Maxim nexpaq / nexpaq_dev

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

features/mbedtls/inc/mbedtls/config.h@0:6c56fb4bc5f0, 2016-11-04 (annotated)

Committer:
nexpaq
Date:
Fri Nov 04 20:27:58 2016 +0000
Revision:
0:6c56fb4bc5f0
Moving to library for sharing updates

Who changed what in which revision?

UserRevisionLine numberNew contents of line
nexpaq 0:6c56fb4bc5f0 1 /**
nexpaq 0:6c56fb4bc5f0 2 * \file config.h
nexpaq 0:6c56fb4bc5f0 3 *
nexpaq 0:6c56fb4bc5f0 4 * \brief Configuration options (set of defines)
nexpaq 0:6c56fb4bc5f0 5 *
nexpaq 0:6c56fb4bc5f0 6 * This set of compile-time options may be used to enable
nexpaq 0:6c56fb4bc5f0 7 * or disable features selectively, and reduce the global
nexpaq 0:6c56fb4bc5f0 8 * memory footprint.
nexpaq 0:6c56fb4bc5f0 9 *
nexpaq 0:6c56fb4bc5f0 10 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
nexpaq 0:6c56fb4bc5f0 11 * SPDX-License-Identifier: Apache-2.0
nexpaq 0:6c56fb4bc5f0 12 *
nexpaq 0:6c56fb4bc5f0 13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
nexpaq 0:6c56fb4bc5f0 14 * not use this file except in compliance with the License.
nexpaq 0:6c56fb4bc5f0 15 * You may obtain a copy of the License at
nexpaq 0:6c56fb4bc5f0 16 *
nexpaq 0:6c56fb4bc5f0 17 * http://www.apache.org/licenses/LICENSE-2.0
nexpaq 0:6c56fb4bc5f0 18 *
nexpaq 0:6c56fb4bc5f0 19 * Unless required by applicable law or agreed to in writing, software
nexpaq 0:6c56fb4bc5f0 20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
nexpaq 0:6c56fb4bc5f0 21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
nexpaq 0:6c56fb4bc5f0 22 * See the License for the specific language governing permissions and
nexpaq 0:6c56fb4bc5f0 23 * limitations under the License.
nexpaq 0:6c56fb4bc5f0 24 *
nexpaq 0:6c56fb4bc5f0 25 * This file is part of mbed TLS (https://tls.mbed.org)
nexpaq 0:6c56fb4bc5f0 26 */
nexpaq 0:6c56fb4bc5f0 27
nexpaq 0:6c56fb4bc5f0 28 #ifndef MBEDTLS_CONFIG_H
nexpaq 0:6c56fb4bc5f0 29 #define MBEDTLS_CONFIG_H
nexpaq 0:6c56fb4bc5f0 30
nexpaq 0:6c56fb4bc5f0 31 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
nexpaq 0:6c56fb4bc5f0 32 #define _CRT_SECURE_NO_DEPRECATE 1
nexpaq 0:6c56fb4bc5f0 33 #endif
nexpaq 0:6c56fb4bc5f0 34
nexpaq 0:6c56fb4bc5f0 35 /**
nexpaq 0:6c56fb4bc5f0 36 * \name SECTION: System support
nexpaq 0:6c56fb4bc5f0 37 *
nexpaq 0:6c56fb4bc5f0 38 * This section sets system specific settings.
nexpaq 0:6c56fb4bc5f0 39 * \{
nexpaq 0:6c56fb4bc5f0 40 */
nexpaq 0:6c56fb4bc5f0 41
nexpaq 0:6c56fb4bc5f0 42 /**
nexpaq 0:6c56fb4bc5f0 43 * \def MBEDTLS_HAVE_ASM
nexpaq 0:6c56fb4bc5f0 44 *
nexpaq 0:6c56fb4bc5f0 45 * The compiler has support for asm().
nexpaq 0:6c56fb4bc5f0 46 *
nexpaq 0:6c56fb4bc5f0 47 * Requires support for asm() in compiler.
nexpaq 0:6c56fb4bc5f0 48 *
nexpaq 0:6c56fb4bc5f0 49 * Used in:
nexpaq 0:6c56fb4bc5f0 50 * library/timing.c
nexpaq 0:6c56fb4bc5f0 51 * library/padlock.c
nexpaq 0:6c56fb4bc5f0 52 * include/mbedtls/bn_mul.h
nexpaq 0:6c56fb4bc5f0 53 *
nexpaq 0:6c56fb4bc5f0 54 * Comment to disable the use of assembly code.
nexpaq 0:6c56fb4bc5f0 55 */
nexpaq 0:6c56fb4bc5f0 56 #define MBEDTLS_HAVE_ASM
nexpaq 0:6c56fb4bc5f0 57
nexpaq 0:6c56fb4bc5f0 58 /**
nexpaq 0:6c56fb4bc5f0 59 * \def MBEDTLS_HAVE_SSE2
nexpaq 0:6c56fb4bc5f0 60 *
nexpaq 0:6c56fb4bc5f0 61 * CPU supports SSE2 instruction set.
nexpaq 0:6c56fb4bc5f0 62 *
nexpaq 0:6c56fb4bc5f0 63 * Uncomment if the CPU supports SSE2 (IA-32 specific).
nexpaq 0:6c56fb4bc5f0 64 */
nexpaq 0:6c56fb4bc5f0 65 //#define MBEDTLS_HAVE_SSE2
nexpaq 0:6c56fb4bc5f0 66
nexpaq 0:6c56fb4bc5f0 67 /**
nexpaq 0:6c56fb4bc5f0 68 * \def MBEDTLS_HAVE_TIME
nexpaq 0:6c56fb4bc5f0 69 *
nexpaq 0:6c56fb4bc5f0 70 * System has time.h and time().
nexpaq 0:6c56fb4bc5f0 71 * The time does not need to be correct, only time differences are used,
nexpaq 0:6c56fb4bc5f0 72 * by contrast with MBEDTLS_HAVE_TIME_DATE
nexpaq 0:6c56fb4bc5f0 73 *
nexpaq 0:6c56fb4bc5f0 74 * Comment if your system does not support time functions
nexpaq 0:6c56fb4bc5f0 75 */
nexpaq 0:6c56fb4bc5f0 76 #define MBEDTLS_HAVE_TIME
nexpaq 0:6c56fb4bc5f0 77
nexpaq 0:6c56fb4bc5f0 78 /**
nexpaq 0:6c56fb4bc5f0 79 * \def MBEDTLS_HAVE_TIME_DATE
nexpaq 0:6c56fb4bc5f0 80 *
nexpaq 0:6c56fb4bc5f0 81 * System has time.h and time(), gmtime() and the clock is correct.
nexpaq 0:6c56fb4bc5f0 82 * The time needs to be correct (not necesarily very accurate, but at least
nexpaq 0:6c56fb4bc5f0 83 * the date should be correct). This is used to verify the validity period of
nexpaq 0:6c56fb4bc5f0 84 * X.509 certificates.
nexpaq 0:6c56fb4bc5f0 85 *
nexpaq 0:6c56fb4bc5f0 86 * Comment if your system does not have a correct clock.
nexpaq 0:6c56fb4bc5f0 87 */
nexpaq 0:6c56fb4bc5f0 88 //#define MBEDTLS_HAVE_TIME_DATE
nexpaq 0:6c56fb4bc5f0 89
nexpaq 0:6c56fb4bc5f0 90 /**
nexpaq 0:6c56fb4bc5f0 91 * \def MBEDTLS_PLATFORM_MEMORY
nexpaq 0:6c56fb4bc5f0 92 *
nexpaq 0:6c56fb4bc5f0 93 * Enable the memory allocation layer.
nexpaq 0:6c56fb4bc5f0 94 *
nexpaq 0:6c56fb4bc5f0 95 * By default mbed TLS uses the system-provided calloc() and free().
nexpaq 0:6c56fb4bc5f0 96 * This allows different allocators (self-implemented or provided) to be
nexpaq 0:6c56fb4bc5f0 97 * provided to the platform abstraction layer.
nexpaq 0:6c56fb4bc5f0 98 *
nexpaq 0:6c56fb4bc5f0 99 * Enabling MBEDTLS_PLATFORM_MEMORY without the
nexpaq 0:6c56fb4bc5f0 100 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
nexpaq 0:6c56fb4bc5f0 101 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
nexpaq 0:6c56fb4bc5f0 102 * free() function pointer at runtime.
nexpaq 0:6c56fb4bc5f0 103 *
nexpaq 0:6c56fb4bc5f0 104 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
nexpaq 0:6c56fb4bc5f0 105 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
nexpaq 0:6c56fb4bc5f0 106 * alternate function at compile time.
nexpaq 0:6c56fb4bc5f0 107 *
nexpaq 0:6c56fb4bc5f0 108 * Requires: MBEDTLS_PLATFORM_C
nexpaq 0:6c56fb4bc5f0 109 *
nexpaq 0:6c56fb4bc5f0 110 * Enable this layer to allow use of alternative memory allocators.
nexpaq 0:6c56fb4bc5f0 111 */
nexpaq 0:6c56fb4bc5f0 112 //#define MBEDTLS_PLATFORM_MEMORY
nexpaq 0:6c56fb4bc5f0 113
nexpaq 0:6c56fb4bc5f0 114 /**
nexpaq 0:6c56fb4bc5f0 115 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
nexpaq 0:6c56fb4bc5f0 116 *
nexpaq 0:6c56fb4bc5f0 117 * Do not assign standard functions in the platform layer (e.g. calloc() to
nexpaq 0:6c56fb4bc5f0 118 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
nexpaq 0:6c56fb4bc5f0 119 *
nexpaq 0:6c56fb4bc5f0 120 * This makes sure there are no linking errors on platforms that do not support
nexpaq 0:6c56fb4bc5f0 121 * these functions. You will HAVE to provide alternatives, either at runtime
nexpaq 0:6c56fb4bc5f0 122 * via the platform_set_xxx() functions or at compile time by setting
nexpaq 0:6c56fb4bc5f0 123 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
nexpaq 0:6c56fb4bc5f0 124 * MBEDTLS_PLATFORM_XXX_MACRO.
nexpaq 0:6c56fb4bc5f0 125 *
nexpaq 0:6c56fb4bc5f0 126 * Requires: MBEDTLS_PLATFORM_C
nexpaq 0:6c56fb4bc5f0 127 *
nexpaq 0:6c56fb4bc5f0 128 * Uncomment to prevent default assignment of standard functions in the
nexpaq 0:6c56fb4bc5f0 129 * platform layer.
nexpaq 0:6c56fb4bc5f0 130 */
nexpaq 0:6c56fb4bc5f0 131 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
nexpaq 0:6c56fb4bc5f0 132
nexpaq 0:6c56fb4bc5f0 133 /**
nexpaq 0:6c56fb4bc5f0 134 * \def MBEDTLS_PLATFORM_EXIT_ALT
nexpaq 0:6c56fb4bc5f0 135 *
nexpaq 0:6c56fb4bc5f0 136 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
nexpaq 0:6c56fb4bc5f0 137 * function in the platform abstraction layer.
nexpaq 0:6c56fb4bc5f0 138 *
nexpaq 0:6c56fb4bc5f0 139 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
nexpaq 0:6c56fb4bc5f0 140 * provide a function "mbedtls_platform_set_printf()" that allows you to set an
nexpaq 0:6c56fb4bc5f0 141 * alternative printf function pointer.
nexpaq 0:6c56fb4bc5f0 142 *
nexpaq 0:6c56fb4bc5f0 143 * All these define require MBEDTLS_PLATFORM_C to be defined!
nexpaq 0:6c56fb4bc5f0 144 *
nexpaq 0:6c56fb4bc5f0 145 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
nexpaq 0:6c56fb4bc5f0 146 * it will be enabled automatically by check_config.h
nexpaq 0:6c56fb4bc5f0 147 *
nexpaq 0:6c56fb4bc5f0 148 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
nexpaq 0:6c56fb4bc5f0 149 * MBEDTLS_PLATFORM_XXX_MACRO!
nexpaq 0:6c56fb4bc5f0 150 *
nexpaq 0:6c56fb4bc5f0 151 * Uncomment a macro to enable alternate implementation of specific base
nexpaq 0:6c56fb4bc5f0 152 * platform function
nexpaq 0:6c56fb4bc5f0 153 */
nexpaq 0:6c56fb4bc5f0 154 //#define MBEDTLS_PLATFORM_EXIT_ALT
nexpaq 0:6c56fb4bc5f0 155 //#define MBEDTLS_PLATFORM_TIME_ALT
nexpaq 0:6c56fb4bc5f0 156 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
nexpaq 0:6c56fb4bc5f0 157 //#define MBEDTLS_PLATFORM_PRINTF_ALT
nexpaq 0:6c56fb4bc5f0 158 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
nexpaq 0:6c56fb4bc5f0 159 //#define MBEDTLS_PLATFORM_NV_SEED_ALT
nexpaq 0:6c56fb4bc5f0 160
nexpaq 0:6c56fb4bc5f0 161 /**
nexpaq 0:6c56fb4bc5f0 162 * \def MBEDTLS_DEPRECATED_WARNING
nexpaq 0:6c56fb4bc5f0 163 *
nexpaq 0:6c56fb4bc5f0 164 * Mark deprecated functions so that they generate a warning if used.
nexpaq 0:6c56fb4bc5f0 165 * Functions deprecated in one version will usually be removed in the next
nexpaq 0:6c56fb4bc5f0 166 * version. You can enable this to help you prepare the transition to a new
nexpaq 0:6c56fb4bc5f0 167 * major version by making sure your code is not using these functions.
nexpaq 0:6c56fb4bc5f0 168 *
nexpaq 0:6c56fb4bc5f0 169 * This only works with GCC and Clang. With other compilers, you may want to
nexpaq 0:6c56fb4bc5f0 170 * use MBEDTLS_DEPRECATED_REMOVED
nexpaq 0:6c56fb4bc5f0 171 *
nexpaq 0:6c56fb4bc5f0 172 * Uncomment to get warnings on using deprecated functions.
nexpaq 0:6c56fb4bc5f0 173 */
nexpaq 0:6c56fb4bc5f0 174 //#define MBEDTLS_DEPRECATED_WARNING
nexpaq 0:6c56fb4bc5f0 175
nexpaq 0:6c56fb4bc5f0 176 /**
nexpaq 0:6c56fb4bc5f0 177 * \def MBEDTLS_DEPRECATED_REMOVED
nexpaq 0:6c56fb4bc5f0 178 *
nexpaq 0:6c56fb4bc5f0 179 * Remove deprecated functions so that they generate an error if used.
nexpaq 0:6c56fb4bc5f0 180 * Functions deprecated in one version will usually be removed in the next
nexpaq 0:6c56fb4bc5f0 181 * version. You can enable this to help you prepare the transition to a new
nexpaq 0:6c56fb4bc5f0 182 * major version by making sure your code is not using these functions.
nexpaq 0:6c56fb4bc5f0 183 *
nexpaq 0:6c56fb4bc5f0 184 * Uncomment to get errors on using deprecated functions.
nexpaq 0:6c56fb4bc5f0 185 */
nexpaq 0:6c56fb4bc5f0 186 //#define MBEDTLS_DEPRECATED_REMOVED
nexpaq 0:6c56fb4bc5f0 187
nexpaq 0:6c56fb4bc5f0 188 /* \} name SECTION: System support */
nexpaq 0:6c56fb4bc5f0 189
nexpaq 0:6c56fb4bc5f0 190 /**
nexpaq 0:6c56fb4bc5f0 191 * \name SECTION: mbed TLS feature support
nexpaq 0:6c56fb4bc5f0 192 *
nexpaq 0:6c56fb4bc5f0 193 * This section sets support for features that are or are not needed
nexpaq 0:6c56fb4bc5f0 194 * within the modules that are enabled.
nexpaq 0:6c56fb4bc5f0 195 * \{
nexpaq 0:6c56fb4bc5f0 196 */
nexpaq 0:6c56fb4bc5f0 197
nexpaq 0:6c56fb4bc5f0 198 /**
nexpaq 0:6c56fb4bc5f0 199 * \def MBEDTLS_TIMING_ALT
nexpaq 0:6c56fb4bc5f0 200 *
nexpaq 0:6c56fb4bc5f0 201 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
nexpaq 0:6c56fb4bc5f0 202 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
nexpaq 0:6c56fb4bc5f0 203 *
nexpaq 0:6c56fb4bc5f0 204 * Only works if you have MBEDTLS_TIMING_C enabled.
nexpaq 0:6c56fb4bc5f0 205 *
nexpaq 0:6c56fb4bc5f0 206 * You will need to provide a header "timing_alt.h" and an implementation at
nexpaq 0:6c56fb4bc5f0 207 * compile time.
nexpaq 0:6c56fb4bc5f0 208 */
nexpaq 0:6c56fb4bc5f0 209 //#define MBEDTLS_TIMING_ALT
nexpaq 0:6c56fb4bc5f0 210
nexpaq 0:6c56fb4bc5f0 211 /**
nexpaq 0:6c56fb4bc5f0 212 * \def MBEDTLS_AES_ALT
nexpaq 0:6c56fb4bc5f0 213 *
nexpaq 0:6c56fb4bc5f0 214 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
nexpaq 0:6c56fb4bc5f0 215 * alternate core implementation of a symmetric crypto or hash module (e.g.
nexpaq 0:6c56fb4bc5f0 216 * platform specific assembly optimized implementations). Keep in mind that
nexpaq 0:6c56fb4bc5f0 217 * the function prototypes should remain the same.
nexpaq 0:6c56fb4bc5f0 218 *
nexpaq 0:6c56fb4bc5f0 219 * This replaces the whole module. If you only want to replace one of the
nexpaq 0:6c56fb4bc5f0 220 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
nexpaq 0:6c56fb4bc5f0 221 *
nexpaq 0:6c56fb4bc5f0 222 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
nexpaq 0:6c56fb4bc5f0 223 * provide the "struct mbedtls_aes_context" definition and omit the base function
nexpaq 0:6c56fb4bc5f0 224 * declarations and implementations. "aes_alt.h" will be included from
nexpaq 0:6c56fb4bc5f0 225 * "aes.h" to include the new function definitions.
nexpaq 0:6c56fb4bc5f0 226 *
nexpaq 0:6c56fb4bc5f0 227 * Uncomment a macro to enable alternate implementation of the corresponding
nexpaq 0:6c56fb4bc5f0 228 * module.
nexpaq 0:6c56fb4bc5f0 229 */
nexpaq 0:6c56fb4bc5f0 230 //#define MBEDTLS_AES_ALT
nexpaq 0:6c56fb4bc5f0 231 //#define MBEDTLS_ARC4_ALT
nexpaq 0:6c56fb4bc5f0 232 //#define MBEDTLS_BLOWFISH_ALT
nexpaq 0:6c56fb4bc5f0 233 //#define MBEDTLS_CAMELLIA_ALT
nexpaq 0:6c56fb4bc5f0 234 //#define MBEDTLS_DES_ALT
nexpaq 0:6c56fb4bc5f0 235 //#define MBEDTLS_XTEA_ALT
nexpaq 0:6c56fb4bc5f0 236 //#define MBEDTLS_MD2_ALT
nexpaq 0:6c56fb4bc5f0 237 //#define MBEDTLS_MD4_ALT
nexpaq 0:6c56fb4bc5f0 238 //#define MBEDTLS_MD5_ALT
nexpaq 0:6c56fb4bc5f0 239 //#define MBEDTLS_RIPEMD160_ALT
nexpaq 0:6c56fb4bc5f0 240 //#define MBEDTLS_SHA1_ALT
nexpaq 0:6c56fb4bc5f0 241 //#define MBEDTLS_SHA256_ALT
nexpaq 0:6c56fb4bc5f0 242 //#define MBEDTLS_SHA512_ALT
nexpaq 0:6c56fb4bc5f0 243
nexpaq 0:6c56fb4bc5f0 244 /**
nexpaq 0:6c56fb4bc5f0 245 * \def MBEDTLS_MD2_PROCESS_ALT
nexpaq 0:6c56fb4bc5f0 246 *
nexpaq 0:6c56fb4bc5f0 247 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
nexpaq 0:6c56fb4bc5f0 248 * alternate core implementation of symmetric crypto or hash function. Keep in
nexpaq 0:6c56fb4bc5f0 249 * mind that function prototypes should remain the same.
nexpaq 0:6c56fb4bc5f0 250 *
nexpaq 0:6c56fb4bc5f0 251 * This replaces only one function. The header file from mbed TLS is still
nexpaq 0:6c56fb4bc5f0 252 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
nexpaq 0:6c56fb4bc5f0 253 *
nexpaq 0:6c56fb4bc5f0 254 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
nexpaq 0:6c56fb4bc5f0 255 * no longer provide the mbedtls_sha1_process() function, but it will still provide
nexpaq 0:6c56fb4bc5f0 256 * the other function (using your mbedtls_sha1_process() function) and the definition
nexpaq 0:6c56fb4bc5f0 257 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
nexpaq 0:6c56fb4bc5f0 258 * with this definition.
nexpaq 0:6c56fb4bc5f0 259 *
nexpaq 0:6c56fb4bc5f0 260 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set
nexpaq 0:6c56fb4bc5f0 261 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
nexpaq 0:6c56fb4bc5f0 262 * tables.
nexpaq 0:6c56fb4bc5f0 263 *
nexpaq 0:6c56fb4bc5f0 264 * Uncomment a macro to enable alternate implementation of the corresponding
nexpaq 0:6c56fb4bc5f0 265 * function.
nexpaq 0:6c56fb4bc5f0 266 */
nexpaq 0:6c56fb4bc5f0 267 //#define MBEDTLS_MD2_PROCESS_ALT
nexpaq 0:6c56fb4bc5f0 268 //#define MBEDTLS_MD4_PROCESS_ALT
nexpaq 0:6c56fb4bc5f0 269 //#define MBEDTLS_MD5_PROCESS_ALT
nexpaq 0:6c56fb4bc5f0 270 //#define MBEDTLS_RIPEMD160_PROCESS_ALT
nexpaq 0:6c56fb4bc5f0 271 //#define MBEDTLS_SHA1_PROCESS_ALT
nexpaq 0:6c56fb4bc5f0 272 //#define MBEDTLS_SHA256_PROCESS_ALT
nexpaq 0:6c56fb4bc5f0 273 //#define MBEDTLS_SHA512_PROCESS_ALT
nexpaq 0:6c56fb4bc5f0 274 //#define MBEDTLS_DES_SETKEY_ALT
nexpaq 0:6c56fb4bc5f0 275 //#define MBEDTLS_DES_CRYPT_ECB_ALT
nexpaq 0:6c56fb4bc5f0 276 //#define MBEDTLS_DES3_CRYPT_ECB_ALT
nexpaq 0:6c56fb4bc5f0 277 //#define MBEDTLS_AES_SETKEY_ENC_ALT
nexpaq 0:6c56fb4bc5f0 278 //#define MBEDTLS_AES_SETKEY_DEC_ALT
nexpaq 0:6c56fb4bc5f0 279 //#define MBEDTLS_AES_ENCRYPT_ALT
nexpaq 0:6c56fb4bc5f0 280 //#define MBEDTLS_AES_DECRYPT_ALT
nexpaq 0:6c56fb4bc5f0 281
nexpaq 0:6c56fb4bc5f0 282 /**
nexpaq 0:6c56fb4bc5f0 283 * \def MBEDTLS_TEST_NULL_ENTROPY
nexpaq 0:6c56fb4bc5f0 284 *
nexpaq 0:6c56fb4bc5f0 285 * Enables testing and use of mbed TLS without any configured entropy sources.
