crypto/mbedtls: Unified configuration with mbedtls default configuration
The configuration of Kconfig used by the nuttx before is not consistent with the mbedtls default configuration. This patch update configuration is consistent with the default configuration. Signed-off-by: makejian <makejian@xiaomi.com>
This commit is contained in:
parent
9fa9c5b0a2
commit
8c95ab94d3
@ -17,7 +17,7 @@ config MBEDTLS_VERSION
|
|||||||
|
|
||||||
config MBEDTLS_DEBUG_C
|
config MBEDTLS_DEBUG_C
|
||||||
bool "This module provides debugging functions."
|
bool "This module provides debugging functions."
|
||||||
default n
|
default DEBUG_FEATURES
|
||||||
---help---
|
---help---
|
||||||
This module provides debugging functions.
|
This module provides debugging functions.
|
||||||
|
|
||||||
@ -70,19 +70,15 @@ config MBEDTLS_SELF_TEST
|
|||||||
config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
||||||
bool "Enable server-side support for clients that reconnect from the same port."
|
bool "Enable server-side support for clients that reconnect from the same port."
|
||||||
depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_BLOWFISH_C
|
|
||||||
bool "Enable the Blowfish block cipher."
|
|
||||||
default n
|
|
||||||
|
|
||||||
config MBEDTLS_CAMELLIA_C
|
config MBEDTLS_CAMELLIA_C
|
||||||
bool "Enable the Camellia block cipher."
|
bool "Enable the Camellia block cipher."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PADLOCK_C
|
config MBEDTLS_PADLOCK_C
|
||||||
bool "Enable VIA Padlock support on x86."
|
bool "Enable VIA Padlock support on x86."
|
||||||
default n
|
default !MBEDTLS_AES_ALT
|
||||||
|
|
||||||
config MBEDTLS_TIMING_C
|
config MBEDTLS_TIMING_C
|
||||||
bool "Enable the semi-portable timing interface."
|
bool "Enable the semi-portable timing interface."
|
||||||
@ -90,44 +86,41 @@ config MBEDTLS_TIMING_C
|
|||||||
|
|
||||||
config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||||
bool "Enable the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake."
|
bool "Enable the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_PROTO_DTLS
|
config MBEDTLS_SSL_PROTO_DTLS
|
||||||
bool "Enable support for DTLS (all available versions)."
|
bool "Enable support for DTLS (all available versions)."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
if MBEDTLS_SSL_PROTO_DTLS
|
if MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
|
||||||
config MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
config MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
||||||
bool "Enable support for the anti-replay mechanism in DTLS."
|
bool "Enable support for the anti-replay mechanism in DTLS."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
config MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
||||||
bool "Enable support for HelloVerifyRequest on DTLS servers."
|
bool "Enable support for HelloVerifyRequest on DTLS servers."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_DTLS_BADMAC_LIMIT
|
|
||||||
bool "Enable support for a limit of records with bad MAC."
|
|
||||||
default n
|
|
||||||
|
|
||||||
config MBEDTLS_SSL_DTLS_CONNECTION_ID
|
config MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
bool "Enable the Connection ID extension."
|
bool "Enable the Connection ID extension."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
config MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
||||||
bool "Enable the standard version of DTLS Connection ID feature."
|
int "Enable the standard version of DTLS Connection ID feature."
|
||||||
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
|
depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
default n
|
default 0
|
||||||
|
|
||||||
endif # MBEDTLS_SSL_PROTO_DTLS
|
endif # MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
|
||||||
config MBEDTLS_SSL_ALPN
|
config MBEDTLS_SSL_ALPN
|
||||||
bool "Enable support for RFC 7301 Application Layer Protocol Negotiation."
|
bool "Enable support for RFC 7301 Application Layer Protocol Negotiation."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_AESNI_C
|
config MBEDTLS_AESNI_C
|
||||||
bool "Enable AES-NI support on x86-64."
|
bool "Enable AES-NI support on x86-64."
