kimutai ngetich
getting location and activity
Embed:
(wiki syntax)
Show/hide line numbers
mbedtls_lora_config.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * This set of compile-time options may be used to enable 00007 * or disable features selectively, and reduce the global 00008 * memory footprint. 00009 * 00010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00011 * SPDX-License-Identifier: Apache-2.0 00012 * 00013 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00014 * not use this file except in compliance with the License. 00015 * You may obtain a copy of the License at 00016 * 00017 * http://www.apache.org/licenses/LICENSE-2.0 00018 * 00019 * Unless required by applicable law or agreed to in writing, software 00020 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00021 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00022 * See the License for the specific language governing permissions and 00023 * limitations under the License. 00024 * 00025 * This file is part of mbed TLS (https://tls.mbed.org) 00026 */ 00027 00028 #ifndef MBEDTLS_LORA_CONFIG_H 00029 #define MBEDTLS_LORA_CONFIG_H 00030 00031 /** 00032 * \name SECTION: System support 00033 * 00034 * This section sets system specific settings. 00035 * \{ 00036 */ 00037 00038 /** 00039 * \def MBEDTLS_HAVE_ASM 00040 * 00041 * The compiler has support for asm(). 00042 * 00043 * Requires support for asm() in compiler. 00044 * 00045 * Used in: 00046 * library/timing.c 00047 * library/padlock.c 00048 * include/mbedtls/bn_mul.h 00049 * 00050 * Comment to disable the use of assembly code. 00051 */ 00052 #define MBEDTLS_HAVE_ASM 00053 00054 /** 00055 * \def MBEDTLS_NO_UDBL_DIVISION 00056 * 00057 * The platform lacks support for double-width integer division (64-bit 00058 * division on a 32-bit platform, 128-bit division on a 64-bit platform). 00059 * 00060 * Used in: 00061 * include/mbedtls/bignum.h 00062 * library/bignum.c 00063 * 00064 * The bignum code uses double-width division to speed up some operations. 00065 * Double-width division is often implemented in software that needs to 00066 * be linked with the program. The presence of a double-width integer 00067 * type is usually detected automatically through preprocessor macros, 00068 * but the automatic detection cannot know whether the code needs to 00069 * and can be linked with an implementation of division for that type. 00070 * By default division is assumed to be usable if the type is present. 00071 * Uncomment this option to prevent the use of double-width division. 00072 * 00073 * Note that division for the native integer type is always required. 00074 * Furthermore, a 64-bit type is always required even on a 32-bit 00075 * platform, but it need not support multiplication or division. In some 00076 * cases it is also desirable to disable some double-width operations. For 00077 * example, if double-width division is implemented in software, disabling 00078 * it can reduce code size in some embedded targets. 00079 */ 00080 //#define MBEDTLS_NO_UDBL_DIVISION 00081 00082 /** 00083 * \def MBEDTLS_HAVE_SSE2 00084 * 00085 * CPU supports SSE2 instruction set. 00086 * 00087 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00088 */ 00089 //#define MBEDTLS_HAVE_SSE2 00090 00091 /** 00092 * \def MBEDTLS_HAVE_TIME 00093 * 00094 * System has time.h and time(). 00095 * The time does not need to be correct, only time differences are used, 00096 * by contrast with MBEDTLS_HAVE_TIME_DATE 00097 * 00098 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00099 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00100 * MBEDTLS_PLATFORM_STD_TIME. 00101 * 00102 * Comment if your system does not support time functions 00103 */ 00104 //#define MBEDTLS_HAVE_TIME 00105 00106 /** 00107 * \def MBEDTLS_HAVE_TIME_DATE 00108 * 00109 * System has time.h and time(), gmtime() and the clock is correct. 00110 * The time needs to be correct (not necesarily very accurate, but at least 00111 * the date should be correct). This is used to verify the validity period of 00112 * X.509 certificates. 00113 * 00114 * Comment if your system does not have a correct clock. 00115 */ 00116 //#define MBEDTLS_HAVE_TIME_DATE 00117 00118 /** 00119 * \def MBEDTLS_PLATFORM_MEMORY 00120 * 00121 * Enable the memory allocation layer. 00122 * 00123 * By default mbed TLS uses the system-provided calloc() and free(). 00124 * This allows different allocators (self-implemented or provided) to be 00125 * provided to the platform abstraction layer. 00126 * 00127 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00128 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00129 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00130 * free() function pointer at runtime. 00131 * 00132 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00133 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00134 * alternate function at compile time. 00135 * 00136 * Requires: MBEDTLS_PLATFORM_C 00137 * 00138 * Enable this layer to allow use of alternative memory allocators. 00139 */ 00140 //#define MBEDTLS_PLATFORM_MEMORY 00141 00142 /** 00143 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00144 * 00145 * Do not assign standard functions in the platform layer (e.g. calloc() to 00146 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00147 * 00148 * This makes sure there are no linking errors on platforms that do not support 00149 * these functions. You will HAVE to provide alternatives, either at runtime 00150 * via the platform_set_xxx() functions or at compile time by setting 00151 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00152 * MBEDTLS_PLATFORM_XXX_MACRO. 00153 * 00154 * Requires: MBEDTLS_PLATFORM_C 00155 * 00156 * Uncomment to prevent default assignment of standard functions in the 00157 * platform layer. 00158 */ 00159 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00160 00161 /** 00162 * \def MBEDTLS_PLATFORM_EXIT_ALT 00163 * 00164 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00165 * function in the platform abstraction layer. 00166 * 00167 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00168 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00169 * alternative printf function pointer. 00170 * 00171 * All these define require MBEDTLS_PLATFORM_C to be defined! 00172 * 00173 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00174 * it will be enabled automatically by check_config.h 00175 * 00176 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00177 * MBEDTLS_PLATFORM_XXX_MACRO! 00178 * 00179 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00180 * 00181 * Uncomment a macro to enable alternate implementation of specific base 00182 * platform function 00183 */ 00184 //#define MBEDTLS_PLATFORM_EXIT_ALT 00185 //#define MBEDTLS_PLATFORM_TIME_ALT 00186 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00187 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00188 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00189 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00190 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT 00191 00192 /** 00193 * \def MBEDTLS_DEPRECATED_WARNING 00194 * 00195 * Mark deprecated functions so that they generate a warning if used. 00196 * Functions deprecated in one version will usually be removed in the next 00197 * version. You can enable this to help you prepare the transition to a new 00198 * major version by making sure your code is not using these functions. 00199 * 00200 * This only works with GCC and Clang. With other compilers, you may want to 00201 * use MBEDTLS_DEPRECATED_REMOVED 00202 * 00203 * Uncomment to get warnings on using deprecated functions. 00204 */ 00205 //#define MBEDTLS_DEPRECATED_WARNING 00206 00207 /** 00208 * \def MBEDTLS_DEPRECATED_REMOVED 00209 * 00210 * Remove deprecated functions so that they generate an error if used. 00211 * Functions deprecated in one version will usually be removed in the next 00212 * version. You can enable this to help you prepare the transition to a new 00213 * major version by making sure your code is not using these functions. 00214 * 00215 * Uncomment to get errors on using deprecated functions. 00216 */ 00217 //#define MBEDTLS_DEPRECATED_REMOVED 00218 00219 /* \} name SECTION: System support */ 00220 00221 /** 00222 * \name SECTION: mbed TLS feature support 00223 * 00224 * This section sets support for features that are or are not needed 00225 * within the modules that are enabled. 00226 * \{ 00227 */ 00228 00229 /** 00230 * \def MBEDTLS_TIMING_ALT 00231 * 00232 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00233 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00234 * 00235 * Only works if you have MBEDTLS_TIMING_C enabled. 00236 * 00237 * You will need to provide a header "timing_alt.h" and an implementation at 00238 * compile time. 00239 */ 00240 //#define MBEDTLS_TIMING_ALT 00241 00242 /** 00243 * \def MBEDTLS_AES_ALT 00244 * 00245 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00246 * alternate core implementation of a symmetric crypto, an arithmetic or hash 00247 * module (e.g. platform specific assembly optimized implementations). Keep 00248 * in mind that the function prototypes should remain the same. 00249 * 00250 * This replaces the whole module. If you only want to replace one of the 00251 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00252 * 00253 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00254 * provide the "struct mbedtls_aes_context" definition and omit the base 00255 * function declarations and implementations. "aes_alt.h" will be included from 00256 * "aes.h" to include the new function definitions. 00257 * 00258 * Uncomment a macro to enable alternate implementation of the corresponding 00259 * module. 00260 */ 00261 //#define MBEDTLS_AES_ALT 00262 //#define MBEDTLS_ARC4_ALT 00263 //#define MBEDTLS_BLOWFISH_ALT 00264 //#define MBEDTLS_CAMELLIA_ALT 00265 //#define MBEDTLS_DES_ALT 00266 //#define MBEDTLS_XTEA_ALT 00267 //#define MBEDTLS_MD2_ALT 00268 //#define MBEDTLS_MD4_ALT 00269 //#define MBEDTLS_MD5_ALT 00270 //#define MBEDTLS_RIPEMD160_ALT 00271 //#define MBEDTLS_SHA1_ALT 00272 //#define MBEDTLS_SHA256_ALT 00273 //#define MBEDTLS_SHA512_ALT 00274 /* 00275 * When replacing the elliptic curve module, pleace consider, that it is 00276 * implemented with two .c files: 00277 * - ecp.c 00278 * - ecp_curves.c 00279 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT 00280 * macros as described above. The only difference is that you have to make sure 00281 * that you provide functionality for both .c files. 00282 */ 00283 //#define MBEDTLS_ECP_ALT 00284 00285 /** 00286 * \def MBEDTLS_MD2_PROCESS_ALT 00287 * 00288 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00289 * alternate core implementation of symmetric crypto or hash function. Keep in 00290 * mind that function prototypes should remain the same. 00291 * 00292 * This replaces only one function. The header file from mbed TLS is still 00293 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00294 * 00295 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00296 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00297 * the other function (using your mbedtls_sha1_process() function) and the definition 00298 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00299 * with this definition. 00300 * 00301 * \note Because of a signature change, the core AES encryption and decryption routines are 00302 * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, 00303 * respectively. When setting up alternative implementations, these functions should 00304 * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt 00305 * must stay untouched. 00306 * 00307 * \note If you use the AES_xxx_ALT macros, then is is recommended to also set 00308 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00309 * tables. 