Mayank Gupta
/
pelion-example-frdm
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: FXAS21002 FXOS8700Q
Embed:
(wiki syntax)
Show/hide line numbers
mbedTLSConfig_Linux.h
00001 // ---------------------------------------------------------------------------- 00002 // Copyright 2016-2019 ARM Ltd. 00003 // 00004 // SPDX-License-Identifier: Apache-2.0 00005 // 00006 // Licensed under the Apache License, Version 2.0 (the "License"); 00007 // you may not use this file except in compliance with the License. 00008 // You may obtain a copy of the License at 00009 // 00010 // http://www.apache.org/licenses/LICENSE-2.0 00011 // 00012 // Unless required by applicable law or agreed to in writing, software 00013 // distributed under the License is distributed on an "AS IS" BASIS, 00014 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00015 // See the License for the specific language governing permissions and 00016 // limitations under the License. 00017 // ---------------------------------------------------------------------------- 00018 00019 #ifndef MBEDTLS_CONFIG_H 00020 #define MBEDTLS_CONFIG_H 00021 00022 00023 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00024 #define _CRT_SECURE_NO_DEPRECATE 1 00025 #endif 00026 00027 /** 00028 * \name SECTION: System support 00029 * 00030 * This section sets system specific settings. 00031 * \{ 00032 */ 00033 #if 1 //Please set to 1 if you are using secure time 00034 /** 00035 * \def MBEDTLS_HAVE_ASM 00036 * 00037 * The compiler has support for asm(). 00038 * 00039 * Requires support for asm() in compiler. 00040 * 00041 * Used in: 00042 * library/timing.c 00043 * library/padlock.c 00044 * include/mbedtls/bn_mul.h 00045 * 00046 * Comment to disable the use of assembly code. 00047 */ 00048 #define MBEDTLS_HAVE_ASM 00049 00050 /** 00051 * \def MBEDTLS_HAVE_SSE2 00052 * 00053 * CPU supports SSE2 instruction set. 00054 * 00055 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00056 */ 00057 //#define MBEDTLS_HAVE_SSE2 00058 00059 /** 00060 * \def MBEDTLS_HAVE_TIME 00061 * 00062 * System has time.h and time(). 00063 * The time does not need to be correct, only time differences are used, 00064 * by contrast with MBEDTLS_HAVE_TIME_DATE 00065 * 00066 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, 00067 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and 00068 * MBEDTLS_PLATFORM_STD_TIME. 00069 * 00070 * Comment if your system does not support time functions 00071 */ 00072 #define MBEDTLS_HAVE_TIME 00073 00074 /** 00075 * \def MBEDTLS_HAVE_TIME_DATE 00076 * 00077 * System has time.h and time(), gmtime() and the clock is correct. 00078 * The time needs to be correct (not necesarily very accurate, but at least 00079 * the date should be correct). This is used to verify the validity period of 00080 * X.509 certificates. 00081 * 00082 * Comment if your system does not have a correct clock. 00083 */ 00084 #define MBEDTLS_HAVE_TIME_DATE 00085 00086 /** 00087 * \def MBEDTLS_PLATFORM_MEMORY 00088 * 00089 * Enable the memory allocation layer. 00090 * 00091 * By default mbed TLS uses the system-provided calloc() and free(). 00092 * This allows different allocators (self-implemented or provided) to be 00093 * provided to the platform abstraction layer. 00094 * 00095 * Enabling MBEDTLS_PLATFORM_MEMORY without the 00096 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide 00097 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and 00098 * free() function pointer at runtime. 00099 * 00100 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying 00101 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the 00102 * alternate function at compile time. 00103 * 00104 * Requires: MBEDTLS_PLATFORM_C 00105 * 00106 * Enable this layer to allow use of alternative memory allocators. 00107 */ 00108 //#define MBEDTLS_PLATFORM_MEMORY 00109 00110 /** 00111 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00112 * 00113 * Do not assign standard functions in the platform layer (e.g. calloc() to 00114 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) 00115 * 00116 * This makes sure there are no linking errors on platforms that do not support 00117 * these functions. You will HAVE to provide alternatives, either at runtime 00118 * via the platform_set_xxx() functions or at compile time by setting 00119 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a 00120 * MBEDTLS_PLATFORM_XXX_MACRO. 00121 * 00122 * Requires: MBEDTLS_PLATFORM_C 00123 * 00124 * Uncomment to prevent default assignment of standard functions in the 00125 * platform layer. 00126 */ 00127 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 00128 00129 /** 00130 * \def MBEDTLS_PLATFORM_EXIT_ALT 00131 * 00132 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the 00133 * function in the platform abstraction layer. 00134 * 00135 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will 00136 * provide a function "mbedtls_platform_set_printf()" that allows you to set an 00137 * alternative printf function pointer. 00138 * 00139 * All these define require MBEDTLS_PLATFORM_C to be defined! 00140 * 00141 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; 00142 * it will be enabled automatically by check_config.h 00143 * 00144 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as 00145 * MBEDTLS_PLATFORM_XXX_MACRO! 00146 * 00147 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME 00148 * 00149 * Uncomment a macro to enable alternate implementation of specific base 00150 * platform function 00151 */ 00152 #define MBEDTLS_PLATFORM_TIME_ALT 00153 #endif //0 00154 //#define MBEDTLS_PLATFORM_EXIT_ALT 00155 //#define MBEDTLS_PLATFORM_FPRINTF_ALT 00156 //#define MBEDTLS_PLATFORM_PRINTF_ALT 00157 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT 00158 //#define MBEDTLS_PLATFORM_NV_SEED_ALT 00159 00160 /** 00161 * \def MBEDTLS_DEPRECATED_WARNING 00162 * 00163 * Mark deprecated functions so that they generate a warning if used. 00164 * Functions deprecated in one version will usually be removed in the next 00165 * version. You can enable this to help you prepare the transition to a new 00166 * major version by making sure your code is not using these functions. 00167 * 00168 * This only works with GCC and Clang. With other compilers, you may want to 00169 * use MBEDTLS_DEPRECATED_REMOVED 00170 * 00171 * Uncomment to get warnings on using deprecated functions. 00172 */ 00173 //#define MBEDTLS_DEPRECATED_WARNING 00174 00175 /** 00176 * \def MBEDTLS_DEPRECATED_REMOVED 00177 * 00178 * Remove deprecated functions so that they generate an error if used. 00179 * Functions deprecated in one version will usually be removed in the next 00180 * version. You can enable this to help you prepare the transition to a new 00181 * major version by making sure your code is not using these functions. 00182 * 00183 * Uncomment to get errors on using deprecated functions. 00184 */ 00185 //#define MBEDTLS_DEPRECATED_REMOVED 00186 00187 /* \} name SECTION: System support */ 00188 00189 /** 00190 * \name SECTION: mbed TLS feature support 00191 * 00192 * This section sets support for features that are or are not needed 00193 * within the modules that are enabled. 00194 * \{ 00195 */ 00196 00197 /** 00198 * \def MBEDTLS_TIMING_ALT 00199 * 00200 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), 00201 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() 00202 * 00203 * Only works if you have MBEDTLS_TIMING_C enabled. 00204 * 00205 * You will need to provide a header "timing_alt.h" and an implementation at 00206 * compile time. 00207 */ 00208 //#define MBEDTLS_TIMING_ALT 00209 00210 /** 00211 * \def MBEDTLS_AES_ALT 00212 * 00213 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your 00214 * alternate core implementation of a symmetric crypto, an arithmetic or hash 00215 * module (e.g. platform specific assembly optimized implementations). Keep 00216 * in mind that the function prototypes should remain the same. 00217 * 00218 * This replaces the whole module. If you only want to replace one of the 00219 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. 00220 * 00221 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer 00222 * provide the "struct mbedtls_aes_context" definition and omit the base 00223 * function declarations and implementations. "aes_alt.h" will be included from 00224 * "aes.h" to include the new function definitions. 00225 * 00226 * Uncomment a macro to enable alternate implementation of the corresponding 00227 * module. 00228 */ 00229 //#define MBEDTLS_AES_ALT 00230 //#define MBEDTLS_ARC4_ALT 00231 //#define MBEDTLS_BLOWFISH_ALT 00232 //#define MBEDTLS_CAMELLIA_ALT 00233 //#define MBEDTLS_DES_ALT 00234 //#define MBEDTLS_XTEA_ALT 00235 //#define MBEDTLS_MD2_ALT 00236 //#define MBEDTLS_MD4_ALT 00237 //#define MBEDTLS_MD5_ALT 00238 //#define MBEDTLS_RIPEMD160_ALT 00239 //#define MBEDTLS_SHA1_ALT 00240 //#define MBEDTLS_SHA256_ALT 00241 //#define MBEDTLS_SHA512_ALT 00242 /* 00243 * When replacing the elliptic curve module, pleace consider, that it is 00244 * implemented with two .c files: 00245 * - ecp.c 00246 * - ecp_curves.c 00247 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT 00248 * macros as described above. The only difference is that you have to make sure 00249 * that you provide functionality for both .c files. 00250 */ 00251 //#define MBEDTLS_ECP_ALT 00252 00253 /** 00254 * \def MBEDTLS_MD2_PROCESS_ALT 00255 * 00256 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you 00257 * alternate core implementation of symmetric crypto or hash function. Keep in 00258 * mind that function prototypes should remain the same. 00259 * 00260 * This replaces only one function. The header file from mbed TLS is still 00261 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. 00262 * 00263 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will 00264 * no longer provide the mbedtls_sha1_process() function, but it will still provide 00265 * the other function (using your mbedtls_sha1_process() function) and the definition 00266 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible 00267 * with this definition. 00268 * 00269 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set 00270 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES 00271 * tables. 00272 * 00273 * Uncomment a macro to enable alternate implementation of the corresponding 00274 * function. 00275 */ 00276 //#define MBEDTLS_MD2_PROCESS_ALT 00277 //#define MBEDTLS_MD4_PROCESS_ALT 00278 //#define MBEDTLS_MD5_PROCESS_ALT 00279 //#define MBEDTLS_RIPEMD160_PROCESS_ALT 00280 //#define MBEDTLS_SHA1_PROCESS_ALT 00281 //#define MBEDTLS_SHA256_PROCESS_ALT 00282 //#define MBEDTLS_SHA512_PROCESS_ALT 00283 //#define MBEDTLS_DES_SETKEY_ALT 00284 //#define MBEDTLS_DES_CRYPT_ECB_ALT 00285 //#define MBEDTLS_DES3_CRYPT_ECB_ALT 00286 //#define MBEDTLS_AES_SETKEY_ENC_ALT 00287 //#define MBEDTLS_AES_SETKEY_DEC_ALT 00288 //#define MBEDTLS_AES_ENCRYPT_ALT 00289 //#define MBEDTLS_AES_DECRYPT_ALT 00290 00291 /** 00292 * \def MBEDTLS_ECP_INTERNAL_ALT 00293 * 00294 * Expose a part of the internal interface of the Elliptic Curve Point module. 00295 * 00296 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your 00297 * alternative core implementation of elliptic curve arithmetic. Keep in mind 00298 * that function prototypes should remain the same. 00299 * 00300 * This partially replaces one function. The header file from mbed TLS is still 00301 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation 00302 * is still present and it is used for group structures not supported by the 00303 * alternative. 