|
||||||
default n
|
depends on ARCH_X86_64
|
||||||
|
default !MBEDTLS_AES_ALT
|
||||||
|
|
||||||
config MBEDTLS_ECP_WINDOW_SIZE
|
config MBEDTLS_ECP_WINDOW_SIZE
|
||||||
int "Maximum window size used"
|
int "Maximum window size used"
|
||||||
@ -139,50 +132,49 @@ config MBEDTLS_ECP_FIXED_POINT_OPTIM
|
|||||||
|
|
||||||
config MBEDTLS_CMAC_C
|
config MBEDTLS_CMAC_C
|
||||||
bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block"
|
bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block"
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_NET_C
|
config MBEDTLS_NET_C
|
||||||
bool "Enable the TCP and UDP over IPv6/IPv4 networking routines"
|
bool "Enable the TCP and UDP over IPv6/IPv4 networking routines"
|
||||||
default y if LIBC_NETDB
|
default LIBC_NETDB
|
||||||
default n if !LIBC_NETDB
|
|
||||||
|
|
||||||
config MBEDTLS_ECDSA_C
|
config MBEDTLS_ECDSA_C
|
||||||
bool "Enable the elliptic curve DSA library."
|
bool "Enable the elliptic curve DSA library."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_C
|
config MBEDTLS_ECP_C
|
||||||
bool "Enable the elliptic curve over GF(p) library."
|
bool "Enable the elliptic curve over GF(p) library."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
config MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||||
bool "Enables specific curves within the Elliptic Curve module."
|
bool "Enables specific curves within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PEM_WRITE_C
|
config MBEDTLS_PEM_WRITE_C
|
||||||
bool "Enable PEM encoding / writing."
|
bool "Enable PEM encoding / writing."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PK_WRITE_C
|
config MBEDTLS_PK_WRITE_C
|
||||||
bool "Enable the generic public (asymmetric) key writer."
|
bool "Enable the generic public (asymmetric) key writer."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_X509_CREATE_C
|
config MBEDTLS_X509_CREATE_C
|
||||||
bool "Enable X.509 core for creating certificates."
|
bool "Enable X.509 core for creating certificates."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_X509_CRT_WRITE_C
|
config MBEDTLS_X509_CRT_WRITE_C
|
||||||
bool "Enable creating X.509 certificates."
|
bool "Enable creating X.509 certificates."
|
||||||
select MBEDTLS_X509_CREATE_C
|
depends on MBEDTLS_X509_CREATE_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_X509_CSR_WRITE_C
|
config MBEDTLS_X509_CSR_WRITE_C
|
||||||
bool "Enable creating X.509 Certificate Signing Requests (CSR)."
|
bool "Enable creating X.509 Certificate Signing Requests (CSR)."
|
||||||
select MBEDTLS_X509_CREATE_C
|
depends on MBEDTLS_X509_CREATE_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_X509_CSR_PARSE_C
|
config MBEDTLS_X509_CSR_PARSE_C
|
||||||
bool "Enable X.509 Certificate Signing Request (CSR) parsing."
|
bool "Enable X.509 Certificate Signing Request (CSR) parsing."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_X509_CRT_POOL
|
config MBEDTLS_X509_CRT_POOL
|
||||||
bool "Enable the X509 Certificate Pool"
|
bool "Enable the X509 Certificate Pool"
|
||||||
@ -190,189 +182,189 @@ config MBEDTLS_X509_CRT_POOL
|
|||||||
|
|
||||||
config MBEDTLS_HAVE_ASM
|
config MBEDTLS_HAVE_ASM
|
||||||
bool "Enable compiler support for asm."
|
bool "Enable compiler support for asm."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_HAVE_TIME_DATE
|
config MBEDTLS_HAVE_TIME_DATE
|
||||||
bool "Enable to verify the validity period of X.509 certificates when system have correct clock."