nexpaq 0:6c56fb4bc5f0 286 * This permits use of the library on platforms before an entropy source has
nexpaq 0:6c56fb4bc5f0 287 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
nexpaq 0:6c56fb4bc5f0 288 * MBEDTLS_ENTROPY_NV_SEED switches).
nexpaq 0:6c56fb4bc5f0 289 *
nexpaq 0:6c56fb4bc5f0 290 * WARNING! This switch MUST be disabled in production builds, and is suitable
nexpaq 0:6c56fb4bc5f0 291 * only for development.
nexpaq 0:6c56fb4bc5f0 292 * Enabling the switch negates any security provided by the library.
nexpaq 0:6c56fb4bc5f0 293 *
nexpaq 0:6c56fb4bc5f0 294 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
nexpaq 0:6c56fb4bc5f0 295 *
nexpaq 0:6c56fb4bc5f0 296 */
nexpaq 0:6c56fb4bc5f0 297 //#define MBEDTLS_TEST_NULL_ENTROPY
nexpaq 0:6c56fb4bc5f0 298
nexpaq 0:6c56fb4bc5f0 299 /**
nexpaq 0:6c56fb4bc5f0 300 * \def MBEDTLS_ENTROPY_HARDWARE_ALT
nexpaq 0:6c56fb4bc5f0 301 *
nexpaq 0:6c56fb4bc5f0 302 * Uncomment this macro to let mbed TLS use your own implementation of a
nexpaq 0:6c56fb4bc5f0 303 * hardware entropy collector.
nexpaq 0:6c56fb4bc5f0 304 *
nexpaq 0:6c56fb4bc5f0 305 * Your function must be called \c mbedtls_hardware_poll(), have the same
nexpaq 0:6c56fb4bc5f0 306 * prototype as declared in entropy_poll.h, and accept NULL as first argument.
nexpaq 0:6c56fb4bc5f0 307 *
nexpaq 0:6c56fb4bc5f0 308 * Uncomment to use your own hardware entropy collector.
nexpaq 0:6c56fb4bc5f0 309 */
nexpaq 0:6c56fb4bc5f0 310 //#define MBEDTLS_ENTROPY_HARDWARE_ALT
nexpaq 0:6c56fb4bc5f0 311
nexpaq 0:6c56fb4bc5f0 312 /**
nexpaq 0:6c56fb4bc5f0 313 * \def MBEDTLS_AES_ROM_TABLES
nexpaq 0:6c56fb4bc5f0 314 *
nexpaq 0:6c56fb4bc5f0 315 * Store the AES tables in ROM.
nexpaq 0:6c56fb4bc5f0 316 *
nexpaq 0:6c56fb4bc5f0 317 * Uncomment this macro to store the AES tables in ROM.
nexpaq 0:6c56fb4bc5f0 318 */
nexpaq 0:6c56fb4bc5f0 319 //#define MBEDTLS_AES_ROM_TABLES
nexpaq 0:6c56fb4bc5f0 320
nexpaq 0:6c56fb4bc5f0 321 /**
nexpaq 0:6c56fb4bc5f0 322 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
nexpaq 0:6c56fb4bc5f0 323 *
nexpaq 0:6c56fb4bc5f0 324 * Use less ROM for the Camellia implementation (saves about 768 bytes).
nexpaq 0:6c56fb4bc5f0 325 *
nexpaq 0:6c56fb4bc5f0 326 * Uncomment this macro to use less memory for Camellia.
nexpaq 0:6c56fb4bc5f0 327 */
nexpaq 0:6c56fb4bc5f0 328 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY
nexpaq 0:6c56fb4bc5f0 329
nexpaq 0:6c56fb4bc5f0 330 /**
nexpaq 0:6c56fb4bc5f0 331 * \def MBEDTLS_CIPHER_MODE_CBC
nexpaq 0:6c56fb4bc5f0 332 *
nexpaq 0:6c56fb4bc5f0 333 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
nexpaq 0:6c56fb4bc5f0 334 */
nexpaq 0:6c56fb4bc5f0 335 #define MBEDTLS_CIPHER_MODE_CBC
nexpaq 0:6c56fb4bc5f0 336
nexpaq 0:6c56fb4bc5f0 337 /**
nexpaq 0:6c56fb4bc5f0 338 * \def MBEDTLS_CIPHER_MODE_CFB
nexpaq 0:6c56fb4bc5f0 339 *
nexpaq 0:6c56fb4bc5f0 340 * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
nexpaq 0:6c56fb4bc5f0 341 */
nexpaq 0:6c56fb4bc5f0 342 //#define MBEDTLS_CIPHER_MODE_CFB
nexpaq 0:6c56fb4bc5f0 343
nexpaq 0:6c56fb4bc5f0 344 /**
nexpaq 0:6c56fb4bc5f0 345 * \def MBEDTLS_CIPHER_MODE_CTR
nexpaq 0:6c56fb4bc5f0 346 *
nexpaq 0:6c56fb4bc5f0 347 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
nexpaq 0:6c56fb4bc5f0 348 */
nexpaq 0:6c56fb4bc5f0 349 //#define MBEDTLS_CIPHER_MODE_CTR
nexpaq 0:6c56fb4bc5f0 350
nexpaq 0:6c56fb4bc5f0 351 /**
nexpaq 0:6c56fb4bc5f0 352 * \def MBEDTLS_CIPHER_NULL_CIPHER
nexpaq 0:6c56fb4bc5f0 353 *
nexpaq 0:6c56fb4bc5f0 354 * Enable NULL cipher.
nexpaq 0:6c56fb4bc5f0 355 * Warning: Only do so when you know what you are doing. This allows for
nexpaq 0:6c56fb4bc5f0 356 * encryption or channels without any security!
nexpaq 0:6c56fb4bc5f0 357 *
nexpaq 0:6c56fb4bc5f0 358 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
nexpaq 0:6c56fb4bc5f0 359 * the following ciphersuites:
nexpaq 0:6c56fb4bc5f0 360 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 361 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 362 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 363 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 364 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
nexpaq 0:6c56fb4bc5f0 365 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
nexpaq 0:6c56fb4bc5f0 366 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 367 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
nexpaq 0:6c56fb4bc5f0 368 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
nexpaq 0:6c56fb4bc5f0 369 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 370 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
nexpaq 0:6c56fb4bc5f0 371 * MBEDTLS_TLS_RSA_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 372 * MBEDTLS_TLS_RSA_WITH_NULL_MD5
nexpaq 0:6c56fb4bc5f0 373 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
nexpaq 0:6c56fb4bc5f0 374 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
nexpaq 0:6c56fb4bc5f0 375 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 376 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
nexpaq 0:6c56fb4bc5f0 377 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
nexpaq 0:6c56fb4bc5f0 378 * MBEDTLS_TLS_PSK_WITH_NULL_SHA
nexpaq 0:6c56fb4bc5f0 379 *
nexpaq 0:6c56fb4bc5f0 380 * Uncomment this macro to enable the NULL cipher and ciphersuites
nexpaq 0:6c56fb4bc5f0 381 */
nexpaq 0:6c56fb4bc5f0 382 //#define MBEDTLS_CIPHER_NULL_CIPHER
nexpaq 0:6c56fb4bc5f0 383
nexpaq 0:6c56fb4bc5f0 384 /**
nexpaq 0:6c56fb4bc5f0 385 * \def MBEDTLS_CIPHER_PADDING_PKCS7
nexpaq 0:6c56fb4bc5f0 386 *
nexpaq 0:6c56fb4bc5f0 387 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
nexpaq 0:6c56fb4bc5f0 388 * specific padding modes in the cipher layer with cipher modes that support
nexpaq 0:6c56fb4bc5f0 389 * padding (e.g. CBC)
nexpaq 0:6c56fb4bc5f0 390 *
nexpaq 0:6c56fb4bc5f0 391 * If you disable all padding modes, only full blocks can be used with CBC.
nexpaq 0:6c56fb4bc5f0 392 *
nexpaq 0:6c56fb4bc5f0 393 * Enable padding modes in the cipher layer.
nexpaq 0:6c56fb4bc5f0 394 */
nexpaq 0:6c56fb4bc5f0 395 #define MBEDTLS_CIPHER_PADDING_PKCS7
nexpaq 0:6c56fb4bc5f0 396 //#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
nexpaq 0:6c56fb4bc5f0 397 //#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
nexpaq 0:6c56fb4bc5f0 398 //#define MBEDTLS_CIPHER_PADDING_ZEROS
nexpaq 0:6c56fb4bc5f0 399
nexpaq 0:6c56fb4bc5f0 400 /**
nexpaq 0:6c56fb4bc5f0 401 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
nexpaq 0:6c56fb4bc5f0 402 *
nexpaq 0:6c56fb4bc5f0 403 * Enable weak ciphersuites in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 404 * Warning: Only do so when you know what you are doing. This allows for
nexpaq 0:6c56fb4bc5f0 405 * channels with virtually no security at all!
nexpaq 0:6c56fb4bc5f0 406 *
nexpaq 0:6c56fb4bc5f0 407 * This enables the following ciphersuites:
nexpaq 0:6c56fb4bc5f0 408 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
nexpaq 0:6c56fb4bc5f0 409 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
nexpaq 0:6c56fb4bc5f0 410 *
nexpaq 0:6c56fb4bc5f0 411 * Uncomment this macro to enable weak ciphersuites
nexpaq 0:6c56fb4bc5f0 412 */
nexpaq 0:6c56fb4bc5f0 413 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
nexpaq 0:6c56fb4bc5f0 414
nexpaq 0:6c56fb4bc5f0 415 /**
nexpaq 0:6c56fb4bc5f0 416 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
nexpaq 0:6c56fb4bc5f0 417 *
nexpaq 0:6c56fb4bc5f0 418 * Remove RC4 ciphersuites by default in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 419 * This flag removes the ciphersuites based on RC4 from the default list as
nexpaq 0:6c56fb4bc5f0 420 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
nexpaq 0:6c56fb4bc5f0 421 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
nexpaq 0:6c56fb4bc5f0 422 * explicitly.
nexpaq 0:6c56fb4bc5f0 423 *
nexpaq 0:6c56fb4bc5f0 424 * Uncomment this macro to remove RC4 ciphersuites by default.
nexpaq 0:6c56fb4bc5f0 425 */
nexpaq 0:6c56fb4bc5f0 426 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
nexpaq 0:6c56fb4bc5f0 427
nexpaq 0:6c56fb4bc5f0 428 /**
nexpaq 0:6c56fb4bc5f0 429 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
nexpaq 0:6c56fb4bc5f0 430 *
nexpaq 0:6c56fb4bc5f0 431 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
nexpaq 0:6c56fb4bc5f0 432 * module. By default all supported curves are enabled.
nexpaq 0:6c56fb4bc5f0 433 *
nexpaq 0:6c56fb4bc5f0 434 * Comment macros to disable the curve and functions for it
nexpaq 0:6c56fb4bc5f0 435 */
nexpaq 0:6c56fb4bc5f0 436 //#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
nexpaq 0:6c56fb4bc5f0 437 //#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
nexpaq 0:6c56fb4bc5f0 438 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
nexpaq 0:6c56fb4bc5f0 439 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
nexpaq 0:6c56fb4bc5f0 440 //#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
nexpaq 0:6c56fb4bc5f0 441 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
nexpaq 0:6c56fb4bc5f0 442 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
nexpaq 0:6c56fb4bc5f0 443 //#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
nexpaq 0:6c56fb4bc5f0 444 //#define MBEDTLS_ECP_DP_BP256R1_ENABLED
nexpaq 0:6c56fb4bc5f0 445 //#define MBEDTLS_ECP_DP_BP384R1_ENABLED
nexpaq 0:6c56fb4bc5f0 446 //#define MBEDTLS_ECP_DP_BP512R1_ENABLED
nexpaq 0:6c56fb4bc5f0 447 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
nexpaq 0:6c56fb4bc5f0 448
nexpaq 0:6c56fb4bc5f0 449 /**
nexpaq 0:6c56fb4bc5f0 450 * \def MBEDTLS_ECP_NIST_OPTIM
nexpaq 0:6c56fb4bc5f0 451 *
nexpaq 0:6c56fb4bc5f0 452 * Enable specific 'modulo p' routines for each NIST prime.
nexpaq 0:6c56fb4bc5f0 453 * Depending on the prime and architecture, makes operations 4 to 8 times
nexpaq 0:6c56fb4bc5f0 454 * faster on the corresponding curve.
nexpaq 0:6c56fb4bc5f0 455 *
nexpaq 0:6c56fb4bc5f0 456 * Comment this macro to disable NIST curves optimisation.
nexpaq 0:6c56fb4bc5f0 457 */
nexpaq 0:6c56fb4bc5f0 458 #define MBEDTLS_ECP_NIST_OPTIM
nexpaq 0:6c56fb4bc5f0 459
nexpaq 0:6c56fb4bc5f0 460 /**
nexpaq 0:6c56fb4bc5f0 461 * \def MBEDTLS_ECDSA_DETERMINISTIC
nexpaq 0:6c56fb4bc5f0 462 *
nexpaq 0:6c56fb4bc5f0 463 * Enable deterministic ECDSA (RFC 6979).
nexpaq 0:6c56fb4bc5f0 464 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
nexpaq 0:6c56fb4bc5f0 465 * may result in a compromise of the long-term signing key. This is avoided by
nexpaq 0:6c56fb4bc5f0 466 * the deterministic variant.
nexpaq 0:6c56fb4bc5f0 467 *
nexpaq 0:6c56fb4bc5f0 468 * Requires: MBEDTLS_HMAC_DRBG_C
nexpaq 0:6c56fb4bc5f0 469 *
nexpaq 0:6c56fb4bc5f0 470 * Comment this macro to disable deterministic ECDSA.
nexpaq 0:6c56fb4bc5f0 471 */
nexpaq 0:6c56fb4bc5f0 472 #define MBEDTLS_ECDSA_DETERMINISTIC
nexpaq 0:6c56fb4bc5f0 473
nexpaq 0:6c56fb4bc5f0 474 /**
nexpaq 0:6c56fb4bc5f0 475 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
nexpaq 0:6c56fb4bc5f0 476 *
nexpaq 0:6c56fb4bc5f0 477 * Enable the PSK based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 478 *
nexpaq 0:6c56fb4bc5f0 479 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 480 * enabled as well):
nexpaq 0:6c56fb4bc5f0 481 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 482 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 483 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 484 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 485 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 486 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 487 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 488 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 489 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 490 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 491 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 492 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 493 */
nexpaq 0:6c56fb4bc5f0 494 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
nexpaq 0:6c56fb4bc5f0 495
nexpaq 0:6c56fb4bc5f0 496 /**
nexpaq 0:6c56fb4bc5f0 497 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
nexpaq 0:6c56fb4bc5f0 498 *
nexpaq 0:6c56fb4bc5f0 499 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 500 *
nexpaq 0:6c56fb4bc5f0 501 * Requires: MBEDTLS_DHM_C
nexpaq 0:6c56fb4bc5f0 502 *
nexpaq 0:6c56fb4bc5f0 503 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 504 * enabled as well):
nexpaq 0:6c56fb4bc5f0 505 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 506 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 507 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 508 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 509 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 510 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 511 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 512 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 513 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 514 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 515 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 516 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 517 */
nexpaq 0:6c56fb4bc5f0 518 //#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
nexpaq 0:6c56fb4bc5f0 519
nexpaq 0:6c56fb4bc5f0 520 /**
nexpaq 0:6c56fb4bc5f0 521 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
nexpaq 0:6c56fb4bc5f0 522 *
nexpaq 0:6c56fb4bc5f0 523 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 524 *
nexpaq 0:6c56fb4bc5f0 525 * Requires: MBEDTLS_ECDH_C
nexpaq 0:6c56fb4bc5f0 526 *
nexpaq 0:6c56fb4bc5f0 527 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 528 * enabled as well):
nexpaq 0:6c56fb4bc5f0 529 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 530 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 531 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 532 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 533 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 534 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 535 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 536 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 537 */
nexpaq 0:6c56fb4bc5f0 538 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
nexpaq 0:6c56fb4bc5f0 539
nexpaq 0:6c56fb4bc5f0 540 /**
nexpaq 0:6c56fb4bc5f0 541 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
nexpaq 0:6c56fb4bc5f0 542 *
nexpaq 0:6c56fb4bc5f0 543 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 544 *
nexpaq 0:6c56fb4bc5f0 545 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
nexpaq 0:6c56fb4bc5f0 546 * MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 547 *
nexpaq 0:6c56fb4bc5f0 548 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 549 * enabled as well):
nexpaq 0:6c56fb4bc5f0 550 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 551 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 552 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 553 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 554 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 555 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 556 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 557 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 558 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 559 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 560 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 561 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 562 */
nexpaq 0:6c56fb4bc5f0 563 //#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
nexpaq 0:6c56fb4bc5f0 564
nexpaq 0:6c56fb4bc5f0 565 /**
nexpaq 0:6c56fb4bc5f0 566 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
nexpaq 0:6c56fb4bc5f0 567 *
nexpaq 0:6c56fb4bc5f0 568 * Enable the RSA-only based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 569 *
nexpaq 0:6c56fb4bc5f0 570 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
nexpaq 0:6c56fb4bc5f0 571 * MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 572 *
nexpaq 0:6c56fb4bc5f0 573 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 574 * enabled as well):
nexpaq 0:6c56fb4bc5f0 575 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 576 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 577 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 578 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 579 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 580 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 581 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 582 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 583 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 584 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 585 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 586 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 587 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 588 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 589 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
nexpaq 0:6c56fb4bc5f0 590 */
nexpaq 0:6c56fb4bc5f0 591 //#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
nexpaq 0:6c56fb4bc5f0 592
nexpaq 0:6c56fb4bc5f0 593 /**
nexpaq 0:6c56fb4bc5f0 594 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
nexpaq 0:6c56fb4bc5f0 595 *
nexpaq 0:6c56fb4bc5f0 596 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 597 *
nexpaq 0:6c56fb4bc5f0 598 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
nexpaq 0:6c56fb4bc5f0 599 * MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 600 *
nexpaq 0:6c56fb4bc5f0 601 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 602 * enabled as well):
nexpaq 0:6c56fb4bc5f0 603 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 604 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 605 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 606 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 607 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 608 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 609 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 610 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 611 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 612 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 613 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 614 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 615 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 616 */
nexpaq 0:6c56fb4bc5f0 617 //#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
nexpaq 0:6c56fb4bc5f0 618
nexpaq 0:6c56fb4bc5f0 619 /**
nexpaq 0:6c56fb4bc5f0 620 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
nexpaq 0:6c56fb4bc5f0 621 *
nexpaq 0:6c56fb4bc5f0 622 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 623 *
nexpaq 0:6c56fb4bc5f0 624 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
nexpaq 0:6c56fb4bc5f0 625 * MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 626 *
nexpaq 0:6c56fb4bc5f0 627 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 628 * enabled as well):
nexpaq 0:6c56fb4bc5f0 629 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 630 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 631 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 632 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 633 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 634 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 635 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 636 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 637 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 638 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 639 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 640 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 641 */
nexpaq 0:6c56fb4bc5f0 642 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
nexpaq 0:6c56fb4bc5f0 643
nexpaq 0:6c56fb4bc5f0 644 /**
nexpaq 0:6c56fb4bc5f0 645 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
nexpaq 0:6c56fb4bc5f0 646 *
nexpaq 0:6c56fb4bc5f0 647 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 648 *
nexpaq 0:6c56fb4bc5f0 649 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
nexpaq 0:6c56fb4bc5f0 650 *
nexpaq 0:6c56fb4bc5f0 651 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 652 * enabled as well):
nexpaq 0:6c56fb4bc5f0 653 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 654 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 655 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 656 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 657 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 658 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 659 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 660 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 661 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 662 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 663 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 664 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 665 */
nexpaq 0:6c56fb4bc5f0 666 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
nexpaq 0:6c56fb4bc5f0 667
nexpaq 0:6c56fb4bc5f0 668 /**
nexpaq 0:6c56fb4bc5f0 669 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
nexpaq 0:6c56fb4bc5f0 670 *
nexpaq 0:6c56fb4bc5f0 671 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 672 *
nexpaq 0:6c56fb4bc5f0 673 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 674 *
nexpaq 0:6c56fb4bc5f0 675 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 676 * enabled as well):
nexpaq 0:6c56fb4bc5f0 677 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 678 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 679 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 680 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 681 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 682 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 683 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 684 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 685 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 686 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 687 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 688 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 689 */
nexpaq 0:6c56fb4bc5f0 690 //#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
nexpaq 0:6c56fb4bc5f0 691
nexpaq 0:6c56fb4bc5f0 692 /**
nexpaq 0:6c56fb4bc5f0 693 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
nexpaq 0:6c56fb4bc5f0 694 *
nexpaq 0:6c56fb4bc5f0 695 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 696 *
nexpaq 0:6c56fb4bc5f0 697 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 698 *
nexpaq 0:6c56fb4bc5f0 699 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 700 * enabled as well):
nexpaq 0:6c56fb4bc5f0 701 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 702 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 703 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 704 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 705 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 706 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 707 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 708 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 709 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 710 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 711 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 712 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 713 */
nexpaq 0:6c56fb4bc5f0 714 //#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
nexpaq 0:6c56fb4bc5f0 715
nexpaq 0:6c56fb4bc5f0 716 /**
nexpaq 0:6c56fb4bc5f0 717 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
nexpaq 0:6c56fb4bc5f0 718 *
nexpaq 0:6c56fb4bc5f0 719 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
nexpaq 0:6c56fb4bc5f0 720 *
nexpaq 0:6c56fb4bc5f0 721 * \warning This is currently experimental. EC J-PAKE support is based on the
nexpaq 0:6c56fb4bc5f0 722 * Thread v1.0.0 specification; incompatible changes to the specification
nexpaq 0:6c56fb4bc5f0 723 * might still happen. For this reason, this is disabled by default.
