Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
config.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 */ 00010 /* 00011 * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved 00012 * SPDX-License-Identifier: Apache-2.0 00013 * 00014 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00015 * not use this file except in compliance with the License. 00016 * You may obtain a copy of the License at 00017 * 00018 * http://www.apache.org/licenses/LICENSE-2.0 00019 * 00020 * Unless required by applicable law or agreed to in writing, software 00021 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00022 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00023 * See the License for the specific language governing permissions and 00024 * limitations under the License. 00025 * 00026 * This file is part of mbed TLS (https://tls.mbed.org) 00027 */ 00028 00029 #ifndef MBEDTLS_CONFIG_H 00030 00031 #include "platform/inc/platform_mbed.h" 00032 00033 /* 00034 * Only use features that do not require an entropy source when 00035 * DEVICE_ENTROPY_SOURCE is not defined in mbed OS. 00036 */ 00037 #if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \ 00038 !defined(MBEDTLS_ENTROPY_NV_SEED) 00039 #include "mbedtls/config-no-entropy.h" 00040 00041 #if defined(MBEDTLS_USER_CONFIG_FILE) 00042 #include MBEDTLS_USER_CONFIG_FILE 00043 #endif 00044 00045 #else 00046 #define MBEDTLS_CONFIG_H 00047 00048 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00049 #define _CRT_SECURE_NO_DEPRECATE 1 00050 #endif 00051 00052 /** 00053 * \name SECTION: System support 00054 * 00055 * This section sets system specific settings. 00056 * \{ 00057 */ 00058 00059 /** 00060 * \def MBEDTLS_HAVE_ASM 00061 * 00062 * The compiler has support for asm(). 00063 * 00064 * Requires support for asm() in compiler. 00065 * 00066 * Used in: 00067 * library/aria.c 00068 * library/timing.c 00069 * include/mbedtls/bn_mul.h 00070 * 00071 * Required by: 00072 * MBEDTLS_AESNI_C 00073 * MBEDTLS_PADLOCK_C 00074 * 00075 * Comment to disable the use of assembly code. 00076 */ 00077 #define MBEDTLS_HAVE_ASM 00078 00079 /** 00080 * \def MBEDTLS_NO_UDBL_DIVISION 00081 * 00082 * The platform lacks support for double-width integer division (64-bit 00083 * division on a 32-bit platform, 128-bit division on a 64-bit platform). 00084 * 00085 * Used in: 00086 * include/mbedtls/bignum.h 00087 * library/bignum.c 00088 * 00089 * The bignum code uses double-width division to speed up some operations. 00090 * Double-width division is often implemented in software that needs to 00091 * be linked with the program. The presence of a double-width integer 00092 * type is usually detected automatically through preprocessor macros, 00093 * but the automatic detection cannot know whether the code needs to 00094 * and can be linked with an implementation of division for that type. 00095 * By default division is assumed to be usable if the type is present. 00096 * Uncomment this option to prevent the use of double-width division. 00097 * 00098 * Note that division for the native integer type is always required. 00099 * Furthermore, a 64-bit type is always required even on a 32-bit 00100 * platform, but it need not support multiplication or division. In some 00101 * cases it is also desirable to disable some double-width operations. For 00102 * example, if double-width division is implemented in software, disabling 00103 * it can reduce code size in some embedded targets. 00104 */ 00105 //#define MBEDTLS_NO_UDBL_DIVISION 00106 00107 /** 00108 * \def MBEDTLS_NO_64BIT_MULTIPLICATION 00109 * 00110 * The platform lacks support for 32x32 -> 64-bit multiplication. 00111 * 00112 * Used in: 00113 * library/poly1305.c 00114 * 00115 * Some parts of the library may use multiplication of two unsigned 32-bit 00116 * operands with a 64-bit result in order to speed up computations. On some 00117 * platforms, this is not available in hardware and has to be implemented in 00118 * software, usually in a library provided by the toolchain. 00119 * 00120 * Sometimes it is not desirable to have to link to that library. This option 00121 * removes the dependency of that library on platforms that lack a hardware 00122 * 64-bit multiplier by embedding a software implementation in Mbed TLS. 00123 * 00124 * Note that depending on the compiler, this may decrease performance compared 00125 * to using the library function provided by the toolchain. 00126 */ 00127 //#define MBEDTLS_NO_64BIT_MULTIPLICATION 00128 00129 /** 00130 * \def MBEDTLS_HAVE_SSE2 00131 * 00132 * CPU supports SSE2 instruction set. 00133 * 00134 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00135 */ 00136 //#define MBEDTLS_HAVE_SSE2 00137 00138 /** 00139 * \def MBEDTLS_HAVE_TIME 00140 * 00141 * System has time.h and time(). 00142 * The time does not need to be correct, only time differences are used, 00143 * by contrast with MBEDTLS_HAVE_TIME_DATE 00144 * 00145 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00146 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00147 * MBEDTLS_PLATFORM_STD_TIME. 00148 * 00149 * Comment if your system does not support time functions 00150 */ 00151 #define MBEDTLS_HAVE_TIME 00152 00153 /** 00154 * \def MBEDTLS_HAVE_TIME_DATE 00155 * 00156 * System has time.h, time(), and an implementation for 00157 * mbedtls_platform_gmtime_r() (see below). 00158 * The time needs to be correct (not necessarily very accurate, but at least 00159 * the date should be correct). This is used to verify the validity period of 00160 * X.509 certificates. 00161 * 00162 * Comment if your system does not have a correct clock. 00163 * 00164 * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that 00165 * behaves similarly to the gmtime_r() function from the C standard. Refer to 00166 * the documentation for mbedtls_platform_gmtime_r() for more information. 00167 * 00168 * \note It is possible to configure an implementation for 00169 * mbedtls_platform_gmtime_r() at compile-time by using the macro 00170 * MBEDTLS_PLATFORM_GMTIME_R_ALT. 00171 */ 00172 //#define MBEDTLS_HAVE_TIME_DATE 00173 00174 /** 00175 * \def MBEDTLS_PLATFORM_MEMORY 00176 * 00177 * Enable the memory allocation layer. 00178 * 00179 * By default mbed TLS uses the system-provided calloc() and free(). 00180 * This allows different allocators (self-implemented or provided) to be 00181 * provided to the platform abstraction layer. 00182 * 00183 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00184 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00185 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00186 * free() function pointer at runtime. 00187 * 00188 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00189 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00190 * alternate function at compile time. 00191 * 00192 * Requires: MBEDTLS_PLATFORM_C 00193 * 00194 * Enable this layer to allow use of alternative memory allocators. 00195 */ 00196 //#define MBEDTLS_PLATFORM_MEMORY 00197 00198 /** 00199 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00200 * 00201 * Do not assign standard functions in the platform layer (e.g. calloc() to 00202 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00203 * 00204 * This makes sure there are no linking errors on platforms that do not support 00205 * these functions. You will HAVE to provide alternatives, either at runtime 00206 * via the platform_set_xxx() functions or at compile time by setting 00207 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00208 * MBEDTLS_PLATFORM_XXX_MACRO. 00209 * 00210 * Requires: MBEDTLS_PLATFORM_C 00211 * 00212 * Uncomment to prevent default assignment of standard functions in the 00213 * platform layer. 00214 */ 00215 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00216 00217 /** 00218 * \def MBEDTLS_PLATFORM_EXIT_ALT 00219 * 00220 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00221 * function in the platform abstraction layer. 00222 * 00223 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00224 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00225 * alternative printf function pointer. 00226 * 00227 * All these define require MBEDTLS_PLATFORM_C to be defined! 00228 * 00229 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00230 * it will be enabled automatically by check_config.h 00231 * 00232 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00233 * MBEDTLS_PLATFORM_XXX_MACRO! 00234 * 00235 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00236 * 00237 * Uncomment a macro to enable alternate implementation of specific base 00238 * platform function 00239 */ 00240 //#define MBEDTLS_PLATFORM_EXIT_ALT 00241 //#define MBEDTLS_PLATFORM_TIME_ALT 00242 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00243 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00244 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00245 //#define MBEDTLS_PLATFORM_VSNPRINTF_ALT 00246 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00247 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT 00248 00249 /** 00250 * \def MBEDTLS_DEPRECATED_WARNING 00251 * 00252 * Mark deprecated functions so that they generate a warning if used. 00253 * Functions deprecated in one version will usually be removed in the next 00254 * version. You can enable this to help you prepare the transition to a new 00255 * major version by making sure your code is not using these functions. 00256 * 00257 * This only works with GCC and Clang. With other compilers, you may want to 00258 * use MBEDTLS_DEPRECATED_REMOVED 00259 * 00260 * Uncomment to get warnings on using deprecated functions. 00261 */ 00262 //#define MBEDTLS_DEPRECATED_WARNING 00263 00264 /** 00265 * \def MBEDTLS_DEPRECATED_REMOVED 00266 * 00267 * Remove deprecated functions so that they generate an error if used. 00268 * Functions deprecated in one version will usually be removed in the next 00269 * version. You can enable this to help you prepare the transition to a new 00270 * major version by making sure your code is not using these functions. 00271 * 00272 * Uncomment to get errors on using deprecated functions. 00273 */ 00274 //#define MBEDTLS_DEPRECATED_REMOVED 00275 00276 /** 00277 * \def MBEDTLS_CHECK_PARAMS 00278 * 00279 * This configuration option controls whether the library validates more of 00280 * the parameters passed to it. 00281 * 00282 * When this flag is not defined, the library only attempts to validate an 00283 * input parameter if: (1) they may come from the outside world (such as the 00284 * network, the filesystem, etc.) or (2) not validating them could result in 00285 * internal memory errors such as overflowing a buffer controlled by the 00286 * library. On the other hand, it doesn't attempt to validate parameters whose 00287 * values are fully controlled by the application (such as pointers). 00288 * 00289 * When this flag is defined, the library additionally attempts to validate 00290 * parameters that are fully controlled by the application, and should always 00291 * be valid if the application code is fully correct and trusted. 00292 * 00293 * For example, when a function accepts as input a pointer to a buffer that may 00294 * contain untrusted data, and its documentation mentions that this pointer 00295 * must not be NULL: 00296 * - The pointer is checked to be non-NULL only if this option is enabled. 00297 * - The content of the buffer is always validated. 00298 * 00299 * When this flag is defined, if a library function receives a parameter that 00300 * is invalid: 00301 * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED(). 00302 * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function 00303 * will immediately return. If the function returns an Mbed TLS error code, 00304 * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA. 00305 * 00306 * When defining this flag, you also need to arrange a definition for 00307 * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods: 00308 * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a 00309 * function mbedtls_param_failed(), but the library does not define this 00310 * function. If you do not make any other arrangements, you must provide 00311 * the function mbedtls_param_failed() in your application. 00312 * See `platform_util.h` for its prototype. 00313 * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the 00314 * library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`. 00315 * You can still supply an alternative definition of 00316 * MBEDTLS_PARAM_FAILED(), which may call `assert`. 00317 * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h` 00318 * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`, 00319 * the library will call the macro that you defined and will not supply 00320 * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`, 00321 * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source 00322 * files include `<assert.h>`. 00323 * 00324 * Uncomment to enable validation of application-controlled parameters. 00325 */ 00326 //#define MBEDTLS_CHECK_PARAMS 00327 00328 /** 00329 * \def MBEDTLS_CHECK_PARAMS_ASSERT 00330 * 00331 * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to 00332 * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined. 00333 * 00334 * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to 00335 * calling a function mbedtls_param_failed(). See the documentation of 00336 * #MBEDTLS_CHECK_PARAMS for details. 00337 * 00338 * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`. 00339 */ 00340 //#define MBEDTLS_CHECK_PARAMS_ASSERT 00341 00342 /* \} name SECTION: System support */ 00343 00344 /** 00345 * \name SECTION: mbed TLS feature support 00346 * 00347 * This section sets support for features that are or are not needed 00348 * within the modules that are enabled. 00349 * \{ 00350 */ 00351 00352 /** 00353 * \def MBEDTLS_TIMING_ALT 00354 * 00355 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00356 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00357 * 00358 * Only works if you have MBEDTLS_TIMING_C enabled. 00359 * 00360 * You will need to provide a header "timing_alt.h" and an implementation at 00361 * compile time. 00362 */ 00363 //#define MBEDTLS_TIMING_ALT 00364 00365 /** 00366 * \def MBEDTLS_AES_ALT 00367 * 00368 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00369 * alternate core implementation of a symmetric crypto, an arithmetic or hash 00370 * module (e.g. platform specific assembly optimized implementations). Keep 00371 * in mind that the function prototypes should remain the same. 00372 * 00373 * This replaces the whole module. If you only want to replace one of the 00374 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00375 * 00376 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00377 * provide the "struct mbedtls_aes_context" definition and omit the base 00378 * function declarations and implementations. "aes_alt.h" will be included from 00379 * "aes.h" to include the new function definitions. 00380 * 00381 * Uncomment a macro to enable alternate implementation of the corresponding 00382 * module. 00383 * 00384 * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their 00385 * use constitutes a security risk. If possible, we recommend 00386 * avoiding dependencies on them, and considering stronger message 00387 * digests and ciphers instead. 00388 * 00389 */ 00390 //#define MBEDTLS_AES_ALT 00391 //#define MBEDTLS_ARC4_ALT 00392 //#define MBEDTLS_ARIA_ALT 00393 //#define MBEDTLS_BLOWFISH_ALT 00394 //#define MBEDTLS_CAMELLIA_ALT 00395 //#define MBEDTLS_CCM_ALT 00396 //#define MBEDTLS_CHACHA20_ALT 00397 //#define MBEDTLS_CHACHAPOLY_ALT 00398 //#define MBEDTLS_CMAC_ALT 00399 //#define MBEDTLS_DES_ALT 00400 //#define MBEDTLS_DHM_ALT 00401 //#define MBEDTLS_ECJPAKE_ALT 00402 //#define MBEDTLS_GCM_ALT 00403 //#define MBEDTLS_NIST_KW_ALT 00404 //#define MBEDTLS_MD2_ALT 00405 //#define MBEDTLS_MD4_ALT 00406 //#define MBEDTLS_MD5_ALT 00407 //#define MBEDTLS_POLY1305_ALT 00408 //#define MBEDTLS_RIPEMD160_ALT 00409 //#define MBEDTLS_RSA_ALT 00410 //#define MBEDTLS_SHA1_ALT 00411 //#define MBEDTLS_SHA256_ALT 00412 //#define MBEDTLS_SHA512_ALT 00413 //#define MBEDTLS_XTEA_ALT 00414 00415 /* 00416 * When replacing the elliptic curve module, pleace consider, that it is 00417 * implemented with two .c files: 00418 * - ecp.c 00419 * - ecp_curves.c 00420 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT 00421 * macros as described above. The only difference is that you have to make sure 00422 * that you provide functionality for both .c files. 