|
bool "Enable to verify the validity period of X.509 certificates when system have correct clock."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CIPHER_MODE_CFB
|
config MBEDTLS_CIPHER_MODE_CFB
|
||||||
bool "Enable Cipher Feedback mode (CFB) for symmetric ciphers."
|
bool "Enable Cipher Feedback mode (CFB) for symmetric ciphers."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CIPHER_MODE_CTR
|
config MBEDTLS_CIPHER_MODE_CTR
|
||||||
bool "Enable Counter Block Cipher mode (CTR) for symmetric ciphers."
|
bool "Enable Counter Block Cipher mode (CTR) for symmetric ciphers."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CIPHER_MODE_OFB
|
config MBEDTLS_CIPHER_MODE_OFB
|
||||||
bool "Enable Output Feedback mode (OFB) for symmetric ciphers."
|
bool "Enable Output Feedback mode (OFB) for symmetric ciphers."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CIPHER_MODE_XTS
|
config MBEDTLS_CIPHER_MODE_XTS
|
||||||
bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES."
|
bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CIPHER_PADDING_PKCS7
|
config MBEDTLS_CIPHER_PADDING_PKCS7
|
||||||
bool "Enable PKCS7 padding mode in the cipher layer."
|
bool "Enable PKCS7 padding mode in the cipher layer."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
|
config MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
|
||||||
bool "Enable bit padding mode in the cipher layer."
|
bool "Enable bit padding mode in the cipher layer."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
|
config MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
|
||||||
bool "Enable zero and length padding mode in the cipher layer."
|
bool "Enable zero and length padding mode in the cipher layer."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CIPHER_PADDING_ZEROS
|
config MBEDTLS_CIPHER_PADDING_ZEROS
|
||||||
bool "Enable zeros padding mode in the cipher layer."
|
bool "Enable zeros padding mode in the cipher layer."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
config MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||||
bool "Enables SECP192R1 curve within the Elliptic Curve module."
|
bool "Enables SECP192R1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
config MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||||
bool "Enables SECP224R1 curve within the Elliptic Curve module."
|
bool "Enables SECP224R1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
config MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
bool "Enables SECP384R1 curve within the Elliptic Curve module."
|
bool "Enables SECP384R1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
config MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||||
bool "Enables SECP521R1 curve within the Elliptic Curve module."
|
bool "Enables SECP521R1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
config MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||||
bool "Enables SECP192K1 curve within the Elliptic Curve module."
|
bool "Enables SECP192K1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
config MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||||
bool "Enables SECP224K1 curve within the Elliptic Curve module."
|
bool "Enables SECP224K1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
config MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||||
bool "Enables SECP256K1 curve within the Elliptic Curve module."
|
bool "Enables SECP256K1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_BP256R1_ENABLED
|
config MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||||
bool "Enables BP256R1 curve within the Elliptic Curve module."
|
bool "Enables BP256R1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_BP384R1_ENABLED
|
config MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||||
bool "Enables BP384R1 curve within the Elliptic Curve module."
|
bool "Enables BP384R1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_BP512R1_ENABLED
|
config MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||||
bool "Enables BP512R1 curve within the Elliptic Curve module."
|
bool "Enables BP512R1 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
config MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||||
bool "Enables CURVE25519 curve within the Elliptic Curve module."
|
bool "Enables CURVE25519 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_DP_CURVE448_ENABLED
|
config MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||||
bool "Enables CURVE448 curve within the Elliptic Curve module."
|
bool "Enables CURVE448 curve within the Elliptic Curve module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_NIST_OPTIM
|
config MBEDTLS_ECP_NIST_OPTIM
|
||||||
bool "Enable specific 'modulo p' routines for each NIST prime."
|
bool "Enable specific 'modulo p' routines for each NIST prime."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECDSA_DETERMINISTIC
|
config MBEDTLS_ECDSA_DETERMINISTIC
|
||||||
bool "Enable deterministic ECDSA (RFC 6979)."
|
bool "Enable deterministic ECDSA (RFC 6979)."
