mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
mbedtls: Update config options as per release/v3.4.0
- Added a Kconfig option for the newly added mbedtls option MBEDTLS_PKCS7_C
This commit is contained in:
parent
911c12b7f0
commit
8017e23611
@ -246,6 +246,13 @@ menu "mbedTLS"
|
||||
|
||||
See mbedTLS documentation for required API and more details.
|
||||
|
||||
config MBEDTLS_PKCS7_C
|
||||
bool "Enable PKCS #7"
|
||||
default y
|
||||
depends on MBEDTLS_X509_CRL_PARSE_C
|
||||
help
|
||||
Enable PKCS #7 core for using PKCS #7-formatted signatures.
|
||||
|
||||
menu "DTLS-based configurations"
|
||||
depends on MBEDTLS_SSL_PROTO_DTLS
|
||||
|
||||
@ -351,6 +358,7 @@ menu "mbedTLS"
|
||||
config MBEDTLS_ECP_RESTARTABLE
|
||||
bool "Enable mbedTLS ecp restartable"
|
||||
select MBEDTLS_ECDH_LEGACY_CONTEXT
|
||||
depends on MBEDTLS_ECP_C
|
||||
default n
|
||||
help
|
||||
Enable "non-blocking" ECC operations that can return early and be resumed.
|
||||
|
@ -313,12 +313,36 @@
|
||||
* This is useful in non-threaded environments if you want to avoid blocking
|
||||
* for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
|
||||
*
|
||||
* Uncomment this macro to enable restartable ECC computations.
|
||||
* This option:
|
||||
* - Adds xxx_restartable() variants of existing operations in the
|
||||
* following modules, with corresponding restart context types:
|
||||
* - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
|
||||
* linear combination (muladd);
|
||||
* - ECDSA: signature generation & verification;
|
||||
* - PK: signature generation & verification;
|
||||
* - X509: certificate chain verification.
|
||||
* - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
|
||||
* - Changes the behaviour of TLS 1.2 clients (not servers) when using the
|
||||
* ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
|
||||
* computations restartable:
|
||||
* - ECDH operations from the key exchange, only for Short Weierstrass
|
||||
* curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled.
|
||||
* - verification of the server's key exchange signature;
|
||||
* - verification of the server's certificate chain;
|
||||
* - generation of the client's signature if client authentication is used,
|
||||
* with an ECC key/certificate.
|
||||
*
|
||||
* \note In the cases above, the usual SSL/TLS functions, such as
|
||||
* mbedtls_ssl_handshake(), can now return
|
||||
* MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
|
||||
*
|
||||
* \note This option only works with the default software implementation of
|
||||
* elliptic curve functionality. It is incompatible with
|
||||
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
|
||||
* and MBEDTLS_ECDH_LEGACY_CONTEXT.
|
||||
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
|
||||
*
|
||||
* Requires: MBEDTLS_ECP_C
|
||||
*
|
||||
* Uncomment this macro to enable restartable ECC computations.
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_ECP_RESTARTABLE
|
||||
#define MBEDTLS_ECP_RESTARTABLE
|
||||
@ -1104,6 +1128,19 @@
|
||||
*/
|
||||
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
|
||||
*
|
||||
* Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
|
||||
*
|
||||
* \warning This extension is currently in development and must NOT be used except
|
||||
* for testing purposes.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_3
|
||||
*
|
||||
* Uncomment this macro to enable support for the record_size_limit extension
|
||||
*/
|
||||
//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1_2
|
||||
@ -1261,21 +1298,21 @@
|
||||
#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_EARLY_DATA
|
||||
*
|
||||
* Enable support for RFC 8446 TLS 1.3 early data.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_SESSION_TICKETS and either
|
||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
|
||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
*
|
||||
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
|
||||
* is not enabled, this option does not have any effect on the build.
|
||||
*
|
||||
* This feature is experimental, not completed and thus not ready for
|
||||
* production.
|
||||
*
|
||||
*/
|
||||
* \def MBEDTLS_SSL_EARLY_DATA
|
||||
*
|
||||
* Enable support for RFC 8446 TLS 1.3 early data.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_SESSION_TICKETS and either
|
||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
|
||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
*
|
||||
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
|
||||
* is not enabled, this option does not have any effect on the build.
|
||||
*
|
||||
* This feature is experimental, not completed and thus not ready for
|
||||
* production.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
/**
|
||||
@ -2288,9 +2325,13 @@
|
||||
* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
|
||||
* MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
|
||||
*
|
||||
* This module is required for the PKCS7 parsing modules.
|
||||
* This module is required for the PKCS #7 parsing modules.
|
||||
*/
|
||||
//#define MBEDTLS_PKCS7_C
|
||||
#ifdef CONFIG_MBEDTLS_PKCS7_C
|
||||
#define MBEDTLS_PKCS7_C
|
||||
#else
|
||||
#undef MBEDTLS_PKCS7_C
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PKCS12_C
|
||||
|
Loading…
Reference in New Issue
Block a user