00423 */ 00424 //#define MBEDTLS_ECP_ALT 00425 00426 /** 00427 * \def MBEDTLS_MD2_PROCESS_ALT 00428 * 00429 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00430 * alternate core implementation of symmetric crypto or hash function. Keep in 00431 * mind that function prototypes should remain the same. 00432 * 00433 * This replaces only one function. The header file from mbed TLS is still 00434 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00435 * 00436 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00437 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00438 * the other function (using your mbedtls_sha1_process() function) and the definition 00439 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00440 * with this definition. 00441 * 00442 * \note Because of a signature change, the core AES encryption and decryption routines are 00443 * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, 00444 * respectively. When setting up alternative implementations, these functions should 00445 * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt 00446 * must stay untouched. 00447 * 00448 * \note If you use the AES_xxx_ALT macros, then is is recommended to also set 00449 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00450 * tables. 00451 * 00452 * Uncomment a macro to enable alternate implementation of the corresponding 00453 * function. 00454 * 00455 * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use 00456 * constitutes a security risk. If possible, we recommend avoiding 00457 * dependencies on them, and considering stronger message digests 00458 * and ciphers instead. 00459 * 00460 */ 00461 //#define MBEDTLS_MD2_PROCESS_ALT 00462 //#define MBEDTLS_MD4_PROCESS_ALT 00463 //#define MBEDTLS_MD5_PROCESS_ALT 00464 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00465 //#define MBEDTLS_SHA1_PROCESS_ALT 00466 //#define MBEDTLS_SHA256_PROCESS_ALT 00467 //#define MBEDTLS_SHA512_PROCESS_ALT 00468 //#define MBEDTLS_DES_SETKEY_ALT 00469 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00470 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00471 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00472 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00473 //#define MBEDTLS_AES_ENCRYPT_ALT 00474 //#define MBEDTLS_AES_DECRYPT_ALT 00475 //#define MBEDTLS_ECDH_GEN_PUBLIC_ALT 00476 //#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT 00477 //#define MBEDTLS_ECDSA_VERIFY_ALT 00478 //#define MBEDTLS_ECDSA_SIGN_ALT 00479 //#define MBEDTLS_ECDSA_GENKEY_ALT 00480 00481 /** 00482 * \def MBEDTLS_ECP_INTERNAL_ALT 00483 * 00484 * Expose a part of the internal interface of the Elliptic Curve Point module. 00485 * 00486 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your 00487 * alternative core implementation of elliptic curve arithmetic. Keep in mind 00488 * that function prototypes should remain the same. 00489 * 00490 * This partially replaces one function. The header file from mbed TLS is still 00491 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation 00492 * is still present and it is used for group structures not supported by the 00493 * alternative. 00494 * 00495 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT 00496 * and implementing the following functions: 00497 * unsigned char mbedtls_internal_ecp_grp_capable( 00498 * const mbedtls_ecp_group *grp ) 00499 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) 00500 * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) 00501 * The mbedtls_internal_ecp_grp_capable function should return 1 if the 00502 * replacement functions implement arithmetic for the given group and 0 00503 * otherwise. 00504 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are 00505 * called before and after each point operation and provide an opportunity to 00506 * implement optimized set up and tear down instructions. 00507 * 00508 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and 00509 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac 00510 * function, but will use your mbedtls_internal_ecp_double_jac if the group is 00511 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when 00512 * receives it as an argument). If the group is not supported then the original 00513 * implementation is used. The other functions and the definition of 00514 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your 00515 * implementation of mbedtls_internal_ecp_double_jac and 00516 * mbedtls_internal_ecp_grp_capable must be compatible with this definition. 00517 * 00518 * Uncomment a macro to enable alternate implementation of the corresponding 00519 * function. 00520 */ 00521 /* Required for all the functions in this section */ 00522 //#define MBEDTLS_ECP_INTERNAL_ALT 00523 /* Support for Weierstrass curves with Jacobi representation */ 00524 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT 00525 //#define MBEDTLS_ECP_ADD_MIXED_ALT 00526 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT 00527 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT 00528 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT 00529 /* Support for curves with Montgomery arithmetic */ 00530 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT 00531 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT 00532 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT 00533 00534 /** 00535 * \def MBEDTLS_TEST_NULL_ENTROPY 00536 * 00537 * Enables testing and use of mbed TLS without any configured entropy sources. 00538 * This permits use of the library on platforms before an entropy source has 00539 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00540 * MBEDTLS_ENTROPY_NV_SEED switches). 00541 * 00542 * WARNING! This switch MUST be disabled in production builds, and is suitable 00543 * only for development. 00544 * Enabling the switch negates any security provided by the library. 00545 * 00546 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00547 * 00548 */ 00549 //#define MBEDTLS_TEST_NULL_ENTROPY 00550 00551 /** 00552 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00553 * 00554 * Uncomment this macro to let mbed TLS use your own implementation of a 00555 * hardware entropy collector. 00556 * 00557 * Your function must be called \c mbedtls_hardware_poll(), have the same 00558 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00559 * 00560 * Uncomment to use your own hardware entropy collector. 00561 */ 00562 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00563 00564 /** 00565 * \def MBEDTLS_AES_ROM_TABLES 00566 * 00567 * Use precomputed AES tables stored in ROM. 00568 * 00569 * Uncomment this macro to use precomputed AES tables stored in ROM. 00570 * Comment this macro to generate AES tables in RAM at runtime. 00571 * 00572 * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb 00573 * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the 00574 * initialization time before the first AES operation can be performed. 00575 * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c 00576 * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded 00577 * performance if ROM access is slower than RAM access. 00578 * 00579 * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. 00580 * 00581 */ 00582 #define MBEDTLS_AES_ROM_TABLES 00583 00584 /** 00585 * \def MBEDTLS_AES_FEWER_TABLES 00586 * 00587 * Use less ROM/RAM for AES tables. 00588 * 00589 * Uncommenting this macro omits 75% of the AES tables from 00590 * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) 00591 * by computing their values on the fly during operations 00592 * (the tables are entry-wise rotations of one another). 00593 * 00594 * Tradeoff: Uncommenting this reduces the RAM / ROM footprint 00595 * by ~6kb but at the cost of more arithmetic operations during 00596 * runtime. Specifically, one has to compare 4 accesses within 00597 * different tables to 4 accesses with additional arithmetic 00598 * operations within the same table. The performance gain/loss 00599 * depends on the system and memory details. 00600 * 00601 * This option is independent of \c MBEDTLS_AES_ROM_TABLES. 00602 * 00603 */ 00604 //#define MBEDTLS_AES_FEWER_TABLES 00605 00606 /** 00607 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00608 * 00609 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00610 * 00611 * Uncomment this macro to use less memory for Camellia. 00612 */ 00613 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00614 00615 /** 00616 * \def MBEDTLS_CIPHER_MODE_CBC 00617 * 00618 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00619 */ 00620 #define MBEDTLS_CIPHER_MODE_CBC 00621 00622 /** 00623 * \def MBEDTLS_CIPHER_MODE_CFB 00624 * 00625 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00626 */ 00627 //#define MBEDTLS_CIPHER_MODE_CFB 00628 00629 /** 00630 * \def MBEDTLS_CIPHER_MODE_CTR 00631 * 00632 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00633 */ 00634 //#define MBEDTLS_CIPHER_MODE_CTR 00635 00636 /** 00637 * \def MBEDTLS_CIPHER_MODE_OFB 00638 * 00639 * Enable Output Feedback mode (OFB) for symmetric ciphers. 00640 */ 00641 //#define MBEDTLS_CIPHER_MODE_OFB 00642 00643 /** 00644 * \def MBEDTLS_CIPHER_MODE_XTS 00645 * 00646 * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. 00647 */ 00648 //#define MBEDTLS_CIPHER_MODE_XTS 00649 00650 /** 00651 * \def MBEDTLS_CIPHER_NULL_CIPHER 00652 * 00653 * Enable NULL cipher. 00654 * Warning: Only do so when you know what you are doing. This allows for 00655 * encryption or channels without any security! 00656 * 00657 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00658 * the following ciphersuites: 00659 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00660 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00661 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00662 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00663 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00664 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00665 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00666 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00667 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00668 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00669 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00670 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00671 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00672 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00673 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00674 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00675 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00676 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00677 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00678 * 00679 * Uncomment this macro to enable the NULL cipher and ciphersuites 00680 */ 00681 //#define MBEDTLS_CIPHER_NULL_CIPHER 00682 00683 /** 00684 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00685 * 00686 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00687 * specific padding modes in the cipher layer with cipher modes that support 00688 * padding (e.g. CBC) 00689 * 00690 * If you disable all padding modes, only full blocks can be used with CBC. 00691 * 00692 * Enable padding modes in the cipher layer. 00693 */ 00694 #define MBEDTLS_CIPHER_PADDING_PKCS7 00695 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00696 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00697 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00698 00699 /** 00700 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00701 * 00702 * Enable weak ciphersuites in SSL / TLS. 00703 * Warning: Only do so when you know what you are doing. This allows for 00704 * channels with virtually no security at all! 00705 * 00706 * This enables the following ciphersuites: 00707 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00708 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00709 * 00710 * Uncomment this macro to enable weak ciphersuites 00711 * 00712 * \warning DES is considered a weak cipher and its use constitutes a 00713 * security risk. We recommend considering stronger ciphers instead. 00714 */ 00715 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00716 00717 /** 00718 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00719 * 00720 * Remove RC4 ciphersuites by default in SSL / TLS. 00721 * This flag removes the ciphersuites based on RC4 from the default list as 00722 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00723 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00724 * explicitly. 00725 * 00726 * Uncomment this macro to remove RC4 ciphersuites by default. 00727 */ 00728 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00729 00730 /** 00731 * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES 00732 * 00733 * Remove 3DES ciphersuites by default in SSL / TLS. 00734 * This flag removes the ciphersuites based on 3DES from the default list as 00735 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible 00736 * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including 00737 * them explicitly. 00738 * 00739 * A man-in-the-browser attacker can recover authentication tokens sent through 00740 * a TLS connection using a 3DES based cipher suite (see "On the Practical 00741 * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan 00742 * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls 00743 * in your threat model or you are unsure, then you should keep this option 00744 * enabled to remove 3DES based cipher suites. 00745 * 00746 * Comment this macro to keep 3DES in the default ciphersuite list. 00747 */ 00748 #define MBEDTLS_REMOVE_3DES_CIPHERSUITES 00749 00750 /** 00751 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00752 * 00753 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00754 * module. By default all supported curves are enabled. 00755 * 00756 * Comment macros to disable the curve and functions for it 00757 */ 00758 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00759 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00760 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00761 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00762 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00763 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00764 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00765 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00766 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00767 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00768 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00769 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00770 #define MBEDTLS_ECP_DP_CURVE448_ENABLED 00771 00772 /** 00773 * \def MBEDTLS_ECP_NIST_OPTIM 00774 * 00775 * Enable specific 'modulo p' routines for each NIST prime. 00776 * Depending on the prime and architecture, makes operations 4 to 8 times 00777 * faster on the corresponding curve. 00778 * 00779 * Comment this macro to disable NIST curves optimisation. 00780 */ 00781 #define MBEDTLS_ECP_NIST_OPTIM 00782 00783 /** 00784 * \def MBEDTLS_ECP_RESTARTABLE 00785 * 00786 * Enable "non-blocking" ECC operations that can return early and be resumed. 00787 * 00788 * This allows various functions to pause by returning 00789 * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, 00790 * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in 00791 * order to further progress and eventually complete their operation. This is 00792 * controlled through mbedtls_ecp_set_max_ops() which limits the maximum 00793 * number of ECC operations a function may perform before pausing; see 00794 * mbedtls_ecp_set_max_ops() for more information. 00795 * 00796 * This is useful in non-threaded environments if you want to avoid blocking 00797 * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. 00798 * 00799 * Uncomment this macro to enable restartable ECC computations. 00800 * 00801 * \note This option only works with the default software implementation of 00802 * elliptic curve functionality. It is incompatible with 00803 * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT 00804 * and MBEDTLS_ECDH_LEGACY_CONTEXT. 00805 */ 00806 //#define MBEDTLS_ECP_RESTARTABLE 00807 00808 /** 00809 * \def MBEDTLS_ECDH_LEGACY_CONTEXT 00810 * 00811 * Use a backward compatible ECDH context. 00812 * 00813 * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context 00814 * defined in `ecdh.h`). For most applications, the choice of format makes 00815 * no difference, since all library functions can work with either format, 00816 * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE. 00817 00818 * The new format used when this option is disabled is smaller 00819 * (56 bytes on a 32-bit platform). In future versions of the library, it 00820 * will support alternative implementations of ECDH operations. 00821 * The new format is incompatible with applications that access 00822 * context fields directly and with restartable ECP operations. 00823 * 00824 * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you 00825 * want to access ECDH context fields directly. Otherwise you should 00826 * comment out this macro definition. 