00304 * 00305 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT 00306 * and implementing the following functions: 00307 * unsigned char mbedtls_internal_ecp_grp_capable( 00308 * const mbedtls_ecp_group *grp ) 00309 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) 00310 * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp ) 00311 * The mbedtls_internal_ecp_grp_capable function should return 1 if the 00312 * replacement functions implement arithmetic for the given group and 0 00313 * otherwise. 00314 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are 00315 * called before and after each point operation and provide an opportunity to 00316 * implement optimized set up and tear down instructions. 00317 * 00318 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and 00319 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac 00320 * function, but will use your mbedtls_internal_ecp_double_jac if the group is 00321 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when 00322 * receives it as an argument). If the group is not supported then the original 00323 * implementation is used. The other functions and the definition of 00324 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your 00325 * implementation of mbedtls_internal_ecp_double_jac and 00326 * mbedtls_internal_ecp_grp_capable must be compatible with this definition. 00327 * 00328 * Uncomment a macro to enable alternate implementation of the corresponding 00329 * function. 00330 */ 00331 /* Required for all the functions in this section */ 00332 //#define MBEDTLS_ECP_INTERNAL_ALT 00333 /* Support for Weierstrass curves with Jacobi representation */ 00334 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT 00335 //#define MBEDTLS_ECP_ADD_MIXED_ALT 00336 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT 00337 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT 00338 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT 00339 /* Support for curves with Montgomery arithmetic */ 00340 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT 00341 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT 00342 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT 00343 00344 /** 00345 * \def MBEDTLS_TEST_NULL_ENTROPY 00346 * 00347 * Enables testing and use of mbed TLS without any configured entropy sources. 00348 * This permits use of the library on platforms before an entropy source has 00349 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the 00350 * MBEDTLS_ENTROPY_NV_SEED switches). 00351 * 00352 * WARNING! This switch MUST be disabled in production builds, and is suitable 00353 * only for development. 00354 * Enabling the switch negates any security provided by the library. 00355 * 00356 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00357 * 00358 */ 00359 //#define MBEDTLS_TEST_NULL_ENTROPY 00360 00361 /** 00362 * \def MBEDTLS_ENTROPY_HARDWARE_ALT 00363 * 00364 * Uncomment this macro to let mbed TLS use your own implementation of a 00365 * hardware entropy collector. 00366 * 00367 * Your function must be called \c mbedtls_hardware_poll(), have the same 00368 * prototype as declared in entropy_poll.h, and accept NULL as first argument. 00369 * 00370 * Uncomment to use your own hardware entropy collector. 00371 */ 00372 //#define MBEDTLS_ENTROPY_HARDWARE_ALT 00373 00374 /** 00375 * \def MBEDTLS_AES_ROM_TABLES 00376 * 00377 * Store the AES tables in ROM. 00378 * 00379 * Uncomment this macro to store the AES tables in ROM. 00380 */ 00381 //#define MBEDTLS_AES_ROM_TABLES 00382 00383 /** 00384 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY 00385 * 00386 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00387 * 00388 * Uncomment this macro to use less memory for Camellia. 00389 */ 00390 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY 00391 00392 /** 00393 * \def MBEDTLS_CIPHER_MODE_CBC 00394 * 00395 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00396 */ 00397 #define MBEDTLS_CIPHER_MODE_CBC 00398 00399 /** 00400 * \def MBEDTLS_CIPHER_MODE_CFB 00401 * 00402 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00403 */ 00404 //#define MBEDTLS_CIPHER_MODE_CFB 00405 00406 /** 00407 * \def MBEDTLS_CIPHER_MODE_CTR 00408 * 00409 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00410 */ 00411 #define MBEDTLS_CIPHER_MODE_CTR 00412 00413 /** 00414 * \def MBEDTLS_CIPHER_NULL_CIPHER 00415 * 00416 * Enable NULL cipher. 00417 * Warning: Only do so when you know what you are doing. This allows for 00418 * encryption or channels without any security! 00419 * 00420 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable 00421 * the following ciphersuites: 00422 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 00423 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 00424 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00425 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 00426 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 00427 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 00428 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 00429 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 00430 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 00431 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 00432 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 00433 * MBEDTLS_TLS_RSA_WITH_NULL_SHA 00434 * MBEDTLS_TLS_RSA_WITH_NULL_MD5 00435 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 00436 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 00437 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 00438 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 00439 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 00440 * MBEDTLS_TLS_PSK_WITH_NULL_SHA 00441 * 00442 * Uncomment this macro to enable the NULL cipher and ciphersuites 00443 */ 00444 //#define MBEDTLS_CIPHER_NULL_CIPHER 00445 00446 /** 00447 * \def MBEDTLS_CIPHER_PADDING_PKCS7 00448 * 00449 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for 00450 * specific padding modes in the cipher layer with cipher modes that support 00451 * padding (e.g. CBC) 00452 * 00453 * If you disable all padding modes, only full blocks can be used with CBC. 00454 * 00455 * Enable padding modes in the cipher layer. 00456 */ 00457 #define MBEDTLS_CIPHER_PADDING_PKCS7 00458 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS 00459 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN 00460 //#define MBEDTLS_CIPHER_PADDING_ZEROS 00461 00462 /** 00463 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00464 * 00465 * Enable weak ciphersuites in SSL / TLS. 00466 * Warning: Only do so when you know what you are doing. This allows for 00467 * channels with virtually no security at all! 00468 * 00469 * This enables the following ciphersuites: 00470 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 00471 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 00472 * 00473 * Uncomment this macro to enable weak ciphersuites 00474 */ 00475 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES 00476 00477 /** 00478 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00479 * 00480 * Remove RC4 ciphersuites by default in SSL / TLS. 00481 * This flag removes the ciphersuites based on RC4 from the default list as 00482 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to 00483 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them 00484 * explicitly. 00485 * 00486 * Uncomment this macro to remove RC4 ciphersuites by default. 00487 */ 00488 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES 00489 00490 /** 00491 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED 00492 * 00493 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve 00494 * module. By default all supported curves are enabled. 00495 * 00496 * Comment macros to disable the curve and functions for it 00497 */ 00498 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED 00499 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED 00500 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 00501 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED 00502 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 00503 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED 00504 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED 00505 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED 00506 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED 00507 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED 00508 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED 00509 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED 00510 00511 /** 00512 * \def MBEDTLS_ECP_NIST_OPTIM 00513 * 00514 * Enable specific 'modulo p' routines for each NIST prime. 00515 * Depending on the prime and architecture, makes operations 4 to 8 times 00516 * faster on the corresponding curve. 00517 * 00518 * Comment this macro to disable NIST curves optimisation. 00519 */ 00520 #define MBEDTLS_ECP_NIST_OPTIM 00521 00522 /** 00523 * \def MBEDTLS_ECDSA_DETERMINISTIC 00524 * 00525 * Enable deterministic ECDSA (RFC 6979). 00526 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00527 * may result in a compromise of the long-term signing key. This is avoided by 00528 * the deterministic variant. 00529 * 00530 * Requires: MBEDTLS_HMAC_DRBG_C 00531 * 00532 * Comment this macro to disable deterministic ECDSA. 00533 */ 00534 #define MBEDTLS_ECDSA_DETERMINISTIC 00535 /** 00536 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00537 * 00538 * Enable the PSK based ciphersuite modes in SSL / TLS. 00539 * 00540 * This enables the following ciphersuites (if other requisites are 00541 * enabled as well): 00542 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 00543 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 00544 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 00545 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00546 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00547 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 00548 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 00549 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 00550 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00551 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00552 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 00553 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 00554 */ 00555 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 00556 00557 /** 00558 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00559 * 00560 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00561 * 00562 * Requires: MBEDTLS_DHM_C 00563 * 00564 * This enables the following ciphersuites (if other requisites are 00565 * enabled as well): 00566 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00567 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00568 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00569 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00570 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00571 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00572 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00573 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00574 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00575 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00576 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00577 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 00578 */ 00579 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 00580 00581 /** 00582 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00583 * 00584 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00585 * 00586 * Requires: MBEDTLS_ECDH_C 