yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename config.h to mbedtls_config.h

Browse source 
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
This commit is contained in:
Bence Szépkúti 2021-05-28 09:42:25 +02:00
parent 2893269cbb
commit bb0cfeb2d4
71 changed files with 127 additions and 127 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.md vendored
View file

@ -15,7 +15,7 @@ assignees: ''
Mbed TLS version (number or commit id): Mbed TLS version (number or commit id):
Operating system and version: Operating system and version:
Configuration (if not default, please attach `config.h`): Configuration (if not default, please attach `mbedtls_config.h`):
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information: Additional environment information:

2
3rdparty/CMakeLists.txt vendored
View file

@ -1,4 +1,4 @@
execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
if(${result} EQUAL 0) if(${result} EQUAL 0)
add_subdirectory(everest) add_subdirectory(everest)

2
CMakeLists.txt
View file

@ -86,7 +86,7 @@ endif()
if(MBEDTLS_PYTHON_EXECUTABLE) if(MBEDTLS_PYTHON_EXECUTABLE)
# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
RESULT_VARIABLE result) RESULT_VARIABLE result)
if(${result} EQUAL 0) if(${result} EQUAL 0)
message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})

6
README.md
View file

@ -13,7 +13,7 @@ Stability
Configuration Configuration
------------- -------------
Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions). Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions).
Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below). Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
@ -242,7 +242,7 @@ For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, ad
- `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. - `tests/compat.sh` tests interoperability of every ciphersuite with other implementations.
- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations. - `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations.
- `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled - `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled
- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc). - `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc).
Porting Mbed TLS Porting Mbed TLS
---------------- ----------------
@ -281,7 +281,7 @@ A browsable copy of the PSA Cryptography API documents is available on the [PSA
Mbed TLS includes a reference implementation of the PSA Cryptography API. Mbed TLS includes a reference implementation of the PSA Cryptography API.
This implementation is not yet as mature as the rest of the library. Some parts of the code have not been reviewed as thoroughly, and some parts of the PSA implementation are not yet well optimized for code size. This implementation is not yet as mature as the rest of the library. Some parts of the code have not been reviewed as thoroughly, and some parts of the PSA implementation are not yet well optimized for code size.
The X.509 and TLS code can use PSA cryptography for a limited subset of operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `config.h`. The X.509 and TLS code can use PSA cryptography for a limited subset of operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `mbedtls_config.h`.
There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list. There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list.

4
configs/README.txt
View file

@ -4,10 +4,10 @@ The examples are generally focused on a particular usage case (eg, support for
a restricted number of ciphersuites) and aim at minimizing resource usage for a restricted number of ciphersuites) and aim at minimizing resource usage for
this target. They can be used as a basis for custom configurations. this target. They can be used as a basis for custom configurations.
These files are complete replacements for the default config.h. To use one of These files are complete replacements for the default mbedtls_config.h. To use one of
them, you can pick one of the following methods: them, you can pick one of the following methods:
1. Replace the default file include/mbedtls/config.h with the chosen one. 1. Replace the default file include/mbedtls/mbedtls_config.h with the chosen one.
(Depending on your compiler, you may need to adjust the line with (Depending on your compiler, you may need to adjust the line with
#include "mbedtls/check_config.h" then.) #include "mbedtls/check_config.h" then.)

2
docs/3.0-migration-guide.d/Remove_3DES_ciphersuites.md
View file

@ -1,7 +1,7 @@
Remove 3DES ciphersuites Remove 3DES ciphersuites
-- --
This change does not affect users using default settings for 3DES in `config.h` This change does not affect users using default settings for 3DES in `mbedtls_config.h`
because the 3DES ciphersuites were disabled by that. because the 3DES ciphersuites were disabled by that.
3DES has weaknesses/limitations and there are better alternatives, and more and 3DES has weaknesses/limitations and there are better alternatives, and more and

4
docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md
View file

@ -1,10 +1,10 @@
Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options
-- --
This change affects users who modified the default `config.h` padding granularity This change affects users who modified the default `mbedtls_config.h` padding granularity
settings, i.e. enabled at least one of the options. settings, i.e. enabled at least one of the options.
The `config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and The `mbedtls_config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and
`MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because
they used exactly the same padding mechanism and hence their respective padding they used exactly the same padding mechanism and hence their respective padding
granularities can be used in exactly the same way. This change simplifies the granularities can be used in exactly the same way. This change simplifies the

2
docs/3.0-migration-guide.d/modify_SHA384_option_behaviour.md
View file

@ -1,7 +1,7 @@
Replaced MBEDTLS_SHA512_NO_SHA384 with MBEDTLS_SHA384_C Replaced MBEDTLS_SHA512_NO_SHA384 with MBEDTLS_SHA384_C
------------------------------------------------------ ------------------------------------------------------
This does not affect users who use the default `config.h`. This does not affect users who use the default `mbedtls_config.h`.
MBEDTLS_SHA512_NO_SHA384 was disabled by default, now MBEDTLS_SHA384_C is MBEDTLS_SHA512_NO_SHA384 was disabled by default, now MBEDTLS_SHA384_C is
enabled by default. enabled by default.