nexpaq 0:6c56fb4bc5f0 724 *
nexpaq 0:6c56fb4bc5f0 725 * Requires: MBEDTLS_ECJPAKE_C
nexpaq 0:6c56fb4bc5f0 726 * MBEDTLS_SHA256_C
nexpaq 0:6c56fb4bc5f0 727 * MBEDTLS_ECP_DP_SECP256R1_ENABLED
nexpaq 0:6c56fb4bc5f0 728 *
nexpaq 0:6c56fb4bc5f0 729 * This enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 730 * enabled as well):
nexpaq 0:6c56fb4bc5f0 731 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
nexpaq 0:6c56fb4bc5f0 732 */
nexpaq 0:6c56fb4bc5f0 733 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
nexpaq 0:6c56fb4bc5f0 734
nexpaq 0:6c56fb4bc5f0 735 /**
nexpaq 0:6c56fb4bc5f0 736 * \def MBEDTLS_PK_PARSE_EC_EXTENDED
nexpaq 0:6c56fb4bc5f0 737 *
nexpaq 0:6c56fb4bc5f0 738 * Enhance support for reading EC keys using variants of SEC1 not allowed by
nexpaq 0:6c56fb4bc5f0 739 * RFC 5915 and RFC 5480.
nexpaq 0:6c56fb4bc5f0 740 *
nexpaq 0:6c56fb4bc5f0 741 * Currently this means parsing the SpecifiedECDomain choice of EC
nexpaq 0:6c56fb4bc5f0 742 * parameters (only known groups are supported, not arbitrary domains, to
nexpaq 0:6c56fb4bc5f0 743 * avoid validation issues).
nexpaq 0:6c56fb4bc5f0 744 *
nexpaq 0:6c56fb4bc5f0 745 * Disable if you only need to support RFC 5915 + 5480 key formats.
nexpaq 0:6c56fb4bc5f0 746 */
nexpaq 0:6c56fb4bc5f0 747 //#define MBEDTLS_PK_PARSE_EC_EXTENDED
nexpaq 0:6c56fb4bc5f0 748
nexpaq 0:6c56fb4bc5f0 749 /**
nexpaq 0:6c56fb4bc5f0 750 * \def MBEDTLS_ERROR_STRERROR_DUMMY
nexpaq 0:6c56fb4bc5f0 751 *
nexpaq 0:6c56fb4bc5f0 752 * Enable a dummy error function to make use of mbedtls_strerror() in
nexpaq 0:6c56fb4bc5f0 753 * third party libraries easier when MBEDTLS_ERROR_C is disabled
nexpaq 0:6c56fb4bc5f0 754 * (no effect when MBEDTLS_ERROR_C is enabled).
nexpaq 0:6c56fb4bc5f0 755 *
nexpaq 0:6c56fb4bc5f0 756 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
nexpaq 0:6c56fb4bc5f0 757 * not using mbedtls_strerror() or error_strerror() in your application.
nexpaq 0:6c56fb4bc5f0 758 *
nexpaq 0:6c56fb4bc5f0 759 * Disable if you run into name conflicts and want to really remove the
nexpaq 0:6c56fb4bc5f0 760 * mbedtls_strerror()
nexpaq 0:6c56fb4bc5f0 761 */
nexpaq 0:6c56fb4bc5f0 762 #define MBEDTLS_ERROR_STRERROR_DUMMY
nexpaq 0:6c56fb4bc5f0 763
nexpaq 0:6c56fb4bc5f0 764 /**
nexpaq 0:6c56fb4bc5f0 765 * \def MBEDTLS_GENPRIME
nexpaq 0:6c56fb4bc5f0 766 *
nexpaq 0:6c56fb4bc5f0 767 * Enable the prime-number generation code.
nexpaq 0:6c56fb4bc5f0 768 *
nexpaq 0:6c56fb4bc5f0 769 * Requires: MBEDTLS_BIGNUM_C
nexpaq 0:6c56fb4bc5f0 770 */
nexpaq 0:6c56fb4bc5f0 771 //#define MBEDTLS_GENPRIME
nexpaq 0:6c56fb4bc5f0 772
nexpaq 0:6c56fb4bc5f0 773 /**
nexpaq 0:6c56fb4bc5f0 774 * \def MBEDTLS_FS_IO
nexpaq 0:6c56fb4bc5f0 775 *
nexpaq 0:6c56fb4bc5f0 776 * Enable functions that use the filesystem.
nexpaq 0:6c56fb4bc5f0 777 */
nexpaq 0:6c56fb4bc5f0 778 //#define MBEDTLS_FS_IO
nexpaq 0:6c56fb4bc5f0 779
nexpaq 0:6c56fb4bc5f0 780 /**
nexpaq 0:6c56fb4bc5f0 781 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
nexpaq 0:6c56fb4bc5f0 782 *
nexpaq 0:6c56fb4bc5f0 783 * Do not add default entropy sources. These are the platform specific,
nexpaq 0:6c56fb4bc5f0 784 * mbedtls_timing_hardclock and HAVEGE based poll functions.
nexpaq 0:6c56fb4bc5f0 785 *
nexpaq 0:6c56fb4bc5f0 786 * This is useful to have more control over the added entropy sources in an
nexpaq 0:6c56fb4bc5f0 787 * application.
nexpaq 0:6c56fb4bc5f0 788 *
nexpaq 0:6c56fb4bc5f0 789 * Uncomment this macro to prevent loading of default entropy functions.
nexpaq 0:6c56fb4bc5f0 790 */
nexpaq 0:6c56fb4bc5f0 791 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
nexpaq 0:6c56fb4bc5f0 792
nexpaq 0:6c56fb4bc5f0 793 /**
nexpaq 0:6c56fb4bc5f0 794 * \def MBEDTLS_NO_PLATFORM_ENTROPY
nexpaq 0:6c56fb4bc5f0 795 *
nexpaq 0:6c56fb4bc5f0 796 * Do not use built-in platform entropy functions.
nexpaq 0:6c56fb4bc5f0 797 * This is useful if your platform does not support
nexpaq 0:6c56fb4bc5f0 798 * standards like the /dev/urandom or Windows CryptoAPI.
nexpaq 0:6c56fb4bc5f0 799 *
nexpaq 0:6c56fb4bc5f0 800 * Uncomment this macro to disable the built-in platform entropy functions.
nexpaq 0:6c56fb4bc5f0 801 */
nexpaq 0:6c56fb4bc5f0 802 #define MBEDTLS_NO_PLATFORM_ENTROPY
nexpaq 0:6c56fb4bc5f0 803
nexpaq 0:6c56fb4bc5f0 804 /**
nexpaq 0:6c56fb4bc5f0 805 * \def MBEDTLS_ENTROPY_FORCE_SHA256
nexpaq 0:6c56fb4bc5f0 806 *
nexpaq 0:6c56fb4bc5f0 807 * Force the entropy accumulator to use a SHA-256 accumulator instead of the
nexpaq 0:6c56fb4bc5f0 808 * default SHA-512 based one (if both are available).
nexpaq 0:6c56fb4bc5f0 809 *
nexpaq 0:6c56fb4bc5f0 810 * Requires: MBEDTLS_SHA256_C
nexpaq 0:6c56fb4bc5f0 811 *
nexpaq 0:6c56fb4bc5f0 812 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
nexpaq 0:6c56fb4bc5f0 813 * if you have performance concerns.
nexpaq 0:6c56fb4bc5f0 814 *
nexpaq 0:6c56fb4bc5f0 815 * This option is only useful if both MBEDTLS_SHA256_C and
nexpaq 0:6c56fb4bc5f0 816 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
nexpaq 0:6c56fb4bc5f0 817 */
nexpaq 0:6c56fb4bc5f0 818 //#define MBEDTLS_ENTROPY_FORCE_SHA256
nexpaq 0:6c56fb4bc5f0 819
nexpaq 0:6c56fb4bc5f0 820 /**
nexpaq 0:6c56fb4bc5f0 821 * \def MBEDTLS_ENTROPY_NV_SEED
nexpaq 0:6c56fb4bc5f0 822 *
nexpaq 0:6c56fb4bc5f0 823 * Enable the non-volatile (NV) seed file-based entropy source.
nexpaq 0:6c56fb4bc5f0 824 * (Also enables the NV seed read/write functions in the platform layer)
nexpaq 0:6c56fb4bc5f0 825 *
nexpaq 0:6c56fb4bc5f0 826 * This is crucial (if not required) on systems that do not have a
nexpaq 0:6c56fb4bc5f0 827 * cryptographic entropy source (in hardware or kernel) available.
nexpaq 0:6c56fb4bc5f0 828 *
nexpaq 0:6c56fb4bc5f0 829 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
nexpaq 0:6c56fb4bc5f0 830 *
nexpaq 0:6c56fb4bc5f0 831 * \note The read/write functions that are used by the entropy source are
nexpaq 0:6c56fb4bc5f0 832 * determined in the platform layer, and can be modified at runtime and/or
nexpaq 0:6c56fb4bc5f0 833 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
nexpaq 0:6c56fb4bc5f0 834 *
nexpaq 0:6c56fb4bc5f0 835 * \note If you use the default implementation functions that read a seedfile
nexpaq 0:6c56fb4bc5f0 836 * with regular fopen(), please make sure you make a seedfile with the
nexpaq 0:6c56fb4bc5f0 837 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
nexpaq 0:6c56fb4bc5f0 838 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
nexpaq 0:6c56fb4bc5f0 839 * and written to or you will get an entropy source error! The default
nexpaq 0:6c56fb4bc5f0 840 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
nexpaq 0:6c56fb4bc5f0 841 * bytes from the file.
nexpaq 0:6c56fb4bc5f0 842 *
nexpaq 0:6c56fb4bc5f0 843 * \note The entropy collector will write to the seed file before entropy is
nexpaq 0:6c56fb4bc5f0 844 * given to an external source, to update it.
nexpaq 0:6c56fb4bc5f0 845 */
nexpaq 0:6c56fb4bc5f0 846 //#define MBEDTLS_ENTROPY_NV_SEED
nexpaq 0:6c56fb4bc5f0 847
nexpaq 0:6c56fb4bc5f0 848 /**
nexpaq 0:6c56fb4bc5f0 849 * \def MBEDTLS_MEMORY_DEBUG
nexpaq 0:6c56fb4bc5f0 850 *
nexpaq 0:6c56fb4bc5f0 851 * Enable debugging of buffer allocator memory issues. Automatically prints
nexpaq 0:6c56fb4bc5f0 852 * (to stderr) all (fatal) messages on memory allocation issues. Enables
nexpaq 0:6c56fb4bc5f0 853 * function for 'debug output' of allocated memory.
nexpaq 0:6c56fb4bc5f0 854 *
nexpaq 0:6c56fb4bc5f0 855 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
nexpaq 0:6c56fb4bc5f0 856 *
nexpaq 0:6c56fb4bc5f0 857 * Uncomment this macro to let the buffer allocator print out error messages.
nexpaq 0:6c56fb4bc5f0 858 */
nexpaq 0:6c56fb4bc5f0 859 //#define MBEDTLS_MEMORY_DEBUG
nexpaq 0:6c56fb4bc5f0 860
nexpaq 0:6c56fb4bc5f0 861 /**
nexpaq 0:6c56fb4bc5f0 862 * \def MBEDTLS_MEMORY_BACKTRACE
nexpaq 0:6c56fb4bc5f0 863 *
nexpaq 0:6c56fb4bc5f0 864 * Include backtrace information with each allocated block.
nexpaq 0:6c56fb4bc5f0 865 *
nexpaq 0:6c56fb4bc5f0 866 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
nexpaq 0:6c56fb4bc5f0 867 * GLIBC-compatible backtrace() an backtrace_symbols() support
nexpaq 0:6c56fb4bc5f0 868 *
nexpaq 0:6c56fb4bc5f0 869 * Uncomment this macro to include backtrace information
nexpaq 0:6c56fb4bc5f0 870 */
nexpaq 0:6c56fb4bc5f0 871 //#define MBEDTLS_MEMORY_BACKTRACE
nexpaq 0:6c56fb4bc5f0 872
nexpaq 0:6c56fb4bc5f0 873 /**
nexpaq 0:6c56fb4bc5f0 874 * \def MBEDTLS_PK_RSA_ALT_SUPPORT
nexpaq 0:6c56fb4bc5f0 875 *
nexpaq 0:6c56fb4bc5f0 876 * Support external private RSA keys (eg from a HSM) in the PK layer.
nexpaq 0:6c56fb4bc5f0 877 *
nexpaq 0:6c56fb4bc5f0 878 * Comment this macro to disable support for external private RSA keys.
nexpaq 0:6c56fb4bc5f0 879 */
nexpaq 0:6c56fb4bc5f0 880 #define MBEDTLS_PK_RSA_ALT_SUPPORT
nexpaq 0:6c56fb4bc5f0 881
nexpaq 0:6c56fb4bc5f0 882 /**
nexpaq 0:6c56fb4bc5f0 883 * \def MBEDTLS_PKCS1_V15
nexpaq 0:6c56fb4bc5f0 884 *
nexpaq 0:6c56fb4bc5f0 885 * Enable support for PKCS#1 v1.5 encoding.
nexpaq 0:6c56fb4bc5f0 886 *
nexpaq 0:6c56fb4bc5f0 887 * Requires: MBEDTLS_RSA_C
nexpaq 0:6c56fb4bc5f0 888 *
nexpaq 0:6c56fb4bc5f0 889 * This enables support for PKCS#1 v1.5 operations.
nexpaq 0:6c56fb4bc5f0 890 */
nexpaq 0:6c56fb4bc5f0 891 #define MBEDTLS_PKCS1_V15
nexpaq 0:6c56fb4bc5f0 892
nexpaq 0:6c56fb4bc5f0 893 /**
nexpaq 0:6c56fb4bc5f0 894 * \def MBEDTLS_PKCS1_V21
nexpaq 0:6c56fb4bc5f0 895 *
nexpaq 0:6c56fb4bc5f0 896 * Enable support for PKCS#1 v2.1 encoding.
nexpaq 0:6c56fb4bc5f0 897 *
nexpaq 0:6c56fb4bc5f0 898 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
nexpaq 0:6c56fb4bc5f0 899 *
nexpaq 0:6c56fb4bc5f0 900 * This enables support for RSAES-OAEP and RSASSA-PSS operations.
nexpaq 0:6c56fb4bc5f0 901 */
nexpaq 0:6c56fb4bc5f0 902 #define MBEDTLS_PKCS1_V21
nexpaq 0:6c56fb4bc5f0 903
nexpaq 0:6c56fb4bc5f0 904 /**
nexpaq 0:6c56fb4bc5f0 905 * \def MBEDTLS_RSA_NO_CRT
nexpaq 0:6c56fb4bc5f0 906 *
nexpaq 0:6c56fb4bc5f0 907 * Do not use the Chinese Remainder Theorem for the RSA private operation.
nexpaq 0:6c56fb4bc5f0 908 *
nexpaq 0:6c56fb4bc5f0 909 * Uncomment this macro to disable the use of CRT in RSA.
nexpaq 0:6c56fb4bc5f0 910 *
nexpaq 0:6c56fb4bc5f0 911 */
nexpaq 0:6c56fb4bc5f0 912 //#define MBEDTLS_RSA_NO_CRT
nexpaq 0:6c56fb4bc5f0 913
nexpaq 0:6c56fb4bc5f0 914 /**
nexpaq 0:6c56fb4bc5f0 915 * \def MBEDTLS_SELF_TEST
nexpaq 0:6c56fb4bc5f0 916 *
nexpaq 0:6c56fb4bc5f0 917 * Enable the checkup functions (*_self_test).
nexpaq 0:6c56fb4bc5f0 918 */
nexpaq 0:6c56fb4bc5f0 919 #define MBEDTLS_SELF_TEST
nexpaq 0:6c56fb4bc5f0 920
nexpaq 0:6c56fb4bc5f0 921 /**
nexpaq 0:6c56fb4bc5f0 922 * \def MBEDTLS_SHA256_SMALLER
nexpaq 0:6c56fb4bc5f0 923 *
nexpaq 0:6c56fb4bc5f0 924 * Enable an implementation of SHA-256 that has lower ROM footprint but also
nexpaq 0:6c56fb4bc5f0 925 * lower performance.
nexpaq 0:6c56fb4bc5f0 926 *
nexpaq 0:6c56fb4bc5f0 927 * The default implementation is meant to be a reasonnable compromise between
nexpaq 0:6c56fb4bc5f0 928 * performance and size. This version optimizes more aggressively for size at
nexpaq 0:6c56fb4bc5f0 929 * the expense of performance. Eg on Cortex-M4 it reduces the size of
nexpaq 0:6c56fb4bc5f0 930 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
nexpaq 0:6c56fb4bc5f0 931 * 30%.
nexpaq 0:6c56fb4bc5f0 932 *
nexpaq 0:6c56fb4bc5f0 933 * Uncomment to enable the smaller implementation of SHA256.
nexpaq 0:6c56fb4bc5f0 934 */
nexpaq 0:6c56fb4bc5f0 935 //#define MBEDTLS_SHA256_SMALLER
nexpaq 0:6c56fb4bc5f0 936
nexpaq 0:6c56fb4bc5f0 937 /**
nexpaq 0:6c56fb4bc5f0 938 * \def MBEDTLS_SSL_AEAD_RANDOM_IV
nexpaq 0:6c56fb4bc5f0 939 *
nexpaq 0:6c56fb4bc5f0 940 * Generate a random IV rather than using the record sequence number as a
nexpaq 0:6c56fb4bc5f0 941 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
nexpaq 0:6c56fb4bc5f0 942 *
nexpaq 0:6c56fb4bc5f0 943 * Using the sequence number is generally recommended.
nexpaq 0:6c56fb4bc5f0 944 *
nexpaq 0:6c56fb4bc5f0 945 * Uncomment this macro to always use random IVs with AEAD ciphersuites.
nexpaq 0:6c56fb4bc5f0 946 */
nexpaq 0:6c56fb4bc5f0 947 //#define MBEDTLS_SSL_AEAD_RANDOM_IV
nexpaq 0:6c56fb4bc5f0 948
nexpaq 0:6c56fb4bc5f0 949 /**
nexpaq 0:6c56fb4bc5f0 950 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
nexpaq 0:6c56fb4bc5f0 951 *
nexpaq 0:6c56fb4bc5f0 952 * Enable sending of alert messages in case of encountered errors as per RFC.
nexpaq 0:6c56fb4bc5f0 953 * If you choose not to send the alert messages, mbed TLS can still communicate
nexpaq 0:6c56fb4bc5f0 954 * with other servers, only debugging of failures is harder.
nexpaq 0:6c56fb4bc5f0 955 *
nexpaq 0:6c56fb4bc5f0 956 * The advantage of not sending alert messages, is that no information is given
nexpaq 0:6c56fb4bc5f0 957 * about reasons for failures thus preventing adversaries of gaining intel.
nexpaq 0:6c56fb4bc5f0 958 *
nexpaq 0:6c56fb4bc5f0 959 * Enable sending of all alert messages
nexpaq 0:6c56fb4bc5f0 960 */
nexpaq 0:6c56fb4bc5f0 961 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
nexpaq 0:6c56fb4bc5f0 962
nexpaq 0:6c56fb4bc5f0 963 /**
nexpaq 0:6c56fb4bc5f0 964 * \def MBEDTLS_SSL_DEBUG_ALL
nexpaq 0:6c56fb4bc5f0 965 *
nexpaq 0:6c56fb4bc5f0 966 * Enable the debug messages in SSL module for all issues.
nexpaq 0:6c56fb4bc5f0 967 * Debug messages have been disabled in some places to prevent timing
nexpaq 0:6c56fb4bc5f0 968 * attacks due to (unbalanced) debugging function calls.
nexpaq 0:6c56fb4bc5f0 969 *
nexpaq 0:6c56fb4bc5f0 970 * If you need all error reporting you should enable this during debugging,
nexpaq 0:6c56fb4bc5f0 971 * but remove this for production servers that should log as well.
nexpaq 0:6c56fb4bc5f0 972 *
nexpaq 0:6c56fb4bc5f0 973 * Uncomment this macro to report all debug messages on errors introducing
nexpaq 0:6c56fb4bc5f0 974 * a timing side-channel.
nexpaq 0:6c56fb4bc5f0 975 *
nexpaq 0:6c56fb4bc5f0 976 */
nexpaq 0:6c56fb4bc5f0 977 //#define MBEDTLS_SSL_DEBUG_ALL
nexpaq 0:6c56fb4bc5f0 978
nexpaq 0:6c56fb4bc5f0 979 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
nexpaq 0:6c56fb4bc5f0 980 *
nexpaq 0:6c56fb4bc5f0 981 * Enable support for Encrypt-then-MAC, RFC 7366.
nexpaq 0:6c56fb4bc5f0 982 *
nexpaq 0:6c56fb4bc5f0 983 * This allows peers that both support it to use a more robust protection for
nexpaq 0:6c56fb4bc5f0 984 * ciphersuites using CBC, providing deep resistance against timing attacks
nexpaq 0:6c56fb4bc5f0 985 * on the padding or underlying cipher.
nexpaq 0:6c56fb4bc5f0 986 *
nexpaq 0:6c56fb4bc5f0 987 * This only affects CBC ciphersuites, and is useless if none is defined.
nexpaq 0:6c56fb4bc5f0 988 *
nexpaq 0:6c56fb4bc5f0 989 * Requires: MBEDTLS_SSL_PROTO_TLS1 or
nexpaq 0:6c56fb4bc5f0 990 * MBEDTLS_SSL_PROTO_TLS1_1 or
nexpaq 0:6c56fb4bc5f0 991 * MBEDTLS_SSL_PROTO_TLS1_2
nexpaq 0:6c56fb4bc5f0 992 *
nexpaq 0:6c56fb4bc5f0 993 * Comment this macro to disable support for Encrypt-then-MAC
nexpaq 0:6c56fb4bc5f0 994 */
nexpaq 0:6c56fb4bc5f0 995 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC
nexpaq 0:6c56fb4bc5f0 996
nexpaq 0:6c56fb4bc5f0 997 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
nexpaq 0:6c56fb4bc5f0 998 *
nexpaq 0:6c56fb4bc5f0 999 * Enable support for Extended Master Secret, aka Session Hash
nexpaq 0:6c56fb4bc5f0 1000 * (draft-ietf-tls-session-hash-02).