00587 * 00588 * This enables the following ciphersuites (if other requisites are 00589 * enabled as well): 00590 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00591 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00592 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00593 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00594 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00595 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00596 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00597 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 00598 */ 00599 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00600 00601 /** 00602 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00603 * 00604 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00605 * 00606 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00607 * MBEDTLS_X509_CRT_PARSE_C 00608 * 00609 * This enables the following ciphersuites (if other requisites are 00610 * enabled as well): 00611 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00612 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00613 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00614 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00615 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00616 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00617 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00618 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00619 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00620 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00621 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00622 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 00623 */ 00624 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 00625 00626 /** 00627 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00628 * 00629 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00630 * 00631 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00632 * MBEDTLS_X509_CRT_PARSE_C 00633 * 00634 * This enables the following ciphersuites (if other requisites are 00635 * enabled as well): 00636 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 00637 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 00638 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 00639 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00640 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00641 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00642 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 00643 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 00644 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 00645 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00646 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00647 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00648 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 00649 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 00650 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 00651 */ 00652 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 00653 00654 /** 00655 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00656 * 00657 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00658 * 00659 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00660 * MBEDTLS_X509_CRT_PARSE_C 00661 * 00662 * This enables the following ciphersuites (if other requisites are 00663 * enabled as well): 00664 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00665 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00666 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00667 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00668 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00669 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00670 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00671 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00672 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00673 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00674 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00675 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00676 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00677 */ 00678 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 00679 00680 /** 00681 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00682 * 00683 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00684 * 00685 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, 00686 * MBEDTLS_X509_CRT_PARSE_C 00687 * 00688 * This enables the following ciphersuites (if other requisites are 00689 * enabled as well): 00690 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00691 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00692 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00693 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00694 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00695 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00696 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00697 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00698 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00699 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00700 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00701 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00702 */ 00703 //#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00704 00705 /** 00706 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00707 * 00708 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00709 * 00710 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, 00711 * 00712 * This enables the following ciphersuites (if other requisites are 00713 * enabled as well): 00714 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00715 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00716 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00717 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00718 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00719 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00720 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00721 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00722 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00723 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00724 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00725 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00726 */ 00727 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00728 /** 00729 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00730 * 00731 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00732 * 00733 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00734 * 00735 * This enables the following ciphersuites (if other requisites are 00736 * enabled as well): 00737 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00738 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00739 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00740 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00741 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00742 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00743 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00744 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00745 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00746 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00747 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00748 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00749 */ 00750 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00751 00752 /** 00753 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00754 * 00755 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00756 * 00757 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C 00758 * 00759 * This enables the following ciphersuites (if other requisites are 00760 * enabled as well): 00761 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 00762 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00763 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00764 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00765 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00766 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00767 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00768 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00769 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00770 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00771 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00772 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00773 */ 00774 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED 00775 00776 /** 00777 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00778 * 00779 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. 00780 * 00781 * \warning This is currently experimental. EC J-PAKE support is based on the 00782 * Thread v1.0.0 specification; incompatible changes to the specification 00783 * might still happen. For this reason, this is disabled by default. 00784 * 00785 * Requires: MBEDTLS_ECJPAKE_C 00786 * MBEDTLS_SHA256_C 00787 * MBEDTLS_ECP_DP_SECP256R1_ENABLED 00788 * 00789 * This enables the following ciphersuites (if other requisites are 00790 * enabled as well): 00791 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 00792 */ 00793 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 00794 00795 /** 00796 * \def MBEDTLS_PK_PARSE_EC_EXTENDED 00797 * 00798 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00799 * RFC 5915 and RFC 5480. 00800 * 00801 * Currently this means parsing the SpecifiedECDomain choice of EC 00802 * parameters (only known groups are supported, not arbitrary domains, to 00803 * avoid validation issues). 00804 * 00805 * Disable if you only need to support RFC 5915 + 5480 key formats. 00806 */ 00807 //#define MBEDTLS_PK_PARSE_EC_EXTENDED 00808 00809 /** 00810 * \def MBEDTLS_ERROR_STRERROR_DUMMY 00811 * 00812 * Enable a dummy error function to make use of mbedtls_strerror() in 00813 * third party libraries easier when MBEDTLS_ERROR_C is disabled 00814 * (no effect when MBEDTLS_ERROR_C is enabled). 00815 * 00816 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're 00817 * not using mbedtls_strerror() or error_strerror() in your application. 00818 * 00819 * Disable if you run into name conflicts and want to really remove the 00820 * mbedtls_strerror() 00821 */ 00822 //#define MBEDTLS_ERROR_STRERROR_DUMMY 00823 00824 /** 00825 * \def MBEDTLS_GENPRIME 00826 * 00827 * Enable the prime-number generation code. 00828 * 00829 * Requires: MBEDTLS_BIGNUM_C 00830 */ 00831 //#define MBEDTLS_GENPRIME 00832 00833 /** 00834 * \def MBEDTLS_FS_IO 00835 * 00836 * Enable functions that use the filesystem. 00837 */ 00838 //#define MBEDTLS_FS_IO 00839 00840 /** 00841 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00842 * 00843 * Do not add default entropy sources. These are the platform specific, 00844 * mbedtls_timing_hardclock and HAVEGE based poll functions. 00845 * 00846 * This is useful to have more control over the added entropy sources in an 00847 * application. 00848 * 00849 * Uncomment this macro to prevent loading of default entropy functions. 00850 */ 00851 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES 00852 00853 /** 00854 * \def MBEDTLS_NO_PLATFORM_ENTROPY 00855 * 00856 * Do not use built-in platform entropy functions. 00857 * This is useful if your platform does not support 00858 * standards like the /dev/urandom or Windows CryptoAPI. 00859 * 00860 * Uncomment this macro to disable the built-in platform entropy functions. 