2
docs/3.0-migration-guide.d/remove-enable-weak-ciphersuites.md
View file

@ -1,7 +1,7 @@
Remove the configuration to enable weak ciphersuites in SSL / TLS Remove the configuration to enable weak ciphersuites in SSL / TLS
----------------------------------------------------------------- -----------------------------------------------------------------
This does not affect users who use the default `config.h`, as this option was This does not affect users who use the default `mbedtls_config.h`, as this option was
already off by default. already off by default.
If you were using a weak cipher, please switch to any of the modern, If you were using a weak cipher, please switch to any of the modern,

2
docs/3.0-migration-guide.d/remove-null-entropy.md
View file

@ -1,7 +1,7 @@
Remove the option to build the library without any entropy sources Remove the option to build the library without any entropy sources
------------------------------------------------------------------ ------------------------------------------------------------------
This does not affect users who use the default `config.h`, as this option was This does not affect users who use the default `mbedtls_config.h`, as this option was
already off by default. already off by default.
If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option and your platform If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option and your platform

2
docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md
View file

@ -1,4 +1,4 @@
Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `config.h` Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h`
------------------------------------------------------------------- -------------------------------------------------------------------
This change affects users who have chosen the configuration options to disable the This change affects users who have chosen the configuration options to disable the

2
docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md
View file

@ -1,7 +1,7 @@
Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option
------------------------------------------- -------------------------------------------
This change does not affect users who used the default `config.h`, as the option This change does not affect users who used the default `mbedtls_config.h`, as the option
MBEDTLS_SSL_DTLS_BADMAC_LIMIT was already on by default. MBEDTLS_SSL_DTLS_BADMAC_LIMIT was already on by default.
This option was a trade-off between functionality and code size: it allowed This option was a trade-off between functionality and code size: it allowed

2
docs/3.0-migration-guide.d/remove_ssl_record_checking.md
View file

@ -1,7 +1,7 @@
Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default
-------------------------------------------------------------------------- --------------------------------------------------------------------------
This change does not affect users who use the default config.h, as the This change does not affect users who use the default mbedtls_config.h, as the
option MBEDTLS_SSL_RECORD_CHECKING was already on by default. option MBEDTLS_SSL_RECORD_CHECKING was already on by default.
This option was added only to control compilation of one function, This option was added only to control compilation of one function,

2
docs/3.0-migration-guide.d/separate_SHA224_from_SHA256.md
View file

@ -1,7 +1,7 @@
Separated MBEDTLS_SHA224_C and MBEDTLS_SHA256_C Separated MBEDTLS_SHA224_C and MBEDTLS_SHA256_C
----------------------------------------------------------------- -----------------------------------------------------------------
This does not affect users who use the default `config.h`. MBEDTLS_SHA256_C This does not affect users who use the default `mbedtls_config.h`. MBEDTLS_SHA256_C
was enabled by default. Now both MBEDTLS_SHA256_C and MBEDTLS_SHA224_C are was enabled by default. Now both MBEDTLS_SHA256_C and MBEDTLS_SHA224_C are
enabled. enabled.

2
docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md
View file

@ -2,7 +2,7 @@ Turn MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE configuration option into a runti
-- --
This change affects users who were enabling MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE This change affects users who were enabling MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
option in the `config.h` option in the `mbedtls_config.h`
This option has been removed and a new function with similar functionality has This option has been removed and a new function with similar functionality has
been introduced into the SSL API. been introduced into the SSL API.

2
docs/3.0-migration-guide.md
View file

@ -139,7 +139,7 @@ avoid variants of the CRIME and BREACH attacks.
Remove support for TLS RC4-based ciphersuites Remove support for TLS RC4-based ciphersuites
--------------------------------------------- ---------------------------------------------
This does not affect people who used the default `config.h` and the default This does not affect people who used the default `mbedtls_config.h` and the default
list of ciphersuites, as RC4-based ciphersuites were already not negotiated in list of ciphersuites, as RC4-based ciphersuites were already not negotiated in
that case. that case.

2
docs/architecture/testing/test-framework.md
View file

@ -51,7 +51,7 @@ The outcome file is in a CSV format using `;` (semicolon) as the delimiter and n
The outcome file has 6 fields: The outcome file has 6 fields:
* **Platform**: a description of the platform, e.g. `Linux-x86_64` or `Linux-x86_64-gcc7-msan`. * **Platform**: a description of the platform, e.g. `Linux-x86_64` or `Linux-x86_64-gcc7-msan`.
* **Configuration**: a unique description of the configuration (`config.h`). * **Configuration**: a unique description of the configuration (`mbedtls_config.h`).
* **Test suite**: `test_suite_xxx` or `ssl-opt`. * **Test suite**: `test_suite_xxx` or `ssl-opt`.
* **Test case**: the description of the test case. * **Test case**: the description of the test case.
* **Result**: one of `PASS`, `SKIP` or `FAIL`. * **Result**: one of `PASS`, `SKIP` or `FAIL`.