00827 * 00828 * This option has no effect if #MBEDTLS_ECDH_C is not enabled. 00829 * 00830 * \note This configuration option is experimental. Future versions of the 00831 * library may modify the way the ECDH context layout is configured 00832 * and may modify the layout of the new context type. 00833 */ 00834 #define MBEDTLS_ECDH_LEGACY_CONTEXT 00835 00836 /** 00837 * \def MBEDTLS_ECDSA_DETERMINISTIC 00838 * 00839 * Enable deterministic ECDSA (RFC 6979). 00840 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00841 * may result in a compromise of the long-term signing key. This is avoided by 00842 * the deterministic variant. 00843 * 00844 * Requires: MBEDTLS_HMAC_DRBG_C 00845 * 00846 * Comment this macro to disable deterministic ECDSA. 00847 */ 00848 #define MBEDTLS_ECDSA_DETERMINISTIC 00849 00850 /** 00851 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00852 * 00853 * Enable the PSK based ciphersuite modes in SSL / TLS. 00854 * 00855 * This enables the following ciphersuites (if other requisites are 00856 * enabled as well): 00857 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00858 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00859 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00860 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00861 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00862 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00863 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00864 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00865 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00866 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00867 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00868 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00869 */ 00870 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00871 00872 /** 00873 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00874 * 00875 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00876 * 00877 * Requires: MBEDTLS_DHM_C 00878 * 00879 * This enables the following ciphersuites (if other requisites are 00880 * enabled as well): 00881 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00882 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00883 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00884 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00885 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00886 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00887 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00888 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00889 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00890 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00891 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00892 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00893 * 00894 * \warning Using DHE constitutes a security risk as it 00895 * is not possible to validate custom DH parameters. 00896 * If possible, it is recommended users should consider 00897 * preferring other methods of key exchange. 00898 * See dhm.h for more details. 00899 * 00900 */ 00901 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00902 00903 /** 00904 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00905 * 00906 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00907 * 00908 * Requires: MBEDTLS_ECDH_C 00909 * 00910 * This enables the following ciphersuites (if other requisites are 00911 * enabled as well): 00912 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00913 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00914 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00915 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00916 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00917 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00918 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00919 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00920 */ 00921 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00922 00923 /** 00924 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00925 * 00926 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00927 * 00928 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00929 * MBEDTLS_X509_CRT_PARSE_C 00930 * 00931 * This enables the following ciphersuites (if other requisites are 00932 * enabled as well): 00933 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00934 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00935 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00936 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00937 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00938 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00939 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00940 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00941 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00942 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00943 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00944 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00945 */ 00946 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00947 00948 /** 00949 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00950 * 00951 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00952 * 00953 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00954 * MBEDTLS_X509_CRT_PARSE_C 00955 * 00956 * This enables the following ciphersuites (if other requisites are 00957 * enabled as well): 00958 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00959 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00960 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00961 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00962 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00963 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00964 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00965 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00966 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00967 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00968 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00969 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00970 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00971 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00972 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00973 */ 00974 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00975 00976 /** 00977 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00978 * 00979 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00980 * 00981 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00982 * MBEDTLS_X509_CRT_PARSE_C 00983 * 00984 * This enables the following ciphersuites (if other requisites are 00985 * enabled as well): 00986 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00987 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00988 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00989 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00990 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00991 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00992 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00993 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00994 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00995 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00996 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00997 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00998 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00999 * 01000 * \warning Using DHE constitutes a security risk as it 01001 * is not possible to validate custom DH parameters. 01002 * If possible, it is recommended users should consider 01003 * preferring other methods of key exchange. 01004 * See dhm.h for more details. 01005 * 01006 */ 01007 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 01008 01009 /** 01010 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 01011 * 01012 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 01013 * 01014 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 01015 * MBEDTLS_X509_CRT_PARSE_C 01016 * 01017 * This enables the following ciphersuites (if other requisites are 01018 * enabled as well): 01019 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01020 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01021 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01022 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01023 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01024 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01025 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01026 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01027 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01028 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01029 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01030 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01031 */ 01032 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 01033 01034 /** 01035 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 01036 * 01037 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 01038 * 01039 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 01040 * 01041 * This enables the following ciphersuites (if other requisites are 01042 * enabled as well): 01043 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01044 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01045 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01046 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01047 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01048 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01049 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01050 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01051 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01052 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01053 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01054 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01055 */ 01056 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 01057 01058 /** 01059 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 01060 * 01061 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 01062 * 01063 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 01064 * 01065 * This enables the following ciphersuites (if other requisites are 01066 * enabled as well): 01067 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01068 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01069 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01070 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01071 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01072 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01073 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01074 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01075 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01076 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01077 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01078 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01079 */ 01080 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 01081 01082 /** 01083 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 01084 * 01085 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 01086 * 01087 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 01088 * 01089 * This enables the following ciphersuites (if other requisites are 01090 * enabled as well): 01091 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01092 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01093 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01094 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01095 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01096 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01097 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01098 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01099 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01100 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01101 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01102 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01103 */ 01104 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 01105 01106 /** 01107 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 01108 * 01109 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 01110 * 01111 * \warning This is currently experimental. EC J-PAKE support is based on the 01112 * Thread v1.0.0 specification; incompatible changes to the specification 01113 * might still happen. For this reason, this is disabled by default. 01114 * 01115 * Requires: MBEDTLS_ECJPAKE_C 01116 * MBEDTLS_SHA256_C 01117 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 01118 * 01119 * This enables the following ciphersuites (if other requisites are 01120 * enabled as well): 01121 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 01122 */ 01123 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 01124 01125 /** 01126 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 01127 * 01128 * Enhance support for reading EC keys using variants of SEC1 not allowed by 01129 * RFC 5915 and RFC 5480. 01130 * 01131 * Currently this means parsing the SpecifiedECDomain choice of EC 01132 * parameters (only known groups are supported, not arbitrary domains, to 01133 * avoid validation issues). 01134 * 01135 * Disable if you only need to support RFC 5915 + 5480 key formats. 01136 */ 01137 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 01138 01139 /** 01140 * \def MBEDTLS_ERROR_STRERROR_DUMMY 01141 * 01142 * Enable a dummy error function to make use of mbedtls_strerror() in 01143 * third party libraries easier when MBEDTLS_ERROR_C is disabled 01144 * (no effect when MBEDTLS_ERROR_C is enabled). 01145 * 01146 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 01147 * not using mbedtls_strerror() or error_strerror() in your application. 01148 * 01149 * Disable if you run into name conflicts and want to really remove the 01150 * mbedtls_strerror() 01151 */ 01152 #define MBEDTLS_ERROR_STRERROR_DUMMY 01153 01154 /** 01155 * \def MBEDTLS_GENPRIME 01156 * 01157 * Enable the prime-number generation code. 01158 * 01159 * Requires: MBEDTLS_BIGNUM_C 01160 */ 01161 //#define MBEDTLS_GENPRIME 01162 01163 /** 01164 * \def MBEDTLS_FS_IO 01165 * 01166 * Enable functions that use the filesystem. 01167 */ 01168 //#define MBEDTLS_FS_IO 01169 01170 /** 01171 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 01172 * 01173 * Do not add default entropy sources. These are the platform specific, 01174 * mbedtls_timing_hardclock and HAVEGE based poll functions. 01175 * 01176 * This is useful to have more control over the added entropy sources in an 01177 * application. 01178 * 01179 * Uncomment this macro to prevent loading of default entropy functions. 01180 */ 01181 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 01182 01183 /** 01184 * \def MBEDTLS_NO_PLATFORM_ENTROPY 01185 * 01186 * Do not use built-in platform entropy functions. 01187 * This is useful if your platform does not support 01188 * standards like the /dev/urandom or Windows CryptoAPI. 01189 * 01190 * Uncomment this macro to disable the built-in platform entropy functions. 01191 */ 01192 #define MBEDTLS_NO_PLATFORM_ENTROPY 01193 01194 /** 01195 * \def MBEDTLS_ENTROPY_FORCE_SHA256 01196 * 01197 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 01198 * default SHA-512 based one (if both are available). 01199 * 01200 * Requires: MBEDTLS_SHA256_C 01201 * 01202 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 01203 * if you have performance concerns. 01204 * 01205 * This option is only useful if both MBEDTLS_SHA256_C and 01206 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 01207 */ 01208 //#define MBEDTLS_ENTROPY_FORCE_SHA256 01209 01210 /** 01211 * \def MBEDTLS_ENTROPY_NV_SEED 01212 * 01213 * Enable the non-volatile (NV) seed file-based entropy source. 01214 * (Also enables the NV seed read/write functions in the platform layer) 01215 * 01216 * This is crucial (if not required) on systems that do not have a 01217 * cryptographic entropy source (in hardware or kernel) available. 01218 * 01219 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 01220 * 01221 * \note The read/write functions that are used by the entropy source are 01222 * determined in the platform layer, and can be modified at runtime and/or 01223 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 01224 * 01225 * \note If you use the default implementation functions that read a seedfile 01226 * with regular fopen(), please make sure you make a seedfile with the 01227 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 01228 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 01229 * and written to or you will get an entropy source error! The default 01230 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 01231 * bytes from the file. 01232 * 01233 * \note The entropy collector will write to the seed file before entropy is 01234 * given to an external source, to update it. 01235 */ 01236 //#define MBEDTLS_ENTROPY_NV_SEED 01237 01238 /** 01239 * \def MBEDTLS_MEMORY_DEBUG 01240 * 01241 * Enable debugging of buffer allocator memory issues. Automatically prints 01242 * (to stderr) all (fatal) messages on memory allocation issues. Enables 01243 * function for 'debug output' of allocated memory. 