00861 */ 00862 //#define MBEDTLS_NO_PLATFORM_ENTROPY 00863 00864 /** 00865 * \def MBEDTLS_ENTROPY_FORCE_SHA256 00866 * 00867 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00868 * default SHA-512 based one (if both are available). 00869 * 00870 * Requires: MBEDTLS_SHA256_C 00871 * 00872 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00873 * if you have performance concerns. 00874 * 00875 * This option is only useful if both MBEDTLS_SHA256_C and 00876 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. 00877 */ 00878 //#define MBEDTLS_ENTROPY_FORCE_SHA256 00879 00880 /** 00881 * \def MBEDTLS_ENTROPY_NV_SEED 00882 * 00883 * Enable the non-volatile (NV) seed file-based entropy source. 00884 * (Also enables the NV seed read/write functions in the platform layer) 00885 * 00886 * This is crucial (if not required) on systems that do not have a 00887 * cryptographic entropy source (in hardware or kernel) available. 00888 * 00889 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C 00890 * 00891 * \note The read/write functions that are used by the entropy source are 00892 * determined in the platform layer, and can be modified at runtime and/or 00893 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. 00894 * 00895 * \note If you use the default implementation functions that read a seedfile 00896 * with regular fopen(), please make sure you make a seedfile with the 00897 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at 00898 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from 00899 * and written to or you will get an entropy source error! The default 00900 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE 00901 * bytes from the file. 00902 * 00903 * \note The entropy collector will write to the seed file before entropy is 00904 * given to an external source, to update it. 00905 */ 00906 //#define MBEDTLS_ENTROPY_NV_SEED 00907 00908 /** 00909 * \def MBEDTLS_MEMORY_DEBUG 00910 * 00911 * Enable debugging of buffer allocator memory issues. Automatically prints 00912 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00913 * function for 'debug output' of allocated memory. 00914 * 00915 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00916 * 00917 * Uncomment this macro to let the buffer allocator print out error messages. 00918 */ 00919 //#define MBEDTLS_MEMORY_DEBUG 00920 00921 /** 00922 * \def MBEDTLS_MEMORY_BACKTRACE 00923 * 00924 * Include backtrace information with each allocated block. 00925 * 00926 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C 00927 * GLIBC-compatible backtrace() an backtrace_symbols() support 00928 * 00929 * Uncomment this macro to include backtrace information 00930 */ 00931 //#define MBEDTLS_MEMORY_BACKTRACE 00932 00933 /** 00934 * \def MBEDTLS_PK_RSA_ALT_SUPPORT 00935 * 00936 * Support external private RSA keys (eg from a HSM) in the PK layer. 00937 * 00938 * Comment this macro to disable support for external private RSA keys. 00939 */ 00940 //#define MBEDTLS_PK_RSA_ALT_SUPPORT 00941 00942 /** 00943 * \def MBEDTLS_PKCS1_V15 00944 * 00945 * Enable support for PKCS#1 v1.5 encoding. 00946 * 00947 * Requires: MBEDTLS_RSA_C 00948 * 00949 * This enables support for PKCS#1 v1.5 operations. 00950 */ 00951 #define MBEDTLS_PKCS1_V15 00952 00953 /** 00954 * \def MBEDTLS_PKCS1_V21 00955 * 00956 * Enable support for PKCS#1 v2.1 encoding. 00957 * 00958 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C 00959 * 00960 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00961 */ 00962 #define MBEDTLS_PKCS1_V21 00963 00964 /** 00965 * \def MBEDTLS_RSA_NO_CRT 00966 * 00967 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00968 * 00969 * Uncomment this macro to disable the use of CRT in RSA. 00970 * 00971 */ 00972 //#define MBEDTLS_RSA_NO_CRT 00973 00974 /** 00975 * \def MBEDTLS_SELF_TEST 00976 * 00977 * Enable the checkup functions (*_self_test). 00978 */ 00979 //#define MBEDTLS_SELF_TEST 00980 00981 /** 00982 * \def MBEDTLS_SHA256_SMALLER 00983 * 00984 * Enable an implementation of SHA-256 that has lower ROM footprint but also 00985 * lower performance. 00986 * 00987 * The default implementation is meant to be a reasonnable compromise between 00988 * performance and size. This version optimizes more aggressively for size at 00989 * the expense of performance. Eg on Cortex-M4 it reduces the size of 00990 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 00991 * 30%. 00992 * 00993 * Uncomment to enable the smaller implementation of SHA256. 00994 */ 00995 //#define MBEDTLS_SHA256_SMALLER 00996 00997 /** 00998 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES 00999 * 01000 * Enable sending of alert messages in case of encountered errors as per RFC. 01001 * If you choose not to send the alert messages, mbed TLS can still communicate 01002 * with other servers, only debugging of failures is harder. 01003 * 01004 * The advantage of not sending alert messages, is that no information is given 01005 * about reasons for failures thus preventing adversaries of gaining intel. 01006 * 01007 * Enable sending of all alert messages 01008 */ 01009 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES 01010 01011 /** 01012 * \def MBEDTLS_SSL_DEBUG_ALL 01013 * 01014 * Enable the debug messages in SSL module for all issues. 01015 * Debug messages have been disabled in some places to prevent timing 01016 * attacks due to (unbalanced) debugging function calls. 01017 * 01018 * If you need all error reporting you should enable this during debugging, 01019 * but remove this for production servers that should log as well. 01020 * 01021 * Uncomment this macro to report all debug messages on errors introducing 01022 * a timing side-channel. 01023 * 01024 */ 01025 //#define MBEDTLS_SSL_DEBUG_ALL 01026 01027 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC 01028 * 01029 * Enable support for Encrypt-then-MAC, RFC 7366. 01030 * 01031 * This allows peers that both support it to use a more robust protection for 01032 * ciphersuites using CBC, providing deep resistance against timing attacks 01033 * on the padding or underlying cipher. 01034 * 01035 * This only affects CBC ciphersuites, and is useless if none is defined. 01036 * 01037 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01038 * MBEDTLS_SSL_PROTO_TLS1_1 or 01039 * MBEDTLS_SSL_PROTO_TLS1_2 01040 * 01041 * Comment this macro to disable support for Encrypt-then-MAC 01042 */ 01043 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC 01044 01045 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01046 * 01047 * Enable support for Extended Master Secret, aka Session Hash 01048 * (draft-ietf-tls-session-hash-02). 01049 * 01050 * This was introduced as "the proper fix" to the Triple Handshake familiy of 01051 * attacks, but it is recommended to always use it (even if you disable 01052 * renegotiation), since it actually fixes a more fundamental issue in the 01053 * original SSL/TLS design, and has implications beyond Triple Handshake. 01054 * 01055 * Requires: MBEDTLS_SSL_PROTO_TLS1 or 01056 * MBEDTLS_SSL_PROTO_TLS1_1 or 01057 * MBEDTLS_SSL_PROTO_TLS1_2 01058 * 01059 * Comment this macro to disable support for Extended Master Secret. 01060 */ 01061 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET 01062 01063 /** 01064 * \def MBEDTLS_SSL_FALLBACK_SCSV 01065 * 01066 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 01067 * 01068 * For servers, it is recommended to always enable this, unless you support 01069 * only one version of TLS, or know for sure that none of your clients 01070 * implements a fallback strategy. 01071 * 01072 * For clients, you only need this if you're using a fallback strategy, which 01073 * is not recommended in the first place, unless you absolutely need it to 01074 * interoperate with buggy (version-intolerant) servers. 01075 * 01076 * Comment this macro to disable support for FALLBACK_SCSV 01077 */ 01078 //#define MBEDTLS_SSL_FALLBACK_SCSV 01079 01080 /** 01081 * \def MBEDTLS_SSL_HW_RECORD_ACCEL 01082 * 01083 * Enable hooking functions in SSL module for hardware acceleration of 01084 * individual records. 01085 * 01086 * Uncomment this macro to enable hooking functions. 01087 */ 01088 //#define MBEDTLS_SSL_HW_RECORD_ACCEL 01089 01090 /** 01091 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING 01092 * 01093 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 01094 * 01095 * This is a countermeasure to the BEAST attack, which also minimizes the risk 01096 * of interoperability issues compared to sending 0-length records. 01097 * 01098 * Comment this macro to disable 1/n-1 record splitting. 01099 */ 01100 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING 01101 01102 /** 01103 * \def MBEDTLS_SSL_RENEGOTIATION 01104 * 01105 * Enable support for TLS renegotiation. 01106 * 01107 * The two main uses of renegotiation are (1) refresh keys on long-lived 01108 * connections and (2) client authentication after the initial handshake. 01109 * If you don't need renegotiation, it's probably better to disable it, since 01110 * it has been associated with security issues in the past and is easy to 01111 * misuse/misunderstand. 01112 * 01113 * Comment this to disable support for renegotiation. 01114 * 01115 * \note Even if this option is disabled, both client and server are aware 01116 * of the Renegotiation Indication Extension (RFC 5746) used to 01117 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). 01118 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the 01119 * configuration of this extension). 01120 * 01121 * \note This feature is required by Device Management Client for Client-side 01122 * certificate expiration verification. Disabling it will also require 01123 * setting PAL_USE_SECURE_TIME to 0. 01124 * 01125 */ 01126 #define MBEDTLS_SSL_RENEGOTIATION 01127 01128 /** 01129 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01130 * 01131 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 01132 * SSL Server module (MBEDTLS_SSL_SRV_C). 01133 * 01134 * Uncomment this macro to enable support for SSLv2 Client Hello messages. 01135 */ 01136 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 01137 01138 /** 01139 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01140 * 01141 * Pick the ciphersuite according to the client's preferences rather than ours 01142 * in the SSL Server module (MBEDTLS_SSL_SRV_C). 01143 * 01144 * Uncomment this macro to respect client's ciphersuite order 01145 */ 01146 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE 01147 01148 /** 01149 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01150 * 01151 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01152 * 01153 * Comment this macro to disable support for the max_fragment_length extension 01154 */ 01155 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 01156 01157 /** 01158 * \def MBEDTLS_SSL_PROTO_SSL3 01159 * 01160 * Enable support for SSL 3.0. 01161 * 01162 * Requires: MBEDTLS_MD5_C 01163 * MBEDTLS_SHA1_C 01164 * 01165 * Comment this macro to disable support for SSL 3.0 01166 */ 01167 //#define MBEDTLS_SSL_PROTO_SSL3 01168 01169 /** 01170 * \def MBEDTLS_SSL_PROTO_TLS1 01171 * 01172 * Enable support for TLS 1.0. 01173 * 01174 * Requires: MBEDTLS_MD5_C 01175 * MBEDTLS_SHA1_C 01176 * 01177 * Comment this macro to disable support for TLS 1.0 01178 */ 01179 //#define MBEDTLS_SSL_PROTO_TLS1 01180 01181 /** 01182 * \def MBEDTLS_SSL_PROTO_TLS1_1 01183 * 01184 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). 