2
docs/architecture/tls13-experimental.md
View file

@ -15,7 +15,7 @@ MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
This macro will likely be renamed to `MBEDTLS_SSL_PROTO_TLS1_3` once a minimal viable This macro will likely be renamed to `MBEDTLS_SSL_PROTO_TLS1_3` once a minimal viable
implementation of the TLS 1.3 protocol is available. implementation of the TLS 1.3 protocol is available.
See the [documentation of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`](../../include/mbedtls/config.h) See the [documentation of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`](../../include/mbedtls/mbedtls_config.h)
for more information. for more information.
Status Status

14
docs/proposed/psa-conditional-inclusion-c.md
View file

@ -15,7 +15,7 @@ The present document proposes a way for an application using the PSA cryptograph
### Conditional inclusion of legacy cryptography modules ### Conditional inclusion of legacy cryptography modules
Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if `MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`. Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`mbedtls_config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if `MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`.
### PSA evolution ### PSA evolution
@ -51,10 +51,10 @@ The current model is difficult to adapt to the PSA interface for several reasons
The PSA Crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` describes the feature that the symbol enables. The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below. The PSA Crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` describes the feature that the symbol enables. The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below.
The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/config.h` determines whether `psa/crypto_config.h` is used. The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/mbedtls_config.h` determines whether `psa/crypto_config.h` is used.
* If `MBEDTLS_PSA_CRYPTO_CONFIG` is unset, which is the default at least in Mbed TLS 2.x versions, things are as they are today: the PSA subsystem includes generic code unconditionally, and includes support for specific mechanisms conditionally based on the existing `MBEDTLS_xxx_` symbols. * If `MBEDTLS_PSA_CRYPTO_CONFIG` is unset, which is the default at least in Mbed TLS 2.x versions, things are as they are today: the PSA subsystem includes generic code unconditionally, and includes support for specific mechanisms conditionally based on the existing `MBEDTLS_xxx_` symbols.
* If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA Crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`. * If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA Crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/mbedtls_config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`.
### PSA Crypto configuration symbols ### PSA Crypto configuration symbols
@ -123,17 +123,17 @@ These symbols are not part of the public interface of Mbed TLS towards applicati
#### New-style definition of configuration symbols #### New-style definition of configuration symbols
When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/mbedtls_config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols.
`mbedtls/config_psa.h` includes `psa/crypto_config.h`, the user-editable file that defines application requirements. `mbedtls/config_psa.h` includes `psa/crypto_config.h`, the user-editable file that defines application requirements.
#### Old-style definition of configuration symbols #### Old-style definition of configuration symbols
When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. Furthermore, the new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/mbedtls_config.h`. Furthermore, the new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`).
The `PSA_WANT_xxx` definitions in `mbedtls/config_psa.h` are needed not only to build the PSA parts of the library, but also to build code that uses these parts. This includes structure definitions in `psa/crypto_struct.h`, size calculations in `psa/crypto_sizes.h`, and application code that's specific to a given cryptographic mechanism. In Mbed TLS itself, code under `MBEDTLS_USE_PSA_CRYPTO` and conditional compilation guards in tests and sample programs need `PSA_WANT_xxx`. The `PSA_WANT_xxx` definitions in `mbedtls/config_psa.h` are needed not only to build the PSA parts of the library, but also to build code that uses these parts. This includes structure definitions in `psa/crypto_struct.h`, size calculations in `psa/crypto_sizes.h`, and application code that's specific to a given cryptographic mechanism. In Mbed TLS itself, code under `MBEDTLS_USE_PSA_CRYPTO` and conditional compilation guards in tests and sample programs need `PSA_WANT_xxx`.
Since some existing applications use a handwritten `mbedtls/config.h` or an edited copy of `mbedtls/config.h` from an earlier version of Mbed TLS, `mbedtls/config_psa.h` must be included via an already existing header that is not `mbedtls/config.h`, so it is included via `psa/crypto.h` (for example from `psa/crypto_platform.h`). Since some existing applications use a handwritten `mbedtls/mbedtls_config.h` or an edited copy of `mbedtls/mbedtls_config.h` from an earlier version of Mbed TLS, `mbedtls/config_psa.h` must be included via an already existing header that is not `mbedtls/mbedtls_config.h`, so it is included via `psa/crypto.h` (for example from `psa/crypto_platform.h`).
#### Summary of definitions of configuration symbols #### Summary of definitions of configuration symbols
@ -147,7 +147,7 @@ The following table summarizes where symbols are defined depending on the config
| Symbols | With `MBEDTLS_PSA_CRYPTO_CONFIG` | Without `MBEDTLS_PSA_CRYPTO_CONFIG` | | Symbols | With `MBEDTLS_PSA_CRYPTO_CONFIG` | Without `MBEDTLS_PSA_CRYPTO_CONFIG` |
| ------------------------- | -------------------------------- | ----------------------------------- | | ------------------------- | -------------------------------- | ----------------------------------- |
| `MBEDTLS_xxx_C` | `mbedtls/config.h` (U) or | `mbedtls/config.h` (U) | | `MBEDTLS_xxx_C` | `mbedtls/mbedtls_config.h` (U) or | `mbedtls/mbedtls_config.h` (U) |
| | `mbedtls/config_psa.h` (D) | | | | `mbedtls/config_psa.h` (D) | |
| `PSA_WANT_xxx` | `psa/crypto_config.h` (U) | `mbedtls/config_psa.h` (D) | | `PSA_WANT_xxx` | `psa/crypto_config.h` (U) | `mbedtls/config_psa.h` (D) |
| `MBEDTLS_PSA_BUILTIN_xxx` | `mbedtls/config_psa.h` (D) | `mbedtls/config_psa.h` (D) | | `MBEDTLS_PSA_BUILTIN_xxx` | `mbedtls/config_psa.h` (D) | `mbedtls/config_psa.h` (D) |

