alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

mbedtls: Expose compile-time config, disable some things by default

Browse Source 
* Disables 3DES, Camellia, Blowfish, RC4, RIPEMD160, SSLv3, TLS-PSK modes, DTLS by default
* Saves about 40KB from the default TLS client code size
* Defaults no longer get "Bad" howsmyssl.com rating (no more vulnerable 3DES)
  (ping https://github.com/espressif/arduino-esp32/issues/575 )
* Allows up to another 20-30KB code size to be trimmed without security
  implications if using DER formatted certificates, RSA ciphersuites only,
  etc.
* Can save up to another 8KB by setting the TLS Role to Server or Client only.
This commit is contained in:
Angus Gratton 2017-08-17 17:15:04 +10:00 committed by Angus Gratton
parent bfb15c6fc9
commit c0f65f6680
2 changed files with 394 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

312
components/mbedtls/Kconfig
View File

@ -15,7 +15,7 @@ config MBEDTLS_SSL_MAX_CONTENT_LEN
Fragment Length Negotiation Extension (max_fragment_length,
see RFC6066) or you know for certain that it will never send a
message longer than a certain number of bytes.
If the value is set too low, symptoms are a failed TLS
handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
(-0x7200).
@ -102,4 +102,312 @@ config MBEDTLS_HAVE_TIME_DATE
It is suggested that you should get the real time by "SNTP".
endmenu
choice MBEDTLS_TLS_MODE
bool "TLS Protocol Role"
default MBEDTLS_TLS_SERVER_AND_CLIENT
help
mbedTLS can be compiled with protocol support for the TLS
server, TLS client, or both server and client.
Reducing the number of TLS roles supported saves code size.
config MBEDTLS_TLS_SERVER_AND_CLIENT
bool "Server & Client"
select MBEDTLS_TLS_SERVER
select MBEDTLS_TLS_CLIENT
config MBEDTLS_TLS_SERVER_ONLY
bool "Server"
select MBEDTLS_TLS_SERVER
config MBEDTLS_TLS_CLIENT_ONLY
bool "Client"
select MBEDTLS_TLS_CLIENT
config MBEDTLS_TLS_DISABLED
bool "None"
endchoice
config MBEDTLS_TLS_SERVER
bool
select MBEDTLS_TLS_ENABLED
config MBEDTLS_TLS_CLIENT
bool
select MBEDTLS_TLS_ENABLED
config MBEDTLS_TLS_ENABLED
bool
menu "TLS Key Exchange Methods"
depends on MBEDTLS_TLS_ENABLED
config MBEDTLS_PSK_MODES
bool "Enable pre-shared-key ciphersuites"
default n
help
Enable to show configuration for different types of pre-shared-key TLS authentatication methods.
Leaving this options disabled will save code size if they are not used.
config MBEDTLS_KEY_EXCHANGE_PSK
bool "Enable PSK based ciphersuite modes"
depends on MBEDTLS_PSK_MODES
default n
help
Enable to support symmetric key PSK (pre-shared-key) TLS key exchange modes.
config MBEDTLS_KEY_EXCHANGE_DHE_PSK
bool "Enable DHE-PSK based ciphersuite modes"
depends on MBEDTLS_PSK_MODES
default y
help
Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
config MBEDTLS_KEY_EXCHANGE_DHE_PSK
bool "Enable DHE-PSK based ciphersuite modes"
depends on MBEDTLS_PSK_MODES
default y
help
Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
bool "Enable ECDHE-PSK based ciphersuite modes"
depends on MBEDTLS_PSK_MODES
default y
help
Enable to support Elliptic-Curve-Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
config MBEDTLS_KEY_EXCHANGE_RSA_PSK
bool "Enable RSA-PSK based ciphersuite modes"
depends on MBEDTLS_PSK_MODES
default y
help
Enable to support RSA PSK (pre-shared-key) TLS authentication modes.
config MBEDTLS_KEY_EXCHANGE_RSA
bool "Enable RSA-only based ciphersuite modes"
default y
help
Enable to support ciphersuites with prefix TLS-RSA-WITH-
config MBEDTLS_KEY_EXCHANGE_DHE_RSA
bool "Enable DHE-RSA based ciphersuite modes"
default y
help
Enable to support ciphersuites with prefix TLS-DHE-RSA-WITH-
config MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
bool "Support Elliptic Curve based ciphersuites"
default y
help
Enable to show Elliptic Curve based ciphersuite mode options.
Disabling all Elliptic Curve ciphersuites saves code size and
can give slightly faster TLS handshakes, provided the server supports
RSA-only ciphersuite modes.