01185 * 01186 * Requires: MBEDTLS_MD5_C 01187 * MBEDTLS_SHA1_C 01188 * 01189 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 01190 */ 01191 //#define MBEDTLS_SSL_PROTO_TLS1_1 01192 01193 /** 01194 * \def MBEDTLS_SSL_PROTO_TLS1_2 01195 * 01196 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). 01197 * 01198 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C 01199 * (Depends on ciphersuites) 01200 * 01201 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 01202 */ 01203 #define MBEDTLS_SSL_PROTO_TLS1_2 01204 01205 /** 01206 * \def MBEDTLS_SSL_PROTO_DTLS 01207 * 01208 * Enable support for DTLS (all available versions). 01209 * 01210 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, 01211 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. 01212 * 01213 * Requires: MBEDTLS_SSL_PROTO_TLS1_1 01214 * or MBEDTLS_SSL_PROTO_TLS1_2 01215 * 01216 * Comment this macro to disable support for DTLS 01217 */ 01218 #define MBEDTLS_SSL_PROTO_DTLS 01219 01220 /** 01221 * \def MBEDTLS_SSL_ALPN 01222 * 01223 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01224 * 01225 * Comment this macro to disable support for ALPN. 01226 */ 01227 #define MBEDTLS_SSL_ALPN 01228 01229 /** 01230 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY 01231 * 01232 * Enable support for the anti-replay mechanism in DTLS. 01233 * 01234 * Requires: MBEDTLS_SSL_TLS_C 01235 * MBEDTLS_SSL_PROTO_DTLS 01236 * 01237 * \warning Disabling this is often a security risk! 01238 * See mbedtls_ssl_conf_dtls_anti_replay() for details. 01239 * 01240 * Comment this to disable anti-replay in DTLS. 01241 */ 01242 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY 01243 01244 /** 01245 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY 01246 * 01247 * Enable support for HelloVerifyRequest on DTLS servers. 01248 * 01249 * This feature is highly recommended to prevent DTLS servers being used as 01250 * amplifiers in DoS attacks against other hosts. It should always be enabled 01251 * unless you know for sure amplification cannot be a problem in the 01252 * environment in which your server operates. 01253 * 01254 * \warning Disabling this can ba a security risk! (see above) 01255 * 01256 * Requires: MBEDTLS_SSL_PROTO_DTLS 01257 * 01258 * Comment this to disable support for HelloVerifyRequest. 01259 */ 01260 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY 01261 01262 /** 01263 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01264 * 01265 * Enable server-side support for clients that reconnect from the same port. 01266 * 01267 * Some clients unexpectedly close the connection and try to reconnect using the 01268 * same source port. This needs special support from the server to handle the 01269 * new connection securely, as described in section 4.2.8 of RFC 6347. This 01270 * flag enables that support. 01271 * 01272 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY 01273 * 01274 * Comment this to disable support for clients reusing the source port. 01275 */ 01276 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE 01277 01278 /** 01279 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01280 * 01281 * Enable support for a limit of records with bad MAC. 01282 * 01283 * See mbedtls_ssl_conf_dtls_badmac_limit(). 01284 * 01285 * Requires: MBEDTLS_SSL_PROTO_DTLS 01286 */ 01287 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT 01288 01289 /** 01290 * \def MBEDTLS_SSL_SESSION_TICKETS 01291 * 01292 * Enable support for RFC 5077 session tickets in SSL. 01293 * Client-side, provides full support for session tickets (maintainance of a 01294 * session store remains the responsibility of the application, though). 01295 * Server-side, you also need to provide callbacks for writing and parsing 01296 * tickets, including authenticated encryption and key management. Example 01297 * callbacks are provided by MBEDTLS_SSL_TICKET_C. 01298 * 01299 * Comment this macro to disable support for SSL session tickets 01300 */ 01301 #define MBEDTLS_SSL_SESSION_TICKETS 01302 01303 /** 01304 * \def MBEDTLS_SSL_EXPORT_KEYS 01305 * 01306 * Enable support for exporting key block and master secret. 01307 * This is required for certain users of TLS, e.g. EAP-TLS. 01308 * 01309 * Comment this macro to disable support for key export 01310 */ 01311 #define MBEDTLS_SSL_EXPORT_KEYS 01312 01313 /** 01314 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION 01315 * 01316 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01317 * 01318 * Requires: MBEDTLS_X509_CRT_PARSE_C 01319 * 01320 * Comment this macro to disable support for server name indication in SSL 01321 */ 01322 #define MBEDTLS_SSL_SERVER_NAME_INDICATION 01323 /** s 01324 * \def MBEDTLS_SSL_TRUNCATED_HMAC 01325 * 01326 * Enable support for RFC 6066 truncated HMAC in SSL. 01327 * 01328 * Comment this macro to disable support for truncated HMAC in SSL 01329 */ 01330 //#define MBEDTLS_SSL_TRUNCATED_HMAC 01331 01332 /** 01333 * \def MBEDTLS_THREADING_ALT 01334 * 01335 * Provide your own alternate threading implementation. 01336 * 01337 * Requires: MBEDTLS_THREADING_C 01338 * 01339 * Uncomment this to allow your own alternate threading implementation. 01340 */ 01341 //#define MBEDTLS_THREADING_ALT 01342 01343 /** 01344 * \def MBEDTLS_THREADING_PTHREAD 01345 * 01346 * Enable the pthread wrapper layer for the threading layer. 01347 * 01348 * Requires: MBEDTLS_THREADING_C 01349 * 01350 * Uncomment this to enable pthread mutexes. 01351 */ 01352 //#define MBEDTLS_THREADING_PTHREAD 01353 01354 /** 01355 * \def MBEDTLS_VERSION_FEATURES 01356 * 01357 * Allow run-time checking of compile-time enabled features. Thus allowing users 01358 * to check at run-time if the library is for instance compiled with threading 01359 * support via mbedtls_version_check_feature(). 01360 * 01361 * Requires: MBEDTLS_VERSION_C 01362 * 01363 * Comment this to disable run-time checking and save ROM space 01364 */ 01365 //#define MBEDTLS_VERSION_FEATURES 01366 /** 01367 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01368 * 01369 * If set, the X509 parser will not break-off when parsing an X509 certificate 01370 * and encountering an extension in a v1 or v2 certificate. 01371 * 01372 * Uncomment to prevent an error. 01373 */ 01374 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 01375 01376 /** 01377 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01378 * 01379 * If set, the X509 parser will not break-off when parsing an X509 certificate 01380 * and encountering an unknown critical extension. 01381 * 01382 * \warning Depending on your PKI use, enabling this can be a security risk! 01383 * 01384 * Uncomment to prevent an error. 01385 */ 01386 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01387 01388 /** 01389 * \def MBEDTLS_X509_CHECK_KEY_USAGE 01390 * 01391 * Enable verification of the keyUsage extension (CA and leaf certificates). 01392 * 01393 * Disabling this avoids problems with mis-issued and/or misused 01394 * (intermediate) CA and leaf certificates. 01395 * 01396 * \warning Depending on your PKI use, disabling this can be a security risk! 01397 * 01398 * Comment to skip keyUsage checking for both CA and leaf certificates. 01399 */ 01400 #define MBEDTLS_X509_CHECK_KEY_USAGE 01401 01402 /** 01403 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01404 * 01405 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01406 * 01407 * Disabling this avoids problems with mis-issued and/or misused certificates. 01408 * 01409 * \warning Depending on your PKI use, disabling this can be a security risk! 01410 * 01411 * Comment to skip extendedKeyUsage checking for certificates. 01412 */ 01413 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE 01414 01415 /** 01416 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT 01417 * 01418 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01419 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01420 * 01421 * Comment this macro to disallow using RSASSA-PSS in certificates. 01422 */ 01423 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT 01424 /** 01425 * \def MBEDTLS_ZLIB_SUPPORT 01426 * 01427 * If set, the SSL/TLS module uses ZLIB to support compression and 01428 * decompression of packet data. 01429 * 01430 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01431 * CRIME attack. Before enabling this option, you should examine with care if 01432 * CRIME or similar exploits may be a applicable to your use case. 01433 * 01434 * \note Currently compression can't be used with DTLS. 01435 * 01436 * Used in: library/ssl_tls.c 01437 * library/ssl_cli.c 01438 * library/ssl_srv.c 01439 * 01440 * This feature requires zlib library and headers to be present. 01441 * 01442 * Uncomment to enable use of ZLIB 01443 */ 01444 //#define MBEDTLS_ZLIB_SUPPORT 01445 /* \} name SECTION: mbed TLS feature support */ 01446 01447 /** 01448 * \name SECTION: mbed TLS modules 01449 * 01450 * This section enables or disables entire modules in mbed TLS 01451 * \{ 01452 */ 01453 01454 /** 01455 * \def MBEDTLS_AESNI_C 01456 * 01457 * Enable AES-NI support on x86-64. 01458 * 01459 * Module: library/aesni.c 01460 * Caller: library/aes.c 01461 * 01462 * Requires: MBEDTLS_HAVE_ASM 01463 * 01464 * This modules adds support for the AES-NI instructions on x86-64 01465 */ 01466 //#define MBEDTLS_AESNI_C 01467 01468 /** 01469 * \def MBEDTLS_AES_C 01470 * 01471 * Enable the AES block cipher. 01472 * 01473 * Module: library/aes.c 01474 * Caller: library/ssl_tls.c 01475 * library/pem.c 01476 * library/ctr_drbg.c 01477 * 01478 * This module enables the following ciphersuites (if other requisites are 01479 * enabled as well): 01480 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01481 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01482 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01483 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01484 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01485 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01486 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01487 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01488 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01489 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01490 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01491 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01492 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01493 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01494 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01495 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01496 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01497 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01498 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01499 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01500 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01501 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01502 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01503 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01504 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01505 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01506 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01507 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01508 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01509 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01510 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01511 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01512 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01513 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01514 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01515 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01516 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01517 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01518 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01519 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01520 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 01521 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 01522 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 01523 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 01524 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 01525 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 01526 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01527 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01528 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01529 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01530 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01531 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01532 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 01533 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 01534 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 01535 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 01536 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 01537 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 01538 * 01539 * PEM_PARSE uses AES for decrypting encrypted keys. 01540 */ 01541 #define MBEDTLS_AES_C 01542 01543 /** 01544 * \def MBEDTLS_ARC4_C 01545 * 01546 * Enable the ARCFOUR stream cipher. 