From edffc2ae39a0185fd47f1bc0d53fde0abd06c59e Mon Sep 17 00:00:00 2001 From: makejian Date: Fri, 25 Aug 2023 19:13:40 +0800 Subject: [PATCH] mbedtls: update Kconfig and mbedtls_config.h (1)remove useless checks in mbedtls_config.h (2)update Kconfig for version v3.4.0 Signed-off-by: makejian --- crypto/mbedtls/Kconfig | 98 +++------ .../mbedtls/include/mbedtls/mbedtls_config.h | 204 +----------------- 2 files changed, 29 insertions(+), 273 deletions(-) diff --git a/crypto/mbedtls/Kconfig b/crypto/mbedtls/Kconfig index b4b7da68bcc..1cc4543340c 100644 --- a/crypto/mbedtls/Kconfig +++ b/crypto/mbedtls/Kconfig @@ -6,6 +6,7 @@ menuconfig CRYPTO_MBEDTLS bool "Mbed TLS Cryptography Library" default n + select DEV_URANDOM ---help--- Enable support for Mbed TLS. @@ -21,15 +22,21 @@ config MBEDTLS_DEBUG_C ---help--- This module provides debugging functions. -config MBEDTLS_SSL_MAX_CONTENT_LEN - int "Maximum length (in bytes) of incoming and outgoing plaintext fragments." +config MBEDTLS_SSL_IN_CONTENT_LEN + int "Maximum length (in bytes) of incoming plaintext fragments." default 16384 ---help--- - Maximum length (in bytes) of incoming and outgoing plaintext fragments. + Maximum length (in bytes) of incoming plaintext fragments. + +config MBEDTLS_SSL_OUT_CONTENT_LEN + int "Maximum length (in bytes) of outgoing plaintext fragments." + default 16384 + ---help--- + Maximum length (in bytes) of outgoing plaintext fragments. config MBEDTLS_SSL_SRV_C bool "This module is required for SSL/TLS server support." - default y + default n ---help--- This module is required for SSL/TLS server support. @@ -47,10 +54,6 @@ config MBEDTLS_AES_ROM_TABLES bool "Store the AES tables in ROM." default n -config MBEDTLS_REMOVE_ARC4_CIPHERSUITES - bool "Remove RC4 ciphersuites by default in SSL / TLS." - default n - config MBEDTLS_NO_PLATFORM_ENTROPY bool "Do not use built-in platform entropy functions." default n @@ -61,27 +64,23 @@ config MBEDTLS_ECP_RESTARTABLE config MBEDTLS_SELF_TEST bool "Enable the checkup functions (*_self_test)." - default y + default n config MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE bool "Enable server-side support for clients that reconnect from the same port." - default n + default y config MBEDTLS_BLOWFISH_C bool "Enable the Blowfish block cipher." - default n + default y config MBEDTLS_CAMELLIA_C bool "Enable the Camellia block cipher." - default n - -config MBEDTLS_CERTS_C - bool "Enable the test certificates." - default n + default y config MBEDTLS_PADLOCK_C bool "Enable VIA Padlock support on x86." - default n + default y if !MBEDTLS_AES_ALT config MBEDTLS_TIMING_C bool "Enable the semi-portable timing interface." @@ -89,44 +88,31 @@ config MBEDTLS_TIMING_C config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE bool "Enable the availability of the API mbedtls_ssl_get_peer_cert() giving access to the peer's certificate after completion of the handshake." - default n + default y config MBEDTLS_SSL_PROTO_DTLS bool "Enable support for DTLS (all available versions)." - default n + default y if MBEDTLS_SSL_PROTO_DTLS config MBEDTLS_SSL_DTLS_ANTI_REPLAY bool "Enable support for the anti-replay mechanism in DTLS." - default n + default y config MBEDTLS_SSL_DTLS_HELLO_VERIFY bool "Enable support for HelloVerifyRequest on DTLS servers." - default n - -config MBEDTLS_SSL_DTLS_BADMAC_LIMIT - bool "Enable support for a limit of records with bad MAC." - default n - -config MBEDTLS_SSL_DTLS_CONNECTION_ID - bool "Enable the Connection ID extension." - default n - -config MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT - bool "Enable the standard version of DTLS Connection ID feature." - depends on MBEDTLS_SSL_DTLS_CONNECTION_ID - default n + default y endif # MBEDTLS_SSL_PROTO_DTLS config MBEDTLS_SSL_ALPN bool "Enable support for RFC 7301 Application Layer Protocol Negotiation." - default n + default y config MBEDTLS_AESNI_C bool "Enable AES-NI support on x86-64." - default n + default y if !MBEDTLS_AES_ALT config MBEDTLS_ECP_WINDOW_SIZE int "Maximum window size used" @@ -134,7 +120,7 @@ config MBEDTLS_ECP_WINDOW_SIZE config MBEDTLS_ECP_FIXED_POINT_OPTIM bool "Enable fixed-point speed-up" - default n + default y config MBEDTLS_CMAC_C bool "Enable the CMAC (Cipher-based Message Authentication Code) mode for block" @@ -145,42 +131,8 @@ config MBEDTLS_NET_C default y if LIBC_NETDB default n if !LIBC_NETDB -config MBEDTLS_ECDSA_C - bool "Enable the elliptic curve DSA library." - default n - -config MBEDTLS_ECP_C - bool "Enable the elliptic curve over GF(p) library." - default n - -config MBEDTLS_ECP_DP_SECP256R1_ENABLED - bool "Enables specific curves within the Elliptic Curve module." - default n - -config MBEDTLS_PEM_WRITE_C - bool "Enable PEM encoding / writing." - default n - -config MBEDTLS_PK_WRITE_C - bool "Enable the generic public (asymmetric) key writer." - default n - -config MBEDTLS_X509_CREATE_C - bool "Enable X.509 core for creating certificates." - default n - -config MBEDTLS_X509_CRT_WRITE_C - bool "Enable creating X.509 certificates." - select MBEDTLS_X509_CREATE_C - default n - -config MBEDTLS_X509_CSR_WRITE_C - bool "Enable creating X.509 Certificate Signing Requests (CSR)." - select MBEDTLS_X509_CREATE_C - default n - -config MBEDTLS_X509_CSR_PARSE_C - bool "Enable X.509 Certificate Signing Request (CSR) parsing." +config MBEDTLS_X509_CRT_POOL + bool "Enable the X509 Certificate Pool" default n if CRYPTO_CRYPTODEV diff --git a/crypto/mbedtls/include/mbedtls/mbedtls_config.h b/crypto/mbedtls/include/mbedtls/mbedtls_config.h index 77e4d666b3d..69607a7192a 100644 --- a/crypto/mbedtls/include/mbedtls/mbedtls_config.h +++ b/crypto/mbedtls/include/mbedtls/mbedtls_config.h @@ -77,9 +77,7 @@ * * Comment to disable the use of assembly code. */ -#ifdef CONFIG_MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_ASM -#endif /** * \def MBEDTLS_NO_UDBL_DIVISION @@ -183,9 +181,7 @@ * mbedtls_platform_gmtime_r() at compile-time by using the macro * MBEDTLS_PLATFORM_GMTIME_R_ALT. */ -#ifdef CONFIG_MBEDTLS_HAVE_TIME_DATE #define MBEDTLS_HAVE_TIME_DATE -#endif /** * \def MBEDTLS_PLATFORM_MEMORY @@ -645,36 +641,28 @@ * * Enable Cipher Feedback mode (CFB) for symmetric ciphers. */ -#ifdef CONFIG_MBEDTLS_CIPHER_MODE_CFB #define MBEDTLS_CIPHER_MODE_CFB -#endif /** * \def MBEDTLS_CIPHER_MODE_CTR * * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. */ -#ifdef CONFIG_MBEDTLS_CIPHER_MODE_CTR #define MBEDTLS_CIPHER_MODE_CTR -#endif /** * \def MBEDTLS_CIPHER_MODE_OFB * * Enable Output Feedback mode (OFB) for symmetric ciphers. */ -#ifdef CONFIG_MBEDTLS_CIPHER_MODE_OFB #define MBEDTLS_CIPHER_MODE_OFB -#endif /** * \def MBEDTLS_CIPHER_MODE_XTS * * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. */ -#ifdef CONFIG_MBEDTLS_CIPHER_MODE_XTS #define MBEDTLS_CIPHER_MODE_XTS -#endif /** * \def MBEDTLS_CIPHER_NULL_CIPHER @@ -720,18 +708,10 @@ * * Enable padding modes in the cipher layer. */ -#ifdef CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7 #define MBEDTLS_CIPHER_PADDING_PKCS7 -#endif -#ifdef CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#endif -#ifdef CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#endif -#ifdef CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS #define MBEDTLS_CIPHER_PADDING_ZEROS -#endif /** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY * @@ -751,47 +731,21 @@ */ /* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */ -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED #define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED #define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED #define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED #define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED #define MBEDTLS_ECP_DP_BP256R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP384R1_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED -#endif /* Montgomery curves (supporting ECP) */ -#ifdef CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#endif -#ifdef CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED #define MBEDTLS_ECP_DP_CURVE448_ENABLED -#endif /** * \def MBEDTLS_ECP_NIST_OPTIM @@ -802,9 +756,7 @@ * * Comment this macro to disable NIST curves optimisation. */ -#ifdef CONFIG_MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_ECP_NIST_OPTIM -#endif /** * \def MBEDTLS_ECP_RESTARTABLE @@ -875,9 +827,7 @@ * * Comment this macro to disable deterministic ECDSA. */ -#ifdef CONFIG_MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_ECDSA_DETERMINISTIC -#endif /** * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED @@ -897,9 +847,7 @@ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -928,9 +876,7 @@ * See dhm.h for more details. * */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -948,9 +894,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED @@ -973,9 +917,7 @@ * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED @@ -1032,9 +974,7 @@ * See dhm.h for more details. * */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1057,9 +997,7 @@ * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -1081,9 +1019,7 @@ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -1105,9 +1041,7 @@ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -1129,9 +1063,7 @@ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ -#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#endif /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -1165,9 +1097,7 @@ * * Disable if you only need to support RFC 5915 + 5480 key formats. */ -#ifdef CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED #define MBEDTLS_PK_PARSE_EC_EXTENDED -#endif /** * \def MBEDTLS_ERROR_STRERROR_DUMMY @@ -1182,9 +1112,7 @@ * Disable if you run into name conflicts and want to really remove the * mbedtls_strerror() */ -#ifdef CONFIG_MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_ERROR_STRERROR_DUMMY -#endif /** * \def MBEDTLS_GENPRIME @@ -1193,9 +1121,7 @@ * * Requires: MBEDTLS_BIGNUM_C */ -#ifdef CONFIG_MBEDTLS_GENPRIME #define MBEDTLS_GENPRIME -#endif /** * \def MBEDTLS_FS_IO @@ -1326,9 +1252,7 @@ * * Comment this macro to disable support for external private RSA keys. */ -#ifdef CONFIG_MBEDTLS_PK_RSA_ALT_SUPPORT #define MBEDTLS_PK_RSA_ALT_SUPPORT -#endif /** * \def MBEDTLS_PKCS1_V15 @@ -1562,9 +1486,7 @@ * * Uncomment to enable the Connection ID extension. */ -#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID #define MBEDTLS_SSL_DTLS_CONNECTION_ID -#endif /** * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT @@ -1586,9 +1508,7 @@ * * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT #define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 -#endif /** * \def MBEDTLS_SSL_ASYNC_PRIVATE @@ -1630,9 +1550,7 @@ * * Comment to disable the context serialization APIs. */ -#ifdef CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION #define MBEDTLS_SSL_CONTEXT_SERIALIZATION -#endif /** * \def MBEDTLS_SSL_DEBUG_ALL @@ -1665,9 +1583,7 @@ * * Comment this macro to disable support for Encrypt-then-MAC */ -#ifdef CONFIG_MBEDTLS_SSL_ENCRYPT_THEN_MAC #define MBEDTLS_SSL_ENCRYPT_THEN_MAC -#endif /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET * @@ -1683,9 +1599,7 @@ * * Comment this macro to disable support for Extended Master Secret. */ -#ifdef CONFIG_MBEDTLS_SSL_EXTENDED_MASTER_SECRET #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#endif /** * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE @@ -1734,9 +1648,7 @@ * configuration of this extension). * */ -#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION #define MBEDTLS_SSL_RENEGOTIATION -#endif /** * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -1746,9 +1658,7 @@ * Comment this macro to disable support for the max_fragment_length * extension */ -#ifdef CONFIG_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#endif /** * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT @@ -1846,9 +1756,7 @@ * effect on the build. * */ -#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -#endif /** * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -1863,9 +1771,7 @@ * effect on the build. * */ -#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -#endif /** * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED @@ -1879,9 +1785,7 @@ * have any effect on the build. * */ -#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -#endif /** * \def MBEDTLS_SSL_EARLY_DATA @@ -1918,9 +1822,7 @@ * production. * */ -#ifdef CONFIG_MBEDTLS_SSL_MAX_EARLY_DATA_SIZE #define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 -#endif /** * \def MBEDTLS_SSL_PROTO_DTLS @@ -2048,9 +1950,7 @@ * * Comment this macro to disable support for SSL session tickets */ -#ifdef CONFIG_MBEDTLS_SSL_SESSION_TICKETS #define MBEDTLS_SSL_SESSION_TICKETS -#endif /** * \def MBEDTLS_SSL_SERVER_NAME_INDICATION @@ -2061,9 +1961,7 @@ * * Comment this macro to disable support for server name indication in SSL */ -#ifdef CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION #define MBEDTLS_SSL_SERVER_NAME_INDICATION -#endif /** * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH @@ -2159,9 +2057,7 @@ * * Uncomment this to enable pthread mutexes. */ -#ifdef CONFIG_MBEDTLS_THREADING_PTHREAD #define MBEDTLS_THREADING_PTHREAD -#endif /** * \def MBEDTLS_USE_PSA_CRYPTO @@ -2227,9 +2123,7 @@ * * Comment this to disable run-time checking and save ROM space */ -#ifdef CONFIG_MBEDTLS_VERSION_FEATURES #define MBEDTLS_VERSION_FEATURES -#endif /** * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK @@ -2274,9 +2168,7 @@ * * Comment this macro to disallow using RSASSA-PSS in certificates. */ -#ifdef CONFIG_MBEDTLS_X509_RSASSA_PSS_SUPPORT #define MBEDTLS_X509_RSASSA_PSS_SUPPORT -#endif /** \} name SECTION: mbed TLS feature support */ @@ -2338,9 +2230,7 @@ * This module adds support for the AES Armv8-A Cryptographic Extensions on *Aarch64 systems. */ -#ifdef CONFIG_MBEDTLS_AESCE_C #define MBEDTLS_AESCE_C -#endif /** * \def MBEDTLS_AES_C @@ -2433,9 +2323,7 @@ * on it, and considering stronger ciphers instead. * */ -#ifdef CONFIG_MBEDTLS_ARC4_C #define MBEDTLS_ARC4_C -#endif /** * \def MBEDTLS_ASN1_PARSE_C @@ -2615,9 +2503,7 @@ * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ -#ifdef CONFIG_MBEDTLS_ARIA_C #define MBEDTLS_ARIA_C -#endif /** * \def MBEDTLS_CCM_C @@ -2632,9 +2518,7 @@ * This module enables the AES-CCM ciphersuites, if other requisites are * enabled as well. */ -#ifdef CONFIG_MBEDTLS_CCM_C #define MBEDTLS_CCM_C -#endif /** * \def MBEDTLS_CHACHA20_C @@ -2643,9 +2527,7 @@ * * Module: library/chacha20.c */ -#ifdef CONFIG_MBEDTLS_CHACHA20_C #define MBEDTLS_CHACHA20_C -#endif /** * \def MBEDTLS_CHACHAPOLY_C @@ -2656,9 +2538,7 @@ * * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C */ -#ifdef CONFIG_MBEDTLS_CHACHAPOLY_C #define MBEDTLS_CHACHAPOLY_C -#endif /** * \def MBEDTLS_CIPHER_C @@ -2777,9 +2657,7 @@ * See dhm.h for more details. * */ -#ifdef CONFIG_MBEDTLS_DHM_C #define MBEDTLS_DHM_C -#endif /** * \def MBEDTLS_ECDH_C @@ -2797,9 +2675,7 @@ * * Requires: MBEDTLS_ECP_C */ -#ifdef CONFIG_MBEDTLS_ECDH_C #define MBEDTLS_ECDH_C -#endif /** * \def MBEDTLS_ECDSA_C @@ -2816,9 +2692,7 @@ * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a * short Weierstrass curve. */ -#ifdef CONFIG_MBEDTLS_ECDSA_C #define MBEDTLS_ECDSA_C -#endif /** * \def MBEDTLS_ECJPAKE_C @@ -2845,9 +2719,7 @@ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by * this module in builds where MBEDTLS_MD_C is disabled. */ -#ifdef CONFIG_MBEDTLS_ECJPAKE_C #define MBEDTLS_ECJPAKE_C -#endif /** * \def MBEDTLS_ECP_C @@ -2861,9 +2733,7 @@ * * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED */ -#ifdef CONFIG_MBEDTLS_ECP_C #define MBEDTLS_ECP_C -#endif /** * \def MBEDTLS_ENTROPY_C @@ -2889,9 +2759,7 @@ * * This module enables mbedtls_strerror(). */ -#ifdef CONFIG_MBEDTLS_ERROR_C #define MBEDTLS_ERROR_C -#endif /** * \def MBEDTLS_GCM_C @@ -2906,9 +2774,7 @@ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ -#ifdef CONFIG_MBEDTLS_GCM_C #define MBEDTLS_GCM_C -#endif /** * \def MBEDTLS_HKDF_C @@ -2923,9 +2789,7 @@ * This module adds support for the Hashed Message Authentication Code * (HMAC)-based key derivation function (HKDF). */ -#ifdef CONFIG_MBEDTLS_HKDF_C #define MBEDTLS_HKDF_C -#endif /** * \def MBEDTLS_HMAC_DRBG_C @@ -2939,9 +2803,7 @@ * * Uncomment to enable the HMAC_DRBG random number generator. */ -#ifdef CONFIG_MBEDTLS_HMAC_DRBG_C #define MBEDTLS_HMAC_DRBG_C -#endif /** * \def MBEDTLS_LMS_C @@ -2956,9 +2818,7 @@ * Uncomment to enable the LMS verification algorithm and public key *operations. */ -#ifdef CONFIG_MBEDTLS_LMS_C #define MBEDTLS_LMS_C -#endif /** * \def MBEDTLS_LMS_PRIVATE @@ -2986,9 +2846,7 @@ * * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C */ -#ifdef CONFIG_MBEDTLS_NIST_KW_C #define MBEDTLS_NIST_KW_C -#endif /** * \def MBEDTLS_MD_C @@ -3193,9 +3051,7 @@ * * This modules adds support for encoding / writing PEM files. */ -#ifdef CONFIG_MBEDTLS_PEM_WRITE_C #define MBEDTLS_PEM_WRITE_C -#endif /** * \def MBEDTLS_PK_C @@ -3242,9 +3098,7 @@ * * Uncomment to enable generic public key write functions. */ -#ifdef CONFIG_MBEDTLS_PK_WRITE_C #define MBEDTLS_PK_WRITE_C -#endif /** * \def MBEDTLS_PKCS5_C @@ -3266,9 +3120,7 @@ * * This module adds support for the PKCS#5 functions. */ -#ifdef CONFIG_MBEDTLS_PKCS5_C #define MBEDTLS_PKCS5_C -#endif /** * \def MBEDTLS_PKCS7_C @@ -3284,9 +3136,7 @@ * * This module is required for the PKCS #7 parsing modules. */ -#ifdef CONFIG_MBEDTLS_PKCS7_C #define MBEDTLS_PKCS7_C -#endif /** * \def MBEDTLS_PKCS12_C @@ -3310,9 +3160,7 @@ * * This module enables PKCS#12 functions. */ -#ifdef CONFIG_MBEDTLS_PKCS12_C #define MBEDTLS_PKCS12_C -#endif /** * \def MBEDTLS_PLATFORM_C @@ -3332,9 +3180,7 @@ * * This module enables abstraction of common (libc) functions. */ -#ifdef CONFIG_MBEDTLS_PLATFORM_C #define MBEDTLS_PLATFORM_C -#endif /** * \def MBEDTLS_POLY1305_C @@ -3344,9 +3190,7 @@ * Module: library/poly1305.c * Caller: library/chachapoly.c */ -#ifdef CONFIG_MBEDTLS_POLY1305_C #define MBEDTLS_POLY1305_C -#endif /** * \def MBEDTLS_PSA_CRYPTO_C @@ -3361,9 +3205,7 @@ * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. * */ -#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_C -#endif /** * \def MBEDTLS_PSA_CRYPTO_SE_C @@ -3393,9 +3235,7 @@ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of * the PSA ITS interface */ -#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C #define MBEDTLS_PSA_CRYPTO_STORAGE_C -#endif /** * \def MBEDTLS_PSA_ITS_FILE_C @@ -3407,9 +3247,7 @@ * * Requires: MBEDTLS_FS_IO */ -#ifdef CONFIG_MBEDTLS_PSA_ITS_FILE_C #define MBEDTLS_PSA_ITS_FILE_C -#endif /** * \def MBEDTLS_RIPEMD160_C @@ -3420,9 +3258,7 @@ * Caller: library/md.c * */ -#ifdef CONFIG_MBEDTLS_RIPEMD160_C #define MBEDTLS_RIPEMD160_C -#endif /** * \def MBEDTLS_RSA_C @@ -3555,9 +3391,7 @@ * * Comment to disable SHA-384 */ -#ifdef CONFIG_MBEDTLS_SHA384_C #define MBEDTLS_SHA384_C -#endif /** * \def MBEDTLS_SHA512_C @@ -3572,9 +3406,7 @@ * * This