2
include/CMakeLists.txt
View file

@ -15,7 +15,7 @@ if(INSTALL_MBEDTLS_HEADERS)
endif(INSTALL_MBEDTLS_HEADERS) endif(INSTALL_MBEDTLS_HEADERS)
# Make config.h available in an out-of-source build. ssl-opt.sh requires it. # Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it.
if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls) link_to_source(mbedtls)
link_to_source(psa) link_to_source(psa)

4
include/mbedtls/build_info.h
View file

@ -4,7 +4,7 @@
* \brief Build-time configuration info * \brief Build-time configuration info
* *
* Include this file if you need to depend on the * Include this file if you need to depend on the
* configuration options defined in config.h * configuration options defined in mbedtls_config.h
*/ */
/* /*
* Copyright The Mbed TLS Contributors * Copyright The Mbed TLS Contributors
@ -31,7 +31,7 @@
#endif #endif
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/mbedtls_config.h"
#else #else
#include MBEDTLS_CONFIG_FILE #include MBEDTLS_CONFIG_FILE
#endif #endif

4
include/mbedtls/check_config.h
View file

@ -21,7 +21,7 @@
*/ */
/* /*
* It is recommended to include this file from your config.h * It is recommended to include this file from your mbedtls_config.h
* in order to catch dependency issues early. * in order to catch dependency issues early.
*/ */
@ -42,7 +42,7 @@
#error "MBEDTLS_PLATFORM_C is required on Windows" #error "MBEDTLS_PLATFORM_C is required on Windows"
#endif #endif
/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as /* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
* it would confuse config.py. */ * it would confuse config.py. */
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ #if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)

4
include/mbedtls/config_psa.h
View file

@ -3,11 +3,11 @@
* \brief PSA crypto configuration options (set of defines) * \brief PSA crypto configuration options (set of defines)
* *
* This set of compile-time options takes settings defined in * This set of compile-time options takes settings defined in
* include/mbedtls/config.h and include/psa/crypto_config.h and uses * include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h and uses
* those definitions to define symbols used in the library code. * those definitions to define symbols used in the library code.
* *
* Users and integrators should not edit this file, please edit * Users and integrators should not edit this file, please edit
* include/mbedtls/config.h for MBETLS_XXX settings or * include/mbedtls/mbedtls_config.h for MBETLS_XXX settings or
* include/psa/crypto_config.h for PSA_WANT_XXX settings. * include/psa/crypto_config.h for PSA_WANT_XXX settings.
*/ */
/* /*

4
include/mbedtls/ctr_drbg.h
View file

@ -16,7 +16,7 @@
* The security strength as defined in NIST SP 800-90A is * The security strength as defined in NIST SP 800-90A is
* 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled) * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
* and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
* kept at its default value (and not overridden in config.h) and that the * kept at its default value (and not overridden in mbedtls_config.h) and that the
* DRBG instance is set up with default parameters. * DRBG instance is set up with default parameters.
* See the documentation of mbedtls_ctr_drbg_seed() for more * See the documentation of mbedtls_ctr_drbg_seed() for more
* information. * information.
@ -80,7 +80,7 @@
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them using the compiler command * Either change them in mbedtls_config.h or define them using the compiler command
* line. * line.
* \{ * \{
*/ */

4
include/mbedtls/ecp.h
View file

@ -91,7 +91,7 @@ extern "C" {
* - Increment MBEDTLS_ECP_DP_MAX below if needed. * - Increment MBEDTLS_ECP_DP_MAX below if needed.
* - Update the calculation of MBEDTLS_ECP_MAX_BITS below. * - Update the calculation of MBEDTLS_ECP_MAX_BITS below.
* - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
* config.h. * mbedtls_config.h.
* - List the curve as a dependency of MBEDTLS_ECP_C and * - List the curve as a dependency of MBEDTLS_ECP_C and
* MBEDTLS_ECDSA_C if supported in check_config.h. * MBEDTLS_ECDSA_C if supported in check_config.h.
* - Add the curve to the appropriate curve type macro * - Add the curve to the appropriate curve type macro
@ -244,7 +244,7 @@ mbedtls_ecp_group;
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h, or define them using the compiler command line. * Either change them in mbedtls_config.h, or define them using the compiler command line.
* \{ * \{
*/ */

2
include/mbedtls/entropy.h
View file

@ -52,7 +52,7 @@
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line. * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{ * \{
*/ */

2
include/mbedtls/hmac_drbg.h
View file

@ -47,7 +47,7 @@
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line. * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{ * \{
*/ */

4
include/mbedtls/config.h → include/mbedtls/mbedtls_config.h
View file

@ -1,5 +1,5 @@
/** /**
* \file config.h * \file mbedtls_config.h
* *
* \brief Configuration options (set of defines) * \brief Configuration options (set of defines)
* *
@ -1736,7 +1736,7 @@
* *
* If you enable this option and write your own configuration file, you must * If you enable this option and write your own configuration file, you must
* include mbedtls/config_psa.h in your configuration file. The default * include mbedtls/config_psa.h in your configuration file. The default
* provided mbedtls/config.h contains the necessary inclusion. * provided mbedtls/mbedtls_config.h contains the necessary inclusion.
* *
* This feature is still experimental and is not ready for production since * This feature is still experimental and is not ready for production since
* it is not completed. * it is not completed.