01547 * 01548 * Module: library/arc4.c 01549 * Caller: library/ssl_tls.c 01550 * 01551 * This module enables the following ciphersuites (if other requisites are 01552 * enabled as well): 01553 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01554 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 01555 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01556 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 01557 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 01558 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 01559 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 01560 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 01561 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 01562 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 01563 */ 01564 //#define MBEDTLS_ARC4_C 01565 01566 /** 01567 * \def MBEDTLS_ASN1_PARSE_C 01568 * 01569 * Enable the generic ASN1 parser. 01570 * 01571 * Module: library/asn1.c 01572 * Caller: library/x509.c 01573 * library/dhm.c 01574 * library/pkcs12.c 01575 * library/pkcs5.c 01576 * library/pkparse.c 01577 */ 01578 #define MBEDTLS_ASN1_PARSE_C 01579 01580 /** 01581 * \def MBEDTLS_ASN1_WRITE_C 01582 * 01583 * Enable the generic ASN1 writer. 01584 * 01585 * Module: library/asn1write.c 01586 * Caller: library/ecdsa.c 01587 * library/pkwrite.c 01588 * library/x509_create.c 01589 * library/x509write_crt.c 01590 * library/x509write_csr.c 01591 */ 01592 #define MBEDTLS_ASN1_WRITE_C 01593 01594 /** 01595 * \def MBEDTLS_BASE64_C 01596 * 01597 * Enable the Base64 module. 01598 * 01599 * Module: library/base64.c 01600 * Caller: library/pem.c 01601 * 01602 * This module is required for PEM support (required by X.509). 01603 */ 01604 // needed for Base64 encoding Opaque data for 01605 // registration payload, adds 500 bytes to flash. 01606 #define MBEDTLS_BASE64_C 01607 01608 /** 01609 * \def MBEDTLS_BIGNUM_C 01610 * 01611 * Enable the multi-precision integer library. 01612 * 01613 * Module: library/bignum.c 01614 * Caller: library/dhm.c 01615 * library/ecp.c 01616 * library/ecdsa.c 01617 * library/rsa.c 01618 * library/ssl_tls.c 01619 * 01620 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01621 */ 01622 #define MBEDTLS_BIGNUM_C 01623 01624 /** 01625 * \def MBEDTLS_BLOWFISH_C 01626 * 01627 * Enable the Blowfish block cipher. 01628 * 01629 * Module: library/blowfish.c 01630 */ 01631 //#define MBEDTLS_BLOWFISH_C 01632 01633 /** 01634 * \def MBEDTLS_CAMELLIA_C 01635 * 01636 * Enable the Camellia block cipher. 01637 * 01638 * Module: library/camellia.c 01639 * Caller: library/ssl_tls.c 01640 * 01641 * This module enables the following ciphersuites (if other requisites are 01642 * enabled as well): 01643 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01644 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01645 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01646 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01647 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01648 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01649 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01650 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01651 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01652 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01653 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01654 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01655 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01656 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01657 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01658 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01659 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01660 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01661 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01662 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01663 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01664 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01665 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01666 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01667 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01668 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01669 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01670 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01671 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01672 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01673 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01674 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01675 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01676 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01677 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01678 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01679 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01680 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01681 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01682 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01683 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01684 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01685 */ 01686 //#define MBEDTLS_CAMELLIA_C 01687 01688 /** 01689 * \def MBEDTLS_CCM_C 01690 * 01691 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01692 * 01693 * Module: library/ccm.c 01694 * 01695 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01696 * 01697 * This module enables the AES-CCM ciphersuites, if other requisites are 01698 * enabled as well. 01699 */ 01700 #define MBEDTLS_CCM_C 01701 01702 /** 01703 * \def MBEDTLS_CERTS_C 01704 * 01705 * Enable the test certificates. 01706 * 01707 * Module: library/certs.c 01708 * Caller: 01709 * 01710 * This module is used for testing (ssl_client/server). 01711 */ 01712 //#define MBEDTLS_CERTS_C 01713 01714 /** 01715 * \def MBEDTLS_CIPHER_C 01716 * 01717 * Enable the generic cipher layer. 01718 * 01719 * Module: library/cipher.c 01720 * Caller: library/ssl_tls.c 01721 * 01722 * Uncomment to enable generic cipher wrappers. 01723 */ 01724 #define MBEDTLS_CIPHER_C 01725 01726 /** 01727 * \def MBEDTLS_CMAC_C 01728 * 01729 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block 01730 * ciphers. 01731 * 01732 * Module: library/cmac.c 01733 * 01734 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C 01735 * 01736 */ 01737 #define MBEDTLS_CMAC_C 01738 01739 /** 01740 * \def MBEDTLS_CTR_DRBG_C 01741 * 01742 * Enable the CTR_DRBG AES-256-based random generator. 01743 * 01744 * Module: library/ctr_drbg.c 01745 * Caller: 01746 * 01747 * Requires: MBEDTLS_AES_C 01748 * 01749 * This module provides the CTR_DRBG AES-256 random number generator. 01750 */ 01751 #define MBEDTLS_CTR_DRBG_C 01752 01753 /** 01754 * \def MBEDTLS_DEBUG_C 01755 * 01756 * Enable the debug functions. 01757 * 01758 * Module: library/debug.c 01759 * Caller: library/ssl_cli.c 01760 * library/ssl_srv.c 01761 * library/ssl_tls.c 01762 * 01763 * This module provides debugging functions. 01764 */ 01765 //#define MBEDTLS_DEBUG_C 01766 01767 /** 01768 * \def MBEDTLS_DES_C 01769 * 01770 * Enable the DES block cipher. 01771 * 01772 * Module: library/des.c 01773 * Caller: library/pem.c 01774 * library/ssl_tls.c 01775 * 01776 * This module enables the following ciphersuites (if other requisites are 01777 * enabled as well): 01778 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01779 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01780 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01781 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01782 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01783 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01784 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01785 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 01786 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01787 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 01788 * 01789 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01790 */ 01791 //#define MBEDTLS_DES_C 01792 01793 /** 01794 * \def MBEDTLS_DHM_C 01795 * 01796 * Enable the Diffie-Hellman-Merkle module. 01797 * 01798 * Module: library/dhm.c 01799 * Caller: library/ssl_cli.c 01800 * library/ssl_srv.c 01801 * 01802 * This module is used by the following key exchanges: 01803 * DHE-RSA, DHE-PSK 01804 */ 01805 //#define MBEDTLS_DHM_C 01806 01807 /** 01808 * \def MBEDTLS_ECDH_C 01809 * 01810 * Enable the elliptic curve Diffie-Hellman library. 01811 * 01812 * Module: library/ecdh.c 01813 * Caller: library/ssl_cli.c 01814 * library/ssl_srv.c 01815 * 01816 * This module is used by the following key exchanges: 01817 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01818 * 01819 * Requires: MBEDTLS_ECP_C 01820 */ 01821 #define MBEDTLS_ECDH_C 01822 01823 /** 01824 * \def MBEDTLS_ECDSA_C 01825 * 01826 * Enable the elliptic curve DSA library. 01827 * 01828 * Module: library/ecdsa.c 01829 * Caller: 01830 * 01831 * This module is used by the following key exchanges: 01832 * ECDHE-ECDSA 01833 * 01834 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C 01835 */ 01836 #define MBEDTLS_ECDSA_C 01837 01838 /** 01839 * \def MBEDTLS_ECJPAKE_C 01840 * 01841 * Enable the elliptic curve J-PAKE library. 01842 * 01843 * \warning This is currently experimental. EC J-PAKE support is based on the 01844 * Thread v1.0.0 specification; incompatible changes to the specification 01845 * might still happen. For this reason, this is disabled by default. 01846 * 01847 * Module: library/ecjpake.c 01848 * Caller: 01849 * 01850 * This module is used by the following key exchanges: 01851 * ECJPAKE 01852 * 01853 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C 01854 */ 01855 //#define MBEDTLS_ECJPAKE_C 01856 01857 /** 01858 * \def MBEDTLS_ECP_C 01859 * 01860 * Enable the elliptic curve over GF(p) library. 