40fa684c18
Keep module compatibility with mbedtls 2.x (old LTS branch). A patch has been added to allow compiling after removing all the `psa_*` files from the library folder (will look into upstreaming it). Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires some module changes, and to enable PSA crypto (new "standard" API specification), so it might be best done in a separate commit/PR.
82 lines
2.9 KiB
C++
82 lines
2.9 KiB
C++
/**
|
|
* \file mbedtls/config_adjust_ssl.h
|
|
* \brief Adjust TLS configuration
|
|
*
|
|
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
|
|
* configurations need to be explicitly enabled by the user: enabling
|
|
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
|
|
* compilation error. However, we do automatically enable certain options
|
|
* in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
|
|
* used to identify parts of a module that are used by other module, and we
|
|
* don't want to make the symbol MBEDTLS_xxx_B part of the public API.
|
|
* Another case is if A didn't depend on B in earlier versions, and we
|
|
* want to use B in A but we need to preserve backward compatibility with
|
|
* configurations that explicitly activate MBEDTLS_xxx_A but not
|
|
* MBEDTLS_xxx_B.
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
|
|
#define MBEDTLS_CONFIG_ADJUST_SSL_H
|
|
|
|
/* The following blocks make it easier to disable all of TLS,
|
|
* or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
|
|
* key exchanges, options and extensions related to them. */
|
|
|
|
#if !defined(MBEDTLS_SSL_TLS_C)
|
|
#undef MBEDTLS_SSL_CLI_C
|
|
#undef MBEDTLS_SSL_SRV_C
|
|
#undef MBEDTLS_SSL_PROTO_TLS1_3
|
|
#undef MBEDTLS_SSL_PROTO_TLS1_2
|
|
#undef MBEDTLS_SSL_PROTO_DTLS
|
|
#endif
|
|
|
|
#if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS))
|
|
#undef MBEDTLS_SSL_TICKET_C
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
|
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
#undef MBEDTLS_SSL_DTLS_SRTP
|
|
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
|
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
|
#undef MBEDTLS_SSL_RENEGOTIATION
|
|
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
#undef MBEDTLS_SSL_EARLY_DATA
|
|
#undef MBEDTLS_SSL_RECORD_SIZE_LIMIT
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
|
(defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
|
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
|
|
#define MBEDTLS_SSL_TLS1_2_SOME_ECC
|
|
#endif
|
|
|
|
#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */
|