|
||||||
depends on MBEDTLS_HMAC_DRBG_C && MBEDTLS_ECDSA_C
|
depends on MBEDTLS_HMAC_DRBG_C && MBEDTLS_ECDSA_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||||
bool "Enable the PSK based ciphersuite modes in SSL / TLS."
|
bool "Enable the PSK based ciphersuite modes in SSL / TLS."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||||
bool "Enable the DHE-PSK based ciphersuite modes in SSL / TLS."
|
bool "Enable the DHE-PSK based ciphersuite modes in SSL / TLS."
|
||||||
depends on MBEDTLS_DHM_C
|
depends on MBEDTLS_DHM_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||||
bool "Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS."
|
bool "Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS."
|
||||||
depends on MBEDTLS_ECDH_C
|
depends on MBEDTLS_ECDH_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||||
bool "Enable the RSA-PSK based ciphersuite modes in SSL / TLS."
|
bool "Enable the RSA-PSK based ciphersuite modes in SSL / TLS."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||||
bool "Enable the DHE-RSA based ciphersuite modes in SSL / TLS."
|
bool "Enable the DHE-RSA based ciphersuite modes in SSL / TLS."
|
||||||
depends on MBEDTLS_DHM_C
|
depends on MBEDTLS_DHM_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
bool "Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS."
|
bool "Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS."
|
||||||
depends on MBEDTLS_ECDH_C
|
depends on MBEDTLS_ECDH_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
bool "Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS."
|
bool "Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS."
|
||||||
depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
|
depends on MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
bool "Enable the ECDH-RSA based ciphersuite modes in SSL / TLS."
|
bool "Enable the ECDH-RSA based ciphersuite modes in SSL / TLS."
|
||||||
depends on MBEDTLS_ECDH_C
|
depends on MBEDTLS_ECDH_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PK_PARSE_EC_EXTENDED
|
config MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||||
bool "Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480."
|
bool "Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ERROR_STRERROR_DUMMY
|
config MBEDTLS_ERROR_STRERROR_DUMMY
|
||||||
bool "Enable a dummy error function to make use of mbedtls_strerror()."
|
bool "Enable a dummy error function to make use of mbedtls_strerror()."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_GENPRIME
|
config MBEDTLS_GENPRIME
|
||||||
bool "Enable the prime-number generation code."
|
bool "Enable the prime-number generation code."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PK_RSA_ALT_SUPPORT
|
config MBEDTLS_PK_RSA_ALT_SUPPORT
|
||||||
bool "Support external private RSA keys (eg from a HSM) in the PK layer."
|
bool "Support external private RSA keys (eg from a HSM) in the PK layer."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
config MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
bool "Enable serialization of the TLS context structures."
|
bool "Enable serialization of the TLS context structures."
|
||||||
depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C
|
depends on MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
config MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
bool "Enable support for Encrypt-then-MAC, RFC 7366."
|
bool "Enable support for Encrypt-then-MAC, RFC 7366."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
||||||
bool "Enable Session Hash and Extended Master Secret Extension."
|
bool "Enable Session Hash and Extended Master Secret Extension."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_RENEGOTIATION
|
config MBEDTLS_SSL_RENEGOTIATION
|
||||||
bool "Enable support for TLS renegotiation."
|
bool "Enable support for TLS renegotiation."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
config MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
bool "Enable support for RFC 6066 max_fragment_length extension in SSL."
|
bool "Enable support for RFC 6066 max_fragment_length extension in SSL."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
||||||
bool "Enable TLS 1.3 PSK key exchange mode."
|
bool "Enable TLS 1.3 PSK key exchange mode."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||||
bool "Enable TLS 1.3 ephemeral key exchange mode."
|
bool "Enable TLS 1.3 ephemeral key exchange mode."
|
||||||
depends on MBEDTLS_ECDH_C
|
depends on MBEDTLS_ECDH_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||||
bool "Enable TLS 1.3 PSK ephemeral key exchange mode."