00310 * 00311 * Uncomment a macro to enable alternate implementation of the corresponding 00312 * function. 00313 */ 00314 //#define MBEDTLS_MD2_PROCESS_ALT 00315 //#define MBEDTLS_MD4_PROCESS_ALT 00316 //#define MBEDTLS_MD5_PROCESS_ALT 00317 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00318 //#define MBEDTLS_SHA1_PROCESS_ALT 00319 //#define MBEDTLS_SHA256_PROCESS_ALT 00320 //#define MBEDTLS_SHA512_PROCESS_ALT 00321 //#define MBEDTLS_DES_SETKEY_ALT 00322 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00323 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00324 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00325 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00326 //#define MBEDTLS_AES_ENCRYPT_ALT 00327 //#define MBEDTLS_AES_DECRYPT_ALT 00328 00329 /** 00330 * \def MBEDTLS_ECP_INTERNAL_ALT 00331 * 00332 * Expose a part of the internal interface of the Elliptic Curve Point module. 00333 * 00334 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your 00335 * alternative core implementation of elliptic curve arithmetic. Keep in mind 00336 * that function prototypes should remain the same. 00337 * 00338 * This partially replaces one function. The header file from mbed TLS is still 00339 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation 00340 * is still present and it is used for group structures not supported by the 00341 * alternative. 00342 * 00343 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT 00344 * and implementing the following functions: 00345 * unsigned char mbedtls_internal_ecp_grp_capable( 00346 * const mbedtls_ecp_group *grp ) 00347 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) 00348 * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) 00349 * The mbedtls_internal_ecp_grp_capable function should return 1 if the 00350 * replacement functions implement arithmetic for the given group and 0 00351 * otherwise. 00352 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are 00353 * called before and after each point operation and provide an opportunity to 00354 * implement optimized set up and tear down instructions. 00355 * 00356 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and 00357 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac 00358 * function, but will use your mbedtls_internal_ecp_double_jac if the group is 00359 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when 00360 * receives it as an argument). If the group is not supported then the original 00361 * implementation is used. The other functions and the definition of 00362 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your 00363 * implementation of mbedtls_internal_ecp_double_jac and 00364 * mbedtls_internal_ecp_grp_capable must be compatible with this definition. 00365 * 00366 * Uncomment a macro to enable alternate implementation of the corresponding 00367 * function. 00368 */ 00369 /* Required for all the functions in this section */ 00370 //#define MBEDTLS_ECP_INTERNAL_ALT 00371 /* Support for Weierstrass curves with Jacobi representation */ 00372 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT 00373 //#define MBEDTLS_ECP_ADD_MIXED_ALT 00374 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT 00375 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT 00376 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT 00377 /* Support for curves with Montgomery arithmetic */ 00378 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT 00379 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT 00380 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT 00381 00382 /** 00383 * \def MBEDTLS_TEST_NULL_ENTROPY 00384 * 00385 * Enables testing and use of mbed TLS without any configured entropy sources. 00386 * This permits use of the library on platforms before an entropy source has 00387 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00388 * MBEDTLS_ENTROPY_NV_SEED switches). 00389 * 00390 * WARNING! This switch MUST be disabled in production builds, and is suitable 00391 * only for development. 00392 * Enabling the switch negates any security provided by the library. 00393 * 00394 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00395 * 00396 */ 00397 //#define MBEDTLS_TEST_NULL_ENTROPY 00398 00399 /** 00400 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00401 * 00402 * Uncomment this macro to let mbed TLS use your own implementation of a 00403 * hardware entropy collector. 00404 * 00405 * Your function must be called \c mbedtls_hardware_poll(), have the same 00406 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00407 * 00408 * Uncomment to use your own hardware entropy collector. 00409 */ 00410 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00411 00412 /** 00413 * \def MBEDTLS_AES_ROM_TABLES 00414 * 00415 * Store the AES tables in ROM. 00416 * 00417 * Uncomment this macro to store the AES tables in ROM. 00418 */ 00419 #define MBEDTLS_AES_ROM_TABLES 00420 00421 /** 00422 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00423 * 00424 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00425 * 00426 * Uncomment this macro to use less memory for Camellia. 00427 */ 00428 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00429 00430 /** 00431 * \def MBEDTLS_CIPHER_MODE_CBC 00432 * 00433 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00434 */ 00435 //#define MBEDTLS_CIPHER_MODE_CBC 00436 00437 /** 00438 * \def MBEDTLS_CIPHER_MODE_CFB 00439 * 00440 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00441 */ 00442 //#define MBEDTLS_CIPHER_MODE_CFB 00443 00444 /** 00445 * \def MBEDTLS_CIPHER_MODE_CTR 00446 * 00447 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00448 */ 00449 //#define MBEDTLS_CIPHER_MODE_CTR 00450 00451 /** 00452 * \def MBEDTLS_CIPHER_NULL_CIPHER 00453 * 00454 * Enable NULL cipher. 00455 * Warning: Only do so when you know what you are doing. This allows for 00456 * encryption or channels without any security! 00457 * 00458 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00459 * the following ciphersuites: 00460 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00461 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00462 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00463 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00464 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00465 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00466 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00467 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00468 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00469 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00470 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00471 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00472 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00473 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00474 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00475 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00476 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00477 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00478 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00479 * 00480 * Uncomment this macro to enable the NULL cipher and ciphersuites 00481 */ 00482 //#define MBEDTLS_CIPHER_NULL_CIPHER 00483 00484 /** 00485 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00486 * 00487 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00488 * specific padding modes in the cipher layer with cipher modes that support 00489 * padding (e.g. CBC) 00490 * 00491 * If you disable all padding modes, only full blocks can be used with CBC. 00492 * 00493 * Enable padding modes in the cipher layer. 00494 */ 00495 //#define MBEDTLS_CIPHER_PADDING_PKCS7 00496 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00497 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00498 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00499 00500 /** 00501 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00502 * 00503 * Enable weak ciphersuites in SSL / TLS. 00504 * Warning: Only do so when you know what you are doing. This allows for 00505 * channels with virtually no security at all! 00506 * 00507 * This enables the following ciphersuites: 00508 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00509 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00510 * 00511 * Uncomment this macro to enable weak ciphersuites 00512 */ 00513 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00514 00515 /** 00516 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00517 * 00518 * Remove RC4 ciphersuites by default in SSL / TLS. 00519 * This flag removes the ciphersuites based on RC4 from the default list as 00520 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00521 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00522 * explicitly. 00523 * 00524 * Uncomment this macro to remove RC4 ciphersuites by default. 00525 */ 00526 //#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00527 00528 /** 00529 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00530 * 00531 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00532 * module. By default all supported curves are enabled. 00533 * 00534 * Comment macros to disable the curve and functions for it 00535 */ 00536 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00537 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00538 //#define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00539 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00540 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00541 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00542 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00543 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00544 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00545 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00546 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00547 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00548 00549 /** 00550 * \def MBEDTLS_ECP_NIST_OPTIM 00551 * 00552 * Enable specific 'modulo p' routines for each NIST prime. 00553 * Depending on the prime and architecture, makes operations 4 to 8 times 00554 * faster on the corresponding curve. 00555 * 00556 * Comment this macro to disable NIST curves optimisation. 00557 */ 00558 //#define MBEDTLS_ECP_NIST_OPTIM 00559 00560 /** 00561 * \def MBEDTLS_ECDSA_DETERMINISTIC 00562 * 00563 * Enable deterministic ECDSA (RFC 6979). 00564 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00565 * may result in a compromise of the long-term signing key. This is avoided by 00566 * the deterministic variant. 00567 * 00568 * Requires: MBEDTLS_HMAC_DRBG_C 00569 * 00570 * Comment this macro to disable deterministic ECDSA. 