607 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE) 02608 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE 02609 #elif defined(MBEDTLS_USER_CONFIG_FILE) 02610 #include MBEDTLS_USER_CONFIG_FILE 02611 #endif 02612 02613 #include "check_config.h" 02614 02615 #endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY */ 02616 02617 #if defined(MBEDTLS_TEST_NULL_ENTROPY) 02618 #warning "MBEDTLS_TEST_NULL_ENTROPY has been enabled. This " \ 02619 "configuration is not secure and is not suitable for production use" 02620 #endif 02621 02622 #if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \ 02623 !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) 02624 #error "No entropy source was found at build time, so TLS " \ 02625 "functionality is not available" 02626 #endif 02627 02628 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 17:34:39 by
1.7.2