01244 * 01245 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 01246 * 01247 * Uncomment this macro to let the buffer allocator print out error messages. 01248 */ 01249 //#define MBEDTLS_MEMORY_DEBUG 01250 01251 /** 01252 * \def MBEDTLS_MEMORY_BACKTRACE 01253 * 01254 * Include backtrace information with each allocated block. 01255 * 01256 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 01257 * GLIBC-compatible backtrace() an backtrace_symbols() support 01258 * 01259 * Uncomment this macro to include backtrace information 01260 */ 01261 //#define MBEDTLS_MEMORY_BACKTRACE 01262 01263 /** 01264 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 01265 * 01266 * Support external private RSA keys (eg from a HSM) in the PK layer. 01267 * 01268 * Comment this macro to disable support for external private RSA keys. 01269 */ 01270 #define MBEDTLS_PK_RSA_ALT_SUPPORT 01271 01272 /** 01273 * \def MBEDTLS_PKCS1_V15 01274 * 01275 * Enable support for PKCS#1 v1.5 encoding. 01276 * 01277 * Requires: MBEDTLS_RSA_C 01278 * 01279 * This enables support for PKCS#1 v1.5 operations. 01280 */ 01281 #define MBEDTLS_PKCS1_V15 01282 01283 /** 01284 * \def MBEDTLS_PKCS1_V21 01285 * 01286 * Enable support for PKCS#1 v2.1 encoding. 01287 * 01288 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 01289 * 01290 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 01291 */ 01292 #define MBEDTLS_PKCS1_V21 01293 01294 /** 01295 * \def MBEDTLS_PSA_CRYPTO_SPM 01296 * 01297 * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure 01298 * Partition Manager) integration which separates the code into two parts: a 01299 * NSPE (Non-Secure Process Environment) and an SPE (Secure Process 01300 * Environment). 01301 * 01302 * Module: library/psa_crypto.c 01303 * Requires: MBEDTLS_PSA_CRYPTO_C 01304 * 01305 */ 01306 //#define MBEDTLS_PSA_CRYPTO_SPM 01307 01308 /** 01309 * \def MBEDTLS_PSA_INJECT_ENTROPY 01310 * 01311 * Enable support for entropy injection at first boot. This feature is 01312 * required on systems that do not have a built-in entropy source (TRNG). 01313 * This feature is currently not supported on systems that have a built-in 01314 * entropy source. 01315 * 01316 * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED 01317 * 01318 */ 01319 //#define MBEDTLS_PSA_INJECT_ENTROPY 01320 01321 /** 01322 * \def MBEDTLS_RSA_NO_CRT 01323 * 01324 * Do not use the Chinese Remainder Theorem 01325 * for the RSA private operation. 01326 * 01327 * Uncomment this macro to disable the use of CRT in RSA. 01328 * 01329 */ 01330 //#define MBEDTLS_RSA_NO_CRT 01331 01332 /** 01333 * \def MBEDTLS_SELF_TEST 01334 * 01335 * Enable the checkup functions (*_self_test). 01336 */ 01337 #define MBEDTLS_SELF_TEST 01338 01339 /** 01340 * \def MBEDTLS_SHA256_SMALLER 01341 * 01342 * Enable an implementation of SHA-256 that has lower ROM footprint but also 01343 * lower performance. 01344 * 01345 * The default implementation is meant to be a reasonnable compromise between 01346 * performance and size. This version optimizes more aggressively for size at 01347 * the expense of performance. Eg on Cortex-M4 it reduces the size of 01348 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 01349 * 30%. 01350 * 01351 * Uncomment to enable the smaller implementation of SHA256. 01352 */ 01353 //#define MBEDTLS_SHA256_SMALLER 01354 01355 /** 01356 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 01357 * 01358 * Enable sending of alert messages in case of encountered errors as per RFC. 01359 * If you choose not to send the alert messages, mbed TLS can still communicate 01360 * with other servers, only debugging of failures is harder. 01361 * 01362 * The advantage of not sending alert messages, is that no information is given 01363 * about reasons for failures thus preventing adversaries of gaining intel. 01364 * 01365 * Enable sending of all alert messages 01366 */ 01367 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 01368 01369 /** 01370 * \def MBEDTLS_SSL_RECORD_CHECKING 01371 * 01372 * Enable the function mbedtls_ssl_check_record() which can be used to check 01373 * the validity and authenticity of an incoming record, to verify that it has 01374 * not been seen before. These checks are performed without modifying the 01375 * externally visible state of the SSL context. 01376 * 01377 * See mbedtls_ssl_check_record() for more information. 01378 * 01379 * Uncomment to enable support for record checking. 01380 */ 01381 #define MBEDTLS_SSL_RECORD_CHECKING 01382 01383 /** 01384 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID 01385 * 01386 * Enable support for the DTLS Connection ID extension 01387 * (version draft-ietf-tls-dtls-connection-id-05, 01388 * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) 01389 * which allows to identify DTLS connections across changes 01390 * in the underlying transport. 01391 * 01392 * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, 01393 * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`. 01394 * See the corresponding documentation for more information. 01395 * 01396 * \warning The Connection ID extension is still in draft state. 01397 * We make no stability promises for the availability 01398 * or the shape of the API controlled by this option. 01399 * 01400 * The maximum lengths of outgoing and incoming CIDs can be configured 01401 * through the options 01402 * - MBEDTLS_SSL_CID_OUT_LEN_MAX 01403 * - MBEDTLS_SSL_CID_IN_LEN_MAX. 01404 * 01405 * Requires: MBEDTLS_SSL_PROTO_DTLS 01406 * 01407 * Uncomment to enable the Connection ID extension. 01408 */ 01409 //#define MBEDTLS_SSL_DTLS_CONNECTION_ID 01410 01411 /** 01412 * \def MBEDTLS_SSL_ASYNC_PRIVATE 01413 * 01414 * Enable asynchronous external private key operations in SSL. This allows 01415 * you to configure an SSL connection to call an external cryptographic 01416 * module to perform private key operations instead of performing the 01417 * operation inside the library. 01418 * 01419 */ 01420 //#define MBEDTLS_SSL_ASYNC_PRIVATE 01421 01422 /** 01423 * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION 01424 * 01425 * Enable serialization of the TLS context structures, through use of the 01426 * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load(). 01427 * 01428 * This pair of functions allows one side of a connection to serialize the 01429 * context associated with the connection, then free or re-use that context 01430 * while the serialized state is persisted elsewhere, and finally deserialize 01431 * that state to a live context for resuming read/write operations on the 01432 * connection. From a protocol perspective, the state of the connection is 01433 * unaffected, in particular this is entirely transparent to the peer. 01434 * 01435 * Note: this is distinct from TLS session resumption, which is part of the 01436 * protocol and fully visible by the peer. TLS session resumption enables 01437 * establishing new connections associated to a saved session with shorter, 01438 * lighter handshakes, while context serialization is a local optimization in 01439 * handling a single, potentially long-lived connection. 01440 * 01441 * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are 01442 * saved after the handshake to allow for more efficient serialization, so if 01443 * you don't need this feature you'll save RAM by disabling it. 01444 * 01445 * Comment to disable the context serialization APIs. 01446 */ 01447 #define MBEDTLS_SSL_CONTEXT_SERIALIZATION 01448 01449 /** 01450 * \def MBEDTLS_SSL_DEBUG_ALL 01451 * 01452 * Enable the debug messages in SSL module for all issues. 01453 * Debug messages have been disabled in some places to prevent timing 01454 * attacks due to (unbalanced) debugging function calls. 01455 * 01456 * If you need all error reporting you should enable this during debugging, 01457 * but remove this for production servers that should log as well. 01458 * 01459 * Uncomment this macro to report all debug messages on errors introducing 01460 * a timing side-channel. 01461 * 01462 */ 01463 //#define MBEDTLS_SSL_DEBUG_ALL 01464 01465 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 01466 * 01467 * Enable support for Encrypt-then-MAC, RFC 7366. 01468 * 01469 * This allows peers that both support it to use a more robust protection for 01470 * ciphersuites using CBC, providing deep resistance against timing attacks 01471 * on the padding or underlying cipher. 01472 * 01473 * This only affects CBC ciphersuites, and is useless if none is defined. 01474 * 01475 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01476 * MBEDTLS_SSL_PROTO_TLS1_1 or 01477 * MBEDTLS_SSL_PROTO_TLS1_2 01478 * 01479 * Comment this macro to disable support for Encrypt-then-MAC 01480 */ 01481 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01482 01483 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01484 * 01485 * Enable support for Extended Master Secret, aka Session Hash 01486 * (draft-ietf-tls-session-hash-02). 01487 * 01488 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01489 * attacks, but it is recommended to always use it (even if you disable 01490 * renegotiation), since it actually fixes a more fundamental issue in the 01491 * original SSL/TLS design, and has implications beyond Triple Handshake. 01492 * 01493 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01494 * MBEDTLS_SSL_PROTO_TLS1_1 or 01495 * MBEDTLS_SSL_PROTO_TLS1_2 01496 * 01497 * Comment this macro to disable support for Extended Master Secret. 01498 */ 01499 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01500 01501 /** 01502 * \def MBEDTLS_SSL_FALLBACK_SCSV 01503 * 01504 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01505 * 01506 * For servers, it is recommended to always enable this, unless you support 01507 * only one version of TLS, or know for sure that none of your clients 01508 * implements a fallback strategy. 01509 * 01510 * For clients, you only need this if you're using a fallback strategy, which 01511 * is not recommended in the first place, unless you absolutely need it to 01512 * interoperate with buggy (version-intolerant) servers. 01513 * 01514 * Comment this macro to disable support for FALLBACK_SCSV 01515 */ 01516 //#define MBEDTLS_SSL_FALLBACK_SCSV 01517 01518 /** 01519 * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 01520 * 01521 * This option controls the availability of the API mbedtls_ssl_get_peer_cert() 01522 * giving access to the peer's certificate after completion of the handshake. 01523 * 01524 * Unless you need mbedtls_ssl_peer_cert() in your application, it is 01525 * recommended to disable this option for reduced RAM usage. 01526 * 01527 * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still 01528 * defined, but always returns \c NULL. 01529 * 01530 * \note This option has no influence on the protection against the 01531 * triple handshake attack. Even if it is disabled, Mbed TLS will 01532 * still ensure that certificates do not change during renegotiation, 01533 * for exaple by keeping a hash of the peer's certificate. 01534 * 01535 * Comment this macro to disable storing the peer's certificate 01536 * after the handshake. 01537 */ 01538 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 01539 01540 /** 01541 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01542 * 01543 * Enable hooking functions in SSL module for hardware acceleration of 01544 * individual records. 01545 * 01546 * Uncomment this macro to enable hooking functions. 01547 */ 01548 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01549 01550 /** 01551 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01552 * 01553 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01554 * 01555 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01556 * of interoperability issues compared to sending 0-length records. 01557 * 01558 * Comment this macro to disable 1/n-1 record splitting. 01559 */ 01560 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01561 01562 /** 01563 * \def MBEDTLS_SSL_RENEGOTIATION 01564 * 01565 * Enable support for TLS renegotiation. 01566 * 01567 * The two main uses of renegotiation are (1) refresh keys on long-lived 01568 * connections and (2) client authentication after the initial handshake. 01569 * If you don't need renegotiation, it's probably better to disable it, since 01570 * it has been associated with security issues in the past and is easy to 01571 * misuse/misunderstand. 01572 * 01573 * Comment this to disable support for renegotiation. 01574 * 01575 * \note Even if this option is disabled, both client and server are aware 01576 * of the Renegotiation Indication Extension (RFC 5746) used to 01577 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). 01578 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the 01579 * configuration of this extension). 01580 * 01581 */ 01582 #define MBEDTLS_SSL_RENEGOTIATION 01583 01584 /** 01585 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01586 * 01587 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01588 * SSL Server module (MBEDTLS_SSL_SRV_C). 01589 * 01590 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01591 */ 01592 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01593 01594 /** 01595 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01596 * 01597 * Pick the ciphersuite according to the client's preferences rather than ours 01598 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01599 * 01600 * Uncomment this macro to respect client's ciphersuite order 01601 */ 01602 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01603 01604 /** 01605 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01606 * 01607 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01608 * 01609 * Comment this macro to disable support for the max_fragment_length extension 01610 */ 01611 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01612 01613 /** 01614 * \def MBEDTLS_SSL_PROTO_SSL3 01615 * 01616 * Enable support for SSL 3.0. 01617 * 01618 * Requires: MBEDTLS_MD5_C 01619 * MBEDTLS_SHA1_C 01620 * 01621 * Comment this macro to disable support for SSL 3.0 01622 */ 01623 //#define MBEDTLS_SSL_PROTO_SSL3 01624 01625 /** 01626 * \def MBEDTLS_SSL_PROTO_TLS1 01627 * 01628 * Enable support for TLS 1.0. 01629 * 01630 * Requires: MBEDTLS_MD5_C 01631 * MBEDTLS_SHA1_C 01632 * 01633 * Comment this macro to disable support for TLS 1.0 01634 */ 01635 //#define MBEDTLS_SSL_PROTO_TLS1 01636 01637 /** 01638 * \def MBEDTLS_SSL_PROTO_TLS1_1 01639 * 01640 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01641 * 01642 * Requires: MBEDTLS_MD5_C 01643 * MBEDTLS_SHA1_C 01644 * 01645 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01646 */ 01647 //#define MBEDTLS_SSL_PROTO_TLS1_1 01648 01649 /** 01650 * \def MBEDTLS_SSL_PROTO_TLS1_2 01651 * 01652 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01653 * 01654 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01655 * (Depends on ciphersuites) 01656 * 01657 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01658 */ 01659 #define MBEDTLS_SSL_PROTO_TLS1_2 01660 01661 /** 01662 * \def MBEDTLS_SSL_PROTO_DTLS 01663 * 01664 * Enable support for DTLS (all available versions). 01665 * 01666 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01667 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01668 * 01669 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01670 * or MBEDTLS_SSL_PROTO_TLS1_2 01671 * 01672 * Comment this macro to disable support for DTLS 01673 */ 01674 #define MBEDTLS_SSL_PROTO_DTLS 01675 01676 /** 01677 * \def MBEDTLS_SSL_ALPN 01678 * 01679 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01680 * 01681 * Comment this macro to disable support for ALPN. 01682 */ 01683 #define MBEDTLS_SSL_ALPN 01684 01685 /** 01686 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01687 * 01688 * Enable support for the anti-replay mechanism in DTLS. 01689 * 01690 * Requires: MBEDTLS_SSL_TLS_C 01691 * MBEDTLS_SSL_PROTO_DTLS 01692 * 01693 * \warning Disabling this is often a security risk! 01694 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01695 * 01696 * Comment this to disable anti-replay in DTLS. 01697 */ 01698 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01699 01700 /** 01701 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01702 * 01703 * Enable support for HelloVerifyRequest on DTLS servers. 