00571 */ 00572 //#define MBEDTLS_ECDSA_DETERMINISTIC 00573 00574 /** 00575 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00576 * 00577 * Enable the PSK based ciphersuite modes in SSL / TLS. 00578 * 00579 * This enables the following ciphersuites (if other requisites are 00580 * enabled as well): 00581 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00582 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00583 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00584 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00585 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00586 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00587 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00588 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00589 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00590 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00591 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00592 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00593 */ 00594 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00595 00596 /** 00597 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00598 * 00599 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00600 * 00601 * Requires: MBEDTLS_DHM_C 00602 * 00603 * This enables the following ciphersuites (if other requisites are 00604 * enabled as well): 00605 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00606 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00607 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00608 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00609 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00610 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00611 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00612 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00613 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00614 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00615 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00616 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00617 */ 00618 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00619 00620 /** 00621 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00622 * 00623 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00624 * 00625 * Requires: MBEDTLS_ECDH_C 00626 * 00627 * This enables the following ciphersuites (if other requisites are 00628 * enabled as well): 00629 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00630 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00631 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00632 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00633 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00634 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00635 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00636 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00637 */ 00638 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00639 00640 /** 00641 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00642 * 00643 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00644 * 00645 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00646 * MBEDTLS_X509_CRT_PARSE_C 00647 * 00648 * This enables the following ciphersuites (if other requisites are 00649 * enabled as well): 00650 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00651 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00652 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00653 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00654 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00655 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00656 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00657 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00658 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00659 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00660 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00661 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00662 */ 00663 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00664 00665 /** 00666 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00667 * 00668 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00669 * 00670 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00671 * MBEDTLS_X509_CRT_PARSE_C 00672 * 00673 * This enables the following ciphersuites (if other requisites are 00674 * enabled as well): 00675 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00676 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00677 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00678 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00679 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00680 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00681 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00682 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00683 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00684 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00685 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00686 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00687 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00688 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00689 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00690 */ 00691 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00692 00693 /** 00694 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00695 * 00696 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00697 * 00698 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00699 * MBEDTLS_X509_CRT_PARSE_C 00700 * 00701 * This enables the following ciphersuites (if other requisites are 00702 * enabled as well): 00703 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00704 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00705 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00706 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00707 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00708 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00709 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00710 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00711 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00712 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00713 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00714 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00715 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00716 */ 00717 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00718 00719 /** 00720 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00721 * 00722 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00723 * 00724 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00725 * MBEDTLS_X509_CRT_PARSE_C 00726 * 00727 * This enables the following ciphersuites (if other requisites are 00728 * enabled as well): 00729 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00730 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00731 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00732 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00733 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00734 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00735 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00736 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00737 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00738 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00739 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00740 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00741 */ 00742 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00743 00744 /** 00745 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00746 * 00747 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00748 * 00749 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00750 * 00751 * This enables the following ciphersuites (if other requisites are 00752 * enabled as well): 00753 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00754 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00755 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00756 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00757 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00758 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00759 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00760 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00761 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00762 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00763 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00764 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00765 */ 00766 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00767 00768 /** 00769 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00770 * 00771 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00772 * 00773 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00774 * 00775 * This enables the following ciphersuites (if other requisites are 00776 * enabled as well): 00777 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00778 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00779 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00780 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00781 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00782 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00783 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00784 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00785 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00786 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00787 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00788 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00789 */ 00790 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00791 00792 /** 00793 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00794 * 00795 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00796 * 00797 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00798 * 00799 * This enables the following ciphersuites (if other requisites are 00800 * enabled as well): 00801 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00802 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00803 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00804 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00805 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00806 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00807 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00808 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00809 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00810 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00811 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00812 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00813 */ 00814 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00815 00816 /** 00817 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00818 * 00819 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00820 * 00821 * \warning This is currently experimental. EC J-PAKE support is based on the 00822 * Thread v1.0.0 specification; incompatible changes to the specification 00823 * might still happen. For this reason, this is disabled by default. 00824 * 00825 * Requires: MBEDTLS_ECJPAKE_C 00826 * MBEDTLS_SHA256_C 00827 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00828 * 00829 * This enables the following ciphersuites (if other requisites are 00830 * enabled as well): 00831 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00832 */ 00833 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00834 00835 /** 00836 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00837 * 00838 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00839 * RFC 5915 and RFC 5480. 00840 * 00841 * Currently this means parsing the SpecifiedECDomain choice of EC 00842 * parameters (only known groups are supported, not arbitrary domains, to 00843 * avoid validation issues). 00844 * 00845 * Disable if you only need to support RFC 5915 + 5480 key formats. 00846 */ 00847 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00848 00849 /** 00850 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00851 * 00852 * Enable a dummy error function to make use of mbedtls_strerror() in 00853 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00854 * (no effect when MBEDTLS_ERROR_C is enabled). 00855 * 00856 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00857 * not using mbedtls_strerror() or error_strerror() in your application. 