|
bool "Enable TLS 1.3 PSK ephemeral key exchange mode."
|
||||||
depends on MBEDTLS_ECDH_C
|
depends on MBEDTLS_ECDH_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
|
config MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
|
||||||
int "The default maximum amount of 0-RTT data."
|
int "The default maximum amount of 0-RTT data."
|
||||||
@ -380,11 +372,11 @@ config MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
|
|||||||
|
|
||||||
config MBEDTLS_SSL_SESSION_TICKETS
|
config MBEDTLS_SSL_SESSION_TICKETS
|
||||||
bool "Enable support for RFC 5077 session tickets in SSL."
|
bool "Enable support for RFC 5077 session tickets in SSL."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_SERVER_NAME_INDICATION
|
config MBEDTLS_SSL_SERVER_NAME_INDICATION
|
||||||
bool "Enable support for RFC 6066 server name indication (SNI) in SSL."
|
bool "Enable support for RFC 6066 server name indication (SNI) in SSL."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_THREADING_PTHREAD
|
config MBEDTLS_THREADING_PTHREAD
|
||||||
bool "Enable the pthread wrapper layer for the threading layer."
|
bool "Enable the pthread wrapper layer for the threading layer."
|
||||||
@ -394,56 +386,52 @@ config MBEDTLS_THREADING_PTHREAD
|
|||||||
config MBEDTLS_VERSION_FEATURES
|
config MBEDTLS_VERSION_FEATURES
|
||||||
bool "Allow run-time checking of compile-time enabled features."
|
bool "Allow run-time checking of compile-time enabled features."
|
||||||
depends on MBEDTLS_VERSION_C
|
depends on MBEDTLS_VERSION_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
config MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||||
bool "Enable parsing and verification of X.509 certificates, CRLs and CSRS signed with RSASSA-PSS."
|
bool "Enable parsing and verification of X.509 certificates, CRLs and CSRS signed with RSASSA-PSS."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_AESCE_C
|
config MBEDTLS_AESCE_C
|
||||||
bool "Enable AES cryptographic extension support on 64-bit Arm."
|
bool "Enable AES cryptographic extension support on 64-bit Arm."
|
||||||
depends on MBEDTLS_HAVE_ASM
|
depends on MBEDTLS_HAVE_ASM
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ARC4_C
|
|
||||||
bool "Enable the ARCFOUR stream cipher."
|
|
||||||
default n
|
|
||||||
|
|
||||||
config MBEDTLS_ARIA_C
|
config MBEDTLS_ARIA_C
|
||||||
bool "Enable the ARIA block cipher."
|
bool "Enable the ARIA block cipher."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CCM_C
|
config MBEDTLS_CCM_C
|
||||||
bool "Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher."
|
bool "Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CHACHA20_C
|
config MBEDTLS_CHACHA20_C
|
||||||
bool "Enable the ChaCha20 stream cipher."
|
bool "Enable the ChaCha20 stream cipher."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_CHACHAPOLY_C
|
config MBEDTLS_CHACHAPOLY_C
|
||||||
bool "Enable the ChaCha20-Poly1305 AEAD algorithm."
|
bool "Enable the ChaCha20-Poly1305 AEAD algorithm."
|
||||||
depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
|
depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_DHM_C
|
config MBEDTLS_DHM_C
|
||||||
bool "Enable the Diffie-Hellman-Merkle module."
|
bool "Enable the Diffie-Hellman-Merkle module."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECDH_C
|
config MBEDTLS_ECDH_C
|
||||||
bool "Enable the elliptic curve Diffie-Hellman library."
|
bool "Enable the elliptic curve Diffie-Hellman library."
|
||||||
depends on MBEDTLS_ECP_C
|
depends on MBEDTLS_ECP_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECDSA_C
|
config MBEDTLS_ECDSA_C
|
||||||
bool "Enable the elliptic curve DSA library."
|
bool "Enable the elliptic curve DSA library."
