204 lines
6.4 KiB
C
204 lines
6.4 KiB
C
/*
|
|
embedtls.h - MbedTLS customization Header
|
|
|
|
Override mbedtls-config.h settings
|
|
*/
|
|
|
|
#ifndef _h_EMBEDTLS
|
|
#define _h_EMBEDTLS 1
|
|
|
|
#include "osdep.h"
|
|
|
|
#if ME_UNIX_LIKE
|
|
#define MBEDTLS_DEPRECATED_WARNING
|
|
#endif
|
|
#define MBEDTLS_DEPRECATED_REMOVED
|
|
#undef MBEDTLS_SELF_TEST
|
|
|
|
#if ME_COM_MPR || ME_MPR_PRODUCT || ME_MULTITHREAD
|
|
#define MBEDTLS_THREADING_C
|
|
#define MBEDTLS_THREADING_ALT
|
|
typedef struct MprMutex* mbedtls_threading_mutex_t;
|
|
#endif
|
|
|
|
#if ME_DEBUG
|
|
#define MBEDTLS_SSL_DEBUG_ALL
|
|
#define MBEDTLS_DEBUG_C
|
|
#endif
|
|
#if ME_CPU_ARCH == ME_CPU_X86 || ME_CPU_ARCH == ME_CPU_X64
|
|
#define MBEDTLS_HAVE_SSE2
|
|
#endif
|
|
|
|
/*
|
|
Map MakeMe configuration into MbedTLS defines.
|
|
If mbedtls.NAME is defined, then override the MbedTLS definition from config.h
|
|
mbedtls.compact defines an optimized general compact/embedded configuration.
|
|
*/
|
|
#if ME_MBEDTLS_COMPACT
|
|
#undef MBEDTLS_ARC4_C
|
|
#undef MBEDTLS_AES_ROM_TABLES
|
|
#undef MBEDTLS_BLOWFISH_C
|
|
#undef MBEDTLS_CAMELLIA_C
|
|
#undef MBEDTLS_DES_C
|
|
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
#undef MBEDTLS_PADLOCK_C
|
|
#undef MBEDTLS_PEM_WRITE_C
|
|
#undef MBEDTLS_RIPEMD160_C
|
|
#undef MBEDTLS_SSL3
|
|
#undef MBEDTLS_SSL_PROTO_DTLS
|
|
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT
|
|
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
|
#undef MBEDTLS_TIMING_C
|
|
#undef MBEDTLS_VERSION_C
|
|
#undef MBEDTLS_VERSION_FEATURES
|
|
#undef MBEDTLS_XTEA_C
|
|
#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
|
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
|
#endif
|
|
|
|
/*
|
|
Feature selection based on main.me settings.mbedtls configuration.
|
|
*/
|
|
#if ME_MBEDTLS_AES_ROM_TABLES
|
|
#define MBEDTLS_AES_ROM_TABLES
|
|
#elif defined(ME_MBEDTLS_AES_ROM_TABLES) && ME_MBEDTLS_AES_ROM_TABLES == 0
|
|
#undef MBEDTLS_AES_ROM_TABLES
|
|
#endif
|
|
|
|
#if ME_MBEDTLS_ARC4
|
|
#define MBEDTLS_ARC4_C
|
|
#elif defined(ME_MBEDTLS_ARC4) && ME_MBEDTLS_ARC4 == 0
|
|
#undef MBEDTLS_ARC4_C
|
|
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
|
#endif
|
|
|
|
#if ME_MBEDTLS_CAMELLIA
|
|
#define MBEDTLS_CAMELLIA_C
|
|
#elif defined(ME_MBEDTLS_CAMELLIA) && ME_MBEDTLS_CAMELLIA == 0
|
|
#undef MBEDTLS_CAMELLIA_C
|
|
#endif
|
|
|
|
#if ME_MBEDTLS_CBC
|
|
#define MBEDTLS_CIPHER_MODE_CBC
|
|
#elif defined(ME_MBEDTLS_CBC) && ME_MBEDTLS_CBC == 0
|
|
#undef MBEDTLS_CIPHER_MODE_CBC
|
|
#endif
|
|
|
|
#if ME_MBEDTLS_CCM
|
|
#define MBEDTLS_CCM_C
|
|
#elif defined(ME_MBEDTLS_CCM) && ME_MBEDTLS_CCM == 0
|
|
#undef MBEDTLS_CCM_C
|
|
#endif
|
|
|
|
#if ME_MBEDTLS_DES
|
|
#define MBEDTLS_DES_C
|
|
#elif defined(ME_MBEDTLS_DES) && ME_MBEDTLS_DES == 0
|
|
#undef MBEDTLS_DES_C
|
|
#endif
|
|
|
|
#if ME_MBEDTLS_PADLOCK
|
|
#define MBEDTLS_PADLOCK_C
|
|
#elif defined(ME_MBEDTLS_PADLOCK) && ME_MBEDTLS_PADLOCK == 0
|
|
#undef MBEDTLS_PADLOCK_C
|
|
#endif
|
|
|
|
#if ME_MBEDTLS_PSK
|
|
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
#elif defined(ME_MBEDTLS_PSK) && ME_MBEDTLS_PSK == 0
|
|
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
#endif
|
|
|
|
#if ME_MBEDTLS_XTEA
|
|
#define MBEDTLS_XTEA_C
|
|
#elif defined(ME_MBEDTLS_XTEA) && ME_MBEDTLS_XTEA == 0
|
|
#undef MBEDTLS_XTEA_C
|
|
#endif
|
|
|
|
/*
|
|
This is needed for some old clients (baiduspider)
|
|
Default to enabled.
|
|
*/
|
|
#if ME_MBEDTLS_SSLV2_HELLO
|
|
#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
|
#elif defined(ME_MBEDTLS_SSLV2_HELLO) && ME_MBEDTLS_SSLV2_HELLO == 0
|
|
#undef MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
|
#endif
|
|
|
|
#ifndef MBEDTLS_SSL_CIPHERSUITES
|
|
/*
|
|
Modified to push down to remove obsolete SHA-1 ciphers
|
|
*/
|
|
#define MBEDTLS_SSL_CIPHERSUITES \
|
|
\
|
|
/* All AES-256 ephemeral suites */ \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
|
|
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, \
|
|
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, \
|
|
\
|
|
/* All AES-128 ephemeral suites */ \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \
|
|
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, \
|
|
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, \
|
|
\
|
|
/* All AES-256 suites */ \
|
|
MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, \
|
|
MBEDTLS_TLS_RSA_WITH_AES_256_CCM, \
|
|
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, \
|
|
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, \
|
|
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, \
|
|
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, \
|
|
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, \
|
|
MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, \
|
|
\
|
|
/* All AES-128 suites */ \
|
|
MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, \
|
|
MBEDTLS_TLS_RSA_WITH_AES_128_CCM, \
|
|
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, \
|
|
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, \
|
|
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, \
|
|
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, \
|
|
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, \
|
|
MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, \
|
|
\
|
|
/* Obsolete Compatibility suites */ \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, \
|
|
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
|
|
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, \
|
|
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
|
|
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
|
|
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, \
|
|
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, \
|
|
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, \
|
|
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, \
|
|
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, \
|
|
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
|
#endif
|
|
|
|
#endif /* _h_EMBEDTLS */
|