01861 * 01862 * Module: library/ecp.c 01863 * Caller: library/ecdh.c 01864 * library/ecdsa.c 01865 * library/ecjpake.c 01866 * 01867 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED 01868 */ 01869 #define MBEDTLS_ECP_C 01870 01871 /** 01872 * \def MBEDTLS_ENTROPY_C 01873 * 01874 * Enable the platform-specific entropy code. 01875 * 01876 * Module: library/entropy.c 01877 * Caller: 01878 * 01879 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C 01880 * 01881 * This module provides a generic entropy pool 01882 */ 01883 #define MBEDTLS_ENTROPY_C 01884 01885 /** 01886 * \def MBEDTLS_ERROR_C 01887 * 01888 * Enable error code to error string conversion. 01889 * 01890 * Module: library/error.c 01891 * Caller: 01892 * 01893 * This module enables mbedtls_strerror(). 01894 */ 01895 //#define MBEDTLS_ERROR_C 01896 01897 /** 01898 * \def MBEDTLS_GCM_C 01899 * 01900 * Enable the Galois/Counter Mode (GCM) for AES. 01901 * 01902 * Module: library/gcm.c 01903 * 01904 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C 01905 * 01906 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01907 * requisites are enabled as well. 01908 */ 01909 #define MBEDTLS_GCM_C 01910 01911 /** 01912 * \def MBEDTLS_HAVEGE_C 01913 * 01914 * Enable the HAVEGE random generator. 01915 * 01916 * Warning: the HAVEGE random generator is not suitable for virtualized 01917 * environments 01918 * 01919 * Warning: the HAVEGE random generator is dependent on timing and specific 01920 * processor traits. It is therefore not advised to use HAVEGE as 01921 * your applications primary random generator or primary entropy pool 01922 * input. As a secondary input to your entropy pool, it IS able add 01923 * the (limited) extra entropy it provides. 01924 * 01925 * Module: library/havege.c 01926 * Caller: 01927 * 01928 * Requires: MBEDTLS_TIMING_C 01929 * 01930 * Uncomment to enable the HAVEGE random generator. 01931 */ 01932 //#define MBEDTLS_HAVEGE_C 01933 01934 /** 01935 * \def MBEDTLS_HMAC_DRBG_C 01936 * 01937 * Enable the HMAC_DRBG random generator. 01938 * 01939 * Module: library/hmac_drbg.c 01940 * Caller: 01941 * 01942 * Requires: MBEDTLS_MD_C 01943 * 01944 * Uncomment to enable the HMAC_DRBG random number geerator. 01945 */ 01946 #define MBEDTLS_HMAC_DRBG_C 01947 01948 /** 01949 * \def MBEDTLS_MD_C 01950 * 01951 * Enable the generic message digest layer. 01952 * 01953 * Module: library/md.c 01954 * Caller: 01955 * 01956 * Uncomment to enable generic message digest wrappers. 01957 */ 01958 #define MBEDTLS_MD_C 01959 01960 /** 01961 * \def MBEDTLS_MD2_C 01962 * 01963 * Enable the MD2 hash algorithm. 01964 * 01965 * Module: library/md2.c 01966 * Caller: 01967 * 01968 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01969 */ 01970 //#define MBEDTLS_MD2_C 01971 01972 /** 01973 * \def MBEDTLS_MD4_C 01974 * 01975 * Enable the MD4 hash algorithm. 01976 * 01977 * Module: library/md4.c 01978 * Caller: 01979 * 01980 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01981 */ 01982 //#define MBEDTLS_MD4_C 01983 01984 /** 01985 * \def MBEDTLS_MD5_C 01986 * 01987 * Enable the MD5 hash algorithm. 01988 * 01989 * Module: library/md5.c 01990 * Caller: library/md.c 01991 * library/pem.c 01992 * library/ssl_tls.c 01993 * 01994 * This module is required for SSL/TLS and X.509. 01995 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01996 */ 01997 //#define MBEDTLS_MD5_C 01998 01999 /** 02000 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C 02001 * 02002 * Enable the buffer allocator implementation that makes use of a (stack) 02003 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() 02004 * calls) 02005 * 02006 * Module: library/memory_buffer_alloc.c 02007 * 02008 * Requires: MBEDTLS_PLATFORM_C 02009 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) 02010 * 02011 * Enable this module to enable the buffer memory allocator. 02012 */ 02013 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C 02014 02015 /** 02016 * \def MBEDTLS_NET_C 02017 * 02018 * Enable the TCP and UDP over IPv6/IPv4 networking routines. 02019 * 02020 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) 02021 * and Windows. For other platforms, you'll want to disable it, and write your 02022 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). 02023 * 02024 * \note See also our Knowledge Base article about porting to a new 02025 * environment: 02026 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02027 * 02028 * Module: library/net_sockets.c 02029 * 02030 * This module provides networking routines. 02031 */ 02032 //#define MBEDTLS_NET_C 02033 02034 /** 02035 * \def MBEDTLS_OID_C 02036 * 02037 * Enable the OID database. 02038 * 02039 * Module: library/oid.c 02040 * Caller: library/asn1write.c 02041 * library/pkcs5.c 02042 * library/pkparse.c 02043 * library/pkwrite.c 02044 * library/rsa.c 02045 * library/x509.c 02046 * library/x509_create.c 02047 * library/x509_crl.c 02048 * library/x509_crt.c 02049 * library/x509_csr.c 02050 * library/x509write_crt.c 02051 * library/x509write_csr.c 02052 * 02053 * This modules translates between OIDs and internal values. 02054 */ 02055 #define MBEDTLS_OID_C 02056 02057 /** 02058 * \def MBEDTLS_PADLOCK_C 02059 * 02060 * Enable VIA Padlock support on x86. 02061 * 02062 * Module: library/padlock.c 02063 * Caller: library/aes.c 02064 * 02065 * Requires: MBEDTLS_HAVE_ASM 02066 * 02067 * This modules adds support for the VIA PadLock on x86. 02068 */ 02069 //#define MBEDTLS_PADLOCK_C 02070 02071 /** 02072 * \def MBEDTLS_PEM_PARSE_C 02073 * 02074 * Enable PEM decoding / parsing. 02075 * 02076 * Module: library/pem.c 02077 * Caller: library/dhm.c 02078 * library/pkparse.c 02079 * library/x509_crl.c 02080 * library/x509_crt.c 02081 * library/x509_csr.c 02082 * 02083 * Requires: MBEDTLS_BASE64_C 02084 * 02085 * This modules adds support for decoding / parsing PEM files. 02086 */ 02087 //#define MBEDTLS_PEM_PARSE_C 02088 02089 /** 02090 * \def MBEDTLS_PEM_WRITE_C 02091 * 02092 * Enable PEM encoding / writing. 02093 * 02094 * Module: library/pem.c 02095 * Caller: library/pkwrite.c 02096 * library/x509write_crt.c 02097 * library/x509write_csr.c 02098 * 02099 * Requires: MBEDTLS_BASE64_C 02100 * 02101 * This modules adds support for encoding / writing PEM files. 02102 */ 02103 //#define MBEDTLS_PEM_WRITE_C 02104 02105 /** 02106 * \def MBEDTLS_PK_C 02107 * 02108 * Enable the generic public (asymetric) key layer. 02109 * 02110 * Module: library/pk.c 02111 * Caller: library/ssl_tls.c 02112 * library/ssl_cli.c 02113 * library/ssl_srv.c 02114 * 02115 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C 02116 * 02117 * Uncomment to enable generic public key wrappers. 02118 */ 02119 #define MBEDTLS_PK_C 02120 02121 /** 02122 * \def MBEDTLS_PK_PARSE_C 02123 * 02124 * Enable the generic public (asymetric) key parser. 02125 * 02126 * Module: library/pkparse.c 02127 * Caller: library/x509_crt.c 02128 * library/x509_csr.c 02129 * 02130 * Requires: MBEDTLS_PK_C 02131 * 02132 * Uncomment to enable generic public key parse functions. 02133 */ 02134 #define MBEDTLS_PK_PARSE_C 02135 02136 /** 02137 * \def MBEDTLS_PK_WRITE_C 02138 * 02139 * Enable the generic public (asymetric) key writer. 02140 * 02141 * Module: library/pkwrite.c 02142 * Caller: library/x509write.c 02143 * 02144 * Requires: MBEDTLS_PK_C 02145 * 02146 * Uncomment to enable generic public key write functions. 02147 */ 02148 #define MBEDTLS_PK_WRITE_C 02149 02150 /** 02151 * \def MBEDTLS_PKCS5_C 02152 * 02153 * Enable PKCS#5 functions. 02154 * 02155 * Module: library/pkcs5.c 02156 * 02157 * Requires: MBEDTLS_MD_C 02158 * 02159 * This module adds support for the PKCS#5 functions. 02160 */ 02161 //#define MBEDTLS_PKCS5_C 02162 02163 /** 02164 * \def MBEDTLS_PKCS11_C 02165 * 02166 * Enable wrapper for PKCS#11 smartcard support. 02167 * 02168 * Module: library/pkcs11.c 02169 * Caller: library/pk.c 02170 * 02171 * Requires: MBEDTLS_PK_C 02172 * 02173 * This module enables SSL/TLS PKCS #11 smartcard support. 02174 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 02175 */ 02176 //#define MBEDTLS_PKCS11_C 02177 02178 /** 02179 * \def MBEDTLS_PKCS12_C 02180 * 02181 * Enable PKCS#12 PBE functions. 02182 * Adds algorithms for parsing PKCS#8 encrypted private keys 02183 * 02184 * Module: library/pkcs12.c 02185 * Caller: library/pkparse.c 02186 * 02187 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02188 * Can use: MBEDTLS_ARC4_C 02189 * 02190 * This module enables PKCS#12 functions. 02191 */ 02192 //#define MBEDTLS_PKCS12_C 02193 02194 /** 02195 * \def MBEDTLS_PLATFORM_C 02196 * 02197 * Enable the platform abstraction layer that allows you to re-assign 02198 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). 02199 * 02200 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT 02201 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 02202 * above to be specified at runtime or compile time respectively. 02203 * 02204 * \note This abstraction layer must be enabled on Windows (including MSYS2) 02205 * as other module rely on it for a fixed snprintf implementation. 02206 * 02207 * Module: library/platform.c 02208 * Caller: Most other .c files 02209 * 02210 * This module enables abstraction of common (libc) functions. 02211 */ 02212 #define MBEDTLS_PLATFORM_C 02213 02214 /** 02215 * \def MBEDTLS_RIPEMD160_C 02216 * 02217 * Enable the RIPEMD-160 hash algorithm. 02218 * 02219 * Module: library/ripemd160.c 02220 * Caller: library/md.c 02221 * 02222 */ 02223 //#define MBEDTLS_RIPEMD160_C 02224 02225 /** 02226 * \def MBEDTLS_RSA_C 02227 * 02228 * Enable the RSA public-key cryptosystem. 02229 * 02230 * Module: library/rsa.c 02231 * Caller: library/ssl_cli.c 02232 * library/ssl_srv.c 02233 * library/ssl_tls.c 02234 * library/x509.c 02235 * 02236 * This module is used by the following key exchanges: 02237 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 02238 * 02239 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C 02240 */ 02241 //#define MBEDTLS_RSA_C 02242 02243 /** 02244 * \def MBEDTLS_SHA1_C 02245 * 02246 * Enable the SHA1 cryptographic hash algorithm. 02247 * 02248 * Module: library/sha1.c 02249 * Caller: library/md.c 02250 * library/ssl_cli.c 02251 * library/ssl_srv.c 02252 * library/ssl_tls.c 02253 * library/x509write_crt.c 02254 * 02255 * This module is required for SSL/TLS and SHA1-signed certificates. 02256 */ 02257 //#define MBEDTLS_SHA1_C 02258 02259 /** 02260 * \def MBEDTLS_SHA256_C 02261 * 02262 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02263 * 02264 * Module: library/sha256.c 02265 * Caller: library/entropy.c 02266 * library/md.c 02267 * library/ssl_cli.c 02268 * library/ssl_srv.c 02269 * library/ssl_tls.c 02270 * 02271 * This module adds support for SHA-224 and SHA-256. 02272 * This module is required for the SSL/TLS 1.2 PRF function. 02273 */ 02274 #define MBEDTLS_SHA256_C 02275 02276 /** 02277 * \def MBEDTLS_SHA512_C 02278 * 02279 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02280 * 02281 * Module: library/sha512.c 02282 * Caller: library/entropy.c 02283 * library/md.c 02284 * library/ssl_cli.c 02285 * library/ssl_srv.c 02286 * 02287 * This module adds support for SHA-384 and SHA-512. 02288 */ 02289 //#define MBEDTLS_SHA512_C 02290 02291 /** 02292 * \def MBEDTLS_SSL_CACHE_C 02293 * 02294 * Enable simple SSL cache implementation. 02295 * 02296 * Module: library/ssl_cache.c 02297 * Caller: 02298 * 02299 * Requires: MBEDTLS_SSL_CACHE_C 02300 */ 02301 #define MBEDTLS_SSL_CACHE_C 02302 02303 /** 02304 * \def MBEDTLS_SSL_COOKIE_C 02305 * 02306 * Enable basic implementation of DTLS cookies for hello verification. 02307 * 02308 * Module: library/ssl_cookie.c 02309 * Caller: 02310 */ 02311 #define MBEDTLS_SSL_COOKIE_C 02312 02313 /** 02314 * \def MBEDTLS_SSL_TICKET_C 02315 * 02316 * Enable an implementation of TLS server-side callbacks for session tickets. 