Merge branch 'Mbed-TLS:development' into sha3
This commit is contained in:
Pol Henarejos
GitHub
commit
c9754c3ec1
394 changed files with 51669 additions and 11750 deletions
|
|
@ -25,7 +25,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* This is an optional version symbol that enables comatibility handling of
|
||||
* This is an optional version symbol that enables compatibility handling of
|
||||
* config files.
|
||||
*
|
||||
* It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
|
||||
|
|
@ -225,6 +225,7 @@
|
|||
* Uncomment a macro to enable alternate implementation of specific base
|
||||
* platform function
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_SETBUF_ALT
|
||||
//#define MBEDTLS_PLATFORM_EXIT_ALT
|
||||
//#define MBEDTLS_PLATFORM_TIME_ALT
|
||||
//#define MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||
|
|
@ -330,7 +331,7 @@
|
|||
//#define MBEDTLS_SHA512_ALT
|
||||
|
||||
/*
|
||||
* When replacing the elliptic curve module, pleace consider, that it is
|
||||
* When replacing the elliptic curve module, please consider, that it is
|
||||
* implemented with two .c files:
|
||||
* - ecp.c
|
||||
* - ecp_curves.c
|
||||
|
|
@ -957,7 +958,7 @@
|
|||
* might still happen. For this reason, this is disabled by default.
|
||||
*
|
||||
* Requires: MBEDTLS_ECJPAKE_C
|
||||
* MBEDTLS_SHA256_C
|
||||
* SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C)
|
||||
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
|
|
@ -1109,7 +1110,7 @@
|
|||
* Include backtrace information with each allocated block.
|
||||
*
|
||||
* Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
* GLIBC-compatible backtrace() an backtrace_symbols() support
|
||||
* GLIBC-compatible backtrace() and backtrace_symbols() support
|
||||
*
|
||||
* Uncomment this macro to include backtrace information
|
||||
*/
|
||||
|
|
@ -1129,7 +1130,7 @@
|
|||
*
|
||||
* Enable support for PKCS#1 v1.5 encoding.
|
||||
*
|
||||
* Requires: MBEDTLS_RSA_C
|
||||
* Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
|
||||
*
|
||||
* This enables support for PKCS#1 v1.5 operations.
|
||||
*/
|
||||
|
|
@ -1140,7 +1141,10 @@
|
|||
*
|
||||
* Enable support for PKCS#1 v2.1 encoding.
|
||||
*
|
||||
* Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
|
||||
* Requires: MBEDTLS_RSA_C and (MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C).
|
||||
*
|
||||
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
|
||||
* before doing any PKCS#1 v2.1 operation.
|
||||
*
|
||||
* This enables support for RSAES-OAEP and RSASSA-PSS operations.
|
||||
*/
|
||||
|
|
@ -1184,8 +1188,9 @@
|
|||
*
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C
|
||||
*
|
||||
* \warning This interface is experimental and may change or be removed
|
||||
* without notice.
|
||||
* \warning This interface is experimental. We intend to maintain backward
|
||||
* compatibility with application code that relies on drivers,
|
||||
* but the driver interfaces may change without notice.
|
||||
*/
|
||||
//#define MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
|
||||
|
|
@ -1375,6 +1380,8 @@
|
|||
* saved after the handshake to allow for more efficient serialization, so if
|
||||
* you don't need this feature you'll save RAM by disabling it.
|
||||
*
|
||||
* Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
|
||||
*
|
||||
* Comment to disable the context serialization APIs.
|
||||
*/
|
||||
#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||
|
|
@ -1416,7 +1423,7 @@
|
|||
* Enable support for RFC 7627: Session Hash and Extended Master Secret
|
||||
* Extension.
|
||||
*
|
||||
* This was introduced as "the proper fix" to the Triple Handshake familiy of
|
||||
* This was introduced as "the proper fix" to the Triple Handshake family of
|
||||
* attacks, but it is recommended to always use it (even if you disable
|
||||
* renegotiation), since it actually fixes a more fundamental issue in the
|
||||
* original SSL/TLS design, and has implications beyond Triple Handshake.