2
include/mbedtls/memory_buffer_alloc.h
View file

@ -30,7 +30,7 @@
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line. * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{ * \{
*/ */

2
include/mbedtls/platform.h
View file

@ -46,7 +46,7 @@ extern "C" {
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line. * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{ * \{
*/ */

2
include/mbedtls/platform_time.h
View file

@ -32,7 +32,7 @@ extern "C" {
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line. * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{ * \{
*/ */

6
include/mbedtls/ssl.h
View file

@ -211,7 +211,7 @@
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line. * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{ * \{
*/ */
@ -3539,7 +3539,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
* *
* \note The logic to determine the maximum outgoing record payload is * \note The logic to determine the maximum outgoing record payload is
* version-specific. It takes into account various factors, such as * version-specific. It takes into account various factors, such as
* the config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions * the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
* such as the max fragment length or record size limit extension if * such as the max fragment length or record size limit extension if
* used, and for DTLS the path MTU as configured and current * used, and for DTLS the path MTU as configured and current
* record expansion. * record expansion.
@ -3566,7 +3566,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
* *
* \note The logic to determine the maximum outgoing record payload is * \note The logic to determine the maximum outgoing record payload is
* version-specific. It takes into account various factors, such as * version-specific. It takes into account various factors, such as
* the config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions * the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
* such as the max fragment length extension or record size limit * such as the max fragment length extension or record size limit
* extension if used, and the current record expansion. * extension if used, and the current record expansion.
* *

2
include/mbedtls/ssl_cache.h
View file

@ -35,7 +35,7 @@
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line. * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{ * \{
*/ */

2
include/mbedtls/ssl_cookie.h
View file

@ -35,7 +35,7 @@
* \name SECTION: Module settings * \name SECTION: Module settings
* *
* The configuration options you can set for this module are in this section. * The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line. * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{ * \{
*/ */
#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT #ifndef MBEDTLS_SSL_COOKIE_TIMEOUT

2
include/mbedtls/version.h
View file

@ -86,7 +86,7 @@ void mbedtls_version_get_string_full( char *string );
* *
* \note only checks against defines in the sections "System * \note only checks against defines in the sections "System
* support", "mbed TLS modules" and "mbed TLS feature * support", "mbed TLS modules" and "mbed TLS feature
* support" in config.h * support" in mbedtls_config.h
* *
* \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
* *

4
include/psa/crypto_config.h
View file

@ -5,7 +5,7 @@
*/ */
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
/** /**
* When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in config.h, * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
* this file determines which cryptographic mechanisms are enabled * this file determines which cryptographic mechanisms are enabled
* through the PSA Cryptography API (\c psa_xxx() functions). * through the PSA Cryptography API (\c psa_xxx() functions).
* *
@ -24,7 +24,7 @@
*/ */
#else #else
/** /**
* When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in config.h, * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
* this file is not used, and cryptographic mechanisms are supported * this file is not used, and cryptographic mechanisms are supported
* through the PSA API if and only if they are supported through the * through the PSA API if and only if they are supported through the
* mbedtls_xxx API. * mbedtls_xxx API.

2
include/psa/crypto_extra.h
View file

@ -40,7 +40,7 @@ extern "C" {
/* UID for secure storage seed */ /* UID for secure storage seed */
#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
/* See config.h for definition */ /* See mbedtls_config.h for definition */
#if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT) #if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 #define MBEDTLS_PSA_KEY_SLOT_COUNT 32
#endif #endif

10
library/Makefile
View file

@ -1,5 +1,5 @@
# Also see "include/mbedtls/config.h" # Also see "include/mbedtls/mbedtls_config.h"
CFLAGS ?= -O2 CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
@ -281,12 +281,12 @@ error.c:
version_features.c: ../scripts/generate_features.pl version_features.c: ../scripts/generate_features.pl
version_features.c: ../scripts/data_files/version_features.fmt version_features.c: ../scripts/data_files/version_features.fmt
## The generated file only depends on the options that are present in config.h, ## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time ## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare config.h as a ## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or ## dependency. Remove this file from your working tree if you've just added or
## removed an option in config.h. ## removed an option in mbedtls_config.h.
#version_features.c: ../include/mbedtls/config.h #version_features.c: ../include/mbedtls/mbedtls_config.h
version_features.c: version_features.c:
echo " Gen $@" echo " Gen $@"
$(PERL) ../scripts/generate_features.pl $(PERL) ../scripts/generate_features.pl

2
library/entropy_poll.c
View file

@ -44,7 +44,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
!defined(__HAIKU__) && !defined(__midipix__) !defined(__HAIKU__) && !defined(__midipix__)
#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
#endif #endif
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)

2
library/entropy_poll.h
View file

@ -51,7 +51,7 @@ int mbedtls_platform_entropy_poll( void *data,
* \brief Entropy poll callback for a hardware source * \brief Entropy poll callback for a hardware source
* *
* \warning This is not provided by mbed TLS! * \warning This is not provided by mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h. * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h.
* *
* \note This must accept NULL as its first argument. * \note This must accept NULL as its first argument.
*/ */

4
library/net_sockets.c
View file

@ -18,7 +18,7 @@
*/ */
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must /* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly. * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#ifndef _POSIX_C_SOURCE #ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L
@ -34,7 +34,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
!defined(__HAIKU__) && !defined(__midipix__) !defined(__HAIKU__) && !defined(__midipix__)
#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in mbedtls_config.h"
#endif #endif
#if defined(MBEDTLS_PLATFORM_C) #if defined(MBEDTLS_PLATFORM_C)