02317 * 02318 * Module: library/ssl_ticket.c 02319 * Caller: 02320 * 02321 * Requires: MBEDTLS_CIPHER_C 02322 */ 02323 #define MBEDTLS_SSL_TICKET_C 02324 02325 /** 02326 * \def MBEDTLS_SSL_CLI_C 02327 * 02328 * Enable the SSL/TLS client code. 02329 * 02330 * Module: library/ssl_cli.c 02331 * Caller: 02332 * 02333 * Requires: MBEDTLS_SSL_TLS_C 02334 * 02335 * This module is required for SSL/TLS client support. 02336 */ 02337 #define MBEDTLS_SSL_CLI_C 02338 02339 /** 02340 * \def MBEDTLS_SSL_SRV_C 02341 * 02342 * Enable the SSL/TLS server code. 02343 * 02344 * Module: library/ssl_srv.c 02345 * Caller: 02346 * 02347 * Requires: MBEDTLS_SSL_TLS_C 02348 * 02349 * This module is required for SSL/TLS server support. 02350 */ 02351 //#define MBEDTLS_SSL_SRV_C 02352 02353 /** 02354 * \def MBEDTLS_SSL_TLS_C 02355 * 02356 * Enable the generic SSL/TLS code. 02357 * 02358 * Module: library/ssl_tls.c 02359 * Caller: library/ssl_cli.c 02360 * library/ssl_srv.c 02361 * 02362 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C 02363 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines 02364 * 02365 * This module is required for SSL/TLS. 02366 */ 02367 #define MBEDTLS_SSL_TLS_C 02368 02369 /** 02370 * \def MBEDTLS_THREADING_C 02371 * 02372 * Enable the threading abstraction layer. 02373 * By default mbed TLS assumes it is used in a non-threaded environment or that 02374 * contexts are not shared between threads. If you do intend to use contexts 02375 * between threads, you will need to enable this layer to prevent race 02376 * conditions. See also our Knowledge Base article about threading: 02377 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading 02378 * 02379 * Module: library/threading.c 02380 * 02381 * This allows different threading implementations (self-implemented or 02382 * provided). 02383 * 02384 * You will have to enable either MBEDTLS_THREADING_ALT or 02385 * MBEDTLS_THREADING_PTHREAD. 02386 * 02387 * Enable this layer to allow use of mutexes within mbed TLS 02388 */ 02389 //#define MBEDTLS_THREADING_C 02390 02391 /** 02392 * \def MBEDTLS_TIMING_C 02393 * 02394 * Enable the semi-portable timing interface. 02395 * 02396 * \note The provided implementation only works on POSIX/Unix (including Linux, 02397 * BSD and OS X) and Windows. On other platforms, you can either disable that 02398 * module and provide your own implementations of the callbacks needed by 02399 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide 02400 * your own implementation of the whole module by setting 02401 * \c MBEDTLS_TIMING_ALT in the current file. 02402 * 02403 * \note See also our Knowledge Base article about porting to a new 02404 * environment: 02405 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS 02406 * 02407 * Module: library/timing.c 02408 * Caller: library/havege.c 02409 * 02410 * This module is used by the HAVEGE random number generator. 02411 */ 02412 //#define MBEDTLS_TIMING_C 02413 02414 /** 02415 * \def MBEDTLS_VERSION_C 02416 * 02417 * Enable run-time version information. 02418 * 02419 * Module: library/version.c 02420 * 02421 * This module provides run-time version information. 02422 */ 02423 #define MBEDTLS_VERSION_C 02424 /** 02425 * \def MBEDTLS_X509_USE_C 02426 * 02427 * Enable X.509 core for using certificates. 02428 * 02429 * Module: library/x509.c 02430 * Caller: library/x509_crl.c 02431 * library/x509_crt.c 02432 * library/x509_csr.c 02433 * 02434 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, 02435 * MBEDTLS_PK_PARSE_C 02436 * 02437 * This module is required for the X.509 parsing modules. 02438 */ 02439 #define MBEDTLS_X509_USE_C 02440 02441 /** 02442 * \def MBEDTLS_X509_CRT_PARSE_C 02443 * 02444 * Enable X.509 certificate parsing. 02445 * 02446 * Module: library/x509_crt.c 02447 * Caller: library/ssl_cli.c 02448 * library/ssl_srv.c 02449 * library/ssl_tls.c 02450 * 02451 * Requires: MBEDTLS_X509_USE_C 02452 * 02453 * This module is required for X.509 certificate parsing. 02454 */ 02455 #define MBEDTLS_X509_CRT_PARSE_C 02456 02457 /** 02458 * \def MBEDTLS_X509_CRL_PARSE_C 02459 * 02460 * Enable X.509 CRL parsing. 02461 * 02462 * Module: library/x509_crl.c 02463 * Caller: library/x509_crt.c 02464 * 02465 * Requires: MBEDTLS_X509_USE_C 02466 * 02467 * This module is required for X.509 CRL parsing. 02468 */ 02469 #define MBEDTLS_X509_CRL_PARSE_C 02470 02471 /** 02472 * \def MBEDTLS_X509_CSR_PARSE_C 02473 * 02474 * Enable X.509 Certificate Signing Request (CSR) parsing. 02475 * 02476 * Module: library/x509_csr.c 02477 * Caller: library/x509_crt_write.c 02478 * 02479 * Requires: MBEDTLS_X509_USE_C 02480 * 02481 * This module is used for reading X.509 certificate request. 02482 */ 02483 #define MBEDTLS_X509_CSR_PARSE_C 02484 02485 /** 02486 * \def MBEDTLS_X509_CREATE_C 02487 * 02488 * Enable X.509 core for creating certificates. 02489 * 02490 * Module: library/x509_create.c 02491 * 02492 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C 02493 * 02494 * This module is the basis for creating X.509 certificates and CSRs. 02495 */ 02496 #define MBEDTLS_X509_CREATE_C 02497 02498 /** 02499 * \def MBEDTLS_X509_CRT_WRITE_C 02500 * 02501 * Enable creating X.509 certificates. 02502 * 02503 * Module: library/x509_crt_write.c 02504 * 02505 * Requires: MBEDTLS_X509_CREATE_C 02506 * 02507 * This module is required for X.509 certificate creation. 02508 */ 02509 //#define MBEDTLS_X509_CRT_WRITE_C 02510 02511 /** 02512 * \def MBEDTLS_X509_CSR_WRITE_C 02513 * 02514 * Enable creating X.509 Certificate Signing Requests (CSR). 02515 * 02516 * Module: library/x509_csr_write.c 02517 * 02518 * Requires: MBEDTLS_X509_CREATE_C 02519 * 02520 * This module is required for X.509 certificate request writing. 02521 */ 02522 #define MBEDTLS_X509_CSR_WRITE_C 02523 /** 02524 * \def MBEDTLS_XTEA_C 02525 * 02526 * Enable the XTEA block cipher. 02527 * 02528 * Module: library/xtea.c 02529 * Caller: 02530 */ 02531 //#define MBEDTLS_XTEA_C 02532 02533 /* \} name SECTION: mbed TLS modules */ 02534 02535 /** 02536 * \name SECTION: Module configuration options 02537 * 02538 * This section allows for the setting of module specific sizes and 02539 * configuration options. The default values are already present in the 02540 * relevant header files and should suffice for the regular use cases. 02541 * 02542 * Our advice is to enable options and change their values here 02543 * only if you have a good reason and know the consequences. 02544 * 02545 * Please check the respective header file for documentation on these 02546 * parameters (to prevent duplicate documentation). 02547 * \{ 02548 */ 02549 02550 /* MPI / BIGNUM options */ 02551 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02552 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02553 02554 /* CTR_DRBG options */ 02555 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02556 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02557 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02558 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02559 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02560 02561 /* HMAC_DRBG options */ 02562 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02563 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02564 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02565 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02566 02567 /* ECP options */ 02568 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02569 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02570 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02571 02572 /* Entropy options */ 02573 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02574 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02575 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ 02576 02577 /* Memory buffer allocator options */ 02578 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02579 02580 /* Platform options */ 02581 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02582 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ 02583 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02584 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02585 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02586 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02587 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02588 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02589 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02590 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ 02591 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ 02592 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02593 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02594 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ 02595 02596 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ 02597 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ 02598 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ 02599 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02600 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02601 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02602 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ 02603 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02604 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02605 /* Note: your snprintf must correclty zero-terminate the buffer! */ 02606 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02607 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ 02608 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ 02609 02610 /* SSL Cache options */ 02611 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02612 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02613 02614 /* SSL options */ 02615 #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */ 02616 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02617 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02618 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 02619 02620 /** 02621 * Enable ARIA ciphersuites. 02622 */ 02623 02624 #define MBEDTLS_ARIA_C 02625 02626 /** 02627 * Complete list of ciphersuites to use, in order of preference. 02628 * 02629 * \warning No dependency checking is done on that field! This option can only 02630 * be used to restrict the set of available ciphersuites. It is your 02631 * responsibility to make sure the needed modules are active. 02632 * 02633 * Use this to save a few hundred bytes of ROM (default ordering of all 02634 * available ciphersuites) and a few to a few hundred bytes of RAM. 02635 * 02636 * The value below is only an example, not the default. 02637 */ 02638 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \ 02639 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \ 02640 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ 02641 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, \ 02642 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ 02643 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 02644 /* X509 options */ 02645 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02646 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ 02647 02648 /* \} name SECTION: Customisation configuration options */ 02649 02650 // Reduces size particularly in case PSA crypto is used 02651 #undef MBEDTLS_CHACHA20_C 02652 #undef MBEDTLS_CHACHAPOLY_C 02653 #undef MBEDTLS_POLY1305_C 02654 02655 #include "check_config.h" 02656 02657 #if defined(MBEDTLS_TEST_NULL_ENTROPY) 02658 #warning "MBEDTLS_TEST_NULL_ENTROPY has been enabled. This " \ 02659 "configuration is not secure and is not suitable for production use" 02660 #endif 02661 02662 #endif /* MBEDTLS_CONFIG_H */
Generated on Tue Jul 12 2022 20:21:01 by
1.7.2