|
||||||
depends on MBEDTLS_ECP_C
|
depends on MBEDTLS_ECP_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECJPAKE_C
|
config MBEDTLS_ECJPAKE_C
|
||||||
bool "Enable the elliptic curve J-PAKE library."
|
bool "Enable the elliptic curve J-PAKE library."
|
||||||
depends on MBEDTLS_ECP_C
|
depends on MBEDTLS_ECP_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ECP_C
|
config MBEDTLS_ECP_C
|
||||||
bool "Enable the elliptic curve over GF(p) library."
|
bool "Enable the elliptic curve over GF(p) library."
|
||||||
@ -454,88 +442,88 @@ config MBEDTLS_ECP_C
|
|||||||
|| MBEDTLS_ECP_DP_BP256R1_ENABLED || MBEDTLS_ECP_DP_BP384R1_ENABLED \
|
|| MBEDTLS_ECP_DP_BP256R1_ENABLED || MBEDTLS_ECP_DP_BP384R1_ENABLED \
|
||||||
|| MBEDTLS_ECP_DP_BP512R1_ENABLED || MBEDTLS_ECP_DP_CURVE25519_ENABLED \
|
|| MBEDTLS_ECP_DP_BP512R1_ENABLED || MBEDTLS_ECP_DP_CURVE25519_ENABLED \
|
||||||
|| MBEDTLS_ECP_DP_CURVE448_ENABLED
|
|| MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_ERROR_C
|
config MBEDTLS_ERROR_C
|
||||||
bool "Enable error code to error string conversion."
|
bool "Enable error code to error string conversion."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_GCM_C
|
config MBEDTLS_GCM_C
|
||||||
bool "Enable the Galois/Counter Mode (GCM)."
|
bool "Enable the Galois/Counter Mode (GCM)."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_HKDF_C
|
config MBEDTLS_HKDF_C
|
||||||
bool "Enable the HKDF algorithm (RFC 5869)."
|
bool "Enable the HKDF algorithm (RFC 5869)."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_HMAC_DRBG_C
|
config MBEDTLS_HMAC_DRBG_C
|
||||||
bool "Enable the HMAC_DRBG random generator."
|
bool "Enable the HMAC_DRBG random generator."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_LMS_C
|
config MBEDTLS_LMS_C
|
||||||
bool "Enable the LMS stateful-hash asymmetric signature algorithm."
|
bool "Enable the LMS stateful-hash asymmetric signature algorithm."
|
||||||
depends on MBEDTLS_PSA_CRYPTO_C
|
depends on MBEDTLS_PSA_CRYPTO_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_NIST_KW_C
|
config MBEDTLS_NIST_KW_C
|
||||||
bool "Enable the Key Wrapping mode for 128-bit block ciphers."
|
bool "Enable the Key Wrapping mode for 128-bit block ciphers."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PKCS5_C
|
config MBEDTLS_PKCS5_C
|
||||||
bool "Enable PKCS#5 functions."
|
bool "Enable PKCS#5 functions."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PKCS7_C
|
config MBEDTLS_PKCS7_C
|
||||||
bool "Enable PKCS #7 core for using PKCS #7-formatted signatures."
|
bool "Enable PKCS #7 core for using PKCS #7-formatted signatures."
|
||||||
depends on MBEDTLS_X509_CRL_PARSE_C
|
depends on MBEDTLS_X509_CRL_PARSE_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PKCS12_C
|
config MBEDTLS_PKCS12_C
|
||||||
bool "Enable PKCS#12 PBE functions."
|
bool "Enable PKCS#12 PBE functions."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PLATFORM_C
|
config MBEDTLS_PLATFORM_C
|
||||||
bool "Enable the platform abstraction layer."
|
bool "Enable the platform abstraction layer."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_POLY1305_C
|
config MBEDTLS_POLY1305_C
|
||||||
bool "Enable the Poly1305 MAC algorithm."