nexpaq 0:6c56fb4bc5f0 1001 *
nexpaq 0:6c56fb4bc5f0 1002 * This was introduced as "the proper fix" to the Triple Handshake familiy of
nexpaq 0:6c56fb4bc5f0 1003 * attacks, but it is recommended to always use it (even if you disable
nexpaq 0:6c56fb4bc5f0 1004 * renegotiation), since it actually fixes a more fundamental issue in the
nexpaq 0:6c56fb4bc5f0 1005 * original SSL/TLS design, and has implications beyond Triple Handshake.
nexpaq 0:6c56fb4bc5f0 1006 *
nexpaq 0:6c56fb4bc5f0 1007 * Requires: MBEDTLS_SSL_PROTO_TLS1 or
nexpaq 0:6c56fb4bc5f0 1008 * MBEDTLS_SSL_PROTO_TLS1_1 or
nexpaq 0:6c56fb4bc5f0 1009 * MBEDTLS_SSL_PROTO_TLS1_2
nexpaq 0:6c56fb4bc5f0 1010 *
nexpaq 0:6c56fb4bc5f0 1011 * Comment this macro to disable support for Extended Master Secret.
nexpaq 0:6c56fb4bc5f0 1012 */
nexpaq 0:6c56fb4bc5f0 1013 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
nexpaq 0:6c56fb4bc5f0 1014
nexpaq 0:6c56fb4bc5f0 1015 /**
nexpaq 0:6c56fb4bc5f0 1016 * \def MBEDTLS_SSL_FALLBACK_SCSV
nexpaq 0:6c56fb4bc5f0 1017 *
nexpaq 0:6c56fb4bc5f0 1018 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
nexpaq 0:6c56fb4bc5f0 1019 *
nexpaq 0:6c56fb4bc5f0 1020 * For servers, it is recommended to always enable this, unless you support
nexpaq 0:6c56fb4bc5f0 1021 * only one version of TLS, or know for sure that none of your clients
nexpaq 0:6c56fb4bc5f0 1022 * implements a fallback strategy.
nexpaq 0:6c56fb4bc5f0 1023 *
nexpaq 0:6c56fb4bc5f0 1024 * For clients, you only need this if you're using a fallback strategy, which
nexpaq 0:6c56fb4bc5f0 1025 * is not recommended in the first place, unless you absolutely need it to
nexpaq 0:6c56fb4bc5f0 1026 * interoperate with buggy (version-intolerant) servers.
nexpaq 0:6c56fb4bc5f0 1027 *
nexpaq 0:6c56fb4bc5f0 1028 * Comment this macro to disable support for FALLBACK_SCSV
nexpaq 0:6c56fb4bc5f0 1029 */
nexpaq 0:6c56fb4bc5f0 1030 //#define MBEDTLS_SSL_FALLBACK_SCSV
nexpaq 0:6c56fb4bc5f0 1031
nexpaq 0:6c56fb4bc5f0 1032 /**
nexpaq 0:6c56fb4bc5f0 1033 * \def MBEDTLS_SSL_HW_RECORD_ACCEL
nexpaq 0:6c56fb4bc5f0 1034 *
nexpaq 0:6c56fb4bc5f0 1035 * Enable hooking functions in SSL module for hardware acceleration of
nexpaq 0:6c56fb4bc5f0 1036 * individual records.
nexpaq 0:6c56fb4bc5f0 1037 *
nexpaq 0:6c56fb4bc5f0 1038 * Uncomment this macro to enable hooking functions.
nexpaq 0:6c56fb4bc5f0 1039 */
nexpaq 0:6c56fb4bc5f0 1040 //#define MBEDTLS_SSL_HW_RECORD_ACCEL
nexpaq 0:6c56fb4bc5f0 1041
nexpaq 0:6c56fb4bc5f0 1042 /**
nexpaq 0:6c56fb4bc5f0 1043 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
nexpaq 0:6c56fb4bc5f0 1044 *
nexpaq 0:6c56fb4bc5f0 1045 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
nexpaq 0:6c56fb4bc5f0 1046 *
nexpaq 0:6c56fb4bc5f0 1047 * This is a countermeasure to the BEAST attack, which also minimizes the risk
nexpaq 0:6c56fb4bc5f0 1048 * of interoperability issues compared to sending 0-length records.
nexpaq 0:6c56fb4bc5f0 1049 *
nexpaq 0:6c56fb4bc5f0 1050 * Comment this macro to disable 1/n-1 record splitting.
nexpaq 0:6c56fb4bc5f0 1051 */
nexpaq 0:6c56fb4bc5f0 1052 //#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
nexpaq 0:6c56fb4bc5f0 1053
nexpaq 0:6c56fb4bc5f0 1054 /**
nexpaq 0:6c56fb4bc5f0 1055 * \def MBEDTLS_SSL_RENEGOTIATION
nexpaq 0:6c56fb4bc5f0 1056 *
nexpaq 0:6c56fb4bc5f0 1057 * Disable support for TLS renegotiation.
nexpaq 0:6c56fb4bc5f0 1058 *
nexpaq 0:6c56fb4bc5f0 1059 * The two main uses of renegotiation are (1) refresh keys on long-lived
nexpaq 0:6c56fb4bc5f0 1060 * connections and (2) client authentication after the initial handshake.
nexpaq 0:6c56fb4bc5f0 1061 * If you don't need renegotiation, it's probably better to disable it, since
nexpaq 0:6c56fb4bc5f0 1062 * it has been associated with security issues in the past and is easy to
nexpaq 0:6c56fb4bc5f0 1063 * misuse/misunderstand.
nexpaq 0:6c56fb4bc5f0 1064 *
nexpaq 0:6c56fb4bc5f0 1065 * Comment this to disable support for renegotiation.
nexpaq 0:6c56fb4bc5f0 1066 */
nexpaq 0:6c56fb4bc5f0 1067 #define MBEDTLS_SSL_RENEGOTIATION
nexpaq 0:6c56fb4bc5f0 1068
nexpaq 0:6c56fb4bc5f0 1069 /**
nexpaq 0:6c56fb4bc5f0 1070 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
nexpaq 0:6c56fb4bc5f0 1071 *
nexpaq 0:6c56fb4bc5f0 1072 * Enable support for receiving and parsing SSLv2 Client Hello messages for the
nexpaq 0:6c56fb4bc5f0 1073 * SSL Server module (MBEDTLS_SSL_SRV_C).
nexpaq 0:6c56fb4bc5f0 1074 *
nexpaq 0:6c56fb4bc5f0 1075 * Uncomment this macro to enable support for SSLv2 Client Hello messages.
nexpaq 0:6c56fb4bc5f0 1076 */
nexpaq 0:6c56fb4bc5f0 1077 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
nexpaq 0:6c56fb4bc5f0 1078
nexpaq 0:6c56fb4bc5f0 1079 /**
nexpaq 0:6c56fb4bc5f0 1080 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
nexpaq 0:6c56fb4bc5f0 1081 *
nexpaq 0:6c56fb4bc5f0 1082 * Pick the ciphersuite according to the client's preferences rather than ours
nexpaq 0:6c56fb4bc5f0 1083 * in the SSL Server module (MBEDTLS_SSL_SRV_C).
nexpaq 0:6c56fb4bc5f0 1084 *
nexpaq 0:6c56fb4bc5f0 1085 * Uncomment this macro to respect client's ciphersuite order
nexpaq 0:6c56fb4bc5f0 1086 */
nexpaq 0:6c56fb4bc5f0 1087 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
nexpaq 0:6c56fb4bc5f0 1088
nexpaq 0:6c56fb4bc5f0 1089 /**
nexpaq 0:6c56fb4bc5f0 1090 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
nexpaq 0:6c56fb4bc5f0 1091 *
nexpaq 0:6c56fb4bc5f0 1092 * Enable support for RFC 6066 max_fragment_length extension in SSL.
nexpaq 0:6c56fb4bc5f0 1093 *
nexpaq 0:6c56fb4bc5f0 1094 * Comment this macro to disable support for the max_fragment_length extension
nexpaq 0:6c56fb4bc5f0 1095 */
nexpaq 0:6c56fb4bc5f0 1096 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
nexpaq 0:6c56fb4bc5f0 1097
nexpaq 0:6c56fb4bc5f0 1098 /**
nexpaq 0:6c56fb4bc5f0 1099 * \def MBEDTLS_SSL_PROTO_SSL3
nexpaq 0:6c56fb4bc5f0 1100 *
nexpaq 0:6c56fb4bc5f0 1101 * Enable support for SSL 3.0.
nexpaq 0:6c56fb4bc5f0 1102 *
nexpaq 0:6c56fb4bc5f0 1103 * Requires: MBEDTLS_MD5_C
nexpaq 0:6c56fb4bc5f0 1104 * MBEDTLS_SHA1_C
nexpaq 0:6c56fb4bc5f0 1105 *
nexpaq 0:6c56fb4bc5f0 1106 * Comment this macro to disable support for SSL 3.0
nexpaq 0:6c56fb4bc5f0 1107 */
nexpaq 0:6c56fb4bc5f0 1108 //#define MBEDTLS_SSL_PROTO_SSL3
nexpaq 0:6c56fb4bc5f0 1109
nexpaq 0:6c56fb4bc5f0 1110 /**
nexpaq 0:6c56fb4bc5f0 1111 * \def MBEDTLS_SSL_PROTO_TLS1
nexpaq 0:6c56fb4bc5f0 1112 *
nexpaq 0:6c56fb4bc5f0 1113 * Enable support for TLS 1.0.
nexpaq 0:6c56fb4bc5f0 1114 *
nexpaq 0:6c56fb4bc5f0 1115 * Requires: MBEDTLS_MD5_C
nexpaq 0:6c56fb4bc5f0 1116 * MBEDTLS_SHA1_C
nexpaq 0:6c56fb4bc5f0 1117 *
nexpaq 0:6c56fb4bc5f0 1118 * Comment this macro to disable support for TLS 1.0
nexpaq 0:6c56fb4bc5f0 1119 */
nexpaq 0:6c56fb4bc5f0 1120 //#define MBEDTLS_SSL_PROTO_TLS1
nexpaq 0:6c56fb4bc5f0 1121
nexpaq 0:6c56fb4bc5f0 1122 /**
nexpaq 0:6c56fb4bc5f0 1123 * \def MBEDTLS_SSL_PROTO_TLS1_1
nexpaq 0:6c56fb4bc5f0 1124 *
nexpaq 0:6c56fb4bc5f0 1125 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
nexpaq 0:6c56fb4bc5f0 1126 *
nexpaq 0:6c56fb4bc5f0 1127 * Requires: MBEDTLS_MD5_C
nexpaq 0:6c56fb4bc5f0 1128 * MBEDTLS_SHA1_C
nexpaq 0:6c56fb4bc5f0 1129 *
nexpaq 0:6c56fb4bc5f0 1130 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
nexpaq 0:6c56fb4bc5f0 1131 */
nexpaq 0:6c56fb4bc5f0 1132 //#define MBEDTLS_SSL_PROTO_TLS1_1
nexpaq 0:6c56fb4bc5f0 1133
nexpaq 0:6c56fb4bc5f0 1134 /**
nexpaq 0:6c56fb4bc5f0 1135 * \def MBEDTLS_SSL_PROTO_TLS1_2
nexpaq 0:6c56fb4bc5f0 1136 *
nexpaq 0:6c56fb4bc5f0 1137 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
nexpaq 0:6c56fb4bc5f0 1138 *
nexpaq 0:6c56fb4bc5f0 1139 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
nexpaq 0:6c56fb4bc5f0 1140 * (Depends on ciphersuites)
nexpaq 0:6c56fb4bc5f0 1141 *
nexpaq 0:6c56fb4bc5f0 1142 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
nexpaq 0:6c56fb4bc5f0 1143 */
nexpaq 0:6c56fb4bc5f0 1144 #define MBEDTLS_SSL_PROTO_TLS1_2
nexpaq 0:6c56fb4bc5f0 1145
nexpaq 0:6c56fb4bc5f0 1146 /**
nexpaq 0:6c56fb4bc5f0 1147 * \def MBEDTLS_SSL_PROTO_DTLS
nexpaq 0:6c56fb4bc5f0 1148 *
nexpaq 0:6c56fb4bc5f0 1149 * Enable support for DTLS (all available versions).
nexpaq 0:6c56fb4bc5f0 1150 *
nexpaq 0:6c56fb4bc5f0 1151 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
nexpaq 0:6c56fb4bc5f0 1152 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
nexpaq 0:6c56fb4bc5f0 1153 *
nexpaq 0:6c56fb4bc5f0 1154 * Requires: MBEDTLS_SSL_PROTO_TLS1_1
nexpaq 0:6c56fb4bc5f0 1155 * or MBEDTLS_SSL_PROTO_TLS1_2
nexpaq 0:6c56fb4bc5f0 1156 *
nexpaq 0:6c56fb4bc5f0 1157 * Comment this macro to disable support for DTLS
nexpaq 0:6c56fb4bc5f0 1158 */
nexpaq 0:6c56fb4bc5f0 1159 #define MBEDTLS_SSL_PROTO_DTLS
nexpaq 0:6c56fb4bc5f0 1160
nexpaq 0:6c56fb4bc5f0 1161 /**
nexpaq 0:6c56fb4bc5f0 1162 * \def MBEDTLS_SSL_ALPN
nexpaq 0:6c56fb4bc5f0 1163 *
nexpaq 0:6c56fb4bc5f0 1164 * Enable support for RFC 7301 Application Layer Protocol Negotiation.
nexpaq 0:6c56fb4bc5f0 1165 *
nexpaq 0:6c56fb4bc5f0 1166 * Comment this macro to disable support for ALPN.
nexpaq 0:6c56fb4bc5f0 1167 */
nexpaq 0:6c56fb4bc5f0 1168 #define MBEDTLS_SSL_ALPN
nexpaq 0:6c56fb4bc5f0 1169
nexpaq 0:6c56fb4bc5f0 1170 /**
nexpaq 0:6c56fb4bc5f0 1171 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
nexpaq 0:6c56fb4bc5f0 1172 *
nexpaq 0:6c56fb4bc5f0 1173 * Enable support for the anti-replay mechanism in DTLS.
nexpaq 0:6c56fb4bc5f0 1174 *
nexpaq 0:6c56fb4bc5f0 1175 * Requires: MBEDTLS_SSL_TLS_C
nexpaq 0:6c56fb4bc5f0 1176 * MBEDTLS_SSL_PROTO_DTLS
nexpaq 0:6c56fb4bc5f0 1177 *
nexpaq 0:6c56fb4bc5f0 1178 * \warning Disabling this is often a security risk!
nexpaq 0:6c56fb4bc5f0 1179 * See mbedtls_ssl_conf_dtls_anti_replay() for details.
nexpaq 0:6c56fb4bc5f0 1180 *
nexpaq 0:6c56fb4bc5f0 1181 * Comment this to disable anti-replay in DTLS.
nexpaq 0:6c56fb4bc5f0 1182 */
nexpaq 0:6c56fb4bc5f0 1183 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
nexpaq 0:6c56fb4bc5f0 1184
nexpaq 0:6c56fb4bc5f0 1185 /**
nexpaq 0:6c56fb4bc5f0 1186 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
nexpaq 0:6c56fb4bc5f0 1187 *
nexpaq 0:6c56fb4bc5f0 1188 * Enable support for HelloVerifyRequest on DTLS servers.
nexpaq 0:6c56fb4bc5f0 1189 *
nexpaq 0:6c56fb4bc5f0 1190 * This feature is highly recommended to prevent DTLS servers being used as
nexpaq 0:6c56fb4bc5f0 1191 * amplifiers in DoS attacks against other hosts. It should always be enabled
nexpaq 0:6c56fb4bc5f0 1192 * unless you know for sure amplification cannot be a problem in the
nexpaq 0:6c56fb4bc5f0 1193 * environment in which your server operates.
nexpaq 0:6c56fb4bc5f0 1194 *
nexpaq 0:6c56fb4bc5f0 1195 * \warning Disabling this can ba a security risk! (see above)
nexpaq 0:6c56fb4bc5f0 1196 *
nexpaq 0:6c56fb4bc5f0 1197 * Requires: MBEDTLS_SSL_PROTO_DTLS
nexpaq 0:6c56fb4bc5f0 1198 *
nexpaq 0:6c56fb4bc5f0 1199 * Comment this to disable support for HelloVerifyRequest.
nexpaq 0:6c56fb4bc5f0 1200 */
nexpaq 0:6c56fb4bc5f0 1201 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
nexpaq 0:6c56fb4bc5f0 1202
nexpaq 0:6c56fb4bc5f0 1203 /**
nexpaq 0:6c56fb4bc5f0 1204 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
nexpaq 0:6c56fb4bc5f0 1205 *
nexpaq 0:6c56fb4bc5f0 1206 * Enable server-side support for clients that reconnect from the same port.
nexpaq 0:6c56fb4bc5f0 1207 *
nexpaq 0:6c56fb4bc5f0 1208 * Some clients unexpectedly close the connection and try to reconnect using the
nexpaq 0:6c56fb4bc5f0 1209 * same source port. This needs special support from the server to handle the
nexpaq 0:6c56fb4bc5f0 1210 * new connection securely, as described in section 4.2.8 of RFC 6347. This
nexpaq 0:6c56fb4bc5f0 1211 * flag enables that support.
nexpaq 0:6c56fb4bc5f0 1212 *
nexpaq 0:6c56fb4bc5f0 1213 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
nexpaq 0:6c56fb4bc5f0 1214 *
nexpaq 0:6c56fb4bc5f0 1215 * Comment this to disable support for clients reusing the source port.
nexpaq 0:6c56fb4bc5f0 1216 */
nexpaq 0:6c56fb4bc5f0 1217 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
nexpaq 0:6c56fb4bc5f0 1218
nexpaq 0:6c56fb4bc5f0 1219 /**
nexpaq 0:6c56fb4bc5f0 1220 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
nexpaq 0:6c56fb4bc5f0 1221 *
nexpaq 0:6c56fb4bc5f0 1222 * Enable support for a limit of records with bad MAC.
nexpaq 0:6c56fb4bc5f0 1223 *
nexpaq 0:6c56fb4bc5f0 1224 * See mbedtls_ssl_conf_dtls_badmac_limit().
nexpaq 0:6c56fb4bc5f0 1225 *
nexpaq 0:6c56fb4bc5f0 1226 * Requires: MBEDTLS_SSL_PROTO_DTLS
nexpaq 0:6c56fb4bc5f0 1227 */
nexpaq 0:6c56fb4bc5f0 1228 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
nexpaq 0:6c56fb4bc5f0 1229
nexpaq 0:6c56fb4bc5f0 1230 /**
nexpaq 0:6c56fb4bc5f0 1231 * \def MBEDTLS_SSL_SESSION_TICKETS
nexpaq 0:6c56fb4bc5f0 1232 *
nexpaq 0:6c56fb4bc5f0 1233 * Enable support for RFC 5077 session tickets in SSL.
nexpaq 0:6c56fb4bc5f0 1234 * Client-side, provides full support for session tickets (maintainance of a
nexpaq 0:6c56fb4bc5f0 1235 * session store remains the responsibility of the application, though).
nexpaq 0:6c56fb4bc5f0 1236 * Server-side, you also need to provide callbacks for writing and parsing
nexpaq 0:6c56fb4bc5f0 1237 * tickets, including authenticated encryption and key management. Example
nexpaq 0:6c56fb4bc5f0 1238 * callbacks are provided by MBEDTLS_SSL_TICKET_C.
nexpaq 0:6c56fb4bc5f0 1239 *
nexpaq 0:6c56fb4bc5f0 1240 * Comment this macro to disable support for SSL session tickets
nexpaq 0:6c56fb4bc5f0 1241 */
nexpaq 0:6c56fb4bc5f0 1242 #define MBEDTLS_SSL_SESSION_TICKETS
nexpaq 0:6c56fb4bc5f0 1243
nexpaq 0:6c56fb4bc5f0 1244 /**
nexpaq 0:6c56fb4bc5f0 1245 * \def MBEDTLS_SSL_EXPORT_KEYS
nexpaq 0:6c56fb4bc5f0 1246 *
nexpaq 0:6c56fb4bc5f0 1247 * Enable support for exporting key block and master secret.
nexpaq 0:6c56fb4bc5f0 1248 * This is required for certain users of TLS, e.g. EAP-TLS.
nexpaq 0:6c56fb4bc5f0 1249 *
nexpaq 0:6c56fb4bc5f0 1250 * Comment this macro to disable support for key export
nexpaq 0:6c56fb4bc5f0 1251 */
nexpaq 0:6c56fb4bc5f0 1252 #define MBEDTLS_SSL_EXPORT_KEYS
nexpaq 0:6c56fb4bc5f0 1253
nexpaq 0:6c56fb4bc5f0 1254 /**
nexpaq 0:6c56fb4bc5f0 1255 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
nexpaq 0:6c56fb4bc5f0 1256 *
nexpaq 0:6c56fb4bc5f0 1257 * Enable support for RFC 6066 server name indication (SNI) in SSL.
nexpaq 0:6c56fb4bc5f0 1258 *
nexpaq 0:6c56fb4bc5f0 1259 * Requires: MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 1260 *
nexpaq 0:6c56fb4bc5f0 1261 * Comment this macro to disable support for server name indication in SSL
nexpaq 0:6c56fb4bc5f0 1262 */
nexpaq 0:6c56fb4bc5f0 1263 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
nexpaq 0:6c56fb4bc5f0 1264
nexpaq 0:6c56fb4bc5f0 1265 /**
nexpaq 0:6c56fb4bc5f0 1266 * \def MBEDTLS_SSL_TRUNCATED_HMAC
nexpaq 0:6c56fb4bc5f0 1267 *
nexpaq 0:6c56fb4bc5f0 1268 * Enable support for RFC 6066 truncated HMAC in SSL.
nexpaq 0:6c56fb4bc5f0 1269 *
nexpaq 0:6c56fb4bc5f0 1270 * Comment this macro to disable support for truncated HMAC in SSL
nexpaq 0:6c56fb4bc5f0 1271 */
nexpaq 0:6c56fb4bc5f0 1272 //#define MBEDTLS_SSL_TRUNCATED_HMAC
nexpaq 0:6c56fb4bc5f0 1273
nexpaq 0:6c56fb4bc5f0 1274 /**
nexpaq 0:6c56fb4bc5f0 1275 * \def MBEDTLS_THREADING_ALT
nexpaq 0:6c56fb4bc5f0 1276 *
nexpaq 0:6c56fb4bc5f0 1277 * Provide your own alternate threading implementation.
nexpaq 0:6c56fb4bc5f0 1278 *
nexpaq 0:6c56fb4bc5f0 1279 * Requires: MBEDTLS_THREADING_C
nexpaq 0:6c56fb4bc5f0 1280 *
nexpaq 0:6c56fb4bc5f0 1281 * Uncomment this to allow your own alternate threading implementation.