01704 * 01705 * This feature is highly recommended to prevent DTLS servers being used as 01706 * amplifiers in DoS attacks against other hosts. It should always be enabled 01707 * unless you know for sure amplification cannot be a problem in the 01708 * environment in which your server operates. 01709 * 01710 * \warning Disabling this can ba a security risk! (see above) 01711 * 01712 * Requires: MBEDTLS_SSL_PROTO_DTLS 01713 * 01714 * Comment this to disable support for HelloVerifyRequest. 01715 */ 01716 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01717 01718 /** 01719 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01720 * 01721 * Enable server-side support for clients that reconnect from the same port. 01722 * 01723 * Some clients unexpectedly close the connection and try to reconnect using the 01724 * same source port. This needs special support from the server to handle the 01725 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01726 * flag enables that support. 01727 * 01728 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01729 * 01730 * Comment this to disable support for clients reusing the source port. 01731 */ 01732 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01733 01734 /** 01735 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01736 * 01737 * Enable support for a limit of records with bad MAC. 01738 * 01739 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01740 * 01741 * Requires: MBEDTLS_SSL_PROTO_DTLS 01742 */ 01743 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01744 01745 /** 01746 * \def MBEDTLS_SSL_SESSION_TICKETS 01747 * 01748 * Enable support for RFC 5077 session tickets in SSL. 01749 * Client-side, provides full support for session tickets (maintenance of a 01750 * session store remains the responsibility of the application, though). 01751 * Server-side, you also need to provide callbacks for writing and parsing 01752 * tickets, including authenticated encryption and key management. Example 01753 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01754 * 01755 * Comment this macro to disable support for SSL session tickets 01756 */ 01757 #define MBEDTLS_SSL_SESSION_TICKETS 01758 01759 /** 01760 * \def MBEDTLS_SSL_EXPORT_KEYS 01761 * 01762 * Enable support for exporting key block and master secret. 01763 * This is required for certain users of TLS, e.g. EAP-TLS. 01764 * 01765 * Comment this macro to disable support for key export 01766 */ 01767 #define MBEDTLS_SSL_EXPORT_KEYS 01768 01769 /** 01770 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01771 * 01772 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01773 * 01774 * Requires: MBEDTLS_X509_CRT_PARSE_C 01775 * 01776 * Comment this macro to disable support for server name indication in SSL 01777 */ 01778 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01779 01780 /** 01781 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01782 * 01783 * Enable support for RFC 6066 truncated HMAC in SSL. 01784 * 01785 * Comment this macro to disable support for truncated HMAC in SSL 01786 */ 01787 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01788 01789 /** 01790 * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT 01791 * 01792 * Fallback to old (pre-2.7), non-conforming implementation of the truncated 01793 * HMAC extension which also truncates the HMAC key. Note that this option is 01794 * only meant for a transitory upgrade period and is likely to be removed in 01795 * a future version of the library. 01796 * 01797 * \warning The old implementation is non-compliant and has a security weakness 01798 * (2^80 brute force attack on the HMAC key used for a single, 01799 * uninterrupted connection). This should only be enabled temporarily 01800 * when (1) the use of truncated HMAC is essential in order to save 01801 * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use 01802 * the fixed implementation yet (pre-2.7). 01803 * 01804 * \deprecated This option is deprecated and will likely be removed in a 01805 * future version of Mbed TLS. 01806 * 01807 * Uncomment to fallback to old, non-compliant truncated HMAC implementation. 01808 * 01809 * Requires: MBEDTLS_SSL_TRUNCATED_HMAC 01810 */ 01811 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT 01812 01813 /** 01814 * \def MBEDTLS_THREADING_ALT 01815 * 01816 * Provide your own alternate threading implementation. 01817 * 01818 * Requires: MBEDTLS_THREADING_C 01819 * 01820 * Uncomment this to allow your own alternate threading implementation. 01821 */ 01822 //#define MBEDTLS_THREADING_ALT 01823 01824 /** 01825 * \def MBEDTLS_THREADING_PTHREAD 01826 * 01827 * Enable the pthread wrapper layer for the threading layer. 01828 * 01829 * Requires: MBEDTLS_THREADING_C 01830 * 01831 * Uncomment this to enable pthread mutexes. 01832 */ 01833 //#define MBEDTLS_THREADING_PTHREAD 01834 01835 /** 01836 * \def MBEDTLS_USE_PSA_CRYPTO 01837 * 01838 * Make the X.509 and TLS library use PSA for cryptographic operations, and 01839 * enable new APIs for using keys handled by PSA Crypto. 01840 * 01841 * \note Development of this option is currently in progress, and parts 01842 * of the X.509 and TLS modules are not ported to PSA yet. However, these parts 01843 * will still continue to work as usual, so enabling this option should not 01844 * break backwards compatibility. 01845 * 01846 * \warning The PSA Crypto API is in beta stage. While you're welcome to 01847 * experiment using it, incompatible API changes are still possible, and some 01848 * parts may not have reached the same quality as the rest of Mbed TLS yet. 01849 * 01850 * \warning This option enables new Mbed TLS APIs that are dependent on the 01851 * PSA Crypto API, so can't come with the same stability guarantees as the 01852 * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for 01853 * now, access to these APIs is opt-in (via enabling the present option), in 01854 * order to clearly differentiate them from the stable Mbed TLS APIs. 01855 * 01856 * Requires: MBEDTLS_PSA_CRYPTO_C. 01857 * 01858 * Uncomment this to enable internal use of PSA Crypto and new associated APIs. 01859 */ 01860 //#define MBEDTLS_USE_PSA_CRYPTO 01861 01862 /** 01863 * \def MBEDTLS_VERSION_FEATURES 01864 * 01865 * Allow run-time checking of compile-time enabled features. Thus allowing users 01866 * to check at run-time if the library is for instance compiled with threading 01867 * support via mbedtls_version_check_feature(). 01868 * 01869 * Requires: MBEDTLS_VERSION_C 01870 * 01871 * Comment this to disable run-time checking and save ROM space 01872 */ 01873 #define MBEDTLS_VERSION_FEATURES 01874 01875 /** 01876 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01877 * 01878 * If set, the X509 parser will not break-off when parsing an X509 certificate 01879 * and encountering an extension in a v1 or v2 certificate. 01880 * 01881 * Uncomment to prevent an error. 01882 */ 01883 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01884 01885 /** 01886 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01887 * 01888 * If set, the X509 parser will not break-off when parsing an X509 certificate 01889 * and encountering an unknown critical extension. 01890 * 01891 * \warning Depending on your PKI use, enabling this can be a security risk! 01892 * 01893 * Uncomment to prevent an error. 01894 */ 01895 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01896 01897 /** 01898 * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 01899 * 01900 * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` 01901 * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure 01902 * the set of trusted certificates through a callback instead of a linked 01903 * list. 01904 * 01905 * This is useful for example in environments where a large number of trusted 01906 * certificates is present and storing them in a linked list isn't efficient 01907 * enough, or when the set of trusted certificates changes frequently. 01908 * 01909 * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and 01910 * `mbedtls_ssl_conf_ca_cb()` for more information. 01911 * 01912 * Uncomment to enable trusted certificate callbacks. 01913 */ 01914 //#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 01915 01916 /** 01917 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01918 * 01919 * Enable verification of the keyUsage extension (CA and leaf certificates). 01920 * 01921 * Disabling this avoids problems with mis-issued and/or misused 01922 * (intermediate) CA and leaf certificates. 01923 * 01924 * \warning Depending on your PKI use, disabling this can be a security risk! 01925 * 01926 * Comment to skip keyUsage checking for both CA and leaf certificates. 01927 */ 01928 #define MBEDTLS_X509_CHECK_KEY_USAGE 01929 01930 /** 01931 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01932 * 01933 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01934 * 01935 * Disabling this avoids problems with mis-issued and/or misused certificates. 01936 * 01937 * \warning Depending on your PKI use, disabling this can be a security risk! 01938 * 01939 * Comment to skip extendedKeyUsage checking for certificates. 01940 */ 01941 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01942 01943 /** 01944 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01945 * 01946 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01947 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01948 * 01949 * Comment this macro to disallow using RSASSA-PSS in certificates. 01950 */ 01951 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01952 01953 /** 01954 * \def MBEDTLS_ZLIB_SUPPORT 01955 * 01956 * If set, the SSL/TLS module uses ZLIB to support compression and 01957 * decompression of packet data. 01958 * 01959 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01960 * CRIME attack. Before enabling this option, you should examine with care if 01961 * CRIME or similar exploits may be applicable to your use case. 01962 * 01963 * \note Currently compression can't be used with DTLS. 01964 * 01965 * \deprecated This feature is deprecated and will be removed 01966 * in the next major revision of the library. 01967 * 01968 * Used in: library/ssl_tls.c 01969 * library/ssl_cli.c 01970 * library/ssl_srv.c 01971 * 01972 * This feature requires zlib library and headers to be present. 01973 * 01974 * Uncomment to enable use of ZLIB 01975 */ 01976 //#define MBEDTLS_ZLIB_SUPPORT 01977 /* \} name SECTION: mbed TLS feature support */ 01978 01979 /** 01980 * \name SECTION: mbed TLS modules 01981 * 01982 * This section enables or disables entire modules in mbed TLS 01983 * \{ 01984 */ 01985 01986 /** 01987 * \def MBEDTLS_AESNI_C 01988 * 01989 * Enable AES-NI support on x86-64. 01990 * 01991 * Module: library/aesni.c 01992 * Caller: library/aes.c 01993 * 01994 * Requires: MBEDTLS_HAVE_ASM 01995 * 01996 * This modules adds support for the AES-NI instructions on x86-64 01997 */ 01998 //#define MBEDTLS_AESNI_C 01999 02000 /** 02001 * \def MBEDTLS_AES_C 02002 * 02003 * Enable the AES block cipher. 02004 * 02005 * Module: library/aes.c 02006 * Caller: library/cipher.c 02007 * library/pem.c 02008 * library/ctr_drbg.c 02009 * 02010 * This module enables the following ciphersuites (if other requisites are 02011 * enabled as well): 02012 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 02013 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 02014 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 02015 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 02016 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 02017 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 02018 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 02019 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 02020 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 02021 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 02022 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 02023 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 02024 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 02025 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 02026 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 02027 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 02028 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 02029 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 02030 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 02031 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 02032 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 02033 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02034 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 02035 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 02036 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 02037 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 02038 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 02039 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 02040 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 02041 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 02042 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 02043 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 02044 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 02045 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 02046 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 02047 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 02048 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 02049 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 02050 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 02051 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 02052 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 02053 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 02054 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 02055 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 02056 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 02057 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 02058 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 02059 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 02060 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 02061 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 02062 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 02063 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 02064 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 02065 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 02066 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 02067 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 02068 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 02069 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 02070 * 02071 * PEM_PARSE uses AES for decrypting encrypted keys. 02072 */ 02073 #define MBEDTLS_AES_C 02074 02075 /** 02076 * \def MBEDTLS_ARC4_C 02077 * 02078 * Enable the ARCFOUR stream cipher. 02079 * 02080 * Module: library/arc4.c 02081 * Caller: library/cipher.c 02082 * 02083 * This module enables the following ciphersuites (if other requisites are 02084 * enabled as well): 02085 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 02086 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 02087 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 02088 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 02089 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 02090 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 02091 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 02092 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 02093 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 02094 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 02095 * 02096 * \warning ARC4 is considered a weak cipher and its use constitutes a 02097 * security risk. If possible, we recommend avoidng dependencies on 02098 * it, and considering stronger ciphers instead. 02099 * 02100 */ 02101 //#define MBEDTLS_ARC4_C 02102 02103 /** 02104 * \def MBEDTLS_ASN1_PARSE_C 02105 * 02106 * Enable the generic ASN1 parser. 02107 * 02108 * Module: library/asn1.c 02109 * Caller: library/x509.c 02110 * library/dhm.c 02111 * library/pkcs12.c 02112 * library/pkcs5.c 02113 * library/pkparse.c 02114 */ 02115 #define MBEDTLS_ASN1_PARSE_C 02116 02117 /** 02118 * \def MBEDTLS_ASN1_WRITE_C 02119 * 02120 * Enable the generic ASN1 writer. 02121 * 02122 * Module: library/asn1write.c 02123 * Caller: library/ecdsa.c 02124 * library/pkwrite.c 02125 * library/x509_create.c 02126 * library/x509write_crt.c 02127 * library/x509write_csr.c 02128 */ 02129 #define MBEDTLS_ASN1_WRITE_C 02130 02131 /** 02132 * \def MBEDTLS_BASE64_C 02133 * 02134 * Enable the Base64 module. 02135 * 02136 * Module: library/base64.c 02137 * Caller: library/pem.c 02138 * 02139 * This module is required for PEM support (required by X.509). 