From a9845c337fe53846a5d42569cde65361d254679e Mon Sep 17 00:00:00 2001 From: s00455936 Date: Fri, 29 May 2020 16:34:55 +0800 Subject: [PATCH] TicketNo:AR000D0IRU Description:mbedtls config Team:EMUI Feature or Bugfix:Feature Binary Source:No PrivateCode(Yes/No):No Change-Id: Ia6aeb8ced979c326301f89a9dc24c4048cda7385 Reviewed-on: http://mgit-tm.rnd.huawei.com/9075024 Tested-by: public jenkins Reviewed-by: wanglechao 00496819 --- BUILD.gn | 106 ++++++++ README.OpenSource | 12 + include/mbedtls/config.h | 511 ++++++++++++++++++++------------------- 3 files changed, 376 insertions(+), 253 deletions(-) create mode 100755 BUILD.gn create mode 100755 README.OpenSource mode change 100644 => 100755 include/mbedtls/config.h diff --git a/BUILD.gn b/BUILD.gn new file mode 100755 index 0000000..94bb2ba --- /dev/null +++ b/BUILD.gn @@ -0,0 +1,106 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved +import("//build/lite/config/component/zlite_component.gni") + +config("mbedtls_config") { + include_dirs = [ + "./include", + ] +} + +source_set("mbedtls_source") { + sources = [ + "library/aes.c", + "library/aesni.c", + "library/arc4.c", + "library/aria.c", + "library/asn1parse.c", + "library/asn1write.c", + "library/base64.c", + "library/bignum.c", + "library/blowfish.c", + "library/camellia.c", + "library/ccm.c", + "library/chacha20.c", + "library/chachapoly.c", + "library/cipher.c", + "library/cipher_wrap.c", + "library/cmac.c", + "library/ctr_drbg.c", + "library/des.c", + "library/dhm.c", + "library/ecdh.c", + "library/ecdsa.c", + "library/ecjpake.c", + "library/ecp.c", + "library/ecp_curves.c", + "library/entropy.c", + "library/entropy_poll.c", + "library/error.c", + "library/gcm.c", + "library/havege.c", + "library/hkdf.c", + "library/hmac_drbg.c", + "library/md.c", + "library/md_wrap.c", + "library/md2.c", + "library/md4.c", + "library/md5.c", + "library/memory_buffer_alloc.c", + "library/nist_kw.c", + "library/oid.c", + "library/padlock.c", + "library/pem.c", + "library/pk.c", + "library/pk_wrap.c", + "library/pkcs12.c", + "library/pkcs5.c", + "library/pkparse.c", + "library/pkwrite.c", + "library/platform.c", + "library/platform_util.c", + "library/poly1305.c", + "library/ripemd160.c", + "library/rsa.c", + "library/rsa_internal.c", + "library/sha1.c", + "library/sha256.c", + "library/sha512.c", + "library/threading.c", + "library/timing.c", + "library/version.c", + "library/version_features.c", + "library/x509.c", + "library/x509_crt.c", + "library/xtea.c", +] + +configs += [ + ":mbedtls_config", + ] +} + +zlite_component("mbedtls_shared") { + version = "1.0.0" + dependences = [ ] + target_type = "shared_library" + features = [ + ":mbedtls_source", + ] + + public_configs = [ + ":mbedtls_config", + ] +} + + zlite_component("mbedtls_static") { + version = "1.0.0" + dependences = [ ] + target_type = "static_library" + features = [ + ":mbedtls_source", + ] + + public_configs = [ + ":mbedtls_config", + ] +} diff --git a/README.OpenSource b/README.OpenSource new file mode 100755 index 0000000..6c497c2 --- /dev/null +++ b/README.OpenSource @@ -0,0 +1,12 @@ +[ + { + "Name": "mbed TLS", + "License": "Apache License V2.0", + "License File": "LICENSE", + "Version Number": "2.16.6", + "Owner": "shituanhui@huawei.com", + "Upstream URL": "https://tls.mbed.org/", + "Description": "An open source, portable, easy to use, readable and flexible SSL library." + } +] + diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h old mode 100644 new mode 100755 index 834cced..3a307d3 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -86,7 +86,7 @@ * example, if double-width division is implemented in software, disabling * it can reduce code size in some embedded targets. */ -//#define MBEDTLS_NO_UDBL_DIVISION +// #define MBEDTLS_NO_UDBL_DIVISION /** * \def MBEDTLS_NO_64BIT_MULTIPLICATION @@ -108,7 +108,7 @@ * Note that depending on the compiler, this may decrease performance compared * to using the library function provided by the toolchain. */ -//#define MBEDTLS_NO_64BIT_MULTIPLICATION +// #define MBEDTLS_NO_64BIT_MULTIPLICATION /** * \def MBEDTLS_HAVE_SSE2 @@ -117,7 +117,7 @@ * * Uncomment if the CPU supports SSE2 (IA-32 specific). */ -//#define MBEDTLS_HAVE_SSE2 +// #define MBEDTLS_HAVE_SSE2 /** * \def MBEDTLS_HAVE_TIME @@ -177,7 +177,7 @@ * * Enable this layer to allow use of alternative memory allocators. */ -//#define MBEDTLS_PLATFORM_MEMORY +// #define MBEDTLS_PLATFORM_MEMORY /** * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS @@ -196,7 +196,7 @@ * Uncomment to prevent default assignment of standard functions in the * platform layer. */ -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +// #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS /** * \def MBEDTLS_PLATFORM_EXIT_ALT @@ -221,13 +221,13 @@ * Uncomment a macro to enable alternate implementation of specific base * platform function */ -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_TIME_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT -//#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT +// #define MBEDTLS_PLATFORM_EXIT_ALT +// #define MBEDTLS_PLATFORM_TIME_ALT +// #define MBEDTLS_PLATFORM_FPRINTF_ALT +// #define MBEDTLS_PLATFORM_PRINTF_ALT +// #define MBEDTLS_PLATFORM_SNPRINTF_ALT +// #define MBEDTLS_PLATFORM_NV_SEED_ALT +// #define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /** * \def MBEDTLS_DEPRECATED_WARNING @@ -242,7 +242,7 @@ * * Uncomment to get warnings on using deprecated functions. */ -//#define MBEDTLS_DEPRECATED_WARNING +// #define MBEDTLS_DEPRECATED_WARNING /** * \def MBEDTLS_DEPRECATED_REMOVED @@ -254,7 +254,7 @@ * * Uncomment to get errors on using deprecated functions. */ -//#define MBEDTLS_DEPRECATED_REMOVED +// #define MBEDTLS_DEPRECATED_REMOVED /** * \def MBEDTLS_CHECK_PARAMS @@ -306,7 +306,7 @@ * * Uncomment to enable validation of application-controlled parameters. */ -//#define MBEDTLS_CHECK_PARAMS +// #define MBEDTLS_CHECK_PARAMS /** * \def MBEDTLS_CHECK_PARAMS_ASSERT @@ -320,7 +320,7 @@ * * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`. */ -//#define MBEDTLS_CHECK_PARAMS_ASSERT +// #define MBEDTLS_CHECK_PARAMS_ASSERT /* \} name SECTION: System support */ @@ -343,7 +343,7 @@ * You will need to provide a header "timing_alt.h" and an implementation at * compile time. */ -//#define MBEDTLS_TIMING_ALT +// #define MBEDTLS_TIMING_ALT /** * \def MBEDTLS_AES_ALT @@ -370,30 +370,30 @@ * digests and ciphers instead. * */ -//#define MBEDTLS_AES_ALT -//#define MBEDTLS_ARC4_ALT -//#define MBEDTLS_ARIA_ALT -//#define MBEDTLS_BLOWFISH_ALT -//#define MBEDTLS_CAMELLIA_ALT -//#define MBEDTLS_CCM_ALT -//#define MBEDTLS_CHACHA20_ALT -//#define MBEDTLS_CHACHAPOLY_ALT -//#define MBEDTLS_CMAC_ALT -//#define MBEDTLS_DES_ALT -//#define MBEDTLS_DHM_ALT -//#define MBEDTLS_ECJPAKE_ALT -//#define MBEDTLS_GCM_ALT -//#define MBEDTLS_NIST_KW_ALT -//#define MBEDTLS_MD2_ALT -//#define MBEDTLS_MD4_ALT -//#define MBEDTLS_MD5_ALT -//#define MBEDTLS_POLY1305_ALT -//#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_RSA_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT -//#define MBEDTLS_XTEA_ALT +// #define MBEDTLS_AES_ALT +// #define MBEDTLS_ARC4_ALT +// #define MBEDTLS_ARIA_ALT +// #define MBEDTLS_BLOWFISH_ALT +// #define MBEDTLS_CAMELLIA_ALT +// #define MBEDTLS_CCM_ALT +// #define MBEDTLS_CHACHA20_ALT +// #define MBEDTLS_CHACHAPOLY_ALT +// #define MBEDTLS_CMAC_ALT +// #define MBEDTLS_DES_ALT +// #define MBEDTLS_DHM_ALT +// #define MBEDTLS_ECJPAKE_ALT +// #define MBEDTLS_GCM_ALT +// #define MBEDTLS_NIST_KW_ALT +// #define MBEDTLS_MD2_ALT +// #define MBEDTLS_MD4_ALT +// #define MBEDTLS_MD5_ALT +// #define MBEDTLS_POLY1305_ALT +// #define MBEDTLS_RIPEMD160_ALT +// #define MBEDTLS_RSA_ALT +// #define MBEDTLS_SHA1_ALT +// #define MBEDTLS_SHA256_ALT +// #define MBEDTLS_SHA512_ALT +// #define MBEDTLS_XTEA_ALT /* * When replacing the elliptic curve module, pleace consider, that it is @@ -404,7 +404,7 @@ * macros as described above. The only difference is that you have to make sure * that you provide functionality for both .c files. */ -//#define MBEDTLS_ECP_ALT +// #define MBEDTLS_ECP_ALT /** * \def MBEDTLS_MD2_PROCESS_ALT @@ -451,25 +451,25 @@ * desirable). * */ -//#define MBEDTLS_MD2_PROCESS_ALT -//#define MBEDTLS_MD4_PROCESS_ALT -//#define MBEDTLS_MD5_PROCESS_ALT -//#define MBEDTLS_RIPEMD160_PROCESS_ALT -//#define MBEDTLS_SHA1_PROCESS_ALT -//#define MBEDTLS_SHA256_PROCESS_ALT -//#define MBEDTLS_SHA512_PROCESS_ALT -//#define MBEDTLS_DES_SETKEY_ALT -//#define MBEDTLS_DES_CRYPT_ECB_ALT -//#define MBEDTLS_DES3_CRYPT_ECB_ALT -//#define MBEDTLS_AES_SETKEY_ENC_ALT -//#define MBEDTLS_AES_SETKEY_DEC_ALT -//#define MBEDTLS_AES_ENCRYPT_ALT -//#define MBEDTLS_AES_DECRYPT_ALT -//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT -//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT -//#define MBEDTLS_ECDSA_VERIFY_ALT -//#define MBEDTLS_ECDSA_SIGN_ALT -//#define MBEDTLS_ECDSA_GENKEY_ALT +// #define MBEDTLS_MD2_PROCESS_ALT +// #define MBEDTLS_MD4_PROCESS_ALT +// #define MBEDTLS_MD5_PROCESS_ALT +// #define MBEDTLS_RIPEMD160_PROCESS_ALT +// #define MBEDTLS_SHA1_PROCESS_ALT +// #define MBEDTLS_SHA256_PROCESS_ALT +// #define MBEDTLS_SHA512_PROCESS_ALT +// #define MBEDTLS_DES_SETKEY_ALT +// #define MBEDTLS_DES_CRYPT_ECB_ALT +// #define MBEDTLS_DES3_CRYPT_ECB_ALT +// #define MBEDTLS_AES_SETKEY_ENC_ALT +// #define MBEDTLS_AES_SETKEY_DEC_ALT +// #define MBEDTLS_AES_ENCRYPT_ALT +// #define MBEDTLS_AES_DECRYPT_ALT +// #define MBEDTLS_ECDH_GEN_PUBLIC_ALT +// #define MBEDTLS_ECDH_COMPUTE_SHARED_ALT +// #define MBEDTLS_ECDSA_VERIFY_ALT +// #define MBEDTLS_ECDSA_SIGN_ALT +// #define MBEDTLS_ECDSA_GENKEY_ALT /** * \def MBEDTLS_ECP_INTERNAL_ALT @@ -512,17 +512,17 @@ * function. */ /* Required for all the functions in this section */ -//#define MBEDTLS_ECP_INTERNAL_ALT +// #define MBEDTLS_ECP_INTERNAL_ALT /* Support for Weierstrass curves with Jacobi representation */ -//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT -//#define MBEDTLS_ECP_ADD_MIXED_ALT -//#define MBEDTLS_ECP_DOUBLE_JAC_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT +// #define MBEDTLS_ECP_RANDOMIZE_JAC_ALT +// #define MBEDTLS_ECP_ADD_MIXED_ALT +// #define MBEDTLS_ECP_DOUBLE_JAC_ALT +// #define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT +// #define MBEDTLS_ECP_NORMALIZE_JAC_ALT /* Support for curves with Montgomery arithmetic */ -//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT -//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT -//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT +// #define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT +// #define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT +// #define MBEDTLS_ECP_NORMALIZE_MXZ_ALT /** * \def MBEDTLS_TEST_NULL_ENTROPY @@ -539,7 +539,7 @@ * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES * */ -//#define MBEDTLS_TEST_NULL_ENTROPY +// #define MBEDTLS_TEST_NULL_ENTROPY /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT @@ -552,7 +552,7 @@ * * Uncomment to use your own hardware entropy collector. */ -//#define MBEDTLS_ENTROPY_HARDWARE_ALT +// #define MBEDTLS_ENTROPY_HARDWARE_ALT /** * \def MBEDTLS_AES_ROM_TABLES @@ -572,7 +572,7 @@ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * */ -//#define MBEDTLS_AES_ROM_TABLES +// #define MBEDTLS_AES_ROM_TABLES /** * \def MBEDTLS_AES_FEWER_TABLES @@ -594,7 +594,7 @@ * This option is independent of \c MBEDTLS_AES_ROM_TABLES. * */ -//#define MBEDTLS_AES_FEWER_TABLES +// #define MBEDTLS_AES_FEWER_TABLES /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY @@ -603,7 +603,7 @@ * * Uncomment this macro to use less memory for Camellia. */ -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY +// #define MBEDTLS_CAMELLIA_SMALL_MEMORY /** * \def MBEDTLS_CIPHER_MODE_CBC @@ -617,14 +617,14 @@ * * Enable Cipher Feedback mode (CFB) for symmetric ciphers. */ -#define MBEDTLS_CIPHER_MODE_CFB +// #define MBEDTLS_CIPHER_MODE_CFB /** * \def MBEDTLS_CIPHER_MODE_CTR * * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. */ -#define MBEDTLS_CIPHER_MODE_CTR +// #define MBEDTLS_CIPHER_MODE_CTR /** * \def MBEDTLS_CIPHER_MODE_OFB @@ -638,7 +638,7 @@ * * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. */ -#define MBEDTLS_CIPHER_MODE_XTS +// #define MBEDTLS_CIPHER_MODE_XTS /** * \def MBEDTLS_CIPHER_NULL_CIPHER @@ -671,7 +671,7 @@ * * Uncomment this macro to enable the NULL cipher and ciphersuites */ -//#define MBEDTLS_CIPHER_NULL_CIPHER +// #define MBEDTLS_CIPHER_NULL_CIPHER /** * \def MBEDTLS_CIPHER_PADDING_PKCS7 @@ -684,17 +684,17 @@ * * Enable padding modes in the cipher layer. */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS +// #define MBEDTLS_CIPHER_PADDING_PKCS7 +// #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +// #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +// #define MBEDTLS_CIPHER_PADDING_ZEROS /** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY * * Uncomment this macro to use a 128-bit key in the CTR_DRBG module. * By default, CTR_DRBG uses a 256-bit key. */ -//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY +// #define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /** * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES @@ -712,7 +712,7 @@ * \warning DES is considered a weak cipher and its use constitutes a * security risk. We recommend considering stronger ciphers instead. */ -//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES +// #define MBEDTLS_ENABLE_WEAK_CIPHERSUITES /** * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES @@ -725,7 +725,7 @@ * * Uncomment this macro to remove RC4 ciphersuites by default. */ -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +// #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES /** * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES @@ -745,7 +745,7 @@ * * Comment this macro to keep 3DES in the default ciphersuite list. */ -#define MBEDTLS_REMOVE_3DES_CIPHERSUITES +// #define MBEDTLS_REMOVE_3DES_CIPHERSUITES /** * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -755,6 +755,7 @@ * * Comment macros to disable the curve and functions for it */ +/* #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -768,7 +769,11 @@ #define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_ECP_DP_CURVE448_ENABLED - +*/ +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +#define MBEDTLS_ECP_DP_BP384R1_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM * @@ -778,7 +783,7 @@ * * Comment this macro to disable NIST curves optimisation. */ -#define MBEDTLS_ECP_NIST_OPTIM +// #define MBEDTLS_ECP_NIST_OPTIM /** * \def MBEDTLS_ECP_RESTARTABLE @@ -802,7 +807,7 @@ * elliptic curve functionality. It is incompatible with * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. */ -//#define MBEDTLS_ECP_RESTARTABLE +// #define MBEDTLS_ECP_RESTARTABLE /** * \def MBEDTLS_ECDSA_DETERMINISTIC @@ -816,7 +821,7 @@ * * Comment this macro to disable deterministic ECDSA. */ -#define MBEDTLS_ECDSA_DETERMINISTIC +// #define MBEDTLS_ECDSA_DETERMINISTIC /** * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED @@ -838,7 +843,7 @@ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -869,7 +874,7 @@ * See dhm.h for more details. * */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -889,7 +894,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED @@ -914,7 +919,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED @@ -942,7 +947,7 @@ * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED @@ -975,7 +980,7 @@ * See dhm.h for more details. * */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1000,7 +1005,7 @@ * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -1024,7 +1029,7 @@ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -1048,7 +1053,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -1072,7 +1077,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -1091,7 +1096,7 @@ * enabled as well): * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +// #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED /** * \def MBEDTLS_PK_PARSE_EC_EXTENDED @@ -1105,7 +1110,7 @@ * * Disable if you only need to support RFC 5915 + 5480 key formats. */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED +// #define MBEDTLS_PK_PARSE_EC_EXTENDED /** * \def MBEDTLS_ERROR_STRERROR_DUMMY @@ -1120,7 +1125,7 @@ * Disable if you run into name conflicts and want to really remove the * mbedtls_strerror() */ -#define MBEDTLS_ERROR_STRERROR_DUMMY +// #define MBEDTLS_ERROR_STRERROR_DUMMY /** * \def MBEDTLS_GENPRIME @@ -1129,14 +1134,14 @@ * * Requires: MBEDTLS_BIGNUM_C */ -#define MBEDTLS_GENPRIME +// #define MBEDTLS_GENPRIME /** * \def MBEDTLS_FS_IO * * Enable functions that use the filesystem. */ -#define MBEDTLS_FS_IO +// #define MBEDTLS_FS_IO /** * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES @@ -1149,7 +1154,7 @@ * * Uncomment this macro to prevent loading of default entropy functions. */ -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +// #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES /** * \def MBEDTLS_NO_PLATFORM_ENTROPY @@ -1160,7 +1165,7 @@ * * Uncomment this macro to disable the built-in platform entropy functions. */ -//#define MBEDTLS_NO_PLATFORM_ENTROPY +// #define MBEDTLS_NO_PLATFORM_ENTROPY /** * \def MBEDTLS_ENTROPY_FORCE_SHA256 @@ -1176,7 +1181,7 @@ * This option is only useful if both MBEDTLS_SHA256_C and * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. */ -//#define MBEDTLS_ENTROPY_FORCE_SHA256 +// #define MBEDTLS_ENTROPY_FORCE_SHA256 /** * \def MBEDTLS_ENTROPY_NV_SEED @@ -1204,7 +1209,7 @@ * \note The entropy collector will write to the seed file before entropy is * given to an external source, to update it. */ -//#define MBEDTLS_ENTROPY_NV_SEED +// #define MBEDTLS_ENTROPY_NV_SEED /** * \def MBEDTLS_MEMORY_DEBUG @@ -1217,7 +1222,7 @@ * * Uncomment this macro to let the buffer allocator print out error messages. */ -//#define MBEDTLS_MEMORY_DEBUG +// #define MBEDTLS_MEMORY_DEBUG /** * \def MBEDTLS_MEMORY_BACKTRACE @@ -1229,7 +1234,7 @@ * * Uncomment this macro to include backtrace information */ -//#define MBEDTLS_MEMORY_BACKTRACE +// #define MBEDTLS_MEMORY_BACKTRACE /** * \def MBEDTLS_PK_RSA_ALT_SUPPORT @@ -1238,7 +1243,7 @@ * * Comment this macro to disable support for external private RSA keys. */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT +// #define MBEDTLS_PK_RSA_ALT_SUPPORT /** * \def MBEDTLS_PKCS1_V15 @@ -1260,7 +1265,7 @@ * * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ -#define MBEDTLS_PKCS1_V21 +// #define MBEDTLS_PKCS1_V21 /** * \def MBEDTLS_RSA_NO_CRT @@ -1271,14 +1276,14 @@ * Uncomment this macro to disable the use of CRT in RSA. * */ -//#define MBEDTLS_RSA_NO_CRT +// #define MBEDTLS_RSA_NO_CRT /** * \def MBEDTLS_SELF_TEST * * Enable the checkup functions (*_self_test). */ -#define MBEDTLS_SELF_TEST +// #define MBEDTLS_SELF_TEST /** * \def MBEDTLS_SHA256_SMALLER @@ -1294,7 +1299,7 @@ * * Uncomment to enable the smaller implementation of SHA256. */ -//#define MBEDTLS_SHA256_SMALLER +// #define MBEDTLS_SHA256_SMALLER /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES @@ -1308,7 +1313,7 @@ * * Enable sending of all alert messages */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES +// #define MBEDTLS_SSL_ALL_ALERT_MESSAGES /** * \def MBEDTLS_SSL_ASYNC_PRIVATE @@ -1319,7 +1324,7 @@ * operation inside the library. * */ -//#define MBEDTLS_SSL_ASYNC_PRIVATE +// #define MBEDTLS_SSL_ASYNC_PRIVATE /** * \def MBEDTLS_SSL_DEBUG_ALL @@ -1335,7 +1340,7 @@ * a timing side-channel. * */ -//#define MBEDTLS_SSL_DEBUG_ALL +// #define MBEDTLS_SSL_DEBUG_ALL /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC * @@ -1353,7 +1358,7 @@ * * Comment this macro to disable support for Encrypt-then-MAC */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +// #define MBEDTLS_SSL_ENCRYPT_THEN_MAC /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * @@ -1371,7 +1376,7 @@ * * Comment this macro to disable support for Extended Master Secret. */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +// #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET /** * \def MBEDTLS_SSL_FALLBACK_SCSV @@ -1388,7 +1393,7 @@ * * Comment this macro to disable support for FALLBACK_SCSV */ -#define MBEDTLS_SSL_FALLBACK_SCSV +// #define MBEDTLS_SSL_FALLBACK_SCSV /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL @@ -1398,7 +1403,7 @@ * * Uncomment this macro to enable hooking functions. */ -//#define MBEDTLS_SSL_HW_RECORD_ACCEL +// #define MBEDTLS_SSL_HW_RECORD_ACCEL /** * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING @@ -1410,7 +1415,7 @@ * * Comment this macro to disable 1/n-1 record splitting. */ -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING +// #define MBEDTLS_SSL_CBC_RECORD_SPLITTING /** * \def MBEDTLS_SSL_RENEGOTIATION @@ -1432,7 +1437,7 @@ * configuration of this extension). * */ -#define MBEDTLS_SSL_RENEGOTIATION +// #define MBEDTLS_SSL_RENEGOTIATION /** * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO @@ -1442,7 +1447,7 @@ * * Uncomment this macro to enable support for SSLv2 Client Hello messages. */ -//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO +// #define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO /** * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE @@ -1452,7 +1457,7 @@ * * Uncomment this macro to respect client's ciphersuite order */ -//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE +// #define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE /** * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -1461,7 +1466,7 @@ * * Comment this macro to disable support for the max_fragment_length extension */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +// #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH /** * \def MBEDTLS_SSL_PROTO_SSL3 @@ -1473,7 +1478,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -//#define MBEDTLS_SSL_PROTO_SSL3 +// #define MBEDTLS_SSL_PROTO_SSL3 /** * \def MBEDTLS_SSL_PROTO_TLS1 @@ -1485,7 +1490,7 @@ * * Comment this macro to disable support for TLS 1.0 */ -#define MBEDTLS_SSL_PROTO_TLS1 +// #define MBEDTLS_SSL_PROTO_TLS1 /** * \def MBEDTLS_SSL_PROTO_TLS1_1 @@ -1497,7 +1502,7 @@ * * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 */ -#define MBEDTLS_SSL_PROTO_TLS1_1 +// #define MBEDTLS_SSL_PROTO_TLS1_1 /** * \def MBEDTLS_SSL_PROTO_TLS1_2 @@ -1509,7 +1514,7 @@ * * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 */ -#define MBEDTLS_SSL_PROTO_TLS1_2 +// #define MBEDTLS_SSL_PROTO_TLS1_2 /** * \def MBEDTLS_SSL_PROTO_DTLS @@ -1524,7 +1529,7 @@ * * Comment this macro to disable support for DTLS */ -#define MBEDTLS_SSL_PROTO_DTLS +// #define MBEDTLS_SSL_PROTO_DTLS /** * \def MBEDTLS_SSL_ALPN @@ -1533,7 +1538,7 @@ * * Comment this macro to disable support for ALPN. */ -#define MBEDTLS_SSL_ALPN +// #define MBEDTLS_SSL_ALPN /** * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY @@ -1548,7 +1553,7 @@ * * Comment this to disable anti-replay in DTLS. */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +// #define MBEDTLS_SSL_DTLS_ANTI_REPLAY /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY @@ -1566,7 +1571,7 @@ * * Comment this to disable support for HelloVerifyRequest. */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +// #define MBEDTLS_SSL_DTLS_HELLO_VERIFY /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE @@ -1582,7 +1587,7 @@ * * Comment this to disable support for clients reusing the source port. */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +// #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE /** * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT @@ -1593,7 +1598,7 @@ * * Requires: MBEDTLS_SSL_PROTO_DTLS */ -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT +// #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT /** * \def MBEDTLS_SSL_SESSION_TICKETS @@ -1607,7 +1612,7 @@ * * Comment this macro to disable support for SSL session tickets */ -#define MBEDTLS_SSL_SESSION_TICKETS +// #define MBEDTLS_SSL_SESSION_TICKETS /** * \def MBEDTLS_SSL_EXPORT_KEYS @@ -1617,7 +1622,7 @@ * * Comment this macro to disable support for key export */ -#define MBEDTLS_SSL_EXPORT_KEYS +// #define MBEDTLS_SSL_EXPORT_KEYS /** * \def MBEDTLS_SSL_SERVER_NAME_INDICATION @@ -1628,7 +1633,7 @@ * * Comment this macro to disable support for server name indication in SSL */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION +// #define MBEDTLS_SSL_SERVER_NAME_INDICATION /** * \def MBEDTLS_SSL_TRUNCATED_HMAC @@ -1637,7 +1642,7 @@ * * Comment this macro to disable support for truncated HMAC in SSL */ -#define MBEDTLS_SSL_TRUNCATED_HMAC +// #define MBEDTLS_SSL_TRUNCATED_HMAC /** * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT @@ -1661,7 +1666,7 @@ * * Requires: MBEDTLS_SSL_TRUNCATED_HMAC */ -//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT +// #define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT /** * \def MBEDTLS_THREADING_ALT @@ -1672,7 +1677,7 @@ * * Uncomment this to allow your own alternate threading implementation. */ -//#define MBEDTLS_THREADING_ALT +// #define MBEDTLS_THREADING_ALT /** * \def MBEDTLS_THREADING_PTHREAD @@ -1683,7 +1688,7 @@ * * Uncomment this to enable pthread mutexes. */ -//#define MBEDTLS_THREADING_PTHREAD +// #define MBEDTLS_THREADING_PTHREAD /** * \def MBEDTLS_VERSION_FEATURES @@ -1696,7 +1701,7 @@ * * Comment this to disable run-time checking and save ROM space */ -#define MBEDTLS_VERSION_FEATURES +// #define MBEDTLS_VERSION_FEATURES /** * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 @@ -1706,7 +1711,7 @@ * * Uncomment to prevent an error. */ -//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +// #define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 /** * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION @@ -1718,7 +1723,7 @@ * * Uncomment to prevent an error. */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +// #define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION /** * \def MBEDTLS_X509_CHECK_KEY_USAGE @@ -1732,7 +1737,7 @@ * * Comment to skip keyUsage checking for both CA and leaf certificates. */ -#define MBEDTLS_X509_CHECK_KEY_USAGE +// #define MBEDTLS_X509_CHECK_KEY_USAGE /** * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE @@ -1745,7 +1750,7 @@ * * Comment to skip extendedKeyUsage checking for certificates. */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +// #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -1755,7 +1760,7 @@ * * Comment this macro to disallow using RSASSA-PSS in certificates. */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +// #define MBEDTLS_X509_RSASSA_PSS_SUPPORT /** * \def MBEDTLS_ZLIB_SUPPORT @@ -1780,7 +1785,7 @@ * * Uncomment to enable use of ZLIB */ -//#define MBEDTLS_ZLIB_SUPPORT +// #define MBEDTLS_ZLIB_SUPPORT /* \} name SECTION: mbed TLS feature support */ /** @@ -1802,7 +1807,7 @@ * * This modules adds support for the AES-NI instructions on x86-64 */ -#define MBEDTLS_AESNI_C +// #define MBEDTLS_AESNI_C /** * \def MBEDTLS_AES_C @@ -1905,7 +1910,7 @@ * it, and considering stronger ciphers instead. * */ -#define MBEDTLS_ARC4_C +// #define MBEDTLS_ARC4_C /** * \def MBEDTLS_ASN1_PARSE_C @@ -1971,7 +1976,7 @@ * * Module: library/blowfish.c */ -#define MBEDTLS_BLOWFISH_C +// #define MBEDTLS_BLOWFISH_C /** * \def MBEDTLS_CAMELLIA_C @@ -2026,7 +2031,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#define MBEDTLS_CAMELLIA_C +// #define MBEDTLS_CAMELLIA_C /** * \def MBEDTLS_ARIA_C @@ -2078,7 +2083,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ -//#define MBEDTLS_ARIA_C +// #define MBEDTLS_ARIA_C /** * \def MBEDTLS_CCM_C @@ -2092,7 +2097,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ -#define MBEDTLS_CCM_C +// #define MBEDTLS_CCM_C /** * \def MBEDTLS_CERTS_C @@ -2104,7 +2109,7 @@ * * This module is used for testing (ssl_client/server). */ -#define MBEDTLS_CERTS_C +// #define MBEDTLS_CERTS_C /** * \def MBEDTLS_CHACHA20_C @@ -2113,7 +2118,7 @@ * * Module: library/chacha20.c */ -#define MBEDTLS_CHACHA20_C +// #define MBEDTLS_CHACHA20_C /** * \def MBEDTLS_CHACHAPOLY_C @@ -2124,7 +2129,7 @@ * * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C */ -#define MBEDTLS_CHACHAPOLY_C +// #define MBEDTLS_CHACHAPOLY_C /** * \def MBEDTLS_CIPHER_C @@ -2149,7 +2154,7 @@ * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C * */ -//#define MBEDTLS_CMAC_C +// #define MBEDTLS_CMAC_C /** * \def MBEDTLS_CTR_DRBG_C @@ -2169,7 +2174,7 @@ * * This module provides the CTR_DRBG AES random number generator. */ -#define MBEDTLS_CTR_DRBG_C +// #define MBEDTLS_CTR_DRBG_C /** * \def MBEDTLS_DEBUG_C @@ -2183,7 +2188,7 @@ * * This module provides debugging functions. */ -#define MBEDTLS_DEBUG_C +// #define MBEDTLS_DEBUG_C /** * \def MBEDTLS_DES_C @@ -2212,7 +2217,7 @@ * \warning DES is considered a weak cipher and its use constitutes a * security risk. We recommend considering stronger ciphers instead. */ -#define MBEDTLS_DES_C +// #define MBEDTLS_DES_C /** * \def MBEDTLS_DHM_C @@ -2233,7 +2238,7 @@ * See dhm.h for more details. * */ -#define MBEDTLS_DHM_C +// #define MBEDTLS_DHM_C /** * \def MBEDTLS_ECDH_C @@ -2249,7 +2254,7 @@ * * Requires: MBEDTLS_ECP_C */ -#define MBEDTLS_ECDH_C +// #define MBEDTLS_ECDH_C /** * \def MBEDTLS_ECDSA_C @@ -2283,7 +2288,7 @@ * * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C */ -//#define MBEDTLS_ECJPAKE_C +// #define MBEDTLS_ECJPAKE_C /** * \def MBEDTLS_ECP_C @@ -2311,7 +2316,7 @@ * * This module provides a generic entropy pool */ -#define MBEDTLS_ENTROPY_C +// #define MBEDTLS_ENTROPY_C /** * \def MBEDTLS_ERROR_C @@ -2323,7 +2328,7 @@ * * This module enables mbedtls_strerror(). */ -#define MBEDTLS_ERROR_C +// #define MBEDTLS_ERROR_C /** * \def MBEDTLS_GCM_C @@ -2337,7 +2342,7 @@ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ -#define MBEDTLS_GCM_C +// #define MBEDTLS_GCM_C /** * \def MBEDTLS_HAVEGE_C @@ -2360,7 +2365,7 @@ * * Uncomment to enable the HAVEGE random generator. */ -//#define MBEDTLS_HAVEGE_C +// #define MBEDTLS_HAVEGE_C /** * \def MBEDTLS_HKDF_C @@ -2375,7 +2380,7 @@ * This module adds support