nexpaq 0:6c56fb4bc5f0 1282 */
nexpaq 0:6c56fb4bc5f0 1283 //#define MBEDTLS_THREADING_ALT
nexpaq 0:6c56fb4bc5f0 1284
nexpaq 0:6c56fb4bc5f0 1285 /**
nexpaq 0:6c56fb4bc5f0 1286 * \def MBEDTLS_THREADING_PTHREAD
nexpaq 0:6c56fb4bc5f0 1287 *
nexpaq 0:6c56fb4bc5f0 1288 * Enable the pthread wrapper layer for the threading layer.
nexpaq 0:6c56fb4bc5f0 1289 *
nexpaq 0:6c56fb4bc5f0 1290 * Requires: MBEDTLS_THREADING_C
nexpaq 0:6c56fb4bc5f0 1291 *
nexpaq 0:6c56fb4bc5f0 1292 * Uncomment this to enable pthread mutexes.
nexpaq 0:6c56fb4bc5f0 1293 */
nexpaq 0:6c56fb4bc5f0 1294 //#define MBEDTLS_THREADING_PTHREAD
nexpaq 0:6c56fb4bc5f0 1295
nexpaq 0:6c56fb4bc5f0 1296 /**
nexpaq 0:6c56fb4bc5f0 1297 * \def MBEDTLS_VERSION_FEATURES
nexpaq 0:6c56fb4bc5f0 1298 *
nexpaq 0:6c56fb4bc5f0 1299 * Allow run-time checking of compile-time enabled features. Thus allowing users
nexpaq 0:6c56fb4bc5f0 1300 * to check at run-time if the library is for instance compiled with threading
nexpaq 0:6c56fb4bc5f0 1301 * support via mbedtls_version_check_feature().
nexpaq 0:6c56fb4bc5f0 1302 *
nexpaq 0:6c56fb4bc5f0 1303 * Requires: MBEDTLS_VERSION_C
nexpaq 0:6c56fb4bc5f0 1304 *
nexpaq 0:6c56fb4bc5f0 1305 * Comment this to disable run-time checking and save ROM space
nexpaq 0:6c56fb4bc5f0 1306 */
nexpaq 0:6c56fb4bc5f0 1307 #define MBEDTLS_VERSION_FEATURES
nexpaq 0:6c56fb4bc5f0 1308
nexpaq 0:6c56fb4bc5f0 1309 /**
nexpaq 0:6c56fb4bc5f0 1310 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
nexpaq 0:6c56fb4bc5f0 1311 *
nexpaq 0:6c56fb4bc5f0 1312 * If set, the X509 parser will not break-off when parsing an X509 certificate
nexpaq 0:6c56fb4bc5f0 1313 * and encountering an extension in a v1 or v2 certificate.
nexpaq 0:6c56fb4bc5f0 1314 *
nexpaq 0:6c56fb4bc5f0 1315 * Uncomment to prevent an error.
nexpaq 0:6c56fb4bc5f0 1316 */
nexpaq 0:6c56fb4bc5f0 1317 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
nexpaq 0:6c56fb4bc5f0 1318
nexpaq 0:6c56fb4bc5f0 1319 /**
nexpaq 0:6c56fb4bc5f0 1320 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
nexpaq 0:6c56fb4bc5f0 1321 *
nexpaq 0:6c56fb4bc5f0 1322 * If set, the X509 parser will not break-off when parsing an X509 certificate
nexpaq 0:6c56fb4bc5f0 1323 * and encountering an unknown critical extension.
nexpaq 0:6c56fb4bc5f0 1324 *
nexpaq 0:6c56fb4bc5f0 1325 * \warning Depending on your PKI use, enabling this can be a security risk!
nexpaq 0:6c56fb4bc5f0 1326 *
nexpaq 0:6c56fb4bc5f0 1327 * Uncomment to prevent an error.
nexpaq 0:6c56fb4bc5f0 1328 */
nexpaq 0:6c56fb4bc5f0 1329 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
nexpaq 0:6c56fb4bc5f0 1330
nexpaq 0:6c56fb4bc5f0 1331 /**
nexpaq 0:6c56fb4bc5f0 1332 * \def MBEDTLS_X509_CHECK_KEY_USAGE
nexpaq 0:6c56fb4bc5f0 1333 *
nexpaq 0:6c56fb4bc5f0 1334 * Enable verification of the keyUsage extension (CA and leaf certificates).
nexpaq 0:6c56fb4bc5f0 1335 *
nexpaq 0:6c56fb4bc5f0 1336 * Disabling this avoids problems with mis-issued and/or misused
nexpaq 0:6c56fb4bc5f0 1337 * (intermediate) CA and leaf certificates.
nexpaq 0:6c56fb4bc5f0 1338 *
nexpaq 0:6c56fb4bc5f0 1339 * \warning Depending on your PKI use, disabling this can be a security risk!
nexpaq 0:6c56fb4bc5f0 1340 *
nexpaq 0:6c56fb4bc5f0 1341 * Comment to skip keyUsage checking for both CA and leaf certificates.
nexpaq 0:6c56fb4bc5f0 1342 */
nexpaq 0:6c56fb4bc5f0 1343 #define MBEDTLS_X509_CHECK_KEY_USAGE
nexpaq 0:6c56fb4bc5f0 1344
nexpaq 0:6c56fb4bc5f0 1345 /**
nexpaq 0:6c56fb4bc5f0 1346 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
nexpaq 0:6c56fb4bc5f0 1347 *
nexpaq 0:6c56fb4bc5f0 1348 * Enable verification of the extendedKeyUsage extension (leaf certificates).
nexpaq 0:6c56fb4bc5f0 1349 *
nexpaq 0:6c56fb4bc5f0 1350 * Disabling this avoids problems with mis-issued and/or misused certificates.
nexpaq 0:6c56fb4bc5f0 1351 *
nexpaq 0:6c56fb4bc5f0 1352 * \warning Depending on your PKI use, disabling this can be a security risk!
nexpaq 0:6c56fb4bc5f0 1353 *
nexpaq 0:6c56fb4bc5f0 1354 * Comment to skip extendedKeyUsage checking for certificates.
nexpaq 0:6c56fb4bc5f0 1355 */
nexpaq 0:6c56fb4bc5f0 1356 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
nexpaq 0:6c56fb4bc5f0 1357
nexpaq 0:6c56fb4bc5f0 1358 /**
nexpaq 0:6c56fb4bc5f0 1359 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
nexpaq 0:6c56fb4bc5f0 1360 *
nexpaq 0:6c56fb4bc5f0 1361 * Enable parsing and verification of X.509 certificates, CRLs and CSRS
nexpaq 0:6c56fb4bc5f0 1362 * signed with RSASSA-PSS (aka PKCS#1 v2.1).
nexpaq 0:6c56fb4bc5f0 1363 *
nexpaq 0:6c56fb4bc5f0 1364 * Comment this macro to disallow using RSASSA-PSS in certificates.
nexpaq 0:6c56fb4bc5f0 1365 */
nexpaq 0:6c56fb4bc5f0 1366 //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
nexpaq 0:6c56fb4bc5f0 1367
nexpaq 0:6c56fb4bc5f0 1368 /**
nexpaq 0:6c56fb4bc5f0 1369 * \def MBEDTLS_ZLIB_SUPPORT
nexpaq 0:6c56fb4bc5f0 1370 *
nexpaq 0:6c56fb4bc5f0 1371 * If set, the SSL/TLS module uses ZLIB to support compression and
nexpaq 0:6c56fb4bc5f0 1372 * decompression of packet data.
nexpaq 0:6c56fb4bc5f0 1373 *
nexpaq 0:6c56fb4bc5f0 1374 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
nexpaq 0:6c56fb4bc5f0 1375 * CRIME attack. Before enabling this option, you should examine with care if
nexpaq 0:6c56fb4bc5f0 1376 * CRIME or similar exploits may be a applicable to your use case.
nexpaq 0:6c56fb4bc5f0 1377 *
nexpaq 0:6c56fb4bc5f0 1378 * \note Currently compression can't be used with DTLS.
nexpaq 0:6c56fb4bc5f0 1379 *
nexpaq 0:6c56fb4bc5f0 1380 * Used in: library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1381 * library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 1382 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 1383 *
nexpaq 0:6c56fb4bc5f0 1384 * This feature requires zlib library and headers to be present.
nexpaq 0:6c56fb4bc5f0 1385 *
nexpaq 0:6c56fb4bc5f0 1386 * Uncomment to enable use of ZLIB
nexpaq 0:6c56fb4bc5f0 1387 */
nexpaq 0:6c56fb4bc5f0 1388 //#define MBEDTLS_ZLIB_SUPPORT
nexpaq 0:6c56fb4bc5f0 1389 /* \} name SECTION: mbed TLS feature support */
nexpaq 0:6c56fb4bc5f0 1390
nexpaq 0:6c56fb4bc5f0 1391 /**
nexpaq 0:6c56fb4bc5f0 1392 * \name SECTION: mbed TLS modules
nexpaq 0:6c56fb4bc5f0 1393 *
nexpaq 0:6c56fb4bc5f0 1394 * This section enables or disables entire modules in mbed TLS
nexpaq 0:6c56fb4bc5f0 1395 * \{
nexpaq 0:6c56fb4bc5f0 1396 */
nexpaq 0:6c56fb4bc5f0 1397
nexpaq 0:6c56fb4bc5f0 1398 /**
nexpaq 0:6c56fb4bc5f0 1399 * \def MBEDTLS_AESNI_C
nexpaq 0:6c56fb4bc5f0 1400 *
nexpaq 0:6c56fb4bc5f0 1401 * Enable AES-NI support on x86-64.
nexpaq 0:6c56fb4bc5f0 1402 *
nexpaq 0:6c56fb4bc5f0 1403 * Module: library/aesni.c
nexpaq 0:6c56fb4bc5f0 1404 * Caller: library/aes.c
nexpaq 0:6c56fb4bc5f0 1405 *
nexpaq 0:6c56fb4bc5f0 1406 * Requires: MBEDTLS_HAVE_ASM
nexpaq 0:6c56fb4bc5f0 1407 *
nexpaq 0:6c56fb4bc5f0 1408 * This modules adds support for the AES-NI instructions on x86-64
nexpaq 0:6c56fb4bc5f0 1409 */
nexpaq 0:6c56fb4bc5f0 1410 //#define MBEDTLS_AESNI_C
nexpaq 0:6c56fb4bc5f0 1411
nexpaq 0:6c56fb4bc5f0 1412 /**
nexpaq 0:6c56fb4bc5f0 1413 * \def MBEDTLS_AES_C
nexpaq 0:6c56fb4bc5f0 1414 *
nexpaq 0:6c56fb4bc5f0 1415 * Enable the AES block cipher.
nexpaq 0:6c56fb4bc5f0 1416 *
nexpaq 0:6c56fb4bc5f0 1417 * Module: library/aes.c
nexpaq 0:6c56fb4bc5f0 1418 * Caller: library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1419 * library/pem.c
nexpaq 0:6c56fb4bc5f0 1420 * library/ctr_drbg.c
nexpaq 0:6c56fb4bc5f0 1421 *
nexpaq 0:6c56fb4bc5f0 1422 * This module enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 1423 * enabled as well):
nexpaq 0:6c56fb4bc5f0 1424 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1425 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1426 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1427 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1428 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1429 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1430 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1431 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1432 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1433 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1434 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1435 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1436 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1437 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1438 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1439 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1440 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1441 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1442 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1443 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1444 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1445 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1446 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1447 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1448 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1449 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1450 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1451 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1452 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1453 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1454 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1455 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1456 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1457 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1458 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1459 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1460 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1461 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1462 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1463 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1464 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1465 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1466 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1467 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1468 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1469 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1470 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1471 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1472 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1473 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1474 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1475 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1476 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1477 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1478 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1479 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1480 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1481 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1482 *
nexpaq 0:6c56fb4bc5f0 1483 * PEM_PARSE uses AES for decrypting encrypted keys.
nexpaq 0:6c56fb4bc5f0 1484 */
nexpaq 0:6c56fb4bc5f0 1485 #define MBEDTLS_AES_C
nexpaq 0:6c56fb4bc5f0 1486
nexpaq 0:6c56fb4bc5f0 1487 /**
nexpaq 0:6c56fb4bc5f0 1488 * \def MBEDTLS_ARC4_C
nexpaq 0:6c56fb4bc5f0 1489 *
nexpaq 0:6c56fb4bc5f0 1490 * Enable the ARCFOUR stream cipher.
nexpaq 0:6c56fb4bc5f0 1491 *
nexpaq 0:6c56fb4bc5f0 1492 * Module: library/arc4.c
nexpaq 0:6c56fb4bc5f0 1493 * Caller: library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1494 *
nexpaq 0:6c56fb4bc5f0 1495 * This module enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 1496 * enabled as well):
nexpaq 0:6c56fb4bc5f0 1497 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1498 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1499 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1500 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1501 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1502 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1503 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1504 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
nexpaq 0:6c56fb4bc5f0 1505 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1506 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
nexpaq 0:6c56fb4bc5f0 1507 */
nexpaq 0:6c56fb4bc5f0 1508 //#define MBEDTLS_ARC4_C
nexpaq 0:6c56fb4bc5f0 1509
nexpaq 0:6c56fb4bc5f0 1510 /**
nexpaq 0:6c56fb4bc5f0 1511 * \def MBEDTLS_ASN1_PARSE_C
nexpaq 0:6c56fb4bc5f0 1512 *
nexpaq 0:6c56fb4bc5f0 1513 * Enable the generic ASN1 parser.
nexpaq 0:6c56fb4bc5f0 1514 *
nexpaq 0:6c56fb4bc5f0 1515 * Module: library/asn1.c
nexpaq 0:6c56fb4bc5f0 1516 * Caller: library/x509.c
nexpaq 0:6c56fb4bc5f0 1517 * library/dhm.c
nexpaq 0:6c56fb4bc5f0 1518 * library/pkcs12.c
nexpaq 0:6c56fb4bc5f0 1519 * library/pkcs5.c
nexpaq 0:6c56fb4bc5f0 1520 * library/pkparse.c
nexpaq 0:6c56fb4bc5f0 1521 */
nexpaq 0:6c56fb4bc5f0 1522 #define MBEDTLS_ASN1_PARSE_C
nexpaq 0:6c56fb4bc5f0 1523
nexpaq 0:6c56fb4bc5f0 1524 /**
nexpaq 0:6c56fb4bc5f0 1525 * \def MBEDTLS_ASN1_WRITE_C
nexpaq 0:6c56fb4bc5f0 1526 *
nexpaq 0:6c56fb4bc5f0 1527 * Enable the generic ASN1 writer.
nexpaq 0:6c56fb4bc5f0 1528 *
nexpaq 0:6c56fb4bc5f0 1529 * Module: library/asn1write.c
nexpaq 0:6c56fb4bc5f0 1530 * Caller: library/ecdsa.c
nexpaq 0:6c56fb4bc5f0 1531 * library/pkwrite.c
nexpaq 0:6c56fb4bc5f0 1532 * library/x509_create.c
nexpaq 0:6c56fb4bc5f0 1533 * library/x509write_crt.c
nexpaq 0:6c56fb4bc5f0 1534 * library/mbedtls_x509write_csr.c
nexpaq 0:6c56fb4bc5f0 1535 */
nexpaq 0:6c56fb4bc5f0 1536 #define MBEDTLS_ASN1_WRITE_C
nexpaq 0:6c56fb4bc5f0 1537
nexpaq 0:6c56fb4bc5f0 1538 /**
nexpaq 0:6c56fb4bc5f0 1539 * \def MBEDTLS_BASE64_C
nexpaq 0:6c56fb4bc5f0 1540 *
nexpaq 0:6c56fb4bc5f0 1541 * Enable the Base64 module.
nexpaq 0:6c56fb4bc5f0 1542 *
nexpaq 0:6c56fb4bc5f0 1543 * Module: library/base64.c
nexpaq 0:6c56fb4bc5f0 1544 * Caller: library/pem.c
nexpaq 0:6c56fb4bc5f0 1545 *
nexpaq 0:6c56fb4bc5f0 1546 * This module is required for PEM support (required by X.509).
nexpaq 0:6c56fb4bc5f0 1547 */
nexpaq 0:6c56fb4bc5f0 1548 #define MBEDTLS_BASE64_C
nexpaq 0:6c56fb4bc5f0 1549
nexpaq 0:6c56fb4bc5f0 1550 /**
nexpaq 0:6c56fb4bc5f0 1551 * \def MBEDTLS_BIGNUM_C
nexpaq 0:6c56fb4bc5f0 1552 *
nexpaq 0:6c56fb4bc5f0 1553 * Enable the multi-precision integer library.
nexpaq 0:6c56fb4bc5f0 1554 *
nexpaq 0:6c56fb4bc5f0 1555 * Module: library/bignum.c
nexpaq 0:6c56fb4bc5f0 1556 * Caller: library/dhm.c
nexpaq 0:6c56fb4bc5f0 1557 * library/ecp.c
nexpaq 0:6c56fb4bc5f0 1558 * library/ecdsa.c
nexpaq 0:6c56fb4bc5f0 1559 * library/rsa.c
nexpaq 0:6c56fb4bc5f0 1560 * library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1561 *
nexpaq 0:6c56fb4bc5f0 1562 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
nexpaq 0:6c56fb4bc5f0 1563 */
nexpaq 0:6c56fb4bc5f0 1564 #define MBEDTLS_BIGNUM_C
nexpaq 0:6c56fb4bc5f0 1565
nexpaq 0:6c56fb4bc5f0 1566 /**
nexpaq 0:6c56fb4bc5f0 1567 * \def MBEDTLS_BLOWFISH_C
nexpaq 0:6c56fb4bc5f0 1568 *
nexpaq 0:6c56fb4bc5f0 1569 * Enable the Blowfish block cipher.
nexpaq 0:6c56fb4bc5f0 1570 *
nexpaq 0:6c56fb4bc5f0 1571 * Module: library/blowfish.c
nexpaq 0:6c56fb4bc5f0 1572 */
nexpaq 0:6c56fb4bc5f0 1573 //#define MBEDTLS_BLOWFISH_C
nexpaq 0:6c56fb4bc5f0 1574
nexpaq 0:6c56fb4bc5f0 1575 /**
nexpaq 0:6c56fb4bc5f0 1576 * \def MBEDTLS_CAMELLIA_C
nexpaq 0:6c56fb4bc5f0 1577 *
nexpaq 0:6c56fb4bc5f0 1578 * Enable the Camellia block cipher.
nexpaq 0:6c56fb4bc5f0 1579 *
nexpaq 0:6c56fb4bc5f0 1580 * Module: library/camellia.c
nexpaq 0:6c56fb4bc5f0 1581 * Caller: library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1582 *
nexpaq 0:6c56fb4bc5f0 1583 * This module enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 1584 * enabled as well):
nexpaq 0:6c56fb4bc5f0 1585 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1586 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1587 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1588 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1589 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1590 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1591 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1592 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1593 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1594 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1595 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1596 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1597 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1598 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1599 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1600 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1601 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1602 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1603 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1604 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1605 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1606 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1607 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1608 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1609 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1610 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1611 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1612 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1613 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1614 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1615 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1616 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1617 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1618 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1619 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1620 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1621 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1622 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1623 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
nexpaq 0:6c56fb4bc5f0 1624 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
nexpaq 0:6c56fb4bc5f0 1625 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 1626 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
nexpaq 0:6c56fb4bc5f0 1627 */
nexpaq 0:6c56fb4bc5f0 1628 //#define MBEDTLS_CAMELLIA_C
nexpaq 0:6c56fb4bc5f0 1629
nexpaq 0:6c56fb4bc5f0 1630 /**
nexpaq 0:6c56fb4bc5f0 1631 * \def MBEDTLS_CCM_C
nexpaq 0:6c56fb4bc5f0 1632 *
nexpaq 0:6c56fb4bc5f0 1633 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
nexpaq 0:6c56fb4bc5f0 1634 *
nexpaq 0:6c56fb4bc5f0 1635 * Module: library/ccm.c
nexpaq 0:6c56fb4bc5f0 1636 *
nexpaq 0:6c56fb4bc5f0 1637 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
nexpaq 0:6c56fb4bc5f0 1638 *
nexpaq 0:6c56fb4bc5f0 1639 * This module enables the AES-CCM ciphersuites, if other requisites are
nexpaq 0:6c56fb4bc5f0 1640 * enabled as well.
nexpaq 0:6c56fb4bc5f0 1641 */
nexpaq 0:6c56fb4bc5f0 1642 #define MBEDTLS_CCM_C
nexpaq 0:6c56fb4bc5f0 1643
nexpaq 0:6c56fb4bc5f0 1644 /**
nexpaq 0:6c56fb4bc5f0 1645 * \def MBEDTLS_CERTS_C
nexpaq 0:6c56fb4bc5f0 1646 *
nexpaq 0:6c56fb4bc5f0 1647 * Enable the test certificates.
nexpaq 0:6c56fb4bc5f0 1648 *
nexpaq 0:6c56fb4bc5f0 1649 * Module: library/certs.c
nexpaq 0:6c56fb4bc5f0 1650 * Caller:
nexpaq 0:6c56fb4bc5f0 1651 *
nexpaq 0:6c56fb4bc5f0 1652 * This module is used for testing (ssl_client/server).
nexpaq 0:6c56fb4bc5f0 1653 */
nexpaq 0:6c56fb4bc5f0 1654 #define MBEDTLS_CERTS_C
nexpaq 0:6c56fb4bc5f0 1655
nexpaq 0:6c56fb4bc5f0 1656 /**
nexpaq 0:6c56fb4bc5f0 1657 * \def MBEDTLS_CIPHER_C
nexpaq 0:6c56fb4bc5f0 1658 *
nexpaq 0:6c56fb4bc5f0 1659 * Enable the generic cipher layer.
nexpaq 0:6c56fb4bc5f0 1660 *
nexpaq 0:6c56fb4bc5f0 1661 * Module: library/cipher.c
nexpaq 0:6c56fb4bc5f0 1662 * Caller: library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1663 *
nexpaq 0:6c56fb4bc5f0 1664 * Uncomment to enable generic cipher wrappers.
nexpaq 0:6c56fb4bc5f0 1665 */
nexpaq 0:6c56fb4bc5f0 1666 #define MBEDTLS_CIPHER_C
nexpaq 0:6c56fb4bc5f0 1667
nexpaq 0:6c56fb4bc5f0 1668 /**
nexpaq 0:6c56fb4bc5f0 1669 * \def MBEDTLS_CTR_DRBG_C
nexpaq 0:6c56fb4bc5f0 1670 *
nexpaq 0:6c56fb4bc5f0 1671 * Enable the CTR_DRBG AES-256-based random generator.