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
bool "Enable ECDHE-RSA based ciphersuite modes"
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
default y
help
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
bool "Enable ECDHE-ECDSA based ciphersuite modes"
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
default y
help
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
bool "Enable ECDHE-ECDSA based ciphersuite modes"
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
default y
help
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
bool "Enable ECDH-ECDSA based ciphersuite modes"
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
default y
help
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA
bool "Enable ECDH-RSA based ciphersuite modes"
depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
default y
help
Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
endmenu # TLS key exchange modes
config MBEDTLS_SSL_RENEGOTIATION
bool "Support TLS renegotiation"
depends on MBEDTLS_TLS_ENABLED
default y
help
The two main uses of renegotiation are (1) refresh keys on long-lived
connections and (2) client authentication after the initial handshake.
If you don't need renegotiation, disabling it will save code size and
reduce the possibility of abuse/vulnerability.
config MBEDTLS_SSL_PROTO_SSL3
bool "Legacy SSL 3.0 support"
depends on MBEDTLS_TLS_ENABLED
default n
help
Support the legacy SSL 3.0 protocol. Most servers will speak a newer
TLS protocol these days.
config MBEDTLS_SSL_PROTO_TLS1
bool "Support TLS 1.0 protocol"
depends on MBEDTLS_TLS_ENABLED
default y
config MBEDTLS_SSL_PROTO_TLS1_1
bool "Support TLS 1.1 protocol"
depends on MBEDTLS_TLS_ENABLED
default y
config MBEDTLS_SSL_PROTO_TLS1_2
bool "Support TLS 1.2 protocol"
depends on MBEDTLS_TLS_ENABLED
default y
config MBEDTLS_SSL_PROTO_DTLS
bool "Support DTLS protocol (all versions)"
default n
depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2
help
Requires TLS 1.1 to be enabled for DTLS 1.0
Requires TLS 1.2 to be enabled for DTLS 1.2
config MBEDTLS_SSL_ALPN
bool "Support ALPN (Application Layer Protocol Negotiation)"
depends on MBEDTLS_TLS_ENABLED
default y
help
Disabling this option will save some code size if it is not needed.
config MBEDTLS_SSL_SESSION_TICKETS
bool "TLS: Support RFC 5077 SSL session tickets"
default y
depends on MBEDTLS_TLS_ENABLED
help
Support RFC 5077 session tickets. See mbedTLS documentation for more details.
Disabling this option will save some code size.
menu "Symmetric Ciphers"
config MBEDTLS_AES_C
bool "AES block cipher"
default y
config MBEDTLS_CAMELLIA_C
bool "Camellia block cipher"
default n
config MBEDTLS_DES_C
bool "DES block cipher (legacy, insecure)"
default n
help
Enables the DES block cipher to support 3DES-based TLS ciphersuites.
3DES is vulnerable to the Sweet32 attack and should only be enabled
if absolutely necessary.
choice MBEDTLS_RC4_MODE
prompt "RC4 Stream Cipher (legacy, insecure)"
default MBEDTLS_RC4_DISABLED
help
ARCFOUR (RC4) stream cipher can be disabled entirely, enabled but not
added to default ciphersuites, or enabled completely.
Please consider the security implications before enabling RC4.
config MBEDTLS_RC4_DISABLED
bool "Disabled"
config MBEDTLS_RC4_ENABLED_NO_DEFAULT
bool "Enabled, not in default ciphersuites"
config MBEDTLS_RC4_ENABLED
bool "Enabled"
endchoice
config MBEDTLS_BLOWFISH_C
bool "Blowfish block cipher (read help)"
default n
help
Enables the Blowfish block cipher (not used for TLS sessions.)
The Blowfish cipher is not used for mbedTLS TLS sessions but can be
used for other purposes. Read up on the limitations of Blowfish (including
Sweet32) before enabling.
config MBEDTLS_XTEA_C
bool "XTEA block cipher"
default n
help
Enables the XTEA block cipher.
config MBEDTLS_CCM_C
bool "CCM (Counter with CBC-MAC) block cipher modes"
default y
depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
help
Enable Counter with CBC-MAC (CCM) modes for AES and/or Camellia ciphers.
Disabling this option saves some code size.
config MBEDTLS_GCM_C
bool "GCM (Galois/Counter) block cipher modes"
default y
depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
help
Enable Galois/Counter Mode for AES and/or Camellia ciphers.