module adds support for SHA-512. */ -#ifdef CONFIG_MBEDTLS_SHA512_C #define MBEDTLS_SHA512_C -#endif /** * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT @@ -3640,9 +3472,7 @@ * * Requires: MBEDTLS_SSL_CACHE_C */ -#ifdef CONFIG_MBEDTLS_SSL_CACHE_C #define MBEDTLS_SSL_CACHE_C -#endif /** * \def MBEDTLS_SSL_COOKIE_C @@ -3652,9 +3482,7 @@ * Module: library/ssl_cookie.c * Caller: */ -#ifdef CONFIG_MBEDTLS_SSL_COOKIE_C #define MBEDTLS_SSL_COOKIE_C -#endif /** * \def MBEDTLS_SSL_TICKET_C @@ -3667,9 +3495,7 @@ * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) */ -#ifdef CONFIG_MBEDTLS_SSL_TICKET_C #define MBEDTLS_SSL_TICKET_C -#endif /** * \def MBEDTLS_SSL_CLI_C @@ -3739,9 +3565,7 @@ * * Enable this layer to allow use of mutexes within mbed TLS */ -#ifdef CONFIG_MBEDTLS_THREADING_C #define MBEDTLS_THREADING_C -#endif /** * \def MBEDTLS_TIMING_C @@ -3780,9 +3604,7 @@ * * This module provides run-time version information. */ -#ifdef CONFIG_MBEDTLS_VERSION_C #define MBEDTLS_VERSION_C -#endif /** * \def MBEDTLS_X509_USE_C @@ -3832,9 +3654,7 @@ * * This module is required for X.509 CRL parsing. */ -#ifdef CONFIG_MBEDTLS_X509_CRL_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C -#endif /** * \def MBEDTLS_X509_CSR_PARSE_C @@ -3848,9 +3668,7 @@ * * This module is used for reading X.509 certificate request. */ -#ifdef CONFIG_MBEDTLS_X509_CSR_PARSE_C #define MBEDTLS_X509_CSR_PARSE_C -#endif /** * \def MBEDTLS_X509_CREATE_C @@ -3867,9 +3685,7 @@ * * This module is the basis for creating X.509 certificates and CSRs. */ -#ifdef CONFIG_MBEDTLS_X509_CREATE_C #define MBEDTLS_X509_CREATE_C -#endif /** * \def MBEDTLS_X509_CRT_WRITE_C @@ -3882,9 +3698,7 @@ * * This module is required for X.509 certificate creation. */ -#ifdef CONFIG_MBEDTLS_X509_CRT_WRITE_C #define MBEDTLS_X509_CRT_WRITE_C -#endif /** * \def MBEDTLS_X509_CSR_WRITE_C @@ -3897,9 +3711,7 @@ * * This module is required for X.509 certificate request writing. */ -#ifdef CONFIG_MBEDTLS_X509_CSR_WRITE_C #define MBEDTLS_X509_CSR_WRITE_C -#endif /** * \def MBEDTLS_XTEA_C @@ -3909,9 +3721,7 @@ * Module: library/xtea.c * Caller: */ -#ifdef CONFIG_MBEDTLS_XTEA_C #define MBEDTLS_XTEA_C -#endif /** \} name SECTION: mbed TLS modules */ @@ -4381,8 +4191,8 @@ * * Uncomment to set the maximum plaintext size of the incoming I/O buffer. */ -#ifdef CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN -#define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN +#ifdef CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN +#define MBEDTLS_SSL_IN_CONTENT_LEN CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN #endif /** \def MBEDTLS_SSL_CID_IN_LEN_MAX @@ -4437,8 +4247,8 @@ * * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. */ -#ifdef CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN -#define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN +#ifdef CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN +#define MBEDTLS_SSL_OUT_CONTENT_LEN CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN #endif /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING @@ -4505,9 +4315,7 @@ * This is not used in TLS 1.2. * */ -#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE #define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 -#endif /** * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH @@ -4516,9 +4324,7 @@ * * This must be less than 256. */ -#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH #define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 -#endif /** * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS @@ -4529,9 +4335,7 @@ * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. * */ -#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS #define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 -#endif /* X509 options */