nexpaq 0:6c56fb4bc5f0 1672 *
nexpaq 0:6c56fb4bc5f0 1673 * Module: library/ctr_drbg.c
nexpaq 0:6c56fb4bc5f0 1674 * Caller:
nexpaq 0:6c56fb4bc5f0 1675 *
nexpaq 0:6c56fb4bc5f0 1676 * Requires: MBEDTLS_AES_C
nexpaq 0:6c56fb4bc5f0 1677 *
nexpaq 0:6c56fb4bc5f0 1678 * This module provides the CTR_DRBG AES-256 random number generator.
nexpaq 0:6c56fb4bc5f0 1679 */
nexpaq 0:6c56fb4bc5f0 1680 #define MBEDTLS_CTR_DRBG_C
nexpaq 0:6c56fb4bc5f0 1681
nexpaq 0:6c56fb4bc5f0 1682 /**
nexpaq 0:6c56fb4bc5f0 1683 * \def MBEDTLS_DEBUG_C
nexpaq 0:6c56fb4bc5f0 1684 *
nexpaq 0:6c56fb4bc5f0 1685 * Enable the debug functions.
nexpaq 0:6c56fb4bc5f0 1686 *
nexpaq 0:6c56fb4bc5f0 1687 * Module: library/debug.c
nexpaq 0:6c56fb4bc5f0 1688 * Caller: library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 1689 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 1690 * library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1691 *
nexpaq 0:6c56fb4bc5f0 1692 * This module provides debugging functions.
nexpaq 0:6c56fb4bc5f0 1693 */
nexpaq 0:6c56fb4bc5f0 1694 #define MBEDTLS_DEBUG_C
nexpaq 0:6c56fb4bc5f0 1695
nexpaq 0:6c56fb4bc5f0 1696 /**
nexpaq 0:6c56fb4bc5f0 1697 * \def MBEDTLS_DES_C
nexpaq 0:6c56fb4bc5f0 1698 *
nexpaq 0:6c56fb4bc5f0 1699 * Enable the DES block cipher.
nexpaq 0:6c56fb4bc5f0 1700 *
nexpaq 0:6c56fb4bc5f0 1701 * Module: library/des.c
nexpaq 0:6c56fb4bc5f0 1702 * Caller: library/pem.c
nexpaq 0:6c56fb4bc5f0 1703 * library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1704 *
nexpaq 0:6c56fb4bc5f0 1705 * This module enables the following ciphersuites (if other requisites are
nexpaq 0:6c56fb4bc5f0 1706 * enabled as well):
nexpaq 0:6c56fb4bc5f0 1707 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1708 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1709 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1710 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1711 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1712 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1713 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1714 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1715 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1716 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
nexpaq 0:6c56fb4bc5f0 1717 *
nexpaq 0:6c56fb4bc5f0 1718 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
nexpaq 0:6c56fb4bc5f0 1719 */
nexpaq 0:6c56fb4bc5f0 1720 //#define MBEDTLS_DES_C
nexpaq 0:6c56fb4bc5f0 1721
nexpaq 0:6c56fb4bc5f0 1722 /**
nexpaq 0:6c56fb4bc5f0 1723 * \def MBEDTLS_DHM_C
nexpaq 0:6c56fb4bc5f0 1724 *
nexpaq 0:6c56fb4bc5f0 1725 * Enable the Diffie-Hellman-Merkle module.
nexpaq 0:6c56fb4bc5f0 1726 *
nexpaq 0:6c56fb4bc5f0 1727 * Module: library/dhm.c
nexpaq 0:6c56fb4bc5f0 1728 * Caller: library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 1729 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 1730 *
nexpaq 0:6c56fb4bc5f0 1731 * This module is used by the following key exchanges:
nexpaq 0:6c56fb4bc5f0 1732 * DHE-RSA, DHE-PSK
nexpaq 0:6c56fb4bc5f0 1733 */
nexpaq 0:6c56fb4bc5f0 1734 //#define MBEDTLS_DHM_C
nexpaq 0:6c56fb4bc5f0 1735
nexpaq 0:6c56fb4bc5f0 1736 /**
nexpaq 0:6c56fb4bc5f0 1737 * \def MBEDTLS_ECDH_C
nexpaq 0:6c56fb4bc5f0 1738 *
nexpaq 0:6c56fb4bc5f0 1739 * Enable the elliptic curve Diffie-Hellman library.
nexpaq 0:6c56fb4bc5f0 1740 *
nexpaq 0:6c56fb4bc5f0 1741 * Module: library/ecdh.c
nexpaq 0:6c56fb4bc5f0 1742 * Caller: library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 1743 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 1744 *
nexpaq 0:6c56fb4bc5f0 1745 * This module is used by the following key exchanges:
nexpaq 0:6c56fb4bc5f0 1746 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
nexpaq 0:6c56fb4bc5f0 1747 *
nexpaq 0:6c56fb4bc5f0 1748 * Requires: MBEDTLS_ECP_C
nexpaq 0:6c56fb4bc5f0 1749 */
nexpaq 0:6c56fb4bc5f0 1750 #define MBEDTLS_ECDH_C
nexpaq 0:6c56fb4bc5f0 1751
nexpaq 0:6c56fb4bc5f0 1752 /**
nexpaq 0:6c56fb4bc5f0 1753 * \def MBEDTLS_ECDSA_C
nexpaq 0:6c56fb4bc5f0 1754 *
nexpaq 0:6c56fb4bc5f0 1755 * Enable the elliptic curve DSA library.
nexpaq 0:6c56fb4bc5f0 1756 *
nexpaq 0:6c56fb4bc5f0 1757 * Module: library/ecdsa.c
nexpaq 0:6c56fb4bc5f0 1758 * Caller:
nexpaq 0:6c56fb4bc5f0 1759 *
nexpaq 0:6c56fb4bc5f0 1760 * This module is used by the following key exchanges:
nexpaq 0:6c56fb4bc5f0 1761 * ECDHE-ECDSA
nexpaq 0:6c56fb4bc5f0 1762 *
nexpaq 0:6c56fb4bc5f0 1763 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
nexpaq 0:6c56fb4bc5f0 1764 */
nexpaq 0:6c56fb4bc5f0 1765 #define MBEDTLS_ECDSA_C
nexpaq 0:6c56fb4bc5f0 1766
nexpaq 0:6c56fb4bc5f0 1767 /**
nexpaq 0:6c56fb4bc5f0 1768 * \def MBEDTLS_ECJPAKE_C
nexpaq 0:6c56fb4bc5f0 1769 *
nexpaq 0:6c56fb4bc5f0 1770 * Enable the elliptic curve J-PAKE library.
nexpaq 0:6c56fb4bc5f0 1771 *
nexpaq 0:6c56fb4bc5f0 1772 * \warning This is currently experimental. EC J-PAKE support is based on the
nexpaq 0:6c56fb4bc5f0 1773 * Thread v1.0.0 specification; incompatible changes to the specification
nexpaq 0:6c56fb4bc5f0 1774 * might still happen. For this reason, this is disabled by default.
nexpaq 0:6c56fb4bc5f0 1775 *
nexpaq 0:6c56fb4bc5f0 1776 * Module: library/ecjpake.c
nexpaq 0:6c56fb4bc5f0 1777 * Caller:
nexpaq 0:6c56fb4bc5f0 1778 *
nexpaq 0:6c56fb4bc5f0 1779 * This module is used by the following key exchanges:
nexpaq 0:6c56fb4bc5f0 1780 * ECJPAKE
nexpaq 0:6c56fb4bc5f0 1781 *
nexpaq 0:6c56fb4bc5f0 1782 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
nexpaq 0:6c56fb4bc5f0 1783 */
nexpaq 0:6c56fb4bc5f0 1784 //#define MBEDTLS_ECJPAKE_C
nexpaq 0:6c56fb4bc5f0 1785
nexpaq 0:6c56fb4bc5f0 1786 /**
nexpaq 0:6c56fb4bc5f0 1787 * \def MBEDTLS_ECP_C
nexpaq 0:6c56fb4bc5f0 1788 *
nexpaq 0:6c56fb4bc5f0 1789 * Enable the elliptic curve over GF(p) library.
nexpaq 0:6c56fb4bc5f0 1790 *
nexpaq 0:6c56fb4bc5f0 1791 * Module: library/ecp.c
nexpaq 0:6c56fb4bc5f0 1792 * Caller: library/ecdh.c
nexpaq 0:6c56fb4bc5f0 1793 * library/ecdsa.c
nexpaq 0:6c56fb4bc5f0 1794 * library/ecjpake.c
nexpaq 0:6c56fb4bc5f0 1795 *
nexpaq 0:6c56fb4bc5f0 1796 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
nexpaq 0:6c56fb4bc5f0 1797 */
nexpaq 0:6c56fb4bc5f0 1798 #define MBEDTLS_ECP_C
nexpaq 0:6c56fb4bc5f0 1799
nexpaq 0:6c56fb4bc5f0 1800 /**
nexpaq 0:6c56fb4bc5f0 1801 * \def MBEDTLS_ENTROPY_C
nexpaq 0:6c56fb4bc5f0 1802 *
nexpaq 0:6c56fb4bc5f0 1803 * Enable the platform-specific entropy code.
nexpaq 0:6c56fb4bc5f0 1804 *
nexpaq 0:6c56fb4bc5f0 1805 * Module: library/entropy.c
nexpaq 0:6c56fb4bc5f0 1806 * Caller:
nexpaq 0:6c56fb4bc5f0 1807 *
nexpaq 0:6c56fb4bc5f0 1808 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
nexpaq 0:6c56fb4bc5f0 1809 *
nexpaq 0:6c56fb4bc5f0 1810 * This module provides a generic entropy pool
nexpaq 0:6c56fb4bc5f0 1811 */
nexpaq 0:6c56fb4bc5f0 1812 #define MBEDTLS_ENTROPY_C
nexpaq 0:6c56fb4bc5f0 1813
nexpaq 0:6c56fb4bc5f0 1814 /**
nexpaq 0:6c56fb4bc5f0 1815 * \def MBEDTLS_ERROR_C
nexpaq 0:6c56fb4bc5f0 1816 *
nexpaq 0:6c56fb4bc5f0 1817 * Enable error code to error string conversion.
nexpaq 0:6c56fb4bc5f0 1818 *
nexpaq 0:6c56fb4bc5f0 1819 * Module: library/error.c
nexpaq 0:6c56fb4bc5f0 1820 * Caller:
nexpaq 0:6c56fb4bc5f0 1821 *
nexpaq 0:6c56fb4bc5f0 1822 * This module enables mbedtls_strerror().
nexpaq 0:6c56fb4bc5f0 1823 */
nexpaq 0:6c56fb4bc5f0 1824 #define MBEDTLS_ERROR_C
nexpaq 0:6c56fb4bc5f0 1825
nexpaq 0:6c56fb4bc5f0 1826 /**
nexpaq 0:6c56fb4bc5f0 1827 * \def MBEDTLS_GCM_C
nexpaq 0:6c56fb4bc5f0 1828 *
nexpaq 0:6c56fb4bc5f0 1829 * Enable the Galois/Counter Mode (GCM) for AES.
nexpaq 0:6c56fb4bc5f0 1830 *
nexpaq 0:6c56fb4bc5f0 1831 * Module: library/gcm.c
nexpaq 0:6c56fb4bc5f0 1832 *
nexpaq 0:6c56fb4bc5f0 1833 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
nexpaq 0:6c56fb4bc5f0 1834 *
nexpaq 0:6c56fb4bc5f0 1835 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
nexpaq 0:6c56fb4bc5f0 1836 * requisites are enabled as well.
nexpaq 0:6c56fb4bc5f0 1837 */
nexpaq 0:6c56fb4bc5f0 1838 #define MBEDTLS_GCM_C
nexpaq 0:6c56fb4bc5f0 1839
nexpaq 0:6c56fb4bc5f0 1840 /**
nexpaq 0:6c56fb4bc5f0 1841 * \def MBEDTLS_HAVEGE_C
nexpaq 0:6c56fb4bc5f0 1842 *
nexpaq 0:6c56fb4bc5f0 1843 * Enable the HAVEGE random generator.
nexpaq 0:6c56fb4bc5f0 1844 *
nexpaq 0:6c56fb4bc5f0 1845 * Warning: the HAVEGE random generator is not suitable for virtualized
nexpaq 0:6c56fb4bc5f0 1846 * environments
nexpaq 0:6c56fb4bc5f0 1847 *
nexpaq 0:6c56fb4bc5f0 1848 * Warning: the HAVEGE random generator is dependent on timing and specific
nexpaq 0:6c56fb4bc5f0 1849 * processor traits. It is therefore not advised to use HAVEGE as
nexpaq 0:6c56fb4bc5f0 1850 * your applications primary random generator or primary entropy pool
nexpaq 0:6c56fb4bc5f0 1851 * input. As a secondary input to your entropy pool, it IS able add
nexpaq 0:6c56fb4bc5f0 1852 * the (limited) extra entropy it provides.
nexpaq 0:6c56fb4bc5f0 1853 *
nexpaq 0:6c56fb4bc5f0 1854 * Module: library/havege.c
nexpaq 0:6c56fb4bc5f0 1855 * Caller:
nexpaq 0:6c56fb4bc5f0 1856 *
nexpaq 0:6c56fb4bc5f0 1857 * Requires: MBEDTLS_TIMING_C
nexpaq 0:6c56fb4bc5f0 1858 *
nexpaq 0:6c56fb4bc5f0 1859 * Uncomment to enable the HAVEGE random generator.
nexpaq 0:6c56fb4bc5f0 1860 */
nexpaq 0:6c56fb4bc5f0 1861 //#define MBEDTLS_HAVEGE_C
nexpaq 0:6c56fb4bc5f0 1862
nexpaq 0:6c56fb4bc5f0 1863 /**
nexpaq 0:6c56fb4bc5f0 1864 * \def MBEDTLS_HMAC_DRBG_C
nexpaq 0:6c56fb4bc5f0 1865 *
nexpaq 0:6c56fb4bc5f0 1866 * Enable the HMAC_DRBG random generator.
nexpaq 0:6c56fb4bc5f0 1867 *
nexpaq 0:6c56fb4bc5f0 1868 * Module: library/hmac_drbg.c
nexpaq 0:6c56fb4bc5f0 1869 * Caller:
nexpaq 0:6c56fb4bc5f0 1870 *
nexpaq 0:6c56fb4bc5f0 1871 * Requires: MBEDTLS_MD_C
nexpaq 0:6c56fb4bc5f0 1872 *
nexpaq 0:6c56fb4bc5f0 1873 * Uncomment to enable the HMAC_DRBG random number geerator.
nexpaq 0:6c56fb4bc5f0 1874 */
nexpaq 0:6c56fb4bc5f0 1875 #define MBEDTLS_HMAC_DRBG_C
nexpaq 0:6c56fb4bc5f0 1876
nexpaq 0:6c56fb4bc5f0 1877 /**
nexpaq 0:6c56fb4bc5f0 1878 * \def MBEDTLS_MD_C
nexpaq 0:6c56fb4bc5f0 1879 *
nexpaq 0:6c56fb4bc5f0 1880 * Enable the generic message digest layer.
nexpaq 0:6c56fb4bc5f0 1881 *
nexpaq 0:6c56fb4bc5f0 1882 * Module: library/mbedtls_md.c
nexpaq 0:6c56fb4bc5f0 1883 * Caller:
nexpaq 0:6c56fb4bc5f0 1884 *
nexpaq 0:6c56fb4bc5f0 1885 * Uncomment to enable generic message digest wrappers.
nexpaq 0:6c56fb4bc5f0 1886 */
nexpaq 0:6c56fb4bc5f0 1887 #define MBEDTLS_MD_C
nexpaq 0:6c56fb4bc5f0 1888
nexpaq 0:6c56fb4bc5f0 1889 /**
nexpaq 0:6c56fb4bc5f0 1890 * \def MBEDTLS_MD2_C
nexpaq 0:6c56fb4bc5f0 1891 *
nexpaq 0:6c56fb4bc5f0 1892 * Enable the MD2 hash algorithm.
nexpaq 0:6c56fb4bc5f0 1893 *
nexpaq 0:6c56fb4bc5f0 1894 * Module: library/mbedtls_md2.c
nexpaq 0:6c56fb4bc5f0 1895 * Caller:
nexpaq 0:6c56fb4bc5f0 1896 *
nexpaq 0:6c56fb4bc5f0 1897 * Uncomment to enable support for (rare) MD2-signed X.509 certs.
nexpaq 0:6c56fb4bc5f0 1898 */
nexpaq 0:6c56fb4bc5f0 1899 //#define MBEDTLS_MD2_C
nexpaq 0:6c56fb4bc5f0 1900
nexpaq 0:6c56fb4bc5f0 1901 /**
nexpaq 0:6c56fb4bc5f0 1902 * \def MBEDTLS_MD4_C
nexpaq 0:6c56fb4bc5f0 1903 *
nexpaq 0:6c56fb4bc5f0 1904 * Enable the MD4 hash algorithm.
nexpaq 0:6c56fb4bc5f0 1905 *
nexpaq 0:6c56fb4bc5f0 1906 * Module: library/mbedtls_md4.c
nexpaq 0:6c56fb4bc5f0 1907 * Caller:
nexpaq 0:6c56fb4bc5f0 1908 *
nexpaq 0:6c56fb4bc5f0 1909 * Uncomment to enable support for (rare) MD4-signed X.509 certs.
nexpaq 0:6c56fb4bc5f0 1910 */
nexpaq 0:6c56fb4bc5f0 1911 //#define MBEDTLS_MD4_C
nexpaq 0:6c56fb4bc5f0 1912
nexpaq 0:6c56fb4bc5f0 1913 /**
nexpaq 0:6c56fb4bc5f0 1914 * \def MBEDTLS_MD5_C
nexpaq 0:6c56fb4bc5f0 1915 *
nexpaq 0:6c56fb4bc5f0 1916 * Enable the MD5 hash algorithm.
nexpaq 0:6c56fb4bc5f0 1917 *
nexpaq 0:6c56fb4bc5f0 1918 * Module: library/mbedtls_md5.c
nexpaq 0:6c56fb4bc5f0 1919 * Caller: library/mbedtls_md.c
nexpaq 0:6c56fb4bc5f0 1920 * library/pem.c
nexpaq 0:6c56fb4bc5f0 1921 * library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 1922 *
nexpaq 0:6c56fb4bc5f0 1923 * This module is required for SSL/TLS and X.509.
nexpaq 0:6c56fb4bc5f0 1924 * PEM_PARSE uses MD5 for decrypting encrypted keys.
nexpaq 0:6c56fb4bc5f0 1925 */
nexpaq 0:6c56fb4bc5f0 1926 //#define MBEDTLS_MD5_C
nexpaq 0:6c56fb4bc5f0 1927
nexpaq 0:6c56fb4bc5f0 1928 /**
nexpaq 0:6c56fb4bc5f0 1929 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
nexpaq 0:6c56fb4bc5f0 1930 *
nexpaq 0:6c56fb4bc5f0 1931 * Enable the buffer allocator implementation that makes use of a (stack)
nexpaq 0:6c56fb4bc5f0 1932 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
nexpaq 0:6c56fb4bc5f0 1933 * calls)
nexpaq 0:6c56fb4bc5f0 1934 *
nexpaq 0:6c56fb4bc5f0 1935 * Module: library/memory_buffer_alloc.c
nexpaq 0:6c56fb4bc5f0 1936 *
nexpaq 0:6c56fb4bc5f0 1937 * Requires: MBEDTLS_PLATFORM_C
nexpaq 0:6c56fb4bc5f0 1938 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
nexpaq 0:6c56fb4bc5f0 1939 *
nexpaq 0:6c56fb4bc5f0 1940 * Enable this module to enable the buffer memory allocator.
nexpaq 0:6c56fb4bc5f0 1941 */
nexpaq 0:6c56fb4bc5f0 1942 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
nexpaq 0:6c56fb4bc5f0 1943
nexpaq 0:6c56fb4bc5f0 1944 /**
nexpaq 0:6c56fb4bc5f0 1945 * \def MBEDTLS_NET_C
nexpaq 0:6c56fb4bc5f0 1946 *
nexpaq 0:6c56fb4bc5f0 1947 * Enable the TCP and UDP over IPv6/IPv4 networking routines.
nexpaq 0:6c56fb4bc5f0 1948 *
nexpaq 0:6c56fb4bc5f0 1949 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
nexpaq 0:6c56fb4bc5f0 1950 * and Windows. For other platforms, you'll want to disable it, and write your
nexpaq 0:6c56fb4bc5f0 1951 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
nexpaq 0:6c56fb4bc5f0 1952 *
nexpaq 0:6c56fb4bc5f0 1953 * \note See also our Knowledge Base article about porting to a new
nexpaq 0:6c56fb4bc5f0 1954 * environment:
nexpaq 0:6c56fb4bc5f0 1955 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
nexpaq 0:6c56fb4bc5f0 1956 *
nexpaq 0:6c56fb4bc5f0 1957 * Module: library/net.c
nexpaq 0:6c56fb4bc5f0 1958 *
nexpaq 0:6c56fb4bc5f0 1959 * This module provides networking routines.
nexpaq 0:6c56fb4bc5f0 1960 */
nexpaq 0:6c56fb4bc5f0 1961 //#define MBEDTLS_NET_C
nexpaq 0:6c56fb4bc5f0 1962
nexpaq 0:6c56fb4bc5f0 1963 /**
nexpaq 0:6c56fb4bc5f0 1964 * \def MBEDTLS_OID_C
nexpaq 0:6c56fb4bc5f0 1965 *
nexpaq 0:6c56fb4bc5f0 1966 * Enable the OID database.
nexpaq 0:6c56fb4bc5f0 1967 *
nexpaq 0:6c56fb4bc5f0 1968 * Module: library/oid.c
nexpaq 0:6c56fb4bc5f0 1969 * Caller: library/asn1write.c
nexpaq 0:6c56fb4bc5f0 1970 * library/pkcs5.c
nexpaq 0:6c56fb4bc5f0 1971 * library/pkparse.c
nexpaq 0:6c56fb4bc5f0 1972 * library/pkwrite.c
nexpaq 0:6c56fb4bc5f0 1973 * library/rsa.c
nexpaq 0:6c56fb4bc5f0 1974 * library/x509.c
nexpaq 0:6c56fb4bc5f0 1975 * library/x509_create.c
nexpaq 0:6c56fb4bc5f0 1976 * library/mbedtls_x509_crl.c
nexpaq 0:6c56fb4bc5f0 1977 * library/mbedtls_x509_crt.c
nexpaq 0:6c56fb4bc5f0 1978 * library/mbedtls_x509_csr.c
nexpaq 0:6c56fb4bc5f0 1979 * library/x509write_crt.c
nexpaq 0:6c56fb4bc5f0 1980 * library/mbedtls_x509write_csr.c
nexpaq 0:6c56fb4bc5f0 1981 *
nexpaq 0:6c56fb4bc5f0 1982 * This modules translates between OIDs and internal values.