This option is generally faster than CCM.
endmenu # Symmetric Ciphers
config MBEDTLS_RIPEMD160_C
bool "Enable RIPEMD-160 hash algorithm"
default n
help
Enable the RIPEMD-160 hash algorithm.
menu "Certificates"
config MBEDTLS_PEM_PARSE_C
bool "Read & Parse PEM formatted certificates"
default y
help
Enable decoding/parsing of PEM formatted certificates.
If your certificates are all in the simpler DER format, disabling
this option will save some code size.
config MBEDTLS_PEM_WRITE_C
bool "Write PEM formatted certificates"
default y
help
Enable writing of PEM formatted certificates.
If writing certificate data only in DER format, disabling this
option will save some code size.
config MBEDTLS_X509_CRL_PARSE_C
bool "X.509 CRL parsing"
default y
help
Support for parsing X.509 Certifificate Revocation Lists.
config MBEDTLS_X509_CSR_PARSE_C
bool "X.509 CSR parsing"
default y
help
Support for parsing X.509 Certifificate Signing Requests
endmenu # Certificates
endmenu # mbedTLS

84
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@ -430,7 +430,9 @@
*
* Uncomment this macro to remove RC4 ciphersuites by default.
*/
#ifdef CONFIG_MBEDTLS_RC4_ENABLED
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
#endif
/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
@ -498,7 +500,9 @@
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_PSK
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@ -522,7 +526,9 @@
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@ -542,7 +548,9 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@ -567,7 +575,9 @@
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@ -595,7 +605,9 @@
* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
@ -621,7 +633,9 @@
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@ -646,7 +660,9 @@
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@ -670,7 +686,9 @@
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@ -694,7 +712,9 @@
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@ -718,7 +738,9 @@
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
*/
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@ -971,7 +993,9 @@
*
* Comment this macro to disable support for Encrypt-then-MAC
*/
#ifdef CONFIG_MBEDTLS_TLS_ENABLED
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
#endif
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
*
@ -989,7 +1013,9 @@
*
* Comment this macro to disable support for Extended Master Secret.
*/
#ifdef CONFIG_MBEDTLS_TLS_ENABLED
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#endif
/**
* \def MBEDTLS_SSL_FALLBACK_SCSV
@ -1028,7 +1054,9 @@
*
* Comment this macro to disable 1/n-1 record splitting.
*/
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
#endif
/**
* \def MBEDTLS_SSL_RENEGOTIATION
@ -1043,7 +1071,9 @@
*
* Comment this to disable support for renegotiation.
*/
#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
#define MBEDTLS_SSL_RENEGOTIATION
#endif
/**
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@ -1084,7 +1114,9 @@
*
* Comment this macro to disable support for SSL 3.0
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_SSL3
#define MBEDTLS_SSL_PROTO_SSL3
#endif
/**
* \def MBEDTLS_SSL_PROTO_TLS1
@ -1096,7 +1128,9 @@
*
* Comment this macro to disable support for TLS 1.0
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1
#define MBEDTLS_SSL_PROTO_TLS1
#endif
/**
* \def MBEDTLS_SSL_PROTO_TLS1_1
@ -1108,7 +1142,9 @@
*
* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1
#define MBEDTLS_SSL_PROTO_TLS1_1
#endif
/**
* \def MBEDTLS_SSL_PROTO_TLS1_2
@ -1120,7 +1156,9 @@
*
* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_SSL_PROTO_TLS1_2
#endif
/**
* \def MBEDTLS_SSL_PROTO_DTLS
@ -1135,7 +1173,9 @@
*
* Comment this macro to disable support for DTLS
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_PROTO_DTLS
#endif
/**
* \def MBEDTLS_SSL_ALPN
@ -1144,7 +1184,9 @@
*
* Comment this macro to disable support for ALPN.
*/
#ifdef CONFIG_MBEDTLS_SSL_ALPN
#define MBEDTLS_SSL_ALPN
#endif
/**
* \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@ -1159,7 +1201,9 @@
*
* Comment this to disable anti-replay in DTLS.
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
#endif
/**
* \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@ -1177,7 +1221,9 @@
*
* Comment this to disable support for HelloVerifyRequest.
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
#endif
/**
* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@ -1193,7 +1239,9 @@
*
* Comment this to disable support for clients reusing the source port.
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
#endif
/**
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@ -1204,7 +1252,9 @@
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
#endif
/**
* \def MBEDTLS_SSL_SESSION_TICKETS
@ -1218,7 +1268,9 @@
*
* Comment this macro to disable support for SSL session tickets
*/
#ifdef CONFIG_MBEDTLS_SSL_SESSION_TICKETS
#define MBEDTLS_SSL_SESSION_TICKETS
#endif
/**
* \def MBEDTLS_SSL_EXPORT_KEYS
@ -1461,7 +1513,9 @@
*
* PEM_PARSE uses AES for decrypting encrypted keys.