00858 * 00859 * Disable if you run into name conflicts and want to really remove the 00860 * mbedtls_strerror() 00861 */ 00862 //#define MBEDTLS_ERROR_STRERROR_DUMMY 00863 00864 /** 00865 * \def MBEDTLS_GENPRIME 00866 * 00867 * Enable the prime-number generation code. 00868 * 00869 * Requires: MBEDTLS_BIGNUM_C 00870 */ 00871 //#define MBEDTLS_GENPRIME 00872 00873 /** 00874 * \def MBEDTLS_FS_IO 00875 * 00876 * Enable functions that use the filesystem. 00877 */ 00878 //#define MBEDTLS_FS_IO 00879 00880 /** 00881 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00882 * 00883 * Do not add default entropy sources. These are the platform specific, 00884 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00885 * 00886 * This is useful to have more control over the added entropy sources in an 00887 * application. 00888 * 00889 * Uncomment this macro to prevent loading of default entropy functions. 00890 */ 00891 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00892 00893 /** 00894 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00895 * 00896 * Do not use built-in platform entropy functions. 00897 * This is useful if your platform does not support 00898 * standards like the /dev/urandom or Windows CryptoAPI. 00899 * 00900 * Uncomment this macro to disable the built-in platform entropy functions. 00901 */ 00902 #define MBEDTLS_NO_PLATFORM_ENTROPY 00903 00904 /** 00905 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00906 * 00907 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00908 * default SHA-512 based one (if both are available). 00909 * 00910 * Requires: MBEDTLS_SHA256_C 00911 * 00912 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00913 * if you have performance concerns. 00914 * 00915 * This option is only useful if both MBEDTLS_SHA256_C and 00916 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00917 */ 00918 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00919 00920 /** 00921 * \def MBEDTLS_ENTROPY_NV_SEED 00922 * 00923 * Enable the non-volatile (NV) seed file-based entropy source. 00924 * (Also enables the NV seed read/write functions in the platform layer) 00925 * 00926 * This is crucial (if not required) on systems that do not have a 00927 * cryptographic entropy source (in hardware or kernel) available. 00928 * 00929 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00930 * 00931 * \note The read/write functions that are used by the entropy source are 00932 * determined in the platform layer, and can be modified at runtime and/or 00933 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00934 * 00935 * \note If you use the default implementation functions that read a seedfile 00936 * with regular fopen(), please make sure you make a seedfile with the 00937 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00938 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00939 * and written to or you will get an entropy source error! The default 00940 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00941 * bytes from the file. 00942 * 00943 * \note The entropy collector will write to the seed file before entropy is 00944 * given to an external source, to update it. 00945 */ 00946 //#define MBEDTLS_ENTROPY_NV_SEED 00947 00948 /** 00949 * \def MBEDTLS_MEMORY_DEBUG 00950 * 00951 * Enable debugging of buffer allocator memory issues. Automatically prints 00952 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00953 * function for 'debug output' of allocated memory. 00954 * 00955 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00956 * 00957 * Uncomment this macro to let the buffer allocator print out error messages. 00958 */ 00959 //#define MBEDTLS_MEMORY_DEBUG 00960 00961 /** 00962 * \def MBEDTLS_MEMORY_BACKTRACE 00963 * 00964 * Include backtrace information with each allocated block. 00965 * 00966 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00967 * GLIBC-compatible backtrace() an backtrace_symbols() support 00968 * 00969 * Uncomment this macro to include backtrace information 00970 */ 00971 //#define MBEDTLS_MEMORY_BACKTRACE 00972 00973 /** 00974 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00975 * 00976 * Support external private RSA keys (eg from a HSM) in the PK layer. 00977 * 00978 * Comment this macro to disable support for external private RSA keys. 00979 */ 00980 //#define MBEDTLS_PK_RSA_ALT_SUPPORT 00981 00982 /** 00983 * \def MBEDTLS_PKCS1_V15 00984 * 00985 * Enable support for PKCS#1 v1.5 encoding. 00986 * 00987 * Requires: MBEDTLS_RSA_C 00988 * 00989 * This enables support for PKCS#1 v1.5 operations. 00990 */ 00991 //#define MBEDTLS_PKCS1_V15 00992 00993 /** 00994 * \def MBEDTLS_PKCS1_V21 00995 * 00996 * Enable support for PKCS#1 v2.1 encoding. 00997 * 00998 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00999 * 01000 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 01001 */ 01002 //#define MBEDTLS_PKCS1_V21 01003 01004 /** 01005 * \def MBEDTLS_RSA_NO_CRT 01006 * 01007 * Do not use the Chinese Remainder Theorem for the RSA private operation. 01008 * 01009 * Uncomment this macro to disable the use of CRT in RSA. 01010 * 01011 */ 01012 //#define MBEDTLS_RSA_NO_CRT 01013 01014 /** 01015 * \def MBEDTLS_SELF_TEST 01016 * 01017 * Enable the checkup functions (*_self_test). 01018 */ 01019 //#define MBEDTLS_SELF_TEST 01020 01021 /** 01022 * \def MBEDTLS_SHA256_SMALLER 01023 * 01024 * Enable an implementation of SHA-256 that has lower ROM footprint but also 01025 * lower performance. 01026 * 01027 * The default implementation is meant to be a reasonnable compromise between 01028 * performance and size. This version optimizes more aggressively for size at 01029 * the expense of performance. Eg on Cortex-M4 it reduces the size of 01030 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 01031 * 30%. 01032 * 01033 * Uncomment to enable the smaller implementation of SHA256. 01034 */ 01035 //#define MBEDTLS_SHA256_SMALLER 01036 01037 /** 01038 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 01039 * 01040 * Enable sending of alert messages in case of encountered errors as per RFC. 01041 * If you choose not to send the alert messages, mbed TLS can still communicate 01042 * with other servers, only debugging of failures is harder. 01043 * 01044 * The advantage of not sending alert messages, is that no information is given 01045 * about reasons for failures thus preventing adversaries of gaining intel. 01046 * 01047 * Enable sending of all alert messages 01048 */ 01049 //#define MBEDTLS_SSL_ALL_ALERT_MESSAGES 01050 01051 /** 01052 * \def MBEDTLS_SSL_DEBUG_ALL 01053 * 01054 * Enable the debug messages in SSL module for all issues. 01055 * Debug messages have been disabled in some places to prevent timing 01056 * attacks due to (unbalanced) debugging function calls. 01057 * 01058 * If you need all error reporting you should enable this during debugging, 01059 * but remove this for production servers that should log as well. 01060 * 01061 * Uncomment this macro to report all debug messages on errors introducing 01062 * a timing side-channel. 01063 * 01064 */ 01065 //#define MBEDTLS_SSL_DEBUG_ALL 01066 01067 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 01068 * 01069 * Enable support for Encrypt-then-MAC, RFC 7366. 01070 * 01071 * This allows peers that both support it to use a more robust protection for 01072 * ciphersuites using CBC, providing deep resistance against timing attacks 01073 * on the padding or underlying cipher. 01074 * 01075 * This only affects CBC ciphersuites, and is useless if none is defined. 01076 * 01077 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01078 * MBEDTLS_SSL_PROTO_TLS1_1 or 01079 * MBEDTLS_SSL_PROTO_TLS1_2 01080 * 01081 * Comment this macro to disable support for Encrypt-then-MAC 01082 */ 01083 //#define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01084 01085 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01086 * 01087 * Enable support for Extended Master Secret, aka Session Hash 01088 * (draft-ietf-tls-session-hash-02). 01089 * 01090 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01091 * attacks, but it is recommended to always use it (even if you disable 01092 * renegotiation), since it actually fixes a more fundamental issue in the 01093 * original SSL/TLS design, and has implications beyond Triple Handshake. 01094 * 01095 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01096 * MBEDTLS_SSL_PROTO_TLS1_1 or 01097 * MBEDTLS_SSL_PROTO_TLS1_2 01098 * 01099 * Comment this macro to disable support for Extended Master Secret. 01100 */ 01101 //#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01102 01103 /** 01104 * \def MBEDTLS_SSL_FALLBACK_SCSV 01105 * 01106 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01107 * 01108 * For servers, it is recommended to always enable this, unless you support 01109 * only one version of TLS, or know for sure that none of your clients 01110 * implements a fallback strategy. 01111 * 01112 * For clients, you only need this if you're using a fallback strategy, which 01113 * is not recommended in the first place, unless you absolutely need it to 01114 * interoperate with buggy (version-intolerant) servers. 01115 * 01116 * Comment this macro to disable support for FALLBACK_SCSV 01117 */ 01118 //#define MBEDTLS_SSL_FALLBACK_SCSV 01119 01120 /** 01121 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01122 * 01123 * Enable hooking functions in SSL module for hardware acceleration of 01124 * individual records. 01125 * 01126 * Uncomment this macro to enable hooking functions. 01127 */ 01128 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01129 01130 /** 01131 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01132 * 01133 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01134 * 01135 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01136 * of interoperability issues compared to sending 0-length records. 01137 * 01138 * Comment this macro to disable 1/n-1 record splitting. 01139 */ 01140 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01141 01142 /** 01143 * \def MBEDTLS_SSL_RENEGOTIATION 01144 * 01145 * Disable support for TLS renegotiation. 01146 * 01147 * The two main uses of renegotiation are (1) refresh keys on long-lived 01148 * connections and (2) client authentication after the initial handshake. 01149 * If you don't need renegotiation, it's probably better to disable it, since 01150 * it has been associated with security issues in the past and is easy to 01151 * misuse/misunderstand. 01152 * 01153 * Comment this to disable support for renegotiation. 01154 */ 01155 //#define MBEDTLS_SSL_RENEGOTIATION 01156 01157 /** 01158 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01159 * 01160 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01161 * SSL Server module (MBEDTLS_SSL_SRV_C). 01162 * 01163 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01164 */ 01165 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01166 01167 /** 01168 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01169 * 01170 * Pick the ciphersuite according to the client's preferences rather than ours 01171 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01172 * 01173 * Uncomment this macro to respect client's ciphersuite order 01174 */ 01175 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01176 01177 /** 01178 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01179 * 01180 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01181 * 01182 * Comment this macro to disable support for the max_fragment_length extension 01183 */ 01184 //#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01185 01186 /** 01187 * \def MBEDTLS_SSL_PROTO_SSL3 01188 * 01189 * Enable support for SSL 3.0. 01190 * 01191 * Requires: MBEDTLS_MD5_C 01192 * MBEDTLS_SHA1_C 01193 * 01194 * Comment this macro to disable support for SSL 3.0 01195 */ 01196 //#define MBEDTLS_SSL_PROTO_SSL3 01197 01198 /** 01199 * \def MBEDTLS_SSL_PROTO_TLS1 01200 * 01201 * Enable support for TLS 1.0. 