mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'feature/mbedtls_error_str_config' into 'master'
feat(mbedtls): add kconfig option for MBEDTLS_ERROR_C See merge request espressif/esp-idf!30031
This commit is contained in:
commit
b185b2b3c2
@ -123,7 +123,7 @@ menu "mbedTLS"
|
||||
|
||||
The option will decrease heap cost when handshake, but also lead to problem:
|
||||
|
||||
Becasue all certificate, private key and DHM data are freed so users should register
|
||||
Because all certificate, private key and DHM data are freed so users should register
|
||||
certificate and private key to ssl config object again.
|
||||
|
||||
config MBEDTLS_DYNAMIC_FREE_CA_CERT
|
||||
@ -463,6 +463,17 @@ menu "mbedTLS"
|
||||
|
||||
These operations are used by RSA.
|
||||
|
||||
config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
|
||||
bool "Fallback to software implementation for larger MPI values"
|
||||
depends on MBEDTLS_HARDWARE_MPI
|
||||
default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits
|
||||
default n
|
||||
help
|
||||
Fallback to software implementation for RSA key lengths
|
||||
larger than SOC_RSA_MAX_BIT_LEN. If this is not active
|
||||
then the ESP will be unable to process keys greater
|
||||
than SOC_RSA_MAX_BIT_LEN.
|
||||
|
||||
config MBEDTLS_MPI_USE_INTERRUPT
|
||||
bool "Use interrupt for MPI exp-mod operations"
|
||||
depends on !IDF_TARGET_ESP32 && MBEDTLS_HARDWARE_MPI
|
||||
@ -903,13 +914,13 @@ menu "mbedTLS"
|
||||
bool "X.509 CRL parsing"
|
||||
default y
|
||||
help
|
||||
Support for parsing X.509 Certifificate Revocation Lists.
|
||||
Support for parsing X.509 Certificate Revocation Lists.
|
||||
|
||||
config MBEDTLS_X509_CSR_PARSE_C
|
||||
bool "X.509 CSR parsing"
|
||||
default y
|
||||
help
|
||||
Support for parsing X.509 Certifificate Signing Requests
|
||||
Support for parsing X.509 Certificate Signing Requests
|
||||
|
||||
endmenu # Certificates
|
||||
|
||||
@ -1100,16 +1111,13 @@ menu "mbedTLS"
|
||||
help
|
||||
Enable the pthread wrapper layer for the threading layer.
|
||||
|
||||
config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
|
||||
bool "Fallback to software implementation for larger MPI values"
|
||||
depends on MBEDTLS_HARDWARE_MPI
|
||||
default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits
|
||||
default n
|
||||
config MBEDTLS_ERROR_STRINGS
|
||||
bool "Enable error code to error string conversion"
|
||||
default y
|
||||
help
|
||||
Fallback to software implementation for RSA key lengths
|
||||
larger than SOC_RSA_MAX_BIT_LEN. If this is not active
|
||||
then the ESP will be unable to process keys greater
|
||||
than SOC_RSA_MAX_BIT_LEN.
|
||||
Enables mbedtls_strerror() for converting error codes to error strings.
|
||||
Disabling this config can save some code/rodata size as the error
|
||||
string conversion implementation is replaced with an empty stub.
|
||||
|
||||
config MBEDTLS_USE_CRYPTO_ROM_IMPL
|
||||
bool "Use ROM implementation of the crypto algorithm"
|
||||
|
@ -71,7 +71,7 @@
|
||||
* \def MBEDTLS_HAVE_TIME_DATE
|
||||
*
|
||||
* System has time.h and time(), gmtime() and the clock is correct.
|
||||
* The time needs to be correct (not necesarily very accurate, but at least
|
||||
* The time needs to be correct (not necessarily very accurate, but at least
|
||||
* the date should be correct). This is used to verify the validity period of
|
||||
* X.509 certificates.
|
||||
*
|
||||
@ -996,7 +996,7 @@
|
||||
* functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
|
||||
*
|
||||
* This pair of functions allows one side of a connection to serialize the
|
||||
* context associated with the connection, then free or re-use that context
|
||||
* context associated with the connection, then free or reuse that context
|
||||
* while the serialized state is persisted elsewhere, and finally deserialize
|
||||
* that state to a live context for resuming read/write operations on the
|
||||
* connection. From a protocol perspective, the state of the connection is
|
||||
@ -1494,7 +1494,7 @@
|
||||
* \def MBEDTLS_SSL_SESSION_TICKETS
|
||||
*
|
||||
* Enable support for RFC 5077 session tickets in SSL.
|
||||
* Client-side, provides full support for session tickets (maintainance of a
|
||||
* Client-side, provides full support for session tickets (maintenance of a
|
||||
* session store remains the responsibility of the application, though).
|
||||
* Server-side, you also need to provide callbacks for writing and parsing
|
||||
* tickets, including authenticated encryption and key management. Example
|
||||
@ -2076,7 +2076,11 @@
|
||||
*
|
||||
* This module enables mbedtls_strerror().
|
||||
*/
|
||||
#if CONFIG_MBEDTLS_ERROR_STRINGS
|
||||
#define MBEDTLS_ERROR_C
|
||||
#else
|
||||
#undef MBEDTLS_ERROR_C
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_GCM_C
|
||||
@ -2126,7 +2130,7 @@
|
||||
*
|
||||
* Requires: MBEDTLS_MD_C
|
||||
*
|
||||
* Uncomment to enable the HMAC_DRBG random number geerator.
|
||||
* Uncomment to enable the HMAC_DRBG random number generator.
|
||||
*/
|
||||
#define MBEDTLS_HMAC_DRBG_C
|
||||
|
||||
@ -2818,7 +2822,7 @@
|
||||
/* SSL options */
|
||||
#ifndef CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN
|
||||
|
||||
#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
|
||||
#define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maximum fragment length in bytes, determines the size of each of the two internal I/O buffers */
|
||||
|
||||
#else
|
||||
|
||||
|
@ -507,6 +507,7 @@ These include:
|
||||
- :ref:`CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM`
|
||||
- Change :ref:`CONFIG_MBEDTLS_TLS_MODE` if both server & client functionalities are not needed
|
||||
- Consider disabling some cipher suites listed in the ``TLS Key Exchange Methods`` sub-menu (i.e., :ref:`CONFIG_MBEDTLS_KEY_EXCHANGE_RSA`)
|
||||
- Consider disabling :ref:`CONFIG_MBEDTLS_ERROR_STRINGS` if the application is pulling in mbedTLS error strings because of :cpp:func:`mbedtls_strerror` usage
|
||||
|
||||
The help text for each option has some more information for reference.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user