|
bool "Enable the Poly1305 MAC algorithm."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PSA_CRYPTO_C
|
config MBEDTLS_PSA_CRYPTO_C
|
||||||
bool "Enable the Platform Security Architecture cryptography API."
|
bool "Enable the Platform Security Architecture cryptography API."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PSA_CRYPTO_STORAGE_C
|
config MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
bool "Enable the Platform Security Architecture persistent key storage."
|
bool "Enable the Platform Security Architecture persistent key storage."
|
||||||
depends on MBEDTLS_PSA_CRYPTO_C
|
depends on MBEDTLS_PSA_CRYPTO_C
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_PSA_ITS_FILE_C
|
config MBEDTLS_PSA_ITS_FILE_C
|
||||||
bool "Enable the emulation of the Platform Security Architecture Internal Trusted Storage (PSA ITS) over files."
|
bool "Enable the emulation of the Platform Security Architecture Internal Trusted Storage (PSA ITS) over files."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_RIPEMD160_C
|
config MBEDTLS_RIPEMD160_C
|
||||||
bool "Enable the RIPEMD-160 hash algorithm."
|
bool "Enable the RIPEMD-160 hash algorithm."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SHA384_C
|
config MBEDTLS_SHA384_C
|
||||||
bool "Enable the SHA-384 cryptographic hash algorithm."
|
bool "Enable the SHA-384 cryptographic hash algorithm."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SHA512_C
|
config MBEDTLS_SHA512_C
|
||||||
bool "Enable SHA-512 cryptographic hash algorithms."
|
bool "Enable SHA-512 cryptographic hash algorithms."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_CACHE_C
|
config MBEDTLS_SSL_CACHE_C
|
||||||
bool "Enable simple SSL cache implementation."
|
bool "Enable simple SSL cache implementation."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_SSL_TICKET_C
|
config MBEDTLS_SSL_TICKET_C
|
||||||
bool "Enable an implementation of TLS server-side callbacks for session tickets."
|
bool "Enable an implementation of TLS server-side callbacks for session tickets."
|
||||||
depends on (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && \
|
depends on (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && \
|
||||||
(MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
|
(MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_THREADING_C
|
config MBEDTLS_THREADING_C
|
||||||
bool "Enable the threading abstraction layer."
|
bool "Enable the threading abstraction layer."
|
||||||
@ -543,15 +531,11 @@ config MBEDTLS_THREADING_C
|
|||||||
|
|
||||||
config MBEDTLS_VERSION_C
|
config MBEDTLS_VERSION_C
|
||||||
bool "Enable run-time version information."
|
bool "Enable run-time version information."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_X509_CRL_PARSE_C
|
config MBEDTLS_X509_CRL_PARSE_C
|
||||||
bool "Enable X.509 CRL parsing."
|
bool "Enable X.509 CRL parsing."
|
||||||
default n
|
default y
|
||||||
|
|
||||||
config MBEDTLS_XTEA_C
|
|
||||||
bool "Enable the XTEA block cipher."
|
|
||||||
default n
|
|
||||||
|
|
||||||
config MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
|
config MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
|
||||||
int "Maximum time difference in milliseconds tolerated between the age of a ticket from the server and client point of view."
|
int "Maximum time difference in milliseconds tolerated between the age of a ticket from the server and client point of view."
|
||||||
@ -561,7 +545,7 @@ config MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
|
|||||||
int "Size in bytes of a ticket nonce."
|
int "Size in bytes of a ticket nonce."
|
||||||
default 32
|
default 32
|
||||||
|
|
||||||
config MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
|
config MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
|
||||||
int "Default number of NewSessionTicket messages to be sent by a TLS 1.3 server after handshake completion."
|
int "Default number of NewSessionTicket messages to be sent by a TLS 1.3 server after handshake completion."
|
||||||
default 1
|
default 1
|
||||||
|
|
||||||
|
@ -1605,7 +1605,7 @@
|
|||||||
* Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
|
* Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
*/
|
*/
|
||||||
#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
||||||
#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
|
#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user