01202 * 01203 * Requires: MBEDTLS_MD5_C 01204 * MBEDTLS_SHA1_C 01205 * 01206 * Comment this macro to disable support for TLS 1.0 01207 */ 01208 //#define MBEDTLS_SSL_PROTO_TLS1 01209 01210 /** 01211 * \def MBEDTLS_SSL_PROTO_TLS1_1 01212 * 01213 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01214 * 01215 * Requires: MBEDTLS_MD5_C 01216 * MBEDTLS_SHA1_C 01217 * 01218 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01219 */ 01220 //#define MBEDTLS_SSL_PROTO_TLS1_1 01221 01222 /** 01223 * \def MBEDTLS_SSL_PROTO_TLS1_2 01224 * 01225 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01226 * 01227 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01228 * (Depends on ciphersuites) 01229 * 01230 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01231 */ 01232 //#define MBEDTLS_SSL_PROTO_TLS1_2 01233 01234 /** 01235 * \def MBEDTLS_SSL_PROTO_DTLS 01236 * 01237 * Enable support for DTLS (all available versions). 01238 * 01239 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01240 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01241 * 01242 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01243 * or MBEDTLS_SSL_PROTO_TLS1_2 01244 * 01245 * Comment this macro to disable support for DTLS 01246 */ 01247 //#define MBEDTLS_SSL_PROTO_DTLS 01248 01249 /** 01250 * \def MBEDTLS_SSL_ALPN 01251 * 01252 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01253 * 01254 * Comment this macro to disable support for ALPN. 01255 */ 01256 //#define MBEDTLS_SSL_ALPN 01257 01258 /** 01259 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01260 * 01261 * Enable support for the anti-replay mechanism in DTLS. 01262 * 01263 * Requires: MBEDTLS_SSL_TLS_C 01264 * MBEDTLS_SSL_PROTO_DTLS 01265 * 01266 * \warning Disabling this is often a security risk! 01267 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01268 * 01269 * Comment this to disable anti-replay in DTLS. 01270 */ 01271 //#define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01272 01273 /** 01274 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01275 * 01276 * Enable support for HelloVerifyRequest on DTLS servers. 01277 * 01278 * This feature is highly recommended to prevent DTLS servers being used as 01279 * amplifiers in DoS attacks against other hosts. It should always be enabled 01280 * unless you know for sure amplification cannot be a problem in the 01281 * environment in which your server operates. 01282 * 01283 * \warning Disabling this can ba a security risk! (see above) 01284 * 01285 * Requires: MBEDTLS_SSL_PROTO_DTLS 01286 * 01287 * Comment this to disable support for HelloVerifyRequest. 01288 */ 01289 //#define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01290 01291 /** 01292 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01293 * 01294 * Enable server-side support for clients that reconnect from the same port. 01295 * 01296 * Some clients unexpectedly close the connection and try to reconnect using the 01297 * same source port. This needs special support from the server to handle the 01298 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01299 * flag enables that support. 01300 * 01301 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01302 * 01303 * Comment this to disable support for clients reusing the source port. 01304 */ 01305 //#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01306 01307 /** 01308 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01309 * 01310 * Enable support for a limit of records with bad MAC. 01311 * 01312 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01313 * 01314 * Requires: MBEDTLS_SSL_PROTO_DTLS 01315 */ 01316 //#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01317 01318 /** 01319 * \def MBEDTLS_SSL_SESSION_TICKETS 01320 * 01321 * Enable support for RFC 5077 session tickets in SSL. 01322 * Client-side, provides full support for session tickets (maintainance of a 01323 * session store remains the responsibility of the application, though). 01324 * Server-side, you also need to provide callbacks for writing and parsing 01325 * tickets, including authenticated encryption and key management. Example 01326 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01327 * 01328 * Comment this macro to disable support for SSL session tickets 01329 */ 01330 //#define MBEDTLS_SSL_SESSION_TICKETS 01331 01332 /** 01333 * \def MBEDTLS_SSL_EXPORT_KEYS 01334 * 01335 * Enable support for exporting key block and master secret. 01336 * This is required for certain users of TLS, e.g. EAP-TLS. 01337 * 01338 * Comment this macro to disable support for key export 01339 */ 01340 //#define MBEDTLS_SSL_EXPORT_KEYS 01341 01342 /** 01343 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01344 * 01345 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01346 * 01347 * Requires: MBEDTLS_X509_CRT_PARSE_C 01348 * 01349 * Comment this macro to disable support for server name indication in SSL 01350 */ 01351 //#define MBEDTLS_SSL_SERVER_NAME_INDICATION 01352 01353 /** 01354 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01355 * 01356 * Enable support for RFC 6066 truncated HMAC in SSL. 01357 * 01358 * Comment this macro to disable support for truncated HMAC in SSL 01359 */ 01360 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01361 01362 /** 01363 * \def MBEDTLS_THREADING_ALT 01364 * 01365 * Provide your own alternate threading implementation. 01366 * 01367 * Requires: MBEDTLS_THREADING_C 01368 * 01369 * Uncomment this to allow your own alternate threading implementation. 01370 */ 01371 //#define MBEDTLS_THREADING_ALT 01372 01373 /** 01374 * \def MBEDTLS_THREADING_PTHREAD 01375 * 01376 * Enable the pthread wrapper layer for the threading layer. 01377 * 01378 * Requires: MBEDTLS_THREADING_C 01379 * 01380 * Uncomment this to enable pthread mutexes. 01381 */ 01382 //#define MBEDTLS_THREADING_PTHREAD 01383 01384 /** 01385 * \def MBEDTLS_VERSION_FEATURES 01386 * 01387 * Allow run-time checking of compile-time enabled features. Thus allowing users 01388 * to check at run-time if the library is for instance compiled with threading 01389 * support via mbedtls_version_check_feature(). 01390 * 01391 * Requires: MBEDTLS_VERSION_C 01392 * 01393 * Comment this to disable run-time checking and save ROM space 01394 */ 01395 //#define MBEDTLS_VERSION_FEATURES 01396 01397 /** 01398 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01399 * 01400 * If set, the X509 parser will not break-off when parsing an X509 certificate 01401 * and encountering an extension in a v1 or v2 certificate. 01402 * 01403 * Uncomment to prevent an error. 01404 */ 01405 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01406 01407 /** 01408 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01409 * 01410 * If set, the X509 parser will not break-off when parsing an X509 certificate 01411 * and encountering an unknown critical extension. 01412 * 01413 * \warning Depending on your PKI use, enabling this can be a security risk! 01414 * 01415 * Uncomment to prevent an error. 01416 */ 01417 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01418 01419 /** 01420 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01421 * 01422 * Enable verification of the keyUsage extension (CA and leaf certificates). 01423 * 01424 * Disabling this avoids problems with mis-issued and/or misused 01425 * (intermediate) CA and leaf certificates. 01426 * 01427 * \warning Depending on your PKI use, disabling this can be a security risk! 01428 * 01429 * Comment to skip keyUsage checking for both CA and leaf certificates. 01430 */ 01431 //#define MBEDTLS_X509_CHECK_KEY_USAGE 01432 01433 /** 01434 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01435 * 01436 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01437 * 01438 * Disabling this avoids problems with mis-issued and/or misused certificates. 01439 * 01440 * \warning Depending on your PKI use, disabling this can be a security risk! 01441 * 01442 * Comment to skip extendedKeyUsage checking for certificates. 01443 */ 01444 //#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01445 01446 /** 01447 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01448 * 01449 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01450 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01451 * 01452 * Comment this macro to disallow using RSASSA-PSS in certificates. 01453 */ 01454 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01455 01456 /** 01457 * \def MBEDTLS_ZLIB_SUPPORT 01458 * 01459 * If set, the SSL/TLS module uses ZLIB to support compression and 01460 * decompression of packet data. 01461 * 01462 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01463 * CRIME attack. Before enabling this option, you should examine with care if 01464 * CRIME or similar exploits may be a applicable to your use case. 01465 * 01466 * \note Currently compression can't be used with DTLS. 01467 * 01468 * Used in: library/ssl_tls.c 01469 * library/ssl_cli.c 01470 * library/ssl_srv.c 01471 * 01472 * This feature requires zlib library and headers to be present. 01473 * 01474 * Uncomment to enable use of ZLIB 01475 */ 01476 //#define MBEDTLS_ZLIB_SUPPORT 01477 /* \} name SECTION: mbed TLS feature support */ 01478 01479 /** 01480 * \name SECTION: mbed TLS modules 01481 * 01482 * This section enables or disables entire modules in mbed TLS 01483 * \{ 01484 */ 01485 01486 /** 01487 * \def MBEDTLS_AESNI_C 01488 * 01489 * Enable AES-NI support on x86-64. 01490 * 01491 * Module: library/aesni.c 01492 * Caller: library/aes.c 01493 * 01494 * Requires: MBEDTLS_HAVE_ASM 01495 * 01496 * This modules adds support for the AES-NI instructions on x86-64 01497 */ 01498 //#define MBEDTLS_AESNI_C 01499 01500 /** 01501 * \def MBEDTLS_AES_C 01502 * 01503 * Enable the AES block cipher. 01504 * 01505 * Module: library/aes.c 01506 * Caller: library/ssl_tls.c 01507 * library/pem.c 01508 * library/ctr_drbg.c 01509 * 01510 * This module enables the following ciphersuites (if other requisites are 01511 * enabled as well): 01512 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01513 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01514 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01515 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01516 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01517 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01518 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01519 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01520 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01521 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01522 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01523 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01524 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01525 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01526 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01527 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01528 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01529 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01530 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01531 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01532 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01533 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01534 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01535 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01536 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01537 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01538 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01539 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01540 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01541 