for the Hashed Message Authentication Code * (HMAC)-based key derivation function (HKDF). */ -#define MBEDTLS_HKDF_C +// #define MBEDTLS_HKDF_C /** * \def MBEDTLS_HMAC_DRBG_C @@ -2389,7 +2394,7 @@ * * Uncomment to enable the HMAC_DRBG random number geerator. */ -#define MBEDTLS_HMAC_DRBG_C +// #define MBEDTLS_HMAC_DRBG_C /** * \def MBEDTLS_NIST_KW_C @@ -2402,7 +2407,7 @@ * * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C */ -//#define MBEDTLS_NIST_KW_C +// #define MBEDTLS_NIST_KW_C /** * \def MBEDTLS_MD_C @@ -2431,7 +2436,7 @@ * it, and considering stronger message digests instead. * */ -//#define MBEDTLS_MD2_C +// #define MBEDTLS_MD2_C /** * \def MBEDTLS_MD4_C @@ -2448,7 +2453,7 @@ * it, and considering stronger message digests instead. * */ -//#define MBEDTLS_MD4_C +// #define MBEDTLS_MD4_C /** * \def MBEDTLS_MD5_C @@ -2470,7 +2475,7 @@ * it, and considering stronger message digests instead. * */ -#define MBEDTLS_MD5_C +// #define MBEDTLS_MD5_C /** * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C @@ -2486,7 +2491,7 @@ * * Enable this module to enable the buffer memory allocator. */ -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C +// #define MBEDTLS_MEMORY_BUFFER_ALLOC_C /** * \def MBEDTLS_NET_C @@ -2649,7 +2654,7 @@ * This module enables SSL/TLS PKCS #11 smartcard support. * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) */ -//#define MBEDTLS_PKCS11_C +// #define MBEDTLS_PKCS11_C /** * \def MBEDTLS_PKCS12_C @@ -2665,7 +2670,7 @@ * * This module enables PKCS#12 functions. */ -#define MBEDTLS_PKCS12_C +// #define MBEDTLS_PKCS12_C /** * \def MBEDTLS_PLATFORM_C @@ -2695,7 +2700,7 @@ * Module: library/poly1305.c * Caller: library/chachapoly.c */ -#define MBEDTLS_POLY1305_C +// #define MBEDTLS_POLY1305_C /** * \def MBEDTLS_RIPEMD160_C @@ -2706,7 +2711,7 @@ * Caller: library/md.c * */ -#define MBEDTLS_RIPEMD160_C +// #define MBEDTLS_RIPEMD160_C /** * \def MBEDTLS_RSA_C @@ -2791,7 +2796,7 @@ * * Requires: MBEDTLS_SSL_CACHE_C */ -#define MBEDTLS_SSL_CACHE_C +// #define MBEDTLS_SSL_CACHE_C /** * \def MBEDTLS_SSL_COOKIE_C @@ -2801,7 +2806,7 @@ * Module: library/ssl_cookie.c * Caller: */ -#define MBEDTLS_SSL_COOKIE_C +// #define MBEDTLS_SSL_COOKIE_C /** * \def MBEDTLS_SSL_TICKET_C @@ -2813,7 +2818,7 @@ * * Requires: MBEDTLS_CIPHER_C */ -#define MBEDTLS_SSL_TICKET_C +// #define MBEDTLS_SSL_TICKET_C /** * \def MBEDTLS_SSL_CLI_C @@ -2827,7 +2832,7 @@ * * This module is required for SSL/TLS client support. */ -#define MBEDTLS_SSL_CLI_C +// #define MBEDTLS_SSL_CLI_C /** * \def MBEDTLS_SSL_SRV_C @@ -2841,7 +2846,7 @@ * * This module is required for SSL/TLS server support. */ -#define MBEDTLS_SSL_SRV_C +// #define MBEDTLS_SSL_SRV_C /** * \def MBEDTLS_SSL_TLS_C @@ -2857,7 +2862,7 @@ * * This module is required for SSL/TLS. */ -#define MBEDTLS_SSL_TLS_C +// #define MBEDTLS_SSL_TLS_C /** * \def MBEDTLS_THREADING_C @@ -2879,7 +2884,7 @@ * * Enable this layer to allow use of mutexes within mbed TLS */ -//#define MBEDTLS_THREADING_C +// #define MBEDTLS_THREADING_C /** * \def MBEDTLS_TIMING_C @@ -2913,7 +2918,7 @@ * * This module provides run-time version information. */ -#define MBEDTLS_VERSION_C +// #define MBEDTLS_VERSION_C /** * \def MBEDTLS_X509_USE_C @@ -2974,7 +2979,7 @@ * * This module is used for reading X.509 certificate request. */ -#define MBEDTLS_X509_CSR_PARSE_C +// #define MBEDTLS_X509_CSR_PARSE_C /** * \def MBEDTLS_X509_CREATE_C @@ -2987,7 +2992,7 @@ * * This module is the basis for creating X.509 certificates and CSRs. */ -#define MBEDTLS_X509_CREATE_C +// #define MBEDTLS_X509_CREATE_C /** * \def MBEDTLS_X509_CRT_WRITE_C @@ -3000,7 +3005,7 @@ * * This module is required for X.509 certificate creation. */ -#define MBEDTLS_X509_CRT_WRITE_C +// #define MBEDTLS_X509_CRT_WRITE_C /** * \def MBEDTLS_X509_CSR_WRITE_C @@ -3013,7 +3018,7 @@ * * This module is required for X.509 certificate request writing. */ -#define MBEDTLS_X509_CSR_WRITE_C +// #define MBEDTLS_X509_CSR_WRITE_C /** * \def MBEDTLS_XTEA_C @@ -3023,7 +3028,7 @@ * Module: library/xtea.c * Caller: */ -#define MBEDTLS_XTEA_C +// #define MBEDTLS_XTEA_C /* \} name SECTION: mbed TLS modules */ @@ -3043,64 +3048,64 @@ */ /* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ -//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ +// #define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ +// #define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ /* CTR_DRBG options */ -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ +// #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +// #define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +// #define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +// #define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +// #define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ /* HMAC_DRBG options */ -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ +// #define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +// #define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +// #define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +// #define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ /* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ -//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ +// #define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ +// #define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ +// #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ /* Entropy options */ -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ -//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ +// #define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ +// #define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ +// #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ /* Memory buffer allocator options */ -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ +// #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ /* Platform options */ -//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ +// #define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +// #define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ /* Note: your snprintf must correctly zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ +// #define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +// #define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ +// #define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ +// #define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ +// #define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ +// #define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +// #define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +// #define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ +// #define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ /* Note: your snprintf must correctly zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +// #define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +// #define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +// #define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ /** * \brief This macro is invoked by the library when an invalid parameter @@ -3136,11 +3141,11 @@ * * \param cond The expression that should evaluate to true, but doesn't. */ -//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) +// #define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) /* SSL Cache options */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ +// #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ +// #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ /* SSL options */ @@ -3168,7 +3173,7 @@ * Uncomment to set the maximum plaintext size of both * incoming and outgoing I/O buffers. */ -//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 +// #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /** \def MBEDTLS_SSL_IN_CONTENT_LEN * @@ -3193,7 +3198,7 @@ * Uncomment to set the maximum plaintext size of the incoming I/O buffer * independently of the outgoing I/O buffer. */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 +// #define MBEDTLS_SSL_IN_CONTENT_LEN 16384 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN * @@ -3217,7 +3222,7 @@ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer * independently of the incoming I/O buffer. */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 +// #define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING * @@ -3234,11 +3239,11 @@ * while buffering multiple smaller handshake messages. * */ -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 +// #define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 -//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ +// #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ +// #define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ +// #define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ /** * Complete list of ciphersuites to use, in order of preference. @@ -3252,11 +3257,11 @@ * * The value below is only an example, not the default. */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +// #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 /* X509 options */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ +// #define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ +// #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ /** * Allow SHA-1 in the default TLS configuration for certificate signing. @@ -3307,7 +3312,7 @@ * C standards (e.g using memset_s() in C11) or calling a secure memset() from * their system (e.g explicit_bzero() in BSD). */ -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT +// #define MBEDTLS_PLATFORM_ZEROIZE_ALT /** * Uncomment the macro to let Mbed TLS use your alternate implementation of @@ -3326,7 +3331,7 @@ * unconditionally use the implementation for mbedtls_platform_gmtime_r() * supplied at compile time. */ -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT +// #define MBEDTLS_PLATFORM_GMTIME_R_ALT /* \} name SECTION: Customisation configuration options */ -- GitLab