|
||||
|
|
@ -1442,7 +1449,9 @@
|
|||
* \note This option has no influence on the protection against the
|
||||
* triple handshake attack. Even if it is disabled, Mbed TLS will
|
||||
* still ensure that certificates do not change during renegotiation,
|
||||
* for exaple by keeping a hash of the peer's certificate.
|
||||
* for example by keeping a hash of the peer's certificate.
|
||||
*
|
||||
* \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
|
||||
*
|
||||
* Comment this macro to disable storing the peer's certificate
|
||||
* after the handshake.
|
||||
|
|
@ -1485,8 +1494,14 @@
|
|||
*
|
||||
* Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
|
||||
*
|
||||
* Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
|
||||
* (Depends on ciphersuites)
|
||||
* Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
|
||||
* (MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C)
|
||||
* With MBEDTLS_USE_PSA_CRYPTO:
|
||||
* PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
|
||||
* PSA_WANT_ALG_SHA_512
|
||||
*
|
||||
* \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
|
||||
* psa_crypto_init() before doing any TLS operations.
|
||||
*
|
||||
* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
|
||||
*/
|
||||
|
|
@ -1502,8 +1517,16 @@
|
|||
* See docs/architecture/tls13-support.md for a description of the TLS
|
||||
* 1.3 support that this option enables.
|
||||
*
|
||||
* Uncomment this macro to enable the support for TLS 1.3.
|
||||
* Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C
|
||||
*
|
||||
* Note: even though TLS 1.3 depends on PSA Crypto, and uses it unconditonally
|
||||
* for most operations, if you want it to only use PSA for all crypto
|
||||
* operations, you need to also enable MBEDTLS_USE_PSA_CRYPTO; otherwise X.509
|
||||
* operations, and functions that are common with TLS 1.2 (record protection,
|
||||
* running handshake hash) will still use non-PSA crypto.
|
||||
*
|
||||
* Uncomment this macro to enable the support for TLS 1.3.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
||||
|
|
@ -1529,6 +1552,45 @@
|
|||
*/
|
||||
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
|
||||
*
|
||||
* Maximum time difference in milliseconds tolerated between the age of a
|
||||
* ticket from the server and client point of view.
|
||||
* From the client point of view, the age of a ticket is the time difference
|
||||
* between the time when the client proposes to the server to use the ticket
|
||||
* (time of writing of the Pre-Shared Key Extension including the ticket) and
|
||||
* the time the client received the ticket from the server.
|
||||
* From the server point of view, the age of a ticket is the time difference
|
||||
* between the time when the server receives a proposition from the client
|
||||
* to use the ticket and the time when the ticket was created by the server.
|
||||
* The server age is expected to be always greater than the client one and
|
||||
* MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
|
||||
* maximum difference tolerated for the server to accept the ticket.
|
||||
* This is not used in TLS 1.2.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
|
||||
*
|
||||
* Size in bytes of a ticket nonce. This is not used in TLS 1.2.
|
||||
*
|
||||
* This must be less than 256.
|
||||
*/
|
||||
#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
|
||||
*
|
||||
* Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
|
||||
* after handshake completion. This is not used in TLS 1.2 and relevant only if
|
||||
* the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_DTLS
|
||||
*
|
||||
|
|
@ -1576,7 +1638,7 @@
|
|||
* unless you know for sure amplification cannot be a problem in the
|
||||
* environment in which your server operates.
|
||||
*
|
||||
* \warning Disabling this can ba a security risk! (see above)
|
||||
* \warning Disabling this can be a security risk! (see above)
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_DTLS
|
||||
*
|
||||
|
|
@ -1758,12 +1820,11 @@
|
|||
* \note See docs/use-psa-crypto.md for a complete description of what this
|
||||
* option currently does, and of parts that are not affected by it so far.
|
||||
*
|
||||
* \warning This option enables new Mbed TLS APIs which are currently
|
||||
* considered experimental and may change in incompatible ways at any time.