02140 */ 02141 #define MBEDTLS_BASE64_C 02142 02143 /** 02144 * \def MBEDTLS_BIGNUM_C 02145 * 02146 * Enable the multi-precision integer library. 02147 * 02148 * Module: library/bignum.c 02149 * Caller: library/dhm.c 02150 * library/ecp.c 02151 * library/ecdsa.c 02152 * library/rsa.c 02153 * library/rsa_internal.c 02154 * library/ssl_tls.c 02155 * 02156 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 02157 */ 02158 #define MBEDTLS_BIGNUM_C 02159 02160 /** 02161 * \def MBEDTLS_BLOWFISH_C 02162 * 02163 * Enable the Blowfish block cipher. 02164 * 02165 * Module: library/blowfish.c 02166 */ 02167 //#define MBEDTLS_BLOWFISH_C 02168 02169 /** 02170 * \def MBEDTLS_CAMELLIA_C 02171 * 02172 * Enable the Camellia block cipher. 02173 * 02174 * Module: library/camellia.c 02175 * Caller: library/cipher.c 02176 * 02177 * This module enables the following ciphersuites (if other requisites are 02178 * enabled as well): 02179 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 02180 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 02181 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 02182 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 02183 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 02184 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 02185 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 02186 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 02187 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 02188 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 02189 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 02190 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 02191 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 02192 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 02193 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 02194 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 02195 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 02196 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 02197 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 02198 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 02199 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 02200 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 02201 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 02202 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 02203 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 02204 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 02205 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 02206 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 02207 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 02208 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 02209 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 02210 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 02211 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 02212 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 02213 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 02214 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 02215 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 02216 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 02217 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 02218 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 02219 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 02220 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 02221 */ 02222 //#define MBEDTLS_CAMELLIA_C 02223 02224 /** 02225 * \def MBEDTLS_ARIA_C 02226 * 02227 * Enable the ARIA block cipher. 02228 * 02229 * Module: library/aria.c 02230 * Caller: library/cipher.c 02231 * 02232 * This module enables the following ciphersuites (if other requisites are 02233 * enabled as well): 02234 * 02235 * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 02236 * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 02237 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 02238 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 02239 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 02240 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 02241 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 02242 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 02243 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 02244 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 02245 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 02246 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 02247 * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 02248 * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 02249 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 02250 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 02251 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 02252 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 02253 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 02254 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 02255 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 02256 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 02257 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 02258 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 02259 * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 02260 * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 02261 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 02262 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 02263 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 02264 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 02265 * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 02266 * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 02267 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 02268 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 02269 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 02270 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 02271 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 02272 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 02273 */ 02274 //#define MBEDTLS_ARIA_C 02275 02276 /** 02277 * \def MBEDTLS_CCM_C 02278 * 02279 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 02280 * 02281 * Module: library/ccm.c 02282 * 02283 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 02284 * 02285 * This module enables the AES-CCM ciphersuites, if other requisites are 02286 * enabled as well. 02287 */ 02288 #define MBEDTLS_CCM_C 02289 02290 /** 02291 * \def MBEDTLS_CERTS_C 02292 * 02293 * Enable the test certificates. 02294 * 02295 * Module: library/certs.c 02296 * Caller: 02297 * 02298 * This module is used for testing (ssl_client/server). 02299 */ 02300 #define MBEDTLS_CERTS_C 02301 02302 /** 02303 * \def MBEDTLS_CHACHA20_C 02304 * 02305 * Enable the ChaCha20 stream cipher. 02306 * 02307 * Module: library/chacha20.c 02308 */ 02309 #define MBEDTLS_CHACHA20_C 02310 02311 /** 02312 * \def MBEDTLS_CHACHAPOLY_C 02313 * 02314 * Enable the ChaCha20-Poly1305 AEAD algorithm. 02315 * 02316 * Module: library/chachapoly.c 02317 * 02318 * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C 02319 */ 02320 #define MBEDTLS_CHACHAPOLY_C 02321 02322 /** 02323 * \def MBEDTLS_CIPHER_C 02324 * 02325 * Enable the generic cipher layer. 02326 * 02327 * Module: library/cipher.c 02328 * Caller: library/ssl_tls.c 02329 * 02330 * Uncomment to enable generic cipher wrappers. 02331 */ 02332 #define MBEDTLS_CIPHER_C 02333 02334 /** 02335 * \def MBEDTLS_CMAC_C 02336 * 02337 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 02338 * ciphers. 02339 * 02340 * Module: library/cmac.c 02341 * 02342 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 02343 * 02344 */ 02345 #define MBEDTLS_CMAC_C 02346 02347 /** 02348 * \def MBEDTLS_CTR_DRBG_C 02349 * 02350 * Enable the CTR_DRBG AES-based random generator. 02351 * The CTR_DRBG generator uses AES-256 by default. 02352 * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below. 02353 * 02354 * Module: library/ctr_drbg.c 02355 * Caller: 02356 * 02357 * Requires: MBEDTLS_AES_C 02358 * 02359 * This module provides the CTR_DRBG AES random number generator. 02360 */ 02361 #define MBEDTLS_CTR_DRBG_C 02362 02363 /** 02364 * \def MBEDTLS_DEBUG_C 02365 * 02366 * Enable the debug functions. 02367 * 02368 * Module: library/debug.c 02369 * Caller: library/ssl_cli.c 02370 * library/ssl_srv.c 02371 * library/ssl_tls.c 02372 * 02373 * This module provides debugging functions. 02374 */ 02375 #define MBEDTLS_DEBUG_C 02376 02377 /** 02378 * \def MBEDTLS_DES_C 02379 * 02380 * Enable the DES block cipher. 02381 * 02382 * Module: library/des.c 02383 * Caller: library/pem.c 02384 * library/cipher.c 02385 * 02386 * This module enables the following ciphersuites (if other requisites are 02387 * enabled as well): 02388 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 02389 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 02390 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 02391 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 02392 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 02393 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 02394 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 02395 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 02396 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 02397 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 02398 * 02399 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 02400 * 02401 * \warning DES is considered a weak cipher and its use constitutes a 02402 * security risk. We recommend considering stronger ciphers instead. 02403 */ 02404 //#define MBEDTLS_DES_C 02405 02406 /** 02407 * \def MBEDTLS_DHM_C 02408 * 02409 * Enable the Diffie-Hellman-Merkle module. 02410 * 02411 * Module: library/dhm.c 02412 * Caller: library/ssl_cli.c 02413 * library/ssl_srv.c 02414 * 02415 * This module is used by the following key exchanges: 02416 * DHE-RSA, DHE-PSK 02417 * 02418 * \warning Using DHE constitutes a security risk as it 02419 * is not possible to validate custom DH parameters. 02420 * If possible, it is recommended users should consider 02421 * preferring other methods of key exchange. 02422 * See dhm.h for more details. 02423 * 02424 */ 02425 //#define MBEDTLS_DHM_C 02426 02427 /** 02428 * \def MBEDTLS_ECDH_C 02429 * 02430 * Enable the elliptic curve Diffie-Hellman library. 02431 * 02432 * Module: library/ecdh.c 02433 * Caller: library/ssl_cli.c 02434 * library/ssl_srv.c 02435 * 02436 * This module is used by the following key exchanges: 02437 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 02438 * 02439 * Requires: MBEDTLS_ECP_C 02440 */ 02441 #define MBEDTLS_ECDH_C 02442 02443 /** 02444 * \def MBEDTLS_ECDSA_C 02445 * 02446 * Enable the elliptic curve DSA library. 02447 * 02448 * Module: library/ecdsa.c 02449 * Caller: 02450 * 02451 * This module is used by the following key exchanges: 02452 * ECDHE-ECDSA 02453 * 02454 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 02455 */ 02456 #define MBEDTLS_ECDSA_C 02457 02458 /** 02459 * \def MBEDTLS_ECJPAKE_C 02460 * 02461 * Enable the elliptic curve J-PAKE library. 02462 * 02463 * \warning This is currently experimental. EC J-PAKE support is based on the 02464 * Thread v1.0.0 specification; incompatible changes to the specification 02465 * might still happen. For this reason, this is disabled by default. 02466 * 02467 * Module: library/ecjpake.c 02468 * Caller: 02469 * 02470 * This module is used by the following key exchanges: 02471 * ECJPAKE 02472 * 02473 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 02474 */ 02475 //#define MBEDTLS_ECJPAKE_C 02476 02477 /** 02478 * \def MBEDTLS_ECP_C 02479 * 02480 * Enable the elliptic curve over GF(p) library. 02481 * 02482 * Module: library/ecp.c 02483 * Caller: library/ecdh.c 02484 * library/ecdsa.c 02485 * library/ecjpake.c 02486 * 02487 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 02488 */ 02489 #define MBEDTLS_ECP_C 02490 02491 /** 02492 * \def MBEDTLS_ENTROPY_C 02493 * 02494 * Enable the platform-specific entropy code. 02495 * 02496 * Module: library/entropy.c 02497 * Caller: 02498 * 02499 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 02500 * 02501 * This module provides a generic entropy pool 02502 */ 02503 #define MBEDTLS_ENTROPY_C 02504 02505 /** 02506 * \def MBEDTLS_ERROR_C 02507 * 02508 * Enable error code to error string conversion. 02509 * 02510 * Module: library/error.c 02511 * Caller: 02512 * 02513 * This module enables mbedtls_strerror(). 02514 */ 02515 #define MBEDTLS_ERROR_C 02516 02517 /** 02518 * \def MBEDTLS_GCM_C 02519 * 02520 * Enable the Galois/Counter Mode (GCM) for AES. 02521 * 02522 * Module: library/gcm.c 02523 * 02524 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 02525 * 02526 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 02527 * requisites are enabled as well. 02528 */ 02529 #define MBEDTLS_GCM_C 02530 02531 /** 02532 * \def MBEDTLS_HAVEGE_C 02533 * 02534 * Enable the HAVEGE random generator. 02535 * 02536 * Warning: the HAVEGE random generator is not suitable for virtualized 02537 * environments 02538 * 02539 * Warning: the HAVEGE random generator is dependent on timing and specific 02540 * processor traits. It is therefore not advised to use HAVEGE as 02541 * your applications primary random generator or primary entropy pool 02542 * input. As a secondary input to your entropy pool, it IS able add 02543 * the (limited) extra entropy it provides. 02544 * 02545 * Module: library/havege.c 02546 * Caller: 02547 * 02548 * Requires: MBEDTLS_TIMING_C 02549 * 02550 * Uncomment to enable the HAVEGE random generator. 02551 */ 02552 //#define MBEDTLS_HAVEGE_C 02553 02554 /** 02555 * \def MBEDTLS_HKDF_C 02556 * 02557 * Enable the HKDF algorithm (RFC 5869). 02558 * 02559 * Module: library/hkdf.c 02560 * Caller: 02561 * 02562 * Requires: MBEDTLS_MD_C 02563 * 02564 * This module adds support for the Hashed Message Authentication Code 02565 * (HMAC)-based key derivation function (HKDF). 02566 */ 02567 #define MBEDTLS_HKDF_C 02568 02569 /** 02570 * \def MBEDTLS_HMAC_DRBG_C 02571 * 02572 * Enable the HMAC_DRBG random generator. 02573 * 02574 * Module: library/hmac_drbg.c 02575 * Caller: 02576 * 02577 * Requires: MBEDTLS_MD_C 02578 * 02579 * Uncomment to enable the HMAC_DRBG random number geerator. 02580 */ 02581 #define MBEDTLS_HMAC_DRBG_C 02582 02583 /** 02584 * \def MBEDTLS_NIST_KW_C 02585 * 02586 * Enable the Key Wrapping mode for 128-bit block ciphers, 02587 * as defined in NIST SP 800-38F. Only KW and KWP modes 02588 * are supported. At the moment, only AES is approved by NIST. 02589 * 02590 * Module: library/nist_kw.c 02591 * 02592 * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C 02593 */ 02594 //#define MBEDTLS_NIST_KW_C 02595 02596 /** 02597 * \def MBEDTLS_MD_C 02598 * 02599 * Enable the generic message digest layer. 02600 * 02601 * Module: library/md.c 02602 * Caller: 02603 * 02604 * Uncomment to enable generic message digest wrappers. 02605 */ 02606 #define MBEDTLS_MD_C 02607 02608 /** 02609 * \def MBEDTLS_MD2_C 02610 * 02611 * Enable the MD2 hash algorithm. 02612 * 02613 * Module: library/md2.c 02614 * Caller: 02615 * 02616 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 02617 * 02618 * \warning MD2 is considered a weak message digest and its use constitutes a 02619 * security risk. If possible, we recommend avoiding dependencies on 02620 * it, and considering stronger message digests instead. 02621 * 02622 */ 02623 //#define MBEDTLS_MD2_C 02624 02625 /** 02626 * \def MBEDTLS_MD4_C 02627 * 02628 * Enable the MD4 hash algorithm. 02629 * 02630 * Module: library/md4.c 02631 * Caller: 02632 * 02633 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 02634 * 02635 * \warning MD4 is considered a weak message digest and its use constitutes a 02636 * security risk. If possible, we recommend avoiding dependencies on 02637 * it, and considering stronger message digests instead. 02638 * 02639 */ 02640 //#define MBEDTLS_MD4_C 02641 02642 /** 02643 * \def MBEDTLS_MD5_C 02644 * 02645 * Enable the MD5 hash algorithm. 02646 * 02647 * Module: library/md5.c 02648 * Caller: library/md.c 02649 * library/pem.c 02650 * library/ssl_tls.c 02651 * 02652 * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2 02653 * depending on the handshake parameters. Further, it is used for checking 02654 * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded 02655 * encrypted keys. 02656 * 02657 * \warning MD5 is considered a weak message digest and its use constitutes a 02658 * security risk. If possible, we recommend avoiding dependencies on 02659 * it, and considering stronger message digests instead. 