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01542 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01543 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01544 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01545 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01546 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01547 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01548 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01549 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01550 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01551 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01552 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01553 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01554 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01555 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01556 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01557 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01558 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01559 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01560 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01561 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01562 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01563 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01564 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01565 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01566 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01567 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01568 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01569 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01570 * 01571 * PEM_PARSE uses AES for decrypting encrypted keys. 01572 */ 01573 #define MBEDTLS_AES_C 01574 01575 /** 01576 * \def MBEDTLS_ARC4_C 01577 * 01578 * Enable the ARCFOUR stream cipher. 01579 * 01580 * Module: library/arc4.c 01581 * Caller: library/ssl_tls.c 01582 * 01583 * This module enables the following ciphersuites (if other requisites are 01584 * enabled as well): 01585 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01586 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01587 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01588 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01589 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01590 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01591 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01592 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01593 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01594 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01595 */ 01596 //#define MBEDTLS_ARC4_C 01597 01598 /** 01599 * \def MBEDTLS_ASN1_PARSE_C 01600 * 01601 * Enable the generic ASN1 parser. 01602 * 01603 * Module: library/asn1.c 01604 * Caller: library/x509.c 01605 * library/dhm.c 01606 * library/pkcs12.c 01607 * library/pkcs5.c 01608 * library/pkparse.c 01609 */ 01610 //#define MBEDTLS_ASN1_PARSE_C 01611 01612 /** 01613 * \def MBEDTLS_ASN1_WRITE_C 01614 * 01615 * Enable the generic ASN1 writer. 01616 * 01617 * Module: library/asn1write.c 01618 * Caller: library/ecdsa.c 01619 * library/pkwrite.c 01620 * library/x509_create.c 01621 * library/x509write_crt.c 01622 * library/x509write_csr.c 01623 */ 01624 //#define MBEDTLS_ASN1_WRITE_C 01625 01626 /** 01627 * \def MBEDTLS_BASE64_C 01628 * 01629 * Enable the Base64 module. 01630 * 01631 * Module: library/base64.c 01632 * Caller: library/pem.c 01633 * 01634 * This module is required for PEM support (required by X.509). 01635 */ 01636 #define MBEDTLS_BASE64_C 01637 01638 /** 01639 * \def MBEDTLS_BIGNUM_C 01640 * 01641 * Enable the multi-precision integer library. 01642 * 01643 * Module: library/bignum.c 01644 * Caller: library/dhm.c 01645 * library/ecp.c 01646 * library/ecdsa.c 01647 * library/rsa.c 01648 * library/ssl_tls.c 01649 * 01650 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01651 */ 01652 //#define MBEDTLS_BIGNUM_C 01653 01654 /** 01655 * \def MBEDTLS_BLOWFISH_C 01656 * 01657 * Enable the Blowfish block cipher. 01658 * 01659 * Module: library/blowfish.c 01660 */ 01661 //#define MBEDTLS_BLOWFISH_C 01662 01663 /** 01664 * \def MBEDTLS_CAMELLIA_C 01665 * 01666 * Enable the Camellia block cipher. 01667 * 01668 * Module: library/camellia.c 01669 * Caller: library/ssl_tls.c 01670 * 01671 * This module enables the following ciphersuites (if other requisites are 01672 * enabled as well): 01673 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01674 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01675 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01676 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01677 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01678 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01679 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01680 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01681 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01682 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01683 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01684 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01685 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01686 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01687 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01688 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01689 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01690 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01691 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01692 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01693 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01694 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01695 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01696 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01697 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01698 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01699 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01700 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01701 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01702 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01703 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01704 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01705 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01706 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01707 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01708 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01709 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01710 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01711 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01712 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01713 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01714 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01715 */ 01716 //#define MBEDTLS_CAMELLIA_C 01717 01718 /** 01719 * \def MBEDTLS_CCM_C 01720 * 01721 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01722 * 01723 * Module: library/ccm.c 01724 * 01725 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01726 * 01727 * This module enables the AES-CCM ciphersuites, if other requisites are 01728 * enabled as well. 01729 */ 01730 //#define MBEDTLS_CCM_C 01731 01732 /** 01733 * \def MBEDTLS_CERTS_C 01734 * 01735 * Enable the test certificates. 01736 * 01737 * Module: library/certs.c 01738 * Caller: 01739 * 01740 * This module is used for testing (ssl_client/server). 01741 */ 01742 //#define MBEDTLS_CERTS_C 01743 01744 /** 01745 * \def MBEDTLS_CIPHER_C 01746 * 01747 * Enable the generic cipher layer. 01748 * 01749 * Module: library/cipher.c 01750 * Caller: library/ssl_tls.c 01751 * 01752 * Uncomment to enable generic cipher wrappers. 01753 */ 01754 #define MBEDTLS_CIPHER_C 01755 01756 /** 01757 * \def MBEDTLS_CMAC_C 01758 * 01759 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01760 * ciphers. 01761 * 01762 * Module: library/cmac.c 01763 * 01764 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01765 * 01766 */ 01767 #define MBEDTLS_CMAC_C 01768 01769 /** 01770 * \def MBEDTLS_CTR_DRBG_C 01771 * 01772 * Enable the CTR_DRBG AES-256-based random generator. 01773 * 01774 * Module: library/ctr_drbg.c 01775 * Caller: 01776 * 01777 * Requires: MBEDTLS_AES_C 01778 * 01779 * This module provides the CTR_DRBG AES-256 random number generator. 01780 */ 01781 //#define MBEDTLS_CTR_DRBG_C 01782 01783 /** 01784 * \def MBEDTLS_DEBUG_C 01785 * 01786 * Enable the debug functions. 01787 * 01788 * Module: library/debug.c 01789 * Caller: library/ssl_cli.c 01790 * library/ssl_srv.c 01791 * library/ssl_tls.c 01792 * 01793 * This module provides debugging functions. 01794 */ 01795 //#define MBEDTLS_DEBUG_C 01796 01797 /** 01798 * \def MBEDTLS_DES_C 01799 * 01800 * Enable the DES block cipher. 01801 * 01802 * Module: library/des.c 01803 * Caller: library/pem.c 01804 * library/ssl_tls.c 01805 * 01806 * This module enables the following ciphersuites (if other requisites are 01807 * enabled as well): 01808 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01809 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01810 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01811 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01812 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01813 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01814 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01815 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01816 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01817 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01818 * 01819 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01820 */ 01821 //#define MBEDTLS_DES_C 01822 01823 /** 01824 * \def MBEDTLS_DHM_C 01825 * 01826 * Enable the Diffie-Hellman-Merkle module. 01827 * 01828 * Module: library/dhm.c 01829 * Caller: library/ssl_cli.c 01830 * library/ssl_srv.c 01831 * 01832 * This module is used by the following key exchanges: 01833 * DHE-RSA, DHE-PSK 01834 */ 01835 //#define MBEDTLS_DHM_C 01836 01837 /** 01838 * \def MBEDTLS_ECDH_C 01839 * 01840 * Enable the elliptic curve Diffie-Hellman library. 01841 * 01842 * Module: library/ecdh.c 01843 * Caller: library/ssl_cli.c 01844 * library/ssl_srv.c 01845 * 01846 * This module is used by the following key exchanges: 01847 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01848 * 01849 * Requires: MBEDTLS_ECP_C 01850 */ 01851 //#define MBEDTLS_ECDH_C 01852 01853 /** 01854 * \def MBEDTLS_ECDSA_C 01855 * 01856 * Enable the elliptic curve DSA library. 01857 * 01858 * Module: library/ecdsa.c 01859 * Caller: 01860 * 01861 * This module is used by the following key exchanges: 01862 * ECDHE-ECDSA 01863 * 01864 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01865 */ 01866 //#define MBEDTLS_ECDSA_C 01867 01868 /** 01869 * \def MBEDTLS_ECJPAKE_C 01870 * 01871 * Enable the elliptic curve J-PAKE library. 01872 * 01873 * \warning This is currently experimental. EC J-PAKE support is based on the 01874 * Thread v1.0.0 specification; incompatible changes to the specification 01875 * might still happen. For this reason, this is disabled by default. 01876 * 01877 * Module: library/ecjpake.c 01878 * Caller: 01879 * 01880 * This module is used by the following key exchanges: 01881 * ECJPAKE 01882 * 01883 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01884 */ 01885 //#define MBEDTLS_ECJPAKE_C 01886 01887 /** 01888 * \def MBEDTLS_ECP_C 01889 * 01890 * Enable the elliptic curve over GF(p) library. 