2
library/platform_util.c
View file

@ -20,7 +20,7 @@
/* /*
* Ensure gmtime_r is available even with -std=c99; must be defined before * Ensure gmtime_r is available even with -std=c99; must be defined before
* config.h, which pulls in glibc's features.h. Harmless on other platforms. * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms.
*/ */
#if !defined(_POSIX_C_SOURCE) #if !defined(_POSIX_C_SOURCE)
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L

2
library/threading.c
View file

@ -19,7 +19,7 @@
/* /*
* Ensure gmtime_r is available even with -std=c99; must be defined before * Ensure gmtime_r is available even with -std=c99; must be defined before
* config.h, which pulls in glibc's features.h. Harmless on other platforms. * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms.
*/ */
#if !defined(_POSIX_C_SOURCE) #if !defined(_POSIX_C_SOURCE)
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L

2
library/timing.c
View file

@ -28,7 +28,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
!defined(__HAIKU__) && !defined(__midipix__) !defined(__HAIKU__) && !defined(__midipix__)
#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" #error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in mbedtls_config.h"
#endif #endif
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)

8
programs/Makefile
View file

@ -153,12 +153,12 @@ psa/psa_constant_names_generated.c:
$(PYTHON) ../scripts/generate_psa_constants.py $(PYTHON) ../scripts/generate_psa_constants.py
test/query_config.c: ../scripts/generate_query_config.pl test/query_config.c: ../scripts/generate_query_config.pl
## The generated file only depends on the options that are present in config.h, ## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time ## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare config.h as a ## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or ## dependency. Remove this file from your working tree if you've just added or
## removed an option in config.h. ## removed an option in mbedtls_config.h.
#test/query_config.c: ../include/mbedtls/config.h #test/query_config.c: ../include/mbedtls/mbedtls_config.h
test/query_config.c: ../scripts/data_files/query_config.fmt test/query_config.c: ../scripts/data_files/query_config.fmt
test/query_config.c: test/query_config.c:
echo " Gen $@" echo " Gen $@"

2
programs/aes/crypt_and_hash.c
View file

@ -19,7 +19,7 @@
*/ */
/* Enable definition of fileno() even when compiling with -std=c99. Must be /* Enable definition of fileno() even when compiling with -std=c99. Must be
* set before config.h, which pulls in glibc's features.h indirectly. * set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L

2
programs/fuzz/onefile.c
View file

@ -2,7 +2,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
/* This file doesn't use any Mbed TLS function, but grab config.h anyway /* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway
* in case it contains platform-specific #defines related to malloc or * in case it contains platform-specific #defines related to malloc or
* stdio functions. */ * stdio functions. */
#include "mbedtls/build_info.h" #include "mbedtls/build_info.h"

2
programs/ssl/ssl_mail_client.c
View file

@ -18,7 +18,7 @@
*/ */
/* Enable definition of gethostname() even when compiling with -std=c99. Must /* Enable definition of gethostname() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly. * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */ * Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L #define _POSIX_C_SOURCE 200112L

4
programs/test/query_config.h
View file

@ -1,5 +1,5 @@
/* /*
* Query Mbed TLS compile time configurations from config.h * Query Mbed TLS compile time configurations from mbedtls_config.h
* *
* Copyright The Mbed TLS Contributors * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
@ -26,7 +26,7 @@
* *
* \param config The symbol to query (e.g. "MBEDTLS_RSA_C"). * \param config The symbol to query (e.g. "MBEDTLS_RSA_C").
* \return \c 0 if the symbol was defined at compile time * \return \c 0 if the symbol was defined at compile time
* (in MBEDTLS_CONFIG_FILE or config.h), * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h),
* \c 1 otherwise. * \c 1 otherwise.
* *
* \note This function is defined in `programs/test/query_config.c` * \note This function is defined in `programs/test/query_config.c`

4
scripts/apidoc_full.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# Generate doxygen documentation with a full config.h (this ensures that every # Generate doxygen documentation with a full mbedtls_config.h (this ensures that every
# available flag is documented, and avoids warnings about documentation # available flag is documented, and avoids warnings about documentation
# without a corresponding #define). # without a corresponding #define).
# #
@ -24,7 +24,7 @@
set -eu set -eu
CONFIG_H='include/mbedtls/config.h' CONFIG_H='include/mbedtls/mbedtls_config.h'
if [ -r $CONFIG_H ]; then :; else if [ -r $CONFIG_H ]; then :; else
echo "$CONFIG_H not found" >&2 echo "$CONFIG_H not found" >&2