nexpaq 0:6c56fb4bc5f0 1983 */
nexpaq 0:6c56fb4bc5f0 1984 #define MBEDTLS_OID_C
nexpaq 0:6c56fb4bc5f0 1985
nexpaq 0:6c56fb4bc5f0 1986 /**
nexpaq 0:6c56fb4bc5f0 1987 * \def MBEDTLS_PADLOCK_C
nexpaq 0:6c56fb4bc5f0 1988 *
nexpaq 0:6c56fb4bc5f0 1989 * Enable VIA Padlock support on x86.
nexpaq 0:6c56fb4bc5f0 1990 *
nexpaq 0:6c56fb4bc5f0 1991 * Module: library/padlock.c
nexpaq 0:6c56fb4bc5f0 1992 * Caller: library/aes.c
nexpaq 0:6c56fb4bc5f0 1993 *
nexpaq 0:6c56fb4bc5f0 1994 * Requires: MBEDTLS_HAVE_ASM
nexpaq 0:6c56fb4bc5f0 1995 *
nexpaq 0:6c56fb4bc5f0 1996 * This modules adds support for the VIA PadLock on x86.
nexpaq 0:6c56fb4bc5f0 1997 */
nexpaq 0:6c56fb4bc5f0 1998 //#define MBEDTLS_PADLOCK_C
nexpaq 0:6c56fb4bc5f0 1999
nexpaq 0:6c56fb4bc5f0 2000 /**
nexpaq 0:6c56fb4bc5f0 2001 * \def MBEDTLS_PEM_PARSE_C
nexpaq 0:6c56fb4bc5f0 2002 *
nexpaq 0:6c56fb4bc5f0 2003 * Enable PEM decoding / parsing.
nexpaq 0:6c56fb4bc5f0 2004 *
nexpaq 0:6c56fb4bc5f0 2005 * Module: library/pem.c
nexpaq 0:6c56fb4bc5f0 2006 * Caller: library/dhm.c
nexpaq 0:6c56fb4bc5f0 2007 * library/pkparse.c
nexpaq 0:6c56fb4bc5f0 2008 * library/mbedtls_x509_crl.c
nexpaq 0:6c56fb4bc5f0 2009 * library/mbedtls_x509_crt.c
nexpaq 0:6c56fb4bc5f0 2010 * library/mbedtls_x509_csr.c
nexpaq 0:6c56fb4bc5f0 2011 *
nexpaq 0:6c56fb4bc5f0 2012 * Requires: MBEDTLS_BASE64_C
nexpaq 0:6c56fb4bc5f0 2013 *
nexpaq 0:6c56fb4bc5f0 2014 * This modules adds support for decoding / parsing PEM files.
nexpaq 0:6c56fb4bc5f0 2015 */
nexpaq 0:6c56fb4bc5f0 2016 #define MBEDTLS_PEM_PARSE_C
nexpaq 0:6c56fb4bc5f0 2017
nexpaq 0:6c56fb4bc5f0 2018 /**
nexpaq 0:6c56fb4bc5f0 2019 * \def MBEDTLS_PEM_WRITE_C
nexpaq 0:6c56fb4bc5f0 2020 *
nexpaq 0:6c56fb4bc5f0 2021 * Enable PEM encoding / writing.
nexpaq 0:6c56fb4bc5f0 2022 *
nexpaq 0:6c56fb4bc5f0 2023 * Module: library/pem.c
nexpaq 0:6c56fb4bc5f0 2024 * Caller: library/pkwrite.c
nexpaq 0:6c56fb4bc5f0 2025 * library/x509write_crt.c
nexpaq 0:6c56fb4bc5f0 2026 * library/mbedtls_x509write_csr.c
nexpaq 0:6c56fb4bc5f0 2027 *
nexpaq 0:6c56fb4bc5f0 2028 * Requires: MBEDTLS_BASE64_C
nexpaq 0:6c56fb4bc5f0 2029 *
nexpaq 0:6c56fb4bc5f0 2030 * This modules adds support for encoding / writing PEM files.
nexpaq 0:6c56fb4bc5f0 2031 */
nexpaq 0:6c56fb4bc5f0 2032 //#define MBEDTLS_PEM_WRITE_C
nexpaq 0:6c56fb4bc5f0 2033
nexpaq 0:6c56fb4bc5f0 2034 /**
nexpaq 0:6c56fb4bc5f0 2035 * \def MBEDTLS_PK_C
nexpaq 0:6c56fb4bc5f0 2036 *
nexpaq 0:6c56fb4bc5f0 2037 * Enable the generic public (asymetric) key layer.
nexpaq 0:6c56fb4bc5f0 2038 *
nexpaq 0:6c56fb4bc5f0 2039 * Module: library/pk.c
nexpaq 0:6c56fb4bc5f0 2040 * Caller: library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 2041 * library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 2042 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 2043 *
nexpaq 0:6c56fb4bc5f0 2044 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
nexpaq 0:6c56fb4bc5f0 2045 *
nexpaq 0:6c56fb4bc5f0 2046 * Uncomment to enable generic public key wrappers.
nexpaq 0:6c56fb4bc5f0 2047 */
nexpaq 0:6c56fb4bc5f0 2048 #define MBEDTLS_PK_C
nexpaq 0:6c56fb4bc5f0 2049
nexpaq 0:6c56fb4bc5f0 2050 /**
nexpaq 0:6c56fb4bc5f0 2051 * \def MBEDTLS_PK_PARSE_C
nexpaq 0:6c56fb4bc5f0 2052 *
nexpaq 0:6c56fb4bc5f0 2053 * Enable the generic public (asymetric) key parser.
nexpaq 0:6c56fb4bc5f0 2054 *
nexpaq 0:6c56fb4bc5f0 2055 * Module: library/pkparse.c
nexpaq 0:6c56fb4bc5f0 2056 * Caller: library/mbedtls_x509_crt.c
nexpaq 0:6c56fb4bc5f0 2057 * library/mbedtls_x509_csr.c
nexpaq 0:6c56fb4bc5f0 2058 *
nexpaq 0:6c56fb4bc5f0 2059 * Requires: MBEDTLS_PK_C
nexpaq 0:6c56fb4bc5f0 2060 *
nexpaq 0:6c56fb4bc5f0 2061 * Uncomment to enable generic public key parse functions.
nexpaq 0:6c56fb4bc5f0 2062 */
nexpaq 0:6c56fb4bc5f0 2063 #define MBEDTLS_PK_PARSE_C
nexpaq 0:6c56fb4bc5f0 2064
nexpaq 0:6c56fb4bc5f0 2065 /**
nexpaq 0:6c56fb4bc5f0 2066 * \def MBEDTLS_PK_WRITE_C
nexpaq 0:6c56fb4bc5f0 2067 *
nexpaq 0:6c56fb4bc5f0 2068 * Enable the generic public (asymetric) key writer.
nexpaq 0:6c56fb4bc5f0 2069 *
nexpaq 0:6c56fb4bc5f0 2070 * Module: library/pkwrite.c
nexpaq 0:6c56fb4bc5f0 2071 * Caller: library/x509write.c
nexpaq 0:6c56fb4bc5f0 2072 *
nexpaq 0:6c56fb4bc5f0 2073 * Requires: MBEDTLS_PK_C
nexpaq 0:6c56fb4bc5f0 2074 *
nexpaq 0:6c56fb4bc5f0 2075 * Uncomment to enable generic public key write functions.
nexpaq 0:6c56fb4bc5f0 2076 */
nexpaq 0:6c56fb4bc5f0 2077 #define MBEDTLS_PK_WRITE_C
nexpaq 0:6c56fb4bc5f0 2078
nexpaq 0:6c56fb4bc5f0 2079 /**
nexpaq 0:6c56fb4bc5f0 2080 * \def MBEDTLS_PKCS5_C
nexpaq 0:6c56fb4bc5f0 2081 *
nexpaq 0:6c56fb4bc5f0 2082 * Enable PKCS#5 functions.
nexpaq 0:6c56fb4bc5f0 2083 *
nexpaq 0:6c56fb4bc5f0 2084 * Module: library/pkcs5.c
nexpaq 0:6c56fb4bc5f0 2085 *
nexpaq 0:6c56fb4bc5f0 2086 * Requires: MBEDTLS_MD_C
nexpaq 0:6c56fb4bc5f0 2087 *
nexpaq 0:6c56fb4bc5f0 2088 * This module adds support for the PKCS#5 functions.
nexpaq 0:6c56fb4bc5f0 2089 */
nexpaq 0:6c56fb4bc5f0 2090 //#define MBEDTLS_PKCS5_C
nexpaq 0:6c56fb4bc5f0 2091
nexpaq 0:6c56fb4bc5f0 2092 /**
nexpaq 0:6c56fb4bc5f0 2093 * \def MBEDTLS_PKCS11_C
nexpaq 0:6c56fb4bc5f0 2094 *
nexpaq 0:6c56fb4bc5f0 2095 * Enable wrapper for PKCS#11 smartcard support.
nexpaq 0:6c56fb4bc5f0 2096 *
nexpaq 0:6c56fb4bc5f0 2097 * Module: library/pkcs11.c
nexpaq 0:6c56fb4bc5f0 2098 * Caller: library/pk.c
nexpaq 0:6c56fb4bc5f0 2099 *
nexpaq 0:6c56fb4bc5f0 2100 * Requires: MBEDTLS_PK_C
nexpaq 0:6c56fb4bc5f0 2101 *
nexpaq 0:6c56fb4bc5f0 2102 * This module enables SSL/TLS PKCS #11 smartcard support.
nexpaq 0:6c56fb4bc5f0 2103 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
nexpaq 0:6c56fb4bc5f0 2104 */
nexpaq 0:6c56fb4bc5f0 2105 //#define MBEDTLS_PKCS11_C
nexpaq 0:6c56fb4bc5f0 2106
nexpaq 0:6c56fb4bc5f0 2107 /**
nexpaq 0:6c56fb4bc5f0 2108 * \def MBEDTLS_PKCS12_C
nexpaq 0:6c56fb4bc5f0 2109 *
nexpaq 0:6c56fb4bc5f0 2110 * Enable PKCS#12 PBE functions.
nexpaq 0:6c56fb4bc5f0 2111 * Adds algorithms for parsing PKCS#8 encrypted private keys
nexpaq 0:6c56fb4bc5f0 2112 *
nexpaq 0:6c56fb4bc5f0 2113 * Module: library/pkcs12.c
nexpaq 0:6c56fb4bc5f0 2114 * Caller: library/pkparse.c
nexpaq 0:6c56fb4bc5f0 2115 *
nexpaq 0:6c56fb4bc5f0 2116 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
nexpaq 0:6c56fb4bc5f0 2117 * Can use: MBEDTLS_ARC4_C
nexpaq 0:6c56fb4bc5f0 2118 *
nexpaq 0:6c56fb4bc5f0 2119 * This module enables PKCS#12 functions.
nexpaq 0:6c56fb4bc5f0 2120 */
nexpaq 0:6c56fb4bc5f0 2121 //#define MBEDTLS_PKCS12_C
nexpaq 0:6c56fb4bc5f0 2122
nexpaq 0:6c56fb4bc5f0 2123 /**
nexpaq 0:6c56fb4bc5f0 2124 * \def MBEDTLS_PLATFORM_C
nexpaq 0:6c56fb4bc5f0 2125 *
nexpaq 0:6c56fb4bc5f0 2126 * Enable the platform abstraction layer that allows you to re-assign
nexpaq 0:6c56fb4bc5f0 2127 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
nexpaq 0:6c56fb4bc5f0 2128 *
nexpaq 0:6c56fb4bc5f0 2129 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
nexpaq 0:6c56fb4bc5f0 2130 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
nexpaq 0:6c56fb4bc5f0 2131 * above to be specified at runtime or compile time respectively.
nexpaq 0:6c56fb4bc5f0 2132 *
nexpaq 0:6c56fb4bc5f0 2133 * \note This abstraction layer must be enabled on Windows (including MSYS2)
nexpaq 0:6c56fb4bc5f0 2134 * as other module rely on it for a fixed snprintf implementation.
nexpaq 0:6c56fb4bc5f0 2135 *
nexpaq 0:6c56fb4bc5f0 2136 * Module: library/platform.c
nexpaq 0:6c56fb4bc5f0 2137 * Caller: Most other .c files
nexpaq 0:6c56fb4bc5f0 2138 *
nexpaq 0:6c56fb4bc5f0 2139 * This module enables abstraction of common (libc) functions.
nexpaq 0:6c56fb4bc5f0 2140 */
nexpaq 0:6c56fb4bc5f0 2141 #define MBEDTLS_PLATFORM_C
nexpaq 0:6c56fb4bc5f0 2142
nexpaq 0:6c56fb4bc5f0 2143 /**
nexpaq 0:6c56fb4bc5f0 2144 * \def MBEDTLS_RIPEMD160_C
nexpaq 0:6c56fb4bc5f0 2145 *
nexpaq 0:6c56fb4bc5f0 2146 * Enable the RIPEMD-160 hash algorithm.
nexpaq 0:6c56fb4bc5f0 2147 *
nexpaq 0:6c56fb4bc5f0 2148 * Module: library/mbedtls_ripemd160.c
nexpaq 0:6c56fb4bc5f0 2149 * Caller: library/mbedtls_md.c
nexpaq 0:6c56fb4bc5f0 2150 *
nexpaq 0:6c56fb4bc5f0 2151 */
nexpaq 0:6c56fb4bc5f0 2152 //#define MBEDTLS_RIPEMD160_C
nexpaq 0:6c56fb4bc5f0 2153
nexpaq 0:6c56fb4bc5f0 2154 /**
nexpaq 0:6c56fb4bc5f0 2155 * \def MBEDTLS_RSA_C
nexpaq 0:6c56fb4bc5f0 2156 *
nexpaq 0:6c56fb4bc5f0 2157 * Enable the RSA public-key cryptosystem.
nexpaq 0:6c56fb4bc5f0 2158 *
nexpaq 0:6c56fb4bc5f0 2159 * Module: library/rsa.c
nexpaq 0:6c56fb4bc5f0 2160 * Caller: library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 2161 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 2162 * library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 2163 * library/x509.c
nexpaq 0:6c56fb4bc5f0 2164 *
nexpaq 0:6c56fb4bc5f0 2165 * This module is used by the following key exchanges:
nexpaq 0:6c56fb4bc5f0 2166 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
nexpaq 0:6c56fb4bc5f0 2167 *
nexpaq 0:6c56fb4bc5f0 2168 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
nexpaq 0:6c56fb4bc5f0 2169 */
nexpaq 0:6c56fb4bc5f0 2170 #define MBEDTLS_RSA_C
nexpaq 0:6c56fb4bc5f0 2171
nexpaq 0:6c56fb4bc5f0 2172 /**
nexpaq 0:6c56fb4bc5f0 2173 * \def MBEDTLS_SHA1_C
nexpaq 0:6c56fb4bc5f0 2174 *
nexpaq 0:6c56fb4bc5f0 2175 * Enable the SHA1 cryptographic hash algorithm.
nexpaq 0:6c56fb4bc5f0 2176 *
nexpaq 0:6c56fb4bc5f0 2177 * Module: library/mbedtls_sha1.c
nexpaq 0:6c56fb4bc5f0 2178 * Caller: library/mbedtls_md.c
nexpaq 0:6c56fb4bc5f0 2179 * library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 2180 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 2181 * library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 2182 * library/x509write_crt.c
nexpaq 0:6c56fb4bc5f0 2183 *
nexpaq 0:6c56fb4bc5f0 2184 * This module is required for SSL/TLS and SHA1-signed certificates.
nexpaq 0:6c56fb4bc5f0 2185 */
nexpaq 0:6c56fb4bc5f0 2186 //#define MBEDTLS_SHA1_C
nexpaq 0:6c56fb4bc5f0 2187
nexpaq 0:6c56fb4bc5f0 2188 /**
nexpaq 0:6c56fb4bc5f0 2189 * \def MBEDTLS_SHA256_C
nexpaq 0:6c56fb4bc5f0 2190 *
nexpaq 0:6c56fb4bc5f0 2191 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
nexpaq 0:6c56fb4bc5f0 2192 *
nexpaq 0:6c56fb4bc5f0 2193 * Module: library/mbedtls_sha256.c
nexpaq 0:6c56fb4bc5f0 2194 * Caller: library/entropy.c
nexpaq 0:6c56fb4bc5f0 2195 * library/mbedtls_md.c
nexpaq 0:6c56fb4bc5f0 2196 * library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 2197 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 2198 * library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 2199 *
nexpaq 0:6c56fb4bc5f0 2200 * This module adds support for SHA-224 and SHA-256.
nexpaq 0:6c56fb4bc5f0 2201 * This module is required for the SSL/TLS 1.2 PRF function.
nexpaq 0:6c56fb4bc5f0 2202 */
nexpaq 0:6c56fb4bc5f0 2203 #define MBEDTLS_SHA256_C
nexpaq 0:6c56fb4bc5f0 2204
nexpaq 0:6c56fb4bc5f0 2205 /**
nexpaq 0:6c56fb4bc5f0 2206 * \def MBEDTLS_SHA512_C
nexpaq 0:6c56fb4bc5f0 2207 *
nexpaq 0:6c56fb4bc5f0 2208 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
nexpaq 0:6c56fb4bc5f0 2209 *
nexpaq 0:6c56fb4bc5f0 2210 * Module: library/mbedtls_sha512.c
nexpaq 0:6c56fb4bc5f0 2211 * Caller: library/entropy.c
nexpaq 0:6c56fb4bc5f0 2212 * library/mbedtls_md.c
nexpaq 0:6c56fb4bc5f0 2213 * library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 2214 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 2215 *
nexpaq 0:6c56fb4bc5f0 2216 * This module adds support for SHA-384 and SHA-512.
nexpaq 0:6c56fb4bc5f0 2217 */
nexpaq 0:6c56fb4bc5f0 2218 #define MBEDTLS_SHA512_C
nexpaq 0:6c56fb4bc5f0 2219
nexpaq 0:6c56fb4bc5f0 2220 /**
nexpaq 0:6c56fb4bc5f0 2221 * \def MBEDTLS_SSL_CACHE_C
nexpaq 0:6c56fb4bc5f0 2222 *
nexpaq 0:6c56fb4bc5f0 2223 * Enable simple SSL cache implementation.
nexpaq 0:6c56fb4bc5f0 2224 *
nexpaq 0:6c56fb4bc5f0 2225 * Module: library/ssl_cache.c
nexpaq 0:6c56fb4bc5f0 2226 * Caller:
nexpaq 0:6c56fb4bc5f0 2227 *
nexpaq 0:6c56fb4bc5f0 2228 * Requires: MBEDTLS_SSL_CACHE_C
nexpaq 0:6c56fb4bc5f0 2229 */
nexpaq 0:6c56fb4bc5f0 2230 #define MBEDTLS_SSL_CACHE_C
nexpaq 0:6c56fb4bc5f0 2231
nexpaq 0:6c56fb4bc5f0 2232 /**
nexpaq 0:6c56fb4bc5f0 2233 * \def MBEDTLS_SSL_COOKIE_C
nexpaq 0:6c56fb4bc5f0 2234 *
nexpaq 0:6c56fb4bc5f0 2235 * Enable basic implementation of DTLS cookies for hello verification.
nexpaq 0:6c56fb4bc5f0 2236 *
nexpaq 0:6c56fb4bc5f0 2237 * Module: library/ssl_cookie.c
nexpaq 0:6c56fb4bc5f0 2238 * Caller:
nexpaq 0:6c56fb4bc5f0 2239 */
nexpaq 0:6c56fb4bc5f0 2240 #define MBEDTLS_SSL_COOKIE_C
nexpaq 0:6c56fb4bc5f0 2241
nexpaq 0:6c56fb4bc5f0 2242 /**
nexpaq 0:6c56fb4bc5f0 2243 * \def MBEDTLS_SSL_TICKET_C
nexpaq 0:6c56fb4bc5f0 2244 *
nexpaq 0:6c56fb4bc5f0 2245 * Enable an implementation of TLS server-side callbacks for session tickets.
nexpaq 0:6c56fb4bc5f0 2246 *
nexpaq 0:6c56fb4bc5f0 2247 * Module: library/ssl_ticket.c
nexpaq 0:6c56fb4bc5f0 2248 * Caller:
nexpaq 0:6c56fb4bc5f0 2249 *
nexpaq 0:6c56fb4bc5f0 2250 * Requires: MBEDTLS_CIPHER_C
nexpaq 0:6c56fb4bc5f0 2251 */
nexpaq 0:6c56fb4bc5f0 2252 #define MBEDTLS_SSL_TICKET_C
nexpaq 0:6c56fb4bc5f0 2253
nexpaq 0:6c56fb4bc5f0 2254 /**
nexpaq 0:6c56fb4bc5f0 2255 * \def MBEDTLS_SSL_CLI_C
nexpaq 0:6c56fb4bc5f0 2256 *
nexpaq 0:6c56fb4bc5f0 2257 * Enable the SSL/TLS client code.
nexpaq 0:6c56fb4bc5f0 2258 *
nexpaq 0:6c56fb4bc5f0 2259 * Module: library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 2260 * Caller:
nexpaq 0:6c56fb4bc5f0 2261 *
nexpaq 0:6c56fb4bc5f0 2262 * Requires: MBEDTLS_SSL_TLS_C
nexpaq 0:6c56fb4bc5f0 2263 *
nexpaq 0:6c56fb4bc5f0 2264 * This module is required for SSL/TLS client support.
nexpaq 0:6c56fb4bc5f0 2265 */
nexpaq 0:6c56fb4bc5f0 2266 #define MBEDTLS_SSL_CLI_C
nexpaq 0:6c56fb4bc5f0 2267
nexpaq 0:6c56fb4bc5f0 2268 /**
nexpaq 0:6c56fb4bc5f0 2269 * \def MBEDTLS_SSL_SRV_C
nexpaq 0:6c56fb4bc5f0 2270 *
nexpaq 0:6c56fb4bc5f0 2271 * Enable the SSL/TLS server code.
nexpaq 0:6c56fb4bc5f0 2272 *
nexpaq 0:6c56fb4bc5f0 2273 * Module: library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 2274 * Caller:
nexpaq 0:6c56fb4bc5f0 2275 *
nexpaq 0:6c56fb4bc5f0 2276 * Requires: MBEDTLS_SSL_TLS_C
nexpaq 0:6c56fb4bc5f0 2277 *
nexpaq 0:6c56fb4bc5f0 2278 * This module is required for SSL/TLS server support.