|
||||
* That is, the APIs enabled by this option are not covered by the usual
|
||||
* promises of API stability.
|
||||
* \warning If you enable this option, you need to call `psa_crypto_init()`
|
||||
* before calling any function from the SSL/TLS, X.509 or PK modules.
|
||||
*
|
||||
* Requires: MBEDTLS_PSA_CRYPTO_C.
|
||||
* Conflicts with: MBEDTLS_ECP_RESTARTABLE
|
||||
*
|
||||
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
|
||||
*/
|
||||
|
|
@ -1990,6 +2051,9 @@
|
|||
* Enable the multi-precision integer library.
|
||||
*
|
||||
* Module: library/bignum.c
|
||||
* library/bignum_core.c
|
||||
* library/bignum_mod.c
|
||||
* library/bignum_mod_raw.c
|
||||
* Caller: library/dhm.c
|
||||
* library/ecp.c
|
||||
* library/ecdsa.c
|
||||
|
|
@ -2115,7 +2179,8 @@
|
|||
*
|
||||
* Module: library/ccm.c
|
||||
*
|
||||
* Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
|
||||
* Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
|
||||
* MBEDTLS_ARIA_C
|
||||
*
|
||||
* This module enables the AES-CCM ciphersuites, if other requisites are
|
||||
* enabled as well.
|
||||
|
|
@ -2148,7 +2213,17 @@
|
|||
* Enable the generic cipher layer.
|
||||
*
|
||||
* Module: library/cipher.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/ccm.c
|
||||
* library/cmac.c
|
||||
* library/gcm.c
|
||||
* library/nist_kw.c
|
||||
* library/pkcs12.c
|
||||
* library/pkcs5.c
|
||||
* library/psa_crypto_aead.c
|
||||
* library/psa_crypto_mac.c
|
||||
* library/ssl_ciphersuites.c
|
||||
* library/ssl_msg.c
|
||||
* library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
|
||||
*
|
||||
* Uncomment to enable generic cipher wrappers.
|
||||
*/
|
||||
|
|
@ -2167,7 +2242,7 @@
|
|||
*
|
||||
* Module: library/cmac.c
|
||||
*
|
||||
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
|
||||
* Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_CMAC_C
|
||||
|
|
@ -2295,7 +2370,10 @@
|
|||
* This module is used by the following key exchanges:
|
||||
* ECJPAKE
|
||||
*
|
||||
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
|
||||
* Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
|
||||
*
|
||||
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
|
||||
* before doing any EC J-PAKE operations.
|
||||
*/
|
||||
#define MBEDTLS_ECJPAKE_C
|
||||
|
||||
|
|
@ -2346,7 +2424,8 @@
|
|||
*
|
||||
* Module: library/gcm.c
|
||||
*
|
||||
* Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
|
||||
* Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
|
||||
* MBEDTLS_ARIA_C
|
||||
*
|
||||
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
|
||||
* requisites are enabled as well.
|
||||
|
|
@ -2378,7 +2457,7 @@
|
|||
*
|
||||
* Requires: MBEDTLS_MD_C
|
||||
*
|
||||
* Uncomment to enable the HMAC_DRBG random number geerator.
|
||||
* Uncomment to enable the HMAC_DRBG random number generator.
|
||||
*/
|
||||
#define MBEDTLS_HMAC_DRBG_C
|
||||
|
||||
|
|
@ -2400,8 +2479,28 @@
|
|||
*
|
||||
* Enable the generic message digest layer.
|
||||
*
|
||||
* Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
|
||||
* MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
|
||||
* MBEDTLS_SHA512_C.