01891 * 01892 * Module: library/ecp.c 01893 * Caller: library/ecdh.c 01894 * library/ecdsa.c 01895 * library/ecjpake.c 01896 * 01897 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01898 */ 01899 //#define MBEDTLS_ECP_C 01900 01901 /** 01902 * \def MBEDTLS_ENTROPY_C 01903 * 01904 * Enable the platform-specific entropy code. 01905 * 01906 * Module: library/entropy.c 01907 * Caller: 01908 * 01909 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01910 * 01911 * This module provides a generic entropy pool 01912 */ 01913 //#define MBEDTLS_ENTROPY_C 01914 01915 /** 01916 * \def MBEDTLS_ERROR_C 01917 * 01918 * Enable error code to error string conversion. 01919 * 01920 * Module: library/error.c 01921 * Caller: 01922 * 01923 * This module enables mbedtls_strerror(). 01924 */ 01925 //#define MBEDTLS_ERROR_C 01926 01927 /** 01928 * \def MBEDTLS_GCM_C 01929 * 01930 * Enable the Galois/Counter Mode (GCM) for AES. 01931 * 01932 * Module: library/gcm.c 01933 * 01934 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01935 * 01936 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01937 * requisites are enabled as well. 01938 */ 01939 //#define MBEDTLS_GCM_C 01940 01941 /** 01942 * \def MBEDTLS_HAVEGE_C 01943 * 01944 * Enable the HAVEGE random generator. 01945 * 01946 * Warning: the HAVEGE random generator is not suitable for virtualized 01947 * environments 01948 * 01949 * Warning: the HAVEGE random generator is dependent on timing and specific 01950 * processor traits. It is therefore not advised to use HAVEGE as 01951 * your applications primary random generator or primary entropy pool 01952 * input. As a secondary input to your entropy pool, it IS able add 01953 * the (limited) extra entropy it provides. 01954 * 01955 * Module: library/havege.c 01956 * Caller: 01957 * 01958 * Requires: MBEDTLS_TIMING_C 01959 * 01960 * Uncomment to enable the HAVEGE random generator. 01961 */ 01962 //#define MBEDTLS_HAVEGE_C 01963 01964 /** 01965 * \def MBEDTLS_HMAC_DRBG_C 01966 * 01967 * Enable the HMAC_DRBG random generator. 01968 * 01969 * Module: library/hmac_drbg.c 01970 * Caller: 01971 * 01972 * Requires: MBEDTLS_MD_C 01973 * 01974 * Uncomment to enable the HMAC_DRBG random number geerator. 01975 */ 01976 //#define MBEDTLS_HMAC_DRBG_C 01977 01978 /** 01979 * \def MBEDTLS_MD_C 01980 * 01981 * Enable the generic message digest layer. 01982 * 01983 * Module: library/md.c 01984 * Caller: 01985 * 01986 * Uncomment to enable generic message digest wrappers. 01987 */ 01988 //#define MBEDTLS_MD_C 01989 01990 /** 01991 * \def MBEDTLS_MD2_C 01992 * 01993 * Enable the MD2 hash algorithm. 01994 * 01995 * Module: library/md2.c 01996 * Caller: 01997 * 01998 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01999 */ 02000 //#define MBEDTLS_MD2_C 02001 02002 /** 02003 * \def MBEDTLS_MD4_C 02004 * 02005 * Enable the MD4 hash algorithm. 02006 * 02007 * Module: library/md4.c 02008 * Caller: 02009 * 02010 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 02011 */ 02012 //#define MBEDTLS_MD4_C 02013 02014 /** 02015 * \def MBEDTLS_MD5_C 02016 * 02017 * Enable the MD5 hash algorithm. 02018 * 02019 * Module: library/md5.c 02020 * Caller: library/md.c 02021 * library/pem.c 02022 * library/ssl_tls.c 02023 * 02024 * This module is required for SSL/TLS and X.509. 02025 * PEM_PARSE uses MD5 for decrypting encrypted keys. 02026 */ 02027 //#define MBEDTLS_MD5_C 02028 02029 /** 02030 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 02031 * 02032 * Enable the buffer allocator implementation that makes use of a (stack) 02033 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 02034 * calls) 02035 * 02036 * Module: library/memory_buffer_alloc.c 02037 * 02038 * Requires: MBEDTLS_PLATFORM_C 02039 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 02040 * 02041 * Enable this module to enable the buffer memory allocator. 02042 */ 02043 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 02044 02045 /** 02046 * \def MBEDTLS_NET_C 02047 * 02048 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 02049 * 02050 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 02051 * and Windows. For other platforms, you'll want to disable it, and write your 02052 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 02053 * 02054 * \note See also our Knowledge Base article about porting to a new 02055 * environment: 02056 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02057 * 02058 * Module: library/net_sockets.c 02059 * 02060 * This module provides networking routines. 02061 */ 02062 //#define MBEDTLS_NET_C 02063 02064 /** 02065 * \def MBEDTLS_OID_C 02066 * 02067 * Enable the OID database. 02068 * 02069 * Module: library/oid.c 02070 * Caller: library/asn1write.c 02071 * library/pkcs5.c 02072 * library/pkparse.c 02073 * library/pkwrite.c 02074 * library/rsa.c 02075 * library/x509.c 02076 * library/x509_create.c 02077 * library/x509_crl.c 02078 * library/x509_crt.c 02079 * library/x509_csr.c 02080 * library/x509write_crt.c 02081 * library/x509write_csr.c 02082 * 02083 * This modules translates between OIDs and internal values. 02084 */ 02085 //#define MBEDTLS_OID_C 02086 02087 /** 02088 * \def MBEDTLS_PADLOCK_C 02089 * 02090 * Enable VIA Padlock support on x86. 02091 * 02092 * Module: library/padlock.c 02093 * Caller: library/aes.c 02094 * 02095 * Requires: MBEDTLS_HAVE_ASM 02096 * 02097 * This modules adds support for the VIA PadLock on x86. 02098 */ 02099 //#define MBEDTLS_PADLOCK_C 02100 02101 /** 02102 * \def MBEDTLS_PEM_PARSE_C 02103 * 02104 * Enable PEM decoding / parsing. 02105 * 02106 * Module: library/pem.c 02107 * Caller: library/dhm.c 02108 * library/pkparse.c 02109 * library/x509_crl.c 02110 * library/x509_crt.c 02111 * library/x509_csr.c 02112 * 02113 * Requires: MBEDTLS_BASE64_C 02114 * 02115 * This modules adds support for decoding / parsing PEM files. 02116 */ 02117 //#define MBEDTLS_PEM_PARSE_C 02118 02119 /** 02120 * \def MBEDTLS_PEM_WRITE_C 02121 * 02122 * Enable PEM encoding / writing. 02123 * 02124 * Module: library/pem.c 02125 * Caller: library/pkwrite.c 02126 * library/x509write_crt.c 02127 * library/x509write_csr.c 02128 * 02129 * Requires: MBEDTLS_BASE64_C 02130 * 02131 * This modules adds support for encoding / writing PEM files. 02132 */ 02133 //#define MBEDTLS_PEM_WRITE_C 02134 02135 /** 02136 * \def MBEDTLS_PK_C 02137 * 02138 * Enable the generic public (asymetric) key layer. 02139 * 02140 * Module: library/pk.c 02141 * Caller: library/ssl_tls.c 02142 * library/ssl_cli.c 02143 * library/ssl_srv.c 02144 * 02145 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02146 * 02147 * Uncomment to enable generic public key wrappers. 02148 */ 02149 //#define MBEDTLS_PK_C 02150 02151 /** 02152 * \def MBEDTLS_PK_PARSE_C 02153 * 02154 * Enable the generic public (asymetric) key parser. 02155 * 02156 * Module: library/pkparse.c 02157 * Caller: library/x509_crt.c 02158 * library/x509_csr.c 02159 * 02160 * Requires: MBEDTLS_PK_C 02161 * 02162 * Uncomment to enable generic public key parse functions. 02163 */ 02164 //#define MBEDTLS_PK_PARSE_C 02165 02166 /** 02167 * \def MBEDTLS_PK_WRITE_C 02168 * 02169 * Enable the generic public (asymetric) key writer. 02170 * 02171 * Module: library/pkwrite.c 02172 * Caller: library/x509write.c 02173 * 02174 * Requires: MBEDTLS_PK_C 02175 * 02176 * Uncomment to enable generic public key write functions. 02177 */ 02178 //#define MBEDTLS_PK_WRITE_C 02179 02180 /** 02181 * \def MBEDTLS_PKCS5_C 02182 * 02183 * Enable PKCS#5 functions. 02184 * 02185 * Module: library/pkcs5.c 02186 * 02187 * Requires: MBEDTLS_MD_C 02188 * 02189 * This module adds support for the PKCS#5 functions. 02190 */ 02191 //#define MBEDTLS_PKCS5_C 02192 02193 /** 02194 * \def MBEDTLS_PKCS11_C 02195 * 02196 * Enable wrapper for PKCS#11 smartcard support. 02197 * 02198 * Module: library/pkcs11.c 02199 * Caller: library/pk.c 02200 * 02201 * Requires: MBEDTLS_PK_C 02202 * 02203 * This module enables SSL/TLS PKCS #11 smartcard support. 02204 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02205 */ 02206 //#define MBEDTLS_PKCS11_C 02207 02208 /** 02209 * \def MBEDTLS_PKCS12_C 02210 * 02211 * Enable PKCS#12 PBE functions. 02212 * Adds algorithms for parsing PKCS#8 encrypted private keys 02213 * 02214 * Module: library/pkcs12.c 02215 * Caller: library/pkparse.c 02216 * 02217 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02218 * Can use: MBEDTLS_ARC4_C 02219 * 02220 * This module enables PKCS#12 functions. 02221 */ 02222 //#define MBEDTLS_PKCS12_C 02223 02224 /** 02225 * \def MBEDTLS_PLATFORM_C 02226 * 02227 * Enable the platform abstraction layer that allows you to re-assign 02228 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02229 * 02230 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02231 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02232 * above to be specified at runtime or compile time respectively. 02233 * 02234 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02235 * as other module rely on it for a fixed snprintf implementation. 02236 * 02237 * Module: library/platform.c 02238 * Caller: Most other .c files 02239 * 02240 * This module enables abstraction of common (libc) functions. 02241 */ 02242 //#define MBEDTLS_PLATFORM_C 02243 02244 /** 02245 * \def MBEDTLS_RIPEMD160_C 02246 * 02247 * Enable the RIPEMD-160 hash algorithm. 02248 * 02249 * Module: library/ripemd160.c 02250 * Caller: library/md.c 02251 * 02252 */ 02253 //#define MBEDTLS_RIPEMD160_C 02254 02255 /** 02256 * \def MBEDTLS_RSA_C 02257 * 02258 * Enable the RSA public-key cryptosystem. 02259 * 02260 * Module: library/rsa.c 02261 * Caller: library/ssl_cli.c 02262 * library/ssl_srv.c 02263 * library/ssl_tls.c 02264 * library/x509.c 02265 * 02266 * This module is used by the following key exchanges: 02267 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02268 * 02269 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02270 */ 02271 //#define MBEDTLS_RSA_C 02272 02273 /** 02274 * \def MBEDTLS_SHA1_C 02275 * 02276 * Enable the SHA1 cryptographic hash algorithm. 02277 * 02278 * Module: library/sha1.c 02279 * Caller: library/md.c 02280 * library/ssl_cli.c 02281 * library/ssl_srv.c 02282 * library/ssl_tls.c 02283 * library/x509write_crt.c 02284 * 02285 * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 02286 * depending on the handshake parameters, and for SHA1-signed certificates. 02287 */ 02288 //#define MBEDTLS_SHA1_C 02289 02290 /** 02291 * \def MBEDTLS_SHA256_C 02292 * 02293 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02294 * 02295 * Module: library/sha256.c 02296 * Caller: library/entropy.c 02297 * library/md.c 02298 * library/ssl_cli.c 02299 * library/ssl_srv.c 02300 * library/ssl_tls.c 02301 * 02302 * This module adds support for SHA-224 and SHA-256. 02303 * This module is required for the SSL/TLS 1.2 PRF function. 02304 */ 02305 //#define MBEDTLS_SHA256_C 02306 02307 /** 02308 * \def MBEDTLS_SHA512_C 02309 * 02310 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02311 * 02312 * Module: library/sha512.c 02313 * Caller: library/entropy.c 02314 * library/md.c 02315 * library/ssl_cli.c 02316 * library/ssl_srv.c 02317 * 02318 * This module adds support for SHA-384 and SHA-512. 02319 */ 02320 //#define MBEDTLS_SHA512_C 02321 02322 /** 02323 * \def MBEDTLS_SSL_CACHE_C 02324 * 02325 * Enable simple SSL cache implementation. 02326 * 02327 * Module: library/ssl_cache.c 02328 * Caller: 02329 * 02330 * Requires: MBEDTLS_SSL_CACHE_C 02331 */ 02332 //#define MBEDTLS_SSL_CACHE_C 02333 02334 /** 02335 * \def MBEDTLS_SSL_COOKIE_C 02336 * 02337 * Enable basic implementation of DTLS cookies for hello verification. 02338 * 02339 * Module: library/ssl_cookie.c 02340 * Caller: 02341 */ 02342 //#define MBEDTLS_SSL_COOKIE_C 02343 02344 /** 02345 * \def MBEDTLS_SSL_TICKET_C 02346 * 02347 * Enable an implementation of TLS server-side callbacks for session tickets. 