02660 * 02661 */ 02662 //#define MBEDTLS_MD5_C 02663 02664 /** 02665 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 02666 * 02667 * Enable the buffer allocator implementation that makes use of a (stack) 02668 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 02669 * calls) 02670 * 02671 * Module: library/memory_buffer_alloc.c 02672 * 02673 * Requires: MBEDTLS_PLATFORM_C 02674 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 02675 * 02676 * Enable this module to enable the buffer memory allocator. 02677 */ 02678 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 02679 02680 /** 02681 * \def MBEDTLS_NET_C 02682 * 02683 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 02684 * 02685 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 02686 * and Windows. For other platforms, you'll want to disable it, and write your 02687 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 02688 * 02689 * \note See also our Knowledge Base article about porting to a new 02690 * environment: 02691 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02692 * 02693 * Module: library/net_sockets.c 02694 * 02695 * This module provides networking routines. 02696 */ 02697 //#define MBEDTLS_NET_C 02698 02699 /** 02700 * \def MBEDTLS_OID_C 02701 * 02702 * Enable the OID database. 02703 * 02704 * Module: library/oid.c 02705 * Caller: library/asn1write.c 02706 * library/pkcs5.c 02707 * library/pkparse.c 02708 * library/pkwrite.c 02709 * library/rsa.c 02710 * library/x509.c 02711 * library/x509_create.c 02712 * library/x509_crl.c 02713 * library/x509_crt.c 02714 * library/x509_csr.c 02715 * library/x509write_crt.c 02716 * library/x509write_csr.c 02717 * 02718 * This modules translates between OIDs and internal values. 02719 */ 02720 #define MBEDTLS_OID_C 02721 02722 /** 02723 * \def MBEDTLS_PADLOCK_C 02724 * 02725 * Enable VIA Padlock support on x86. 02726 * 02727 * Module: library/padlock.c 02728 * Caller: library/aes.c 02729 * 02730 * Requires: MBEDTLS_HAVE_ASM 02731 * 02732 * This modules adds support for the VIA PadLock on x86. 02733 */ 02734 //#define MBEDTLS_PADLOCK_C 02735 02736 /** 02737 * \def MBEDTLS_PEM_PARSE_C 02738 * 02739 * Enable PEM decoding / parsing. 02740 * 02741 * Module: library/pem.c 02742 * Caller: library/dhm.c 02743 * library/pkparse.c 02744 * library/x509_crl.c 02745 * library/x509_crt.c 02746 * library/x509_csr.c 02747 * 02748 * Requires: MBEDTLS_BASE64_C 02749 * 02750 * This modules adds support for decoding / parsing PEM files. 02751 */ 02752 #define MBEDTLS_PEM_PARSE_C 02753 02754 /** 02755 * \def MBEDTLS_PEM_WRITE_C 02756 * 02757 * Enable PEM encoding / writing. 02758 * 02759 * Module: library/pem.c 02760 * Caller: library/pkwrite.c 02761 * library/x509write_crt.c 02762 * library/x509write_csr.c 02763 * 02764 * Requires: MBEDTLS_BASE64_C 02765 * 02766 * This modules adds support for encoding / writing PEM files. 02767 */ 02768 //#define MBEDTLS_PEM_WRITE_C 02769 02770 /** 02771 * \def MBEDTLS_PK_C 02772 * 02773 * Enable the generic public (asymetric) key layer. 02774 * 02775 * Module: library/pk.c 02776 * Caller: library/ssl_tls.c 02777 * library/ssl_cli.c 02778 * library/ssl_srv.c 02779 * 02780 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02781 * 02782 * Uncomment to enable generic public key wrappers. 02783 */ 02784 #define MBEDTLS_PK_C 02785 02786 /** 02787 * \def MBEDTLS_PK_PARSE_C 02788 * 02789 * Enable the generic public (asymetric) key parser. 02790 * 02791 * Module: library/pkparse.c 02792 * Caller: library/x509_crt.c 02793 * library/x509_csr.c 02794 * 02795 * Requires: MBEDTLS_PK_C 02796 * 02797 * Uncomment to enable generic public key parse functions. 02798 */ 02799 #define MBEDTLS_PK_PARSE_C 02800 02801 /** 02802 * \def MBEDTLS_PK_WRITE_C 02803 * 02804 * Enable the generic public (asymetric) key writer. 02805 * 02806 * Module: library/pkwrite.c 02807 * Caller: library/x509write.c 02808 * 02809 * Requires: MBEDTLS_PK_C 02810 * 02811 * Uncomment to enable generic public key write functions. 02812 */ 02813 #define MBEDTLS_PK_WRITE_C 02814 02815 /** 02816 * \def MBEDTLS_PKCS5_C 02817 * 02818 * Enable PKCS#5 functions. 02819 * 02820 * Module: library/pkcs5.c 02821 * 02822 * Requires: MBEDTLS_MD_C 02823 * 02824 * This module adds support for the PKCS#5 functions. 02825 */ 02826 //#define MBEDTLS_PKCS5_C 02827 02828 /** 02829 * \def MBEDTLS_PKCS11_C 02830 * 02831 * Enable wrapper for PKCS#11 smartcard support. 02832 * 02833 * Module: library/pkcs11.c 02834 * Caller: library/pk.c 02835 * 02836 * Requires: MBEDTLS_PK_C 02837 * 02838 * This module enables SSL/TLS PKCS #11 smartcard support. 02839 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02840 */ 02841 //#define MBEDTLS_PKCS11_C 02842 02843 /** 02844 * \def MBEDTLS_PKCS12_C 02845 * 02846 * Enable PKCS#12 PBE functions. 02847 * Adds algorithms for parsing PKCS#8 encrypted private keys 02848 * 02849 * Module: library/pkcs12.c 02850 * Caller: library/pkparse.c 02851 * 02852 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02853 * Can use: MBEDTLS_ARC4_C 02854 * 02855 * This module enables PKCS#12 functions. 02856 */ 02857 //#define MBEDTLS_PKCS12_C 02858 02859 /** 02860 * \def MBEDTLS_PLATFORM_C 02861 * 02862 * Enable the platform abstraction layer that allows you to re-assign 02863 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02864 * 02865 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02866 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02867 * above to be specified at runtime or compile time respectively. 02868 * 02869 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02870 * as other module rely on it for a fixed snprintf implementation. 02871 * 02872 * Module: library/platform.c 02873 * Caller: Most other .c files 02874 * 02875 * This module enables abstraction of common (libc) functions. 02876 */ 02877 #define MBEDTLS_PLATFORM_C 02878 02879 /** 02880 * \def MBEDTLS_POLY1305_C 02881 * 02882 * Enable the Poly1305 MAC algorithm. 02883 * 02884 * Module: library/poly1305.c 02885 * Caller: library/chachapoly.c 02886 */ 02887 #define MBEDTLS_POLY1305_C 02888 02889 /** 02890 * \def MBEDTLS_PSA_CRYPTO_C 02891 * 02892 * Enable the Platform Security Architecture cryptography API. 02893 * 02894 * \warning The PSA Crypto API is still beta status. While you're welcome to 02895 * experiment using it, incompatible API changes are still possible, and some 02896 * parts may not have reached the same quality as the rest of Mbed TLS yet. 02897 * 02898 * Module: crypto/library/psa_crypto.c 02899 * 02900 * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C 02901 * 02902 */ 02903 #define MBEDTLS_PSA_CRYPTO_C 02904 02905 /** 02906 * \def MBEDTLS_PSA_CRYPTO_STORAGE_C 02907 * 02908 * Enable the Platform Security Architecture persistent key storage. 02909 * 02910 * Module: crypto/library/psa_crypto_storage.c 02911 * 02912 * Requires: MBEDTLS_PSA_CRYPTO_C, 02913 * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of 02914 * the PSA ITS interface 02915 */ 02916 //#define MBEDTLS_PSA_CRYPTO_STORAGE_C 02917 02918 /** 02919 * \def MBEDTLS_PSA_ITS_FILE_C 02920 * 02921 * Enable the emulation of the Platform Security Architecture 02922 * Internal Trusted Storage (PSA ITS) over files. 02923 * 02924 * Module: crypto/library/psa_its_file.c 02925 * 02926 * Requires: MBEDTLS_FS_IO 02927 * 02928 */ 02929 //#define MBEDTLS_PSA_ITS_FILE_C 02930 02931 /** 02932 * \def MBEDTLS_RIPEMD160_C 02933 * 02934 * Enable the RIPEMD-160 hash algorithm. 02935 * 02936 * Module: library/ripemd160.c 02937 * Caller: library/md.c 02938 * 02939 */ 02940 //#define MBEDTLS_RIPEMD160_C 02941 02942 /** 02943 * \def MBEDTLS_RSA_C 02944 * 02945 * Enable the RSA public-key cryptosystem. 02946 * 02947 * Module: library/rsa.c 02948 * library/rsa_internal.c 02949 * Caller: library/ssl_cli.c 02950 * library/ssl_srv.c 02951 * library/ssl_tls.c 02952 * library/x509.c 02953 * 02954 * This module is used by the following key exchanges: 02955 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02956 * 02957 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02958 */ 02959 #define MBEDTLS_RSA_C 02960 02961 /** 02962 * \def MBEDTLS_SHA1_C 02963 * 02964 * Enable the SHA1 cryptographic hash algorithm. 02965 * 02966 * Module: library/sha1.c 02967 * Caller: library/md.c 02968 * library/ssl_cli.c 02969 * library/ssl_srv.c 02970 * library/ssl_tls.c 02971 * library/x509write_crt.c 02972 * 02973 * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 02974 * depending on the handshake parameters, and for SHA1-signed certificates. 02975 * 02976 * \warning SHA-1 is considered a weak message digest and its use constitutes 02977 * a security risk. If possible, we recommend avoiding dependencies 02978 * on it, and considering stronger message digests instead. 02979 * 02980 */ 02981 //#define MBEDTLS_SHA1_C 02982 02983 /** 02984 * \def MBEDTLS_SHA256_C 02985 * 02986 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02987 * 02988 * Module: library/sha256.c 02989 * Caller: library/entropy.c 02990 * library/md.c 02991 * library/ssl_cli.c 02992 * library/ssl_srv.c 02993 * library/ssl_tls.c 02994 * 02995 * This module adds support for SHA-224 and SHA-256. 02996 * This module is required for the SSL/TLS 1.2 PRF function. 02997 */ 02998 #define MBEDTLS_SHA256_C 02999 03000 /** 03001 * \def MBEDTLS_SHA512_C 03002 * 03003 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 03004 * 03005 * Module: library/sha512.c 03006 * Caller: library/entropy.c 03007 * library/md.c 03008 * library/ssl_cli.c 03009 * library/ssl_srv.c 03010 * 03011 * This module adds support for SHA-384 and SHA-512. 03012 */ 03013 #define MBEDTLS_SHA512_C 03014 03015 /** 03016 * \def MBEDTLS_SSL_CACHE_C 03017 * 03018 * Enable simple SSL cache implementation. 03019 * 03020 * Module: library/ssl_cache.c 03021 * Caller: 03022 * 03023 * Requires: MBEDTLS_SSL_CACHE_C 03024 */ 03025 #define MBEDTLS_SSL_CACHE_C 03026 03027 /** 03028 * \def MBEDTLS_SSL_COOKIE_C 03029 * 03030 * Enable basic implementation of DTLS cookies for hello verification. 03031 * 03032 * Module: library/ssl_cookie.c 03033 * Caller: 03034 */ 03035 #define MBEDTLS_SSL_COOKIE_C 03036 03037 /** 03038 * \def MBEDTLS_SSL_TICKET_C 03039 * 03040 * Enable an implementation of TLS server-side callbacks for session tickets. 03041 * 03042 * Module: library/ssl_ticket.c 03043 * Caller: 03044 * 03045 * Requires: MBEDTLS_CIPHER_C 03046 */ 03047 #define MBEDTLS_SSL_TICKET_C 03048 03049 /** 03050 * \def MBEDTLS_SSL_CLI_C 03051 * 03052 * Enable the SSL/TLS client code. 03053 * 03054 * Module: library/ssl_cli.c 03055 * Caller: 03056 * 03057 * Requires: MBEDTLS_SSL_TLS_C 03058 * 03059 * This module is required for SSL/TLS client support. 03060 */ 03061 #define MBEDTLS_SSL_CLI_C 03062 03063 /** 03064 * \def MBEDTLS_SSL_SRV_C 03065 * 03066 * Enable the SSL/TLS server code. 03067 * 03068 * Module: library/ssl_srv.c 03069 * Caller: 03070 * 03071 * Requires: MBEDTLS_SSL_TLS_C 03072 * 03073 * This module is required for SSL/TLS server support. 03074 */ 03075 #define MBEDTLS_SSL_SRV_C 03076 03077 /** 03078 * \def MBEDTLS_SSL_TLS_C 03079 * 03080 * Enable the generic SSL/TLS code. 03081 * 03082 * Module: library/ssl_tls.c 03083 * Caller: library/ssl_cli.c 03084 * library/ssl_srv.c 03085 * 03086 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 03087 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 03088 * 03089 * This module is required for SSL/TLS. 03090 */ 03091 #define MBEDTLS_SSL_TLS_C 03092 03093 /** 03094 * \def MBEDTLS_THREADING_C 03095 * 03096 * Enable the threading abstraction layer. 03097 * By default mbed TLS assumes it is used in a non-threaded environment or that 03098 * contexts are not shared between threads. If you do intend to use contexts 03099 * between threads, you will need to enable this layer to prevent race 03100 * conditions. See also our Knowledge Base article about threading: 03101 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 03102 * 03103 * Module: library/threading.c 03104 * 03105 * This allows different threading implementations (self-implemented or 03106 * provided). 03107 * 03108 * You will have to enable either MBEDTLS_THREADING_ALT or 03109 * MBEDTLS_THREADING_PTHREAD. 03110 * 03111 * Enable this layer to allow use of mutexes within mbed TLS 03112 */ 03113 //#define MBEDTLS_THREADING_C 03114 03115 /** 03116 * \def MBEDTLS_TIMING_C 03117 * 03118 * Enable the semi-portable timing interface. 03119 * 03120 * \note The provided implementation only works on POSIX/Unix (including Linux, 03121 * BSD and OS X) and Windows. On other platforms, you can either disable that 03122 * module and provide your own implementations of the callbacks needed by 03123 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 03124 * your own implementation of the whole module by setting 03125 * \c MBEDTLS_TIMING_ALT in the current file. 03126 * 03127 * \note See also our Knowledge Base article about porting to a new 03128 * environment: 03129 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 03130 * 03131 * Module: library/timing.c 03132 * Caller: library/havege.c 03133 * 03134 * This module is used by the HAVEGE random number generator. 03135 */ 03136 //#define MBEDTLS_TIMING_C 03137 03138 /** 03139 * \def MBEDTLS_VERSION_C 03140 * 03141 * Enable run-time version information. 03142 * 03143 * Module: library/version.c 03144 * 03145 * This module provides run-time version information. 03146 */ 03147 #define MBEDTLS_VERSION_C 03148 03149 /** 03150 * \def MBEDTLS_X509_USE_C 03151 * 03152 * Enable X.509 core for using certificates. 03153 * 03154 * Module: library/x509.c 03155 * Caller: library/x509_crl.c 03156 * library/x509_crt.c 03157 * library/x509_csr.c 03158 * 03159 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 03160 * MBEDTLS_PK_PARSE_C 03161 * 03162 * This module is required for the X.509 parsing modules. 03163 */ 03164 #define MBEDTLS_X509_USE_C 03165 03166 /** 03167 * \def MBEDTLS_X509_CRT_PARSE_C 03168 * 03169 * Enable X.509 certificate parsing. 03170 * 03171 * Module: library/x509_crt.c 03172 * Caller: library/ssl_cli.c 03173 * library/ssl_srv.c 03174 * library/ssl_tls.c 03175 * 03176 * Requires: MBEDTLS_X509_USE_C 03177 * 03178 * This module is required for X.509 certificate parsing. 03179 */ 03180 #define MBEDTLS_X509_CRT_PARSE_C 03181 03182 /** 03183 * \def MBEDTLS_X509_CRL_PARSE_C 03184 * 03185 * Enable X.509 CRL parsing. 03186 * 03187 * Module: library/x509_crl.c 03188 * Caller: library/x509_crt.c 03189 * 03190 * Requires: MBEDTLS_X509_USE_C 03191 * 03192 * This module is required for X.509 CRL parsing. 03193 */ 03194 #define MBEDTLS_X509_CRL_PARSE_C 03195 03196 /** 03197 * \def MBEDTLS_X509_CSR_PARSE_C 03198 * 03199 * Enable X.509 Certificate Signing Request (CSR) parsing. 03200 * 03201 * Module: library/x509_csr.c 03202 * Caller: library/x509_crt_write.c 03203 * 03204 * Requires: MBEDTLS_X509_USE_C 03205 * 03206 * This module is used for reading X.509 certificate request. 03207 */ 03208 //#define MBEDTLS_X509_CSR_PARSE_C 03209 03210 /** 03211 * \def MBEDTLS_X509_CREATE_C 03212 * 03213 * Enable X.509 core for creating certificates. 03214 * 03215 * Module: library/x509_create.c 03216 * 03217 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 03218 * 03219 * This module is the basis for creating X.509 certificates and CSRs. 03220 */ 03221 //#define MBEDTLS_X509_CREATE_C 03222 03223 /** 03224 * \def MBEDTLS_X509_CRT_WRITE_C 03225 * 03226 * Enable creating X.509 certificates. 03227 * 03228 * Module: library/x509_crt_write.c 03229 * 03230 * Requires: MBEDTLS_X509_CREATE_C 03231 * 03232 * This module is required for X.509 certificate creation. 03233 */ 03234 //#define MBEDTLS_X509_CRT_WRITE_C 03235 03236 /** 03237 * \def MBEDTLS_X509_CSR_WRITE_C 03238 * 03239 * Enable creating X.509 Certificate Signing Requests (CSR). 03240 * 03241 * Module: library/x509_csr_write.c 03242 * 03243 * Requires: MBEDTLS_X509_CREATE_C 03244 * 03245 * This module is required for X.509 certificate request writing. 03246 */ 03247 //#define MBEDTLS_X509_CSR_WRITE_C 03248 03249 /** 03250 * \def MBEDTLS_XTEA_C 03251 * 03252 * Enable the XTEA block cipher. 03253 * 03254 * Module: library/xtea.c 03255 * Caller: 03256 */ 03257 //#define MBEDTLS_XTEA_C 03258 03259 /* \} name SECTION: mbed TLS modules */ 03260 03261 /** 03262 * \name SECTION: Module configuration options 03263 * 03264 * This section allows for the setting of module specific sizes and 03265 * configuration options. The default values are already present in the 03266 * relevant header files and should suffice for the regular use cases. 03267 * 03268 * Our advice is to enable options and change their values here 03269 * only if you have a good reason and know the consequences. 03270 * 03271 * Please check the respective header file for documentation on these 03272 * parameters (to prevent duplicate documentation). 03273 * \{ 03274 */ 03275 03276 /* MPI / BIGNUM options */ 03277 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 03278 #define MBEDTLS_MPI_MAX_SIZE 512 03279 03280 /* CTR_DRBG options */ 03281 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 03282 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 03283 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 03284 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 03285 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 03286 //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */ 03287 03288 /* HMAC_DRBG options */ 03289 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 03290 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 03291 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 03292 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 03293 03294 /* ECP options */ 03295 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 03296 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 03297 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 03298 03299 /* Entropy options */ 03300 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 03301 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 03302 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 03303 03304 /* Memory buffer allocator options */ 03305 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 03306 03307 /* Platform options */ 03308 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 03309 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 03310 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 03311 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 03312 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 03313 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 03314 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 03315 /* Note: your snprintf must correctly zero-terminate the buffer! */ 03316 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 03317 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 03318 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 03319 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 03320 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 03321 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 03322 03323 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 03324 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 03325 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 03326 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 03327 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 03328 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 03329 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 03330 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 03331 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 03332 /* Note: your snprintf must correctly zero-terminate the buffer! */ 03333 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 03334 //#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */ 03335 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 03336 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 03337 03338 /** 03339 * \brief This macro is invoked by the library when an invalid parameter 03340 * is detected that is only checked with #MBEDTLS_CHECK_PARAMS 03341 * (see the documentation of that option for context). 03342 * 03343 * When you leave this undefined here, the library provides 03344 * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT 03345 * is defined, the default definition is `assert(cond)`, 03346 * otherwise the default definition calls a function 03347 * mbedtls_param_failed(). This function is declared in 03348 * `platform_util.h` for the benefit of the library, but 03349 * you need to define in your application. 03350 * 03351 * When you define this here, this replaces the default 03352 * definition in platform_util.h (which no longer declares the 03353 * function mbedtls_param_failed()) and it is your responsibility 03354 * to make sure this macro expands to something suitable (in 03355 * particular, that all the necessary declarations are visible 03356 * from within the library - you can ensure that by providing 03357 * them in this file next to the macro definition). 03358 * If you define this macro to call `assert`, also define 03359 * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files 03360 * include `<assert.h>`. 03361 * 03362 * Note that you may define this macro to expand to nothing, in 03363 * which case you don't have to worry about declarations or 03364 * definitions. However, you will then be notified about invalid 03365 * parameters only in non-void functions, and void function will 03366 * just silently return early on invalid parameters, which 03367 * partially negates the benefits of enabling 03368 * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. 03369 * 03370 * \param cond The expression that should evaluate to true, but doesn't. 03371 */ 03372 //#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) 03373 03374 /* SSL Cache options */ 03375 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 03376 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 03377 03378 /* SSL options */ 03379 03380 /** \def MBEDTLS_SSL_MAX_CONTENT_LEN 03381 * 03382 * Maximum length (in bytes) of incoming and outgoing plaintext fragments. 03383 * 03384 * This determines the size of both the incoming and outgoing TLS I/O buffers 03385 * in such a way that both are capable of holding the specified amount of 03386 * plaintext data, regardless of the protection mechanism used. 03387 * 03388 * To configure incoming and outgoing I/O buffers separately, use 03389 * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN, 03390 * which overwrite the value set by this option. 03391 * 03392 * \note When using a value less than the default of 16KB on the client, it is 03393 * recommended to use the Maximum Fragment Length (MFL) extension to 03394 * inform the server about this limitation. On the server, there 03395 * is no supported, standardized way of informing the client about 03396 * restriction on the maximum size of incoming messages, and unless 03397 * the limitation has been communicated by other means, it is recommended 03398 * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN 03399 * while keeping the default value of 16KB for the incoming buffer. 03400 * 03401 * Uncomment to set the maximum plaintext size of both 03402 * incoming and outgoing I/O buffers. 03403 */ 03404 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 03405 03406 /** \def MBEDTLS_SSL_IN_CONTENT_LEN 03407 * 03408 * Maximum length (in bytes) of incoming plaintext fragments. 03409 * 03410 * This determines the size of the incoming TLS I/O buffer in such a way 03411 * that it is capable of holding the specified amount of plaintext data, 03412 * regardless of the protection mechanism used. 03413 * 03414 * If this option is undefined, it inherits its value from 03415 * #MBEDTLS_SSL_MAX_CONTENT_LEN. 03416 * 03417 * \note When using a value less than the default of 16KB on the client, it is 03418 * recommended to use the Maximum Fragment Length (MFL) extension to 03419 * inform the server about this limitation. On the server, there 03420 * is no supported, standardized way of informing the client about 03421 * restriction on the maximum size of incoming messages, and unless 03422 * the limitation has been communicated by other means, it is recommended 03423 * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN 03424 * while keeping the default value of 16KB for the incoming buffer. 03425 * 03426 * Uncomment to set the maximum plaintext size of the incoming I/O buffer 03427 * independently of the outgoing I/O buffer. 03428 */ 03429 //#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 03430 03431 /** \def MBEDTLS_SSL_CID_IN_LEN_MAX 03432 * 03433 * The maximum length of CIDs used for incoming DTLS messages. 03434 * 03435 */ 03436 //#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 03437 03438 /** \def MBEDTLS_SSL_CID_OUT_LEN_MAX 03439 * 03440 * The maximum length of CIDs used for outgoing DTLS messages. 03441 * 03442 */ 03443 //#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 03444 03445 /** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY 03446 * 03447 * This option controls the use of record plaintext padding 03448 * when using the Connection ID extension in DTLS 1.2. 03449 * 03450 * The padding will always be chosen so that the length of the 03451 * padded plaintext is a multiple of the value of this option. 03452 * 03453 * Note: A value of \c 1 means that no padding will be used 03454 * for outgoing records. 03455 * 03456 * Note: On systems lacking division instructions, 03457 * a power of two should be preferred. 03458 * 03459 */ 03460 //#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 03461 03462 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN 03463 * 03464 * Maximum length (in bytes) of outgoing plaintext fragments. 03465 * 03466 * This determines the size of the outgoing TLS I/O buffer in such a way 03467 * that it is capable of holding the specified amount of plaintext data, 03468 * regardless of the protection mechanism used. 03469 * 03470 * If this option undefined, it inherits its value from 03471 * #MBEDTLS_SSL_MAX_CONTENT_LEN. 03472 * 03473 * It is possible to save RAM by setting a smaller outward buffer, while keeping 03474 * the default inward 16384 byte buffer to conform to the TLS specification. 03475 * 03476 * The minimum required outward buffer size is determined by the handshake 03477 * protocol's usage. Handshaking will fail if the outward buffer is too small. 03478 * The specific size requirement depends on the configured ciphers and any 03479 * certificate data which is sent during the handshake. 03480 * 03481 * Uncomment to set the maximum plaintext size of the outgoing I/O buffer 03482 * independently of the incoming I/O buffer. 03483 */ 03484 //#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 03485 03486 /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING 03487 * 03488 * Maximum number of heap-allocated bytes for the purpose of 03489 * DTLS handshake message reassembly and future message buffering. 03490 * 03491 * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN 03492 * to account for a reassembled handshake message of maximum size, 03493 * together with its reassembly bitmap. 03494 * 03495 * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) 03496 * should be sufficient for all practical situations as it allows 03497 * to reassembly a large handshake message (such as a certificate) 03498 * while buffering multiple smaller handshake messages. 03499 * 03500 */ 03501 //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 03502 03503 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 03504 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 03505 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 03506 03507 /** 03508 * Complete list of ciphersuites to use, in order of preference. 03509 * 03510 * \warning No dependency checking is done on that field! This option can only 03511 * be used to restrict the set of available ciphersuites. It is your 03512 * responsibility to make sure the needed modules are active. 03513 * 03514 * Use this to save a few hundred bytes of ROM (default ordering of all 03515 * available ciphersuites) and a few to a few hundred bytes of RAM. 03516 * 03517 * The value below is only an example, not the default. 03518 */ 03519 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 03520 03521 /* X509 options */ 03522 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 03523 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 03524 03525 /** 03526 * Allow SHA-1 in the default TLS configuration for certificate signing. 03527 * Without this build-time option, SHA-1 support must be activated explicitly 03528 * through mbedtls_ssl_conf_cert_profile. Turning on this option is not 03529 * recommended because of it is possible to generate SHA-1 collisions, however 03530 * this may be safe for legacy infrastructure where additional controls apply. 03531 * 03532 * \warning SHA-1 is considered a weak message digest and its use constitutes 03533 * a security risk. If possible, we recommend avoiding dependencies 03534 * on it, and considering stronger message digests instead. 03535 * 03536 */ 03537 //#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 03538 03539 /** 03540 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake 03541 * signature and ciphersuite selection. Without this build-time option, SHA-1 03542 * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. 03543 * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by 03544 * default. At the time of writing, there is no practical attack on the use 03545 * of SHA-1 in handshake signatures, hence this option is turned on by default 03546 * to preserve compatibility with existing peers, but the general 03547 * warning applies nonetheless: 03548 * 03549 * \warning SHA-1 is considered a weak message digest and its use constitutes 03550 * a security risk. If possible, we recommend avoiding dependencies 03551 * on it, and considering stronger message digests instead. 03552 * 03553 */ 03554 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE 03555 03556 /** 03557 * Uncomment the macro to let mbed TLS use your alternate implementation of 03558 * mbedtls_platform_zeroize(). This replaces the default implementation in 03559 * platform_util.c. 03560 * 03561 * mbedtls_platform_zeroize() is a widely used function across the library to 03562 * zero a block of memory. The implementation is expected to be secure in the 03563 * sense that it has been written to prevent the compiler from removing calls 03564 * to mbedtls_platform_zeroize() as part of redundant code elimination 03565 * optimizations. However, it is difficult to guarantee that calls to 03566 * mbedtls_platform_zeroize() will not be optimized by the compiler as older 03567 * versions of the C language standards do not provide a secure implementation 03568 * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to 03569 * configure their own implementation of mbedtls_platform_zeroize(), for 03570 * example by using directives specific to their compiler, features from newer 03571 * C standards (e.g using memset_s() in C11) or calling a secure memset() from 03572 * their system (e.g explicit_bzero() in BSD). 03573 */ 03574 //#define MBEDTLS_PLATFORM_ZEROIZE_ALT 03575 03576 /** 03577 * Uncomment the macro to let Mbed TLS use your alternate implementation of 03578 * mbedtls_platform_gmtime_r(). This replaces the default implementation in 03579 * platform_util.c. 03580 * 03581 * gmtime() is not a thread-safe function as defined in the C standard. The 03582 * library will try to use safer implementations of this function, such as 03583 * gmtime_r() when available. However, if Mbed TLS cannot identify the target 03584 * system, the implementation of mbedtls_platform_gmtime_r() will default to 03585 * using the standard gmtime(). In this case, calls from the library to 03586 * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex 03587 * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the 03588 * library are also guarded with this mutex to avoid race conditions. However, 03589 * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will 03590 * unconditionally use the implementation for mbedtls_platform_gmtime_r() 03591 * supplied at compile time. 03592 */ 03593 //#define MBEDTLS_PLATFORM_GMTIME_R_ALT 03594 03595 /** 03596 * Enable the verified implementations of ECDH primitives from Project Everest 03597 * (currently only Curve25519). This feature changes the layout of ECDH 03598 * contexts and therefore is a compatibility break for applications that access 03599 * fields of a mbedtls_ecdh_context structure directly. See also 03600 * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. 03601 */ 03602 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 03603 03604 /* \} name SECTION: Customisation configuration options */ 03605 03606 /* Target and application specific configurations 03607 * 03608 * Allow user to override any previous default. 03609 * 03610 */ 03611 #if defined(MBEDTLS_USER_CONFIG_FILE) 03612 #include MBEDTLS_USER_CONFIG_FILE 03613 #endif 03614 03615 #include "mbedtls/check_config.h" 03616 03617 #endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY && !MBEDTLS_ENTROPY_NV_SEED */ 03618 03619 #if defined(MBEDTLS_TEST_NULL_ENTROPY) 03620 #warning "MBEDTLS_TEST_NULL_ENTROPY has been enabled. This " \ 03621 "configuration is not secure and is not suitable for production use" 03622 #endif 03623 03624 #if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \ 03625 !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && !defined(MBEDTLS_ENTROPY_NV_SEED) 03626 #error "No entropy source was found at build time, so TLS " \ 03627 "functionality is not available" 03628 #endif 03629 03630 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 13:54:13 by
1.7.2