12
scripts/config.py
View file

@ -26,14 +26,14 @@ import os
import re import re
class Setting: class Setting:
"""Representation of one Mbed TLS config.h setting. """Representation of one Mbed TLS mbedtls_config.h setting.
Fields: Fields:
* name: the symbol name ('MBEDTLS_xxx'). * name: the symbol name ('MBEDTLS_xxx').
* value: the value of the macro. The empty string for a plain #define * value: the value of the macro. The empty string for a plain #define
with no value. with no value.
* active: True if name is defined, False if a #define for name is * active: True if name is defined, False if a #define for name is
present in config.h but commented out. present in mbedtls_config.h but commented out.
* section: the name of the section that contains this symbol. * section: the name of the section that contains this symbol.
""" """
# pylint: disable=too-few-public-methods # pylint: disable=too-few-public-methods
@ -321,7 +321,7 @@ class ConfigFile(Config):
and modify the configuration. and modify the configuration.
""" """
_path_in_tree = 'include/mbedtls/config.h' _path_in_tree = 'include/mbedtls/mbedtls_config.h'
default_path = [_path_in_tree, default_path = [_path_in_tree,
os.path.join(os.path.dirname(__file__), os.path.join(os.path.dirname(__file__),
os.pardir, os.pardir,
@ -363,7 +363,7 @@ class ConfigFile(Config):
_config_line_regexp = re.compile(r'|'.join([_define_line_regexp, _config_line_regexp = re.compile(r'|'.join([_define_line_regexp,
_section_line_regexp])) _section_line_regexp]))
def _parse_line(self, line): def _parse_line(self, line):
"""Parse a line in config.h and return the corresponding template.""" """Parse a line in mbedtls_config.h and return the corresponding template."""
line = line.rstrip('\r\n') line = line.rstrip('\r\n')
m = re.match(self._config_line_regexp, line) m = re.match(self._config_line_regexp, line)
if m is None: if m is None:
@ -384,7 +384,7 @@ class ConfigFile(Config):
return template return template
def _format_template(self, name, indent, middle): def _format_template(self, name, indent, middle):
"""Build a line for config.h for the given setting. """Build a line for mbedtls_config.h for the given setting.
The line has the form "<indent>#define <name> <value>" The line has the form "<indent>#define <name> <value>"
where <middle> is "#define <name> ". where <middle> is "#define <name> ".
@ -428,7 +428,7 @@ class ConfigFile(Config):
if __name__ == '__main__': if __name__ == '__main__':
def main(): def main():
"""Command line config.h manipulation tool.""" """Command line mbedtls_config.h manipulation tool."""
parser = argparse.ArgumentParser(description=""" parser = argparse.ArgumentParser(description="""
Mbed TLS and Mbed Crypto configuration file manipulation tool. Mbed TLS and Mbed Crypto configuration file manipulation tool.
""") """)

4
scripts/data_files/query_config.fmt
View file

@ -1,5 +1,5 @@
/* /*
* Query Mbed TLS compile time configurations from config.h * Query Mbed TLS compile time configurations from mbedtls_config.h
* *
* Copyright The Mbed TLS Contributors * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
@ -30,7 +30,7 @@
/* /*
* Include all the headers with public APIs in case they define a macro to its * Include all the headers with public APIs in case they define a macro to its
* default value when that configuration is not set in the config.h. * default value when that configuration is not set in the mbedtls_config.h.
*/ */
#include "mbedtls/aes.h" #include "mbedtls/aes.h"
#include "mbedtls/aria.h" #include "mbedtls/aria.h"

4
scripts/ecc-heap.sh
View file

@ -24,7 +24,7 @@
set -eu set -eu
CONFIG_H='include/mbedtls/config.h' CONFIG_H='include/mbedtls/mbedtls_config.h'
if [ -r $CONFIG_H ]; then :; else if [ -r $CONFIG_H ]; then :; else
echo "$CONFIG_H not found" >&2 echo "$CONFIG_H not found" >&2
@ -37,7 +37,7 @@ if grep -i cmake Makefile >/dev/null; then :; else
fi fi
if git status | grep -F $CONFIG_H >/dev/null 2>&1; then if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
echo "config.h not clean" >&2 echo "mbedtls_config.h not clean" >&2
exit 1 exit 1
fi fi

2
scripts/ecp_comb_table.py
View file

@ -126,7 +126,7 @@ int main()
} }
if ( grp.T == NULL ) { if ( grp.T == NULL ) {
fprintf( stderr, "grp.T is not generated. Please make sure" fprintf( stderr, "grp.T is not generated. Please make sure"
"MBEDTLS_ECP_FIXED_POINT_OPTIM is enabled in config.h\n" ); "MBEDTLS_ECP_FIXED_POINT_OPTIM is enabled in mbedtls_config.h\n" );
return 1; return 1;
} }
dump_T( &grp ); dump_T( &grp );

6
scripts/footprint.sh
View file

@ -21,7 +21,7 @@
# configurations, when built for a Cortex M3/M4 target. # configurations, when built for a Cortex M3/M4 target.
# #
# Configurations included: # Configurations included:
# default include/mbedtls/config.h # default include/mbedtls/mbedtls_config.h
# thread configs/config-thread.h # thread configs/config-thread.h
# suite-b configs/config-suite-b.h # suite-b configs/config-suite-b.h
# psk configs/config-ccm-psk-tls1_2.h # psk configs/config-ccm-psk-tls1_2.h
@ -30,7 +30,7 @@
# #
set -eu set -eu
CONFIG_H='include/mbedtls/config.h' CONFIG_H='include/mbedtls/mbedtls_config.h'
if [ -r $CONFIG_H ]; then :; else if [ -r $CONFIG_H ]; then :; else
echo "$CONFIG_H not found" >&2 echo "$CONFIG_H not found" >&2
@ -112,7 +112,7 @@ log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
log "$( arm-none-eabi-gcc --version | head -n1 )" log "$( arm-none-eabi-gcc --version | head -n1 )"
log "CFLAGS=$ARMGCC_FLAGS" log "CFLAGS=$ARMGCC_FLAGS"
doit default include/mbedtls/config.h doit default include/mbedtls/mbedtls_config.h
doit thread configs/config-thread.h doit thread configs/config-thread.h
doit suite-b configs/config-suite-b.h doit suite-b configs/config-suite-b.h
doit psk configs/config-ccm-psk-tls1_2.h doit psk configs/config-ccm-psk-tls1_2.h