02348 * 02349 * Module: library/ssl_ticket.c 02350 * Caller: 02351 * 02352 * Requires: MBEDTLS_CIPHER_C 02353 */ 02354 //#define MBEDTLS_SSL_TICKET_C 02355 02356 /** 02357 * \def MBEDTLS_SSL_CLI_C 02358 * 02359 * Enable the SSL/TLS client code. 02360 * 02361 * Module: library/ssl_cli.c 02362 * Caller: 02363 * 02364 * Requires: MBEDTLS_SSL_TLS_C 02365 * 02366 * This module is required for SSL/TLS client support. 02367 */ 02368 //#define MBEDTLS_SSL_CLI_C 02369 02370 /** 02371 * \def MBEDTLS_SSL_SRV_C 02372 * 02373 * Enable the SSL/TLS server code. 02374 * 02375 * Module: library/ssl_srv.c 02376 * Caller: 02377 * 02378 * Requires: MBEDTLS_SSL_TLS_C 02379 * 02380 * This module is required for SSL/TLS server support. 02381 */ 02382 //#define MBEDTLS_SSL_SRV_C 02383 02384 /** 02385 * \def MBEDTLS_SSL_TLS_C 02386 * 02387 * Enable the generic SSL/TLS code. 02388 * 02389 * Module: library/ssl_tls.c 02390 * Caller: library/ssl_cli.c 02391 * library/ssl_srv.c 02392 * 02393 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02394 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02395 * 02396 * This module is required for SSL/TLS. 02397 */ 02398 //#define MBEDTLS_SSL_TLS_C 02399 02400 /** 02401 * \def MBEDTLS_THREADING_C 02402 * 02403 * Enable the threading abstraction layer. 02404 * By default mbed TLS assumes it is used in a non-threaded environment or that 02405 * contexts are not shared between threads. If you do intend to use contexts 02406 * between threads, you will need to enable this layer to prevent race 02407 * conditions. See also our Knowledge Base article about threading: 02408 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02409 * 02410 * Module: library/threading.c 02411 * 02412 * This allows different threading implementations (self-implemented or 02413 * provided). 02414 * 02415 * You will have to enable either MBEDTLS_THREADING_ALT or 02416 * MBEDTLS_THREADING_PTHREAD. 02417 * 02418 * Enable this layer to allow use of mutexes within mbed TLS 02419 */ 02420 //#define MBEDTLS_THREADING_C 02421 02422 /** 02423 * \def MBEDTLS_TIMING_C 02424 * 02425 * Enable the semi-portable timing interface. 02426 * 02427 * \note The provided implementation only works on POSIX/Unix (including Linux, 02428 * BSD and OS X) and Windows. On other platforms, you can either disable that 02429 * module and provide your own implementations of the callbacks needed by 02430 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02431 * your own implementation of the whole module by setting 02432 * \c MBEDTLS_TIMING_ALT in the current file. 02433 * 02434 * \note See also our Knowledge Base article about porting to a new 02435 * environment: 02436 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02437 * 02438 * Module: library/timing.c 02439 * Caller: library/havege.c 02440 * 02441 * This module is used by the HAVEGE random number generator. 02442 */ 02443 //#define MBEDTLS_TIMING_C 02444 02445 /** 02446 * \def MBEDTLS_VERSION_C 02447 * 02448 * Enable run-time version information. 02449 * 02450 * Module: library/version.c 02451 * 02452 * This module provides run-time version information. 02453 */ 02454 //#define MBEDTLS_VERSION_C 02455 02456 /** 02457 * \def MBEDTLS_X509_USE_C 02458 * 02459 * Enable X.509 core for using certificates. 02460 * 02461 * Module: library/x509.c 02462 * Caller: library/x509_crl.c 02463 * library/x509_crt.c 02464 * library/x509_csr.c 02465 * 02466 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02467 * MBEDTLS_PK_PARSE_C 02468 * 02469 * This module is required for the X.509 parsing modules. 02470 */ 02471 //#define MBEDTLS_X509_USE_C 02472 02473 /** 02474 * \def MBEDTLS_X509_CRT_PARSE_C 02475 * 02476 * Enable X.509 certificate parsing. 02477 * 02478 * Module: library/x509_crt.c 02479 * Caller: library/ssl_cli.c 02480 * library/ssl_srv.c 02481 * library/ssl_tls.c 02482 * 02483 * Requires: MBEDTLS_X509_USE_C 02484 * 02485 * This module is required for X.509 certificate parsing. 02486 */ 02487 //#define MBEDTLS_X509_CRT_PARSE_C 02488 02489 /** 02490 * \def MBEDTLS_X509_CRL_PARSE_C 02491 * 02492 * Enable X.509 CRL parsing. 02493 * 02494 * Module: library/x509_crl.c 02495 * Caller: library/x509_crt.c 02496 * 02497 * Requires: MBEDTLS_X509_USE_C 02498 * 02499 * This module is required for X.509 CRL parsing. 02500 */ 02501 //#define MBEDTLS_X509_CRL_PARSE_C 02502 02503 /** 02504 * \def MBEDTLS_X509_CSR_PARSE_C 02505 * 02506 * Enable X.509 Certificate Signing Request (CSR) parsing. 02507 * 02508 * Module: library/x509_csr.c 02509 * Caller: library/x509_crt_write.c 02510 * 02511 * Requires: MBEDTLS_X509_USE_C 02512 * 02513 * This module is used for reading X.509 certificate request. 02514 */ 02515 //#define MBEDTLS_X509_CSR_PARSE_C 02516 02517 /** 02518 * \def MBEDTLS_X509_CREATE_C 02519 * 02520 * Enable X.509 core for creating certificates. 02521 * 02522 * Module: library/x509_create.c 02523 * 02524 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02525 * 02526 * This module is the basis for creating X.509 certificates and CSRs. 02527 */ 02528 //#define MBEDTLS_X509_CREATE_C 02529 02530 /** 02531 * \def MBEDTLS_X509_CRT_WRITE_C 02532 * 02533 * Enable creating X.509 certificates. 02534 * 02535 * Module: library/x509_crt_write.c 02536 * 02537 * Requires: MBEDTLS_X509_CREATE_C 02538 * 02539 * This module is required for X.509 certificate creation. 02540 */ 02541 //#define MBEDTLS_X509_CRT_WRITE_C 02542 02543 /** 02544 * \def MBEDTLS_X509_CSR_WRITE_C 02545 * 02546 * Enable creating X.509 Certificate Signing Requests (CSR). 02547 * 02548 * Module: library/x509_csr_write.c 02549 * 02550 * Requires: MBEDTLS_X509_CREATE_C 02551 * 02552 * This module is required for X.509 certificate request writing. 02553 */ 02554 //#define MBEDTLS_X509_CSR_WRITE_C 02555 02556 /** 02557 * \def MBEDTLS_XTEA_C 02558 * 02559 * Enable the XTEA block cipher. 02560 * 02561 * Module: library/xtea.c 02562 * Caller: 02563 */ 02564 //#define MBEDTLS_XTEA_C 02565 02566 /* \} name SECTION: mbed TLS modules */ 02567 02568 /** 02569 * \name SECTION: Module configuration options 02570 * 02571 * This section allows for the setting of module specific sizes and 02572 * configuration options. The default values are already present in the 02573 * relevant header files and should suffice for the regular use cases. 02574 * 02575 * Our advice is to enable options and change their values here 02576 * only if you have a good reason and know the consequences. 02577 * 02578 * Please check the respective header file for documentation on these 02579 * parameters (to prevent duplicate documentation). 02580 * \{ 02581 */ 02582 02583 /* MPI / BIGNUM options */ 02584 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02585 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02586 02587 /* CTR_DRBG options */ 02588 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02589 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02590 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02591 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02592 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02593 02594 /* HMAC_DRBG options */ 02595 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02596 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02597 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02598 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02599 02600 /* ECP options */ 02601 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02602 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02603 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02604 02605 /* Entropy options */ 02606 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02607 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02608 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02609 02610 /* Memory buffer allocator options */ 02611 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02612 02613 /* Platform options */ 02614 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02615 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02616 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02617 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02618 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02619 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02620 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02621 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02622 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02623 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02624 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02625 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02626 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02627 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02628 02629 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02630 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02631 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02632 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02633 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02634 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02635 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02636 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02637 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02638 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02639 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02640 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02641 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02642 02643 /* SSL Cache options */ 02644 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02645 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02646 02647 /* SSL options */ 02648 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02649 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02650 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02651 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02652 02653 /** 02654 * Complete list of ciphersuites to use, in order of preference. 02655 * 02656 * \warning No dependency checking is done on that field! This option can only 02657 * be used to restrict the set of available ciphersuites. It is your 02658 * responsibility to make sure the needed modules are active. 02659 * 02660 * Use this to save a few hundred bytes of ROM (default ordering of all 02661 * available ciphersuites) and a few to a few hundred bytes of RAM. 02662 * 02663 * The value below is only an example, not the default. 02664 */ 02665 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02666 02667 /* X509 options */ 02668 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02669 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02670 02671 /** 02672 * Allow SHA-1 in the default TLS configuration for certificate signing. 02673 * Without this build-time option, SHA-1 support must be activated explicitly 02674 * through mbedtls_ssl_conf_cert_profile. Turning on this option is not 02675 * recommended because of it is possible to generte SHA-1 collisions, however 02676 * this may be safe for legacy infrastructure where additional controls apply. 02677 */ 02678 // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 02679 02680 /** 02681 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake 02682 * signature and ciphersuite selection. Without this build-time option, SHA-1 02683 * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. 02684 * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by 02685 * default. At the time of writing, there is no practical attack on the use 02686 * of SHA-1 in handshake signatures, hence this option is turned on by default 02687 * for compatibility with existing peers. 02688 */ 02689 //#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE 02690 02691 02692 #include "check_config.h" 02693 02694 #endif /* MBEDTLS_LORA_CONFIG_H */
Generated on Wed Jul 13 2022 21:56:58 by
1.7.2