*/
#ifdef CONFIG_MBEDTLS_AES_C
#define MBEDTLS_AES_C
#endif
/**
* \def MBEDTLS_ARC4_C
@ -1484,7 +1538,9 @@
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
#if defined(CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT) || defined(CONFIG_MBEDTLS_RC4_ENABLED)
#define MBEDTLS_ARC4_C
#endif
/**
* \def MBEDTLS_ASN1_PARSE_C
@ -1549,7 +1605,9 @@
*
* Module: library/blowfish.c
*/
#ifdef CONFIG_MBEDTLS_BLOWFISH_C
#define MBEDTLS_BLOWFISH_C
#endif
/**
* \def MBEDTLS_CAMELLIA_C
@ -1604,7 +1662,9 @@
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/
#ifdef CONFIG_MBEDTLS_CAMELLIA_C
#define MBEDTLS_CAMELLIA_C
#endif
/**
* \def MBEDTLS_CCM_C
@ -1618,7 +1678,9 @@
* This module enables the AES-CCM ciphersuites, if other requisites are
* enabled as well.
*/
#ifdef CONFIG_MBEDTLS_CCM_C
#define MBEDTLS_CCM_C
#endif
/**
* \def MBEDTLS_CERTS_C
@ -1698,7 +1760,9 @@
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*/
#ifdef CONFIG_MBEDTLS_DES_C
#define MBEDTLS_DES_C
#endif
/**
* \def MBEDTLS_DHM_C
@ -1816,7 +1880,9 @@
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
*/
#ifdef CONFIG_MBEDTLS_GCM_C
#define MBEDTLS_GCM_C
#endif
/**
* \def MBEDTLS_HAVEGE_C
@ -1986,7 +2052,9 @@
*
* This modules adds support for decoding / parsing PEM files.
*/
#ifdef CONFIG_MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_PARSE_C
#endif
/**
* \def MBEDTLS_PEM_WRITE_C
@ -2002,7 +2070,9 @@
*
* This modules adds support for encoding / writing PEM files.
*/
#ifdef CONFIG_MBEDTLS_PEM_WRITE_C
#define MBEDTLS_PEM_WRITE_C
#endif
/**
* \def MBEDTLS_PK_C
@ -2122,7 +2192,9 @@
* Caller: library/mbedtls_md.c
*
*/
#ifdef CONFIG_MBEDTLS_RIPEMD160_C
#define MBEDTLS_RIPEMD160_C
#endif
/**
* \def MBEDTLS_RSA_C
@ -2236,7 +2308,9 @@
*
* This module is required for SSL/TLS client support.
*/
#ifdef CONFIG_MBEDTLS_TLS_CLIENT
#define MBEDTLS_SSL_CLI_C
#endif
/**
* \def MBEDTLS_SSL_SRV_C
@ -2250,7 +2324,9 @@
*
* This module is required for SSL/TLS server support.
*/
#ifdef CONFIG_MBEDTLS_TLS_SERVER
#define MBEDTLS_SSL_SRV_C
#endif
/**
* \def MBEDTLS_SSL_TLS_C
@ -2266,7 +2342,9 @@
*
* This module is required for SSL/TLS.
*/
#ifdef CONFIG_MBEDTLS_TLS_ENABLED
#define MBEDTLS_SSL_TLS_C
#endif
/**
* \def MBEDTLS_THREADING_C
@ -2357,7 +2435,9 @@
*
* This module is required for X.509 CRL parsing.
*/
#ifdef CONFIG_MBEDTLS_X509_CRL_PARSE_C
#define MBEDTLS_X509_CRL_PARSE_C
#endif
/**
* \def MBEDTLS_X509_CSR_PARSE_C
@ -2371,7 +2451,9 @@
*
* This module is used for reading X.509 certificate request.
*/
#ifdef CONFIG_MBEDTLS_X509_CSR_PARSE_C
#define MBEDTLS_X509_CSR_PARSE_C
#endif
/**
* \def MBEDTLS_X509_CREATE_C
@ -2420,7 +2502,9 @@
* Module: library/xtea.c
* Caller:
*/
#ifdef CONFIG_MBEDTLS_XTEA_C
#define MBEDTLS_XTEA_C
#endif
/* \} name SECTION: mbed TLS modules */