2
scripts/generate_features.pl
View file

@ -51,7 +51,7 @@ close(FORMAT_FILE);
$/ = $line_separator; $/ = $line_separator;
open(CONFIG_H, '<:crlf', "$include_dir/config.h") || die("Failure when opening config.h: $!"); open(CONFIG_H, '<:crlf', "$include_dir/mbedtls_config.h") || die("Failure when opening mbedtls_config.h: $!");
my $feature_defines = ""; my $feature_defines = "";
my $in_section = 0; my $in_section = 0;

6
scripts/generate_query_config.pl
View file

@ -8,9 +8,9 @@
# the library, for example, for testing. # the library, for example, for testing.
# #
# The query_config.c is generated from the current configuration at # The query_config.c is generated from the current configuration at
# include/mbedtls/config.h. The idea is that the config.h contains ALL the # include/mbedtls/mbedtls_config.h. The idea is that the mbedtls_config.h contains ALL the
# compile time configurations available in Mbed TLS (commented or uncommented). # compile time configurations available in Mbed TLS (commented or uncommented).
# This script extracts the configuration macros from the config.h and this # This script extracts the configuration macros from the mbedtls_config.h and this
# information is used to automatically generate the body of the query_config() # information is used to automatically generate the body of the query_config()
# function by using the template in scripts/data_files/query_config.fmt. # function by using the template in scripts/data_files/query_config.fmt.
# #
@ -33,7 +33,7 @@
use strict; use strict;
my $config_file = "./include/mbedtls/config.h"; my $config_file = "./include/mbedtls/mbedtls_config.h";
my $query_config_format_file = "./scripts/data_files/query_config.fmt"; my $query_config_format_file = "./scripts/data_files/query_config.fmt";
my $query_config_file = "./programs/test/query_config.c"; my $query_config_file = "./programs/test/query_config.c";

4
scripts/memory.sh
View file

@ -23,7 +23,7 @@
set -eu set -eu
CONFIG_H='include/mbedtls/config.h' CONFIG_H='include/mbedtls/mbedtls_config.h'
CLIENT='mini_client' CLIENT='mini_client'
@ -46,7 +46,7 @@ if [ $( uname ) != Linux ]; then
fi fi
if git status | grep -F $CONFIG_H >/dev/null 2>&1; then if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
echo "config.h not clean" >&2 echo "mbedtls_config.h not clean" >&2
exit 1 exit 1
fi fi

2
tests/compat.sh
View file

@ -74,7 +74,7 @@ FILTER=""
# exclude: # exclude:
# - NULL: excluded from our default config # - NULL: excluded from our default config
# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1 # - ARIA: not in default mbedtls_config.h + requires OpenSSL >= 1.1.1
# - ChachaPoly: requires OpenSSL >= 1.1.0 # - ChachaPoly: requires OpenSSL >= 1.1.0
# - 3DES: not in default config # - 3DES: not in default config
EXCLUDE='NULL\|DES\|ARIA\|CHACHA20-POLY1305' EXCLUDE='NULL\|DES\|ARIA\|CHACHA20-POLY1305'

4
tests/configs/config-wrapper-malloc-0-null.h
View file

@ -1,4 +1,4 @@
/* config.h wrapper that forces calloc(0) to return NULL. /* mbedtls_config.h wrapper that forces calloc(0) to return NULL.
* Used for testing. * Used for testing.
*/ */
/* /*
@ -18,7 +18,7 @@
* limitations under the License. * limitations under the License.
*/ */
#include "mbedtls/config.h" #include "mbedtls/mbedtls_config.h"
#include <stdlib.h> #include <stdlib.h>
static inline void *custom_calloc( size_t nmemb, size_t size ) static inline void *custom_calloc( size_t nmemb, size_t size )

10
tests/scripts/all.sh
View file

@ -34,7 +34,7 @@
# Warning: the test is destructive. It includes various build modes and # Warning: the test is destructive. It includes various build modes and
# configurations, and can and will arbitrarily change the current CMake # configurations, and can and will arbitrarily change the current CMake
# configuration. The following files must be committed into git: # configuration. The following files must be committed into git:
# * include/mbedtls/config.h # * include/mbedtls/mbedtls_config.h
# * Makefile, library/Makefile, programs/Makefile, tests/Makefile, # * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
# programs/fuzz/Makefile # programs/fuzz/Makefile
# After running this script, the CMake cache will be lost and CMake # After running this script, the CMake cache will be lost and CMake
@ -85,7 +85,7 @@
# means that components can assume that the working directory is in a # means that components can assume that the working directory is in a
# cleaned-up state, and don't need to perform the cleanup themselves. # cleaned-up state, and don't need to perform the cleanup themselves.
# * Run `make clean`. # * Run `make clean`.
# * Restore `include/mbedtks/config.h` from a backup made before running # * Restore `include/mbedtks/mbedtls_config.h` from a backup made before running
# the component. # the component.
# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`, # * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
# `tests/Makefile` and `programs/fuzz/Makefile` from git. # `tests/Makefile` and `programs/fuzz/Makefile` from git.
@ -125,7 +125,7 @@ pre_check_environment () {
} }
pre_initialize_variables () { pre_initialize_variables () {
CONFIG_H='include/mbedtls/config.h' CONFIG