nexpaq 0:6c56fb4bc5f0 2279 */
nexpaq 0:6c56fb4bc5f0 2280 #define MBEDTLS_SSL_SRV_C
nexpaq 0:6c56fb4bc5f0 2281
nexpaq 0:6c56fb4bc5f0 2282 /**
nexpaq 0:6c56fb4bc5f0 2283 * \def MBEDTLS_SSL_TLS_C
nexpaq 0:6c56fb4bc5f0 2284 *
nexpaq 0:6c56fb4bc5f0 2285 * Enable the generic SSL/TLS code.
nexpaq 0:6c56fb4bc5f0 2286 *
nexpaq 0:6c56fb4bc5f0 2287 * Module: library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 2288 * Caller: library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 2289 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 2290 *
nexpaq 0:6c56fb4bc5f0 2291 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
nexpaq 0:6c56fb4bc5f0 2292 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
nexpaq 0:6c56fb4bc5f0 2293 *
nexpaq 0:6c56fb4bc5f0 2294 * This module is required for SSL/TLS.
nexpaq 0:6c56fb4bc5f0 2295 */
nexpaq 0:6c56fb4bc5f0 2296 #define MBEDTLS_SSL_TLS_C
nexpaq 0:6c56fb4bc5f0 2297
nexpaq 0:6c56fb4bc5f0 2298 /**
nexpaq 0:6c56fb4bc5f0 2299 * \def MBEDTLS_THREADING_C
nexpaq 0:6c56fb4bc5f0 2300 *
nexpaq 0:6c56fb4bc5f0 2301 * Enable the threading abstraction layer.
nexpaq 0:6c56fb4bc5f0 2302 * By default mbed TLS assumes it is used in a non-threaded environment or that
nexpaq 0:6c56fb4bc5f0 2303 * contexts are not shared between threads. If you do intend to use contexts
nexpaq 0:6c56fb4bc5f0 2304 * between threads, you will need to enable this layer to prevent race
nexpaq 0:6c56fb4bc5f0 2305 * conditions. See also our Knowledge Base article about threading:
nexpaq 0:6c56fb4bc5f0 2306 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
nexpaq 0:6c56fb4bc5f0 2307 *
nexpaq 0:6c56fb4bc5f0 2308 * Module: library/threading.c
nexpaq 0:6c56fb4bc5f0 2309 *
nexpaq 0:6c56fb4bc5f0 2310 * This allows different threading implementations (self-implemented or
nexpaq 0:6c56fb4bc5f0 2311 * provided).
nexpaq 0:6c56fb4bc5f0 2312 *
nexpaq 0:6c56fb4bc5f0 2313 * You will have to enable either MBEDTLS_THREADING_ALT or
nexpaq 0:6c56fb4bc5f0 2314 * MBEDTLS_THREADING_PTHREAD.
nexpaq 0:6c56fb4bc5f0 2315 *
nexpaq 0:6c56fb4bc5f0 2316 * Enable this layer to allow use of mutexes within mbed TLS
nexpaq 0:6c56fb4bc5f0 2317 */
nexpaq 0:6c56fb4bc5f0 2318 //#define MBEDTLS_THREADING_C
nexpaq 0:6c56fb4bc5f0 2319
nexpaq 0:6c56fb4bc5f0 2320 /**
nexpaq 0:6c56fb4bc5f0 2321 * \def MBEDTLS_TIMING_C
nexpaq 0:6c56fb4bc5f0 2322 *
nexpaq 0:6c56fb4bc5f0 2323 * Enable the semi-portable timing interface.
nexpaq 0:6c56fb4bc5f0 2324 *
nexpaq 0:6c56fb4bc5f0 2325 * \note The provided implementation only works on POSIX/Unix (including Linux,
nexpaq 0:6c56fb4bc5f0 2326 * BSD and OS X) and Windows. On other platforms, you can either disable that
nexpaq 0:6c56fb4bc5f0 2327 * module and provide your own implementations of the callbacks needed by
nexpaq 0:6c56fb4bc5f0 2328 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
nexpaq 0:6c56fb4bc5f0 2329 * your own implementation of the whole module by setting
nexpaq 0:6c56fb4bc5f0 2330 * \c MBEDTLS_TIMING_ALT in the current file.
nexpaq 0:6c56fb4bc5f0 2331 *
nexpaq 0:6c56fb4bc5f0 2332 * \note See also our Knowledge Base article about porting to a new
nexpaq 0:6c56fb4bc5f0 2333 * environment:
nexpaq 0:6c56fb4bc5f0 2334 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
nexpaq 0:6c56fb4bc5f0 2335 *
nexpaq 0:6c56fb4bc5f0 2336 * Module: library/timing.c
nexpaq 0:6c56fb4bc5f0 2337 * Caller: library/havege.c
nexpaq 0:6c56fb4bc5f0 2338 *
nexpaq 0:6c56fb4bc5f0 2339 * This module is used by the HAVEGE random number generator.
nexpaq 0:6c56fb4bc5f0 2340 */
nexpaq 0:6c56fb4bc5f0 2341 //#define MBEDTLS_TIMING_C
nexpaq 0:6c56fb4bc5f0 2342
nexpaq 0:6c56fb4bc5f0 2343 /**
nexpaq 0:6c56fb4bc5f0 2344 * \def MBEDTLS_VERSION_C
nexpaq 0:6c56fb4bc5f0 2345 *
nexpaq 0:6c56fb4bc5f0 2346 * Enable run-time version information.
nexpaq 0:6c56fb4bc5f0 2347 *
nexpaq 0:6c56fb4bc5f0 2348 * Module: library/version.c
nexpaq 0:6c56fb4bc5f0 2349 *
nexpaq 0:6c56fb4bc5f0 2350 * This module provides run-time version information.
nexpaq 0:6c56fb4bc5f0 2351 */
nexpaq 0:6c56fb4bc5f0 2352 #define MBEDTLS_VERSION_C
nexpaq 0:6c56fb4bc5f0 2353
nexpaq 0:6c56fb4bc5f0 2354 /**
nexpaq 0:6c56fb4bc5f0 2355 * \def MBEDTLS_X509_USE_C
nexpaq 0:6c56fb4bc5f0 2356 *
nexpaq 0:6c56fb4bc5f0 2357 * Enable X.509 core for using certificates.
nexpaq 0:6c56fb4bc5f0 2358 *
nexpaq 0:6c56fb4bc5f0 2359 * Module: library/x509.c
nexpaq 0:6c56fb4bc5f0 2360 * Caller: library/mbedtls_x509_crl.c
nexpaq 0:6c56fb4bc5f0 2361 * library/mbedtls_x509_crt.c
nexpaq 0:6c56fb4bc5f0 2362 * library/mbedtls_x509_csr.c
nexpaq 0:6c56fb4bc5f0 2363 *
nexpaq 0:6c56fb4bc5f0 2364 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
nexpaq 0:6c56fb4bc5f0 2365 * MBEDTLS_PK_PARSE_C
nexpaq 0:6c56fb4bc5f0 2366 *
nexpaq 0:6c56fb4bc5f0 2367 * This module is required for the X.509 parsing modules.
nexpaq 0:6c56fb4bc5f0 2368 */
nexpaq 0:6c56fb4bc5f0 2369 #define MBEDTLS_X509_USE_C
nexpaq 0:6c56fb4bc5f0 2370
nexpaq 0:6c56fb4bc5f0 2371 /**
nexpaq 0:6c56fb4bc5f0 2372 * \def MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 2373 *
nexpaq 0:6c56fb4bc5f0 2374 * Enable X.509 certificate parsing.
nexpaq 0:6c56fb4bc5f0 2375 *
nexpaq 0:6c56fb4bc5f0 2376 * Module: library/mbedtls_x509_crt.c
nexpaq 0:6c56fb4bc5f0 2377 * Caller: library/ssl_cli.c
nexpaq 0:6c56fb4bc5f0 2378 * library/ssl_srv.c
nexpaq 0:6c56fb4bc5f0 2379 * library/ssl_tls.c
nexpaq 0:6c56fb4bc5f0 2380 *
nexpaq 0:6c56fb4bc5f0 2381 * Requires: MBEDTLS_X509_USE_C
nexpaq 0:6c56fb4bc5f0 2382 *
nexpaq 0:6c56fb4bc5f0 2383 * This module is required for X.509 certificate parsing.
nexpaq 0:6c56fb4bc5f0 2384 */
nexpaq 0:6c56fb4bc5f0 2385 #define MBEDTLS_X509_CRT_PARSE_C
nexpaq 0:6c56fb4bc5f0 2386
nexpaq 0:6c56fb4bc5f0 2387 /**
nexpaq 0:6c56fb4bc5f0 2388 * \def MBEDTLS_X509_CRL_PARSE_C
nexpaq 0:6c56fb4bc5f0 2389 *
nexpaq 0:6c56fb4bc5f0 2390 * Enable X.509 CRL parsing.
nexpaq 0:6c56fb4bc5f0 2391 *
nexpaq 0:6c56fb4bc5f0 2392 * Module: library/mbedtls_x509_crl.c
nexpaq 0:6c56fb4bc5f0 2393 * Caller: library/mbedtls_x509_crt.c
nexpaq 0:6c56fb4bc5f0 2394 *
nexpaq 0:6c56fb4bc5f0 2395 * Requires: MBEDTLS_X509_USE_C
nexpaq 0:6c56fb4bc5f0 2396 *
nexpaq 0:6c56fb4bc5f0 2397 * This module is required for X.509 CRL parsing.
nexpaq 0:6c56fb4bc5f0 2398 */
nexpaq 0:6c56fb4bc5f0 2399 #define MBEDTLS_X509_CRL_PARSE_C
nexpaq 0:6c56fb4bc5f0 2400
nexpaq 0:6c56fb4bc5f0 2401 /**
nexpaq 0:6c56fb4bc5f0 2402 * \def MBEDTLS_X509_CSR_PARSE_C
nexpaq 0:6c56fb4bc5f0 2403 *
nexpaq 0:6c56fb4bc5f0 2404 * Enable X.509 Certificate Signing Request (CSR) parsing.
nexpaq 0:6c56fb4bc5f0 2405 *
nexpaq 0:6c56fb4bc5f0 2406 * Module: library/mbedtls_x509_csr.c
nexpaq 0:6c56fb4bc5f0 2407 * Caller: library/x509_crt_write.c
nexpaq 0:6c56fb4bc5f0 2408 *
nexpaq 0:6c56fb4bc5f0 2409 * Requires: MBEDTLS_X509_USE_C
nexpaq 0:6c56fb4bc5f0 2410 *
nexpaq 0:6c56fb4bc5f0 2411 * This module is used for reading X.509 certificate request.
nexpaq 0:6c56fb4bc5f0 2412 */
nexpaq 0:6c56fb4bc5f0 2413 //#define MBEDTLS_X509_CSR_PARSE_C
nexpaq 0:6c56fb4bc5f0 2414
nexpaq 0:6c56fb4bc5f0 2415 /**
nexpaq 0:6c56fb4bc5f0 2416 * \def MBEDTLS_X509_CREATE_C
nexpaq 0:6c56fb4bc5f0 2417 *
nexpaq 0:6c56fb4bc5f0 2418 * Enable X.509 core for creating certificates.
nexpaq 0:6c56fb4bc5f0 2419 *
nexpaq 0:6c56fb4bc5f0 2420 * Module: library/x509_create.c
nexpaq 0:6c56fb4bc5f0 2421 *
nexpaq 0:6c56fb4bc5f0 2422 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
nexpaq 0:6c56fb4bc5f0 2423 *
nexpaq 0:6c56fb4bc5f0 2424 * This module is the basis for creating X.509 certificates and CSRs.
nexpaq 0:6c56fb4bc5f0 2425 */
nexpaq 0:6c56fb4bc5f0 2426 //#define MBEDTLS_X509_CREATE_C
nexpaq 0:6c56fb4bc5f0 2427
nexpaq 0:6c56fb4bc5f0 2428 /**
nexpaq 0:6c56fb4bc5f0 2429 * \def MBEDTLS_X509_CRT_WRITE_C
nexpaq 0:6c56fb4bc5f0 2430 *
nexpaq 0:6c56fb4bc5f0 2431 * Enable creating X.509 certificates.
nexpaq 0:6c56fb4bc5f0 2432 *
nexpaq 0:6c56fb4bc5f0 2433 * Module: library/x509_crt_write.c
nexpaq 0:6c56fb4bc5f0 2434 *
nexpaq 0:6c56fb4bc5f0 2435 * Requires: MBEDTLS_X509_CREATE_C
nexpaq 0:6c56fb4bc5f0 2436 *
nexpaq 0:6c56fb4bc5f0 2437 * This module is required for X.509 certificate creation.
nexpaq 0:6c56fb4bc5f0 2438 */
nexpaq 0:6c56fb4bc5f0 2439 //#define MBEDTLS_X509_CRT_WRITE_C
nexpaq 0:6c56fb4bc5f0 2440
nexpaq 0:6c56fb4bc5f0 2441 /**
nexpaq 0:6c56fb4bc5f0 2442 * \def MBEDTLS_X509_CSR_WRITE_C
nexpaq 0:6c56fb4bc5f0 2443 *
nexpaq 0:6c56fb4bc5f0 2444 * Enable creating X.509 Certificate Signing Requests (CSR).
nexpaq 0:6c56fb4bc5f0 2445 *
nexpaq 0:6c56fb4bc5f0 2446 * Module: library/x509_csr_write.c
nexpaq 0:6c56fb4bc5f0 2447 *
nexpaq 0:6c56fb4bc5f0 2448 * Requires: MBEDTLS_X509_CREATE_C
nexpaq 0:6c56fb4bc5f0 2449 *
nexpaq 0:6c56fb4bc5f0 2450 * This module is required for X.509 certificate request writing.
nexpaq 0:6c56fb4bc5f0 2451 */
nexpaq 0:6c56fb4bc5f0 2452 //#define MBEDTLS_X509_CSR_WRITE_C
nexpaq 0:6c56fb4bc5f0 2453
nexpaq 0:6c56fb4bc5f0 2454 /**
nexpaq 0:6c56fb4bc5f0 2455 * \def MBEDTLS_XTEA_C
nexpaq 0:6c56fb4bc5f0 2456 *
nexpaq 0:6c56fb4bc5f0 2457 * Enable the XTEA block cipher.
nexpaq 0:6c56fb4bc5f0 2458 *
nexpaq 0:6c56fb4bc5f0 2459 * Module: library/xtea.c
nexpaq 0:6c56fb4bc5f0 2460 * Caller:
nexpaq 0:6c56fb4bc5f0 2461 */
nexpaq 0:6c56fb4bc5f0 2462 //#define MBEDTLS_XTEA_C
nexpaq 0:6c56fb4bc5f0 2463
nexpaq 0:6c56fb4bc5f0 2464 /* \} name SECTION: mbed TLS modules */
nexpaq 0:6c56fb4bc5f0 2465
nexpaq 0:6c56fb4bc5f0 2466 /**
nexpaq 0:6c56fb4bc5f0 2467 * \name SECTION: Module configuration options
nexpaq 0:6c56fb4bc5f0 2468 *
nexpaq 0:6c56fb4bc5f0 2469 * This section allows for the setting of module specific sizes and
nexpaq 0:6c56fb4bc5f0 2470 * configuration options. The default values are already present in the
nexpaq 0:6c56fb4bc5f0 2471 * relevant header files and should suffice for the regular use cases.
nexpaq 0:6c56fb4bc5f0 2472 *
nexpaq 0:6c56fb4bc5f0 2473 * Our advice is to enable options and change their values here
nexpaq 0:6c56fb4bc5f0 2474 * only if you have a good reason and know the consequences.
nexpaq 0:6c56fb4bc5f0 2475 *
nexpaq 0:6c56fb4bc5f0 2476 * Please check the respective header file for documentation on these
nexpaq 0:6c56fb4bc5f0 2477 * parameters (to prevent duplicate documentation).
nexpaq 0:6c56fb4bc5f0 2478 * \{
nexpaq 0:6c56fb4bc5f0 2479 */
nexpaq 0:6c56fb4bc5f0 2480
nexpaq 0:6c56fb4bc5f0 2481 /* MPI / BIGNUM options */
nexpaq 0:6c56fb4bc5f0 2482 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
nexpaq 0:6c56fb4bc5f0 2483 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
nexpaq 0:6c56fb4bc5f0 2484
nexpaq 0:6c56fb4bc5f0 2485 /* CTR_DRBG options */
nexpaq 0:6c56fb4bc5f0 2486 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
nexpaq 0:6c56fb4bc5f0 2487 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
nexpaq 0:6c56fb4bc5f0 2488 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
nexpaq 0:6c56fb4bc5f0 2489 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
nexpaq 0:6c56fb4bc5f0 2490 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
nexpaq 0:6c56fb4bc5f0 2491
nexpaq 0:6c56fb4bc5f0 2492 /* HMAC_DRBG options */
nexpaq 0:6c56fb4bc5f0 2493 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
nexpaq 0:6c56fb4bc5f0 2494 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
nexpaq 0:6c56fb4bc5f0 2495 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
nexpaq 0:6c56fb4bc5f0 2496 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
nexpaq 0:6c56fb4bc5f0 2497
nexpaq 0:6c56fb4bc5f0 2498 /* ECP options */
nexpaq 0:6c56fb4bc5f0 2499 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
nexpaq 0:6c56fb4bc5f0 2500 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
nexpaq 0:6c56fb4bc5f0 2501 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
nexpaq 0:6c56fb4bc5f0 2502
nexpaq 0:6c56fb4bc5f0 2503 /* Entropy options */
nexpaq 0:6c56fb4bc5f0 2504 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
nexpaq 0:6c56fb4bc5f0 2505 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
nexpaq 0:6c56fb4bc5f0 2506
nexpaq 0:6c56fb4bc5f0 2507 /* Memory buffer allocator options */
nexpaq 0:6c56fb4bc5f0 2508 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
nexpaq 0:6c56fb4bc5f0 2509
nexpaq 0:6c56fb4bc5f0 2510 /* Platform options */
nexpaq 0:6c56fb4bc5f0 2511 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
nexpaq 0:6c56fb4bc5f0 2512 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2513 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2514 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2515 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2516 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2517 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2518 /* Note: your snprintf must correclty zero-terminate the buffer! */
nexpaq 0:6c56fb4bc5f0 2519 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2520 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2521 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2522 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2523 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2524 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
nexpaq 0:6c56fb4bc5f0 2525
nexpaq 0:6c56fb4bc5f0 2526 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
nexpaq 0:6c56fb4bc5f0 2527 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
nexpaq 0:6c56fb4bc5f0 2528 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2529 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2530 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2531 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2532 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2533 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2534 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2535 /* Note: your snprintf must correclty zero-terminate the buffer! */
nexpaq 0:6c56fb4bc5f0 2536 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2537 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2538 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
nexpaq 0:6c56fb4bc5f0 2539
nexpaq 0:6c56fb4bc5f0 2540 /* SSL Cache options */
nexpaq 0:6c56fb4bc5f0 2541 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
nexpaq 0:6c56fb4bc5f0 2542 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
nexpaq 0:6c56fb4bc5f0 2543
nexpaq 0:6c56fb4bc5f0 2544 /* SSL options */
nexpaq 0:6c56fb4bc5f0 2545 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
nexpaq 0:6c56fb4bc5f0 2546 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
nexpaq 0:6c56fb4bc5f0 2547 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
nexpaq 0:6c56fb4bc5f0 2548 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
nexpaq 0:6c56fb4bc5f0 2549
nexpaq 0:6c56fb4bc5f0 2550 /**
nexpaq 0:6c56fb4bc5f0 2551 * Complete list of ciphersuites to use, in order of preference.
nexpaq 0:6c56fb4bc5f0 2552 *
nexpaq 0:6c56fb4bc5f0 2553 * \warning No dependency checking is done on that field! This option can only
nexpaq 0:6c56fb4bc5f0 2554 * be used to restrict the set of available ciphersuites. It is your
nexpaq 0:6c56fb4bc5f0 2555 * responsibility to make sure the needed modules are active.
nexpaq 0:6c56fb4bc5f0 2556 *
nexpaq 0:6c56fb4bc5f0 2557 * Use this to save a few hundred bytes of ROM (default ordering of all
nexpaq 0:6c56fb4bc5f0 2558 * available ciphersuites) and a few to a few hundred bytes of RAM.
nexpaq 0:6c56fb4bc5f0 2559 *
nexpaq 0:6c56fb4bc5f0 2560 * The value below is only an example, not the default.
nexpaq 0:6c56fb4bc5f0 2561 */
nexpaq 0:6c56fb4bc5f0 2562 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
nexpaq 0:6c56fb4bc5f0 2563
nexpaq 0:6c56fb4bc5f0 2564 /* X509 options */
nexpaq 0:6c56fb4bc5f0 2565 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
nexpaq 0:6c56fb4bc5f0 2566
nexpaq 0:6c56fb4bc5f0 2567 /* \} name SECTION: Customisation configuration options */
nexpaq 0:6c56fb4bc5f0 2568
nexpaq 0:6c56fb4bc5f0 2569 /* Target and application specific configurations */
nexpaq 0:6c56fb4bc5f0 2570 //#define YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE "target_config.h"
nexpaq 0:6c56fb4bc5f0 2571
nexpaq 0:6c56fb4bc5f0 2572 /*
nexpaq 0:6c56fb4bc5f0 2573 * Allow user to override any previous default.
nexpaq 0:6c56fb4bc5f0 2574 *
nexpaq 0:6c56fb4bc5f0 2575 * Use two macro names for that, as:
nexpaq 0:6c56fb4bc5f0 2576 * - with yotta the prefix YOTTA_CFG_ is forced
nexpaq 0:6c56fb4bc5f0 2577 * - without yotta is looks weird to have a YOTTA prefix.
nexpaq 0:6c56fb4bc5f0 2578 */
nexpaq 0:6c56fb4bc5f0 2579 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
nexpaq 0:6c56fb4bc5f0 2580 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
nexpaq 0:6c56fb4bc5f0 2581 #elif defined(MBEDTLS_USER_CONFIG_FILE)
nexpaq 0:6c56fb4bc5f0 2582 #include MBEDTLS_USER_CONFIG_FILE
nexpaq 0:6c56fb4bc5f0 2583 #endif
nexpaq 0:6c56fb4bc5f0 2584
nexpaq 0:6c56fb4bc5f0 2585 #include "check_config.h"
nexpaq 0:6c56fb4bc5f0 2586
nexpaq 0:6c56fb4bc5f0 2587 #endif /* MBEDTLS_CONFIG_H */