|
||||
* Module: library/md.c
|
||||
* Caller:
|
||||
* Caller: library/constant_time.c
|
||||
* library/ecdsa.c
|
||||
* library/ecjpake.c
|
||||
* library/hkdf.c
|
||||
* library/hmac_drbg.c
|
||||
* library/pk.c
|
||||
* library/pkcs5.c
|
||||
* library/pkcs12.c
|
||||
* library/psa_crypto_ecp.c
|
||||
* library/psa_crypto_rsa.c
|
||||
* library/rsa.c
|
||||
* library/ssl_cookie.c
|
||||
* library/ssl_msg.c
|
||||
* library/ssl_tls.c
|
||||
* library/x509.c
|
||||
* library/x509_crt.c
|
||||
* library/x509write_crt.c
|
||||
* library/x509write_csr.c
|
||||
*
|
||||
* Uncomment to enable generic message digest wrappers.
|
||||
*/
|
||||
|
|
@ -2537,7 +2636,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_PK_C
|
||||
*
|
||||
* Enable the generic public (asymetric) key layer.
|
||||
* Enable the generic public (asymmetric) key layer.
|
||||
*
|
||||
* Module: library/pk.c
|
||||
* Caller: library/psa_crypto_rsa.c
|
||||
|
|
@ -2546,7 +2645,7 @@
|
|||
* library/ssl*_server.c
|
||||
* library/x509.c
|
||||
*
|
||||
* Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
|
||||
* Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
|
||||
*
|
||||
* Uncomment to enable generic public key wrappers.
|
||||
*/
|
||||
|
|
@ -2555,7 +2654,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_PK_PARSE_C
|
||||
*
|
||||
* Enable the generic public (asymetric) key parser.
|
||||
* Enable the generic public (asymmetric) key parser.
|
||||
*
|
||||
* Module: library/pkparse.c
|
||||
* Caller: library/x509_crt.c
|
||||
|
|
@ -2570,7 +2669,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_PK_WRITE_C
|
||||
*
|
||||
* Enable the generic public (asymetric) key writer.
|
||||
* Enable the generic public (asymmetric) key writer.
|
||||
*
|
||||
* Module: library/pkwrite.c
|
||||
* Caller: library/x509write.c
|
||||
|
|
@ -2588,7 +2687,10 @@
|
|||
*
|
||||
* Module: library/pkcs5.c
|
||||
*
|
||||
* Requires: MBEDTLS_MD_C
|
||||
* Requires: MBEDTLS_CIPHER_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
|
||||
*
|
||||
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
|
||||
* before doing any PKCS5 operation.
|
||||
*
|
||||
* This module adds support for the PKCS#5 functions.
|
||||
*/
|
||||
|
|
@ -2603,7 +2705,11 @@
|
|||
* Module: library/pkcs12.c
|
||||
* Caller: library/pkparse.c
|
||||
*
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either
|
||||
* MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
|
||||
*
|
||||
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
|
||||
* before doing any PKCS12 operation.
|
||||
*
|
||||
* This module enables PKCS#12 functions.
|
||||
*/
|
||||
|
|
@ -2620,7 +2726,7 @@
|
|||
* above to be specified at runtime or compile time respectively.
|
||||
*
|
||||
* \note This abstraction layer must be enabled on Windows (including MSYS2)
|
||||
* as other module rely on it for a fixed snprintf implementation.
|
||||
* as other modules rely on it for a fixed snprintf implementation.
|
||||
*
|
||||
* Module: library/platform.c
|
||||
* Caller: Most other .c files
|
||||
|
|
@ -2646,7 +2752,8 @@
|
|||
*
|
||||
* Module: library/psa_crypto.c
|
||||
*
|
||||
* Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
|
||||
* Requires: MBEDTLS_CIPHER_C,
|
||||
* either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
|
||||
* or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
|
||||
* or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
|
||||
*
|
||||
|
|
@ -2656,11 +2763,11 @@
|
|||
/**
|
||||
* \def MBEDTLS_PSA_CRYPTO_SE_C
|
||||
*
|
||||
* Enable secure element support in the Platform Security Architecture
|
||||
* Enable dynamic secure element support in the Platform Security Architecture
|
||||
* cryptography API.
|
||||
*
|
||||
* \warning This feature is not yet suitable for production. It is provided
|
||||
* for API evaluation and testing purposes only.
|
||||
* \deprecated This feature is deprecated. Please switch to the driver
|
||||
* interface enabled by #MBEDTLS_PSA_CRYPTO_DRIVERS.
|
||||
*
|
||||
* Module: library/psa_crypto_se.c
|
||||
*
|
||||
|
|
@ -2783,9 +2890,9 @@
|
|||
/**
|
||||
* \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
||||
*
|
||||
* Enable acceleration of the SHA-256 cryptographic hash algorithm with the
|
||||
* Arm A64 cryptographic extensions if they are available at runtime. If not,
|
||||
* it will fall back to the C implementation.
|
||||
* Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
|
||||
* with the ARMv8 cryptographic extensions if they are available at runtime.
|
||||
* If not, the library will fall back to the C implementation.
|
||||
*
|
||||
* \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
|
||||
* for a non-Aarch64 build it will be silently ignored.
|
||||
|
|
@ -2808,9 +2915,9 @@
|
|||
/**
|
||||
* \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
|
||||
*
|
||||
* Enable acceleration of the SHA-256 cryptographic hash algorithm with the
|
||||
* Arm A64 cryptographic extensions, which must be available at runtime (or
|
||||
* an illegal instruction fault will occur).
|
||||
* Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
|
||||
* with the ARMv8 cryptographic extensions, which must be available at runtime
|
||||
* or else an illegal instruction fault will occur.
|
||||
*
|
||||
* \note This allows builds with a smaller code size than with
|
||||
* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
||||
|
|
@ -2877,9 +2984,9 @@
|
|||
/**
|
||||
* \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
||||
*
|
||||
* Enable acceleration of the SHA-512 cryptographic hash algorithm with the
|
||||
* Arm A64 cryptographic extensions if they are available at runtime. If not,
|
||||
* it will fall back to the C implementation.
|
||||
* Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
|
||||
* with the ARMv8 cryptographic extensions if they are available at runtime.
|
||||
* If not, the library will fall back to the C implementation.
|
||||
*
|
||||
* \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
|
||||
* for a non-Aarch64 build it will be silently ignored.
|
||||
|
|
@ -2904,9 +3011,9 @@
|
|||
/**
|
||||
* \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
|
||||
*
|
||||
* Enable acceleration of the SHA-512 cryptographic hash algorithm with the
|
||||
* Arm A64 cryptographic extensions, which must be available at runtime (or
|
||||
* an illegal instruction fault will occur).
|
||||
* Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
|
||||
* with the ARMv8 cryptographic extensions, which must be available at runtime
|
||||
* or else an illegal instruction fault will occur.
|
||||
*
|
||||
* \note This allows builds with a smaller code size than with
|
||||
* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
|
||||
|
|
@ -2958,7 +3065,8 @@
|
|||
* Module: library/ssl_ticket.c
|
||||
* Caller:
|
||||
*
|
||||
* Requires: MBEDTLS_CIPHER_C
|
||||
* Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) &&
|
||||
* (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
|
||||
*/
|
||||
#define MBEDTLS_SSL_TICKET_C
|
||||
|
||||
|
|
@ -3073,8 +3181,11 @@
|
|||
* library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
|
||||
* MBEDTLS_PK_PARSE_C
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
|
||||
* (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
|
||||
*
|
||||
* \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
|
||||
* psa_crypto_init() before doing any X.509 operation.
|
||||
*
|
||||
* This module is required for the X.509 parsing modules.
|
||||
*/
|
||||
|
|
@ -3131,7 +3242,11 @@
|
|||
*
|
||||
* Module: library/x509_create.c
|
||||
*
|
||||
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
|
||||
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
|
||||
* (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
|
||||
*
|
||||
* \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
|
||||
* psa_crypto_init() before doing any X.509 create operation.
|
||||
*
|
||||
* This module is the basis for creating X.509 certificates and CSRs.
|
||||
*/
|
||||
|
|
@ -3299,6 +3414,7 @@
|
|||
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
|
||||
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
|
||||
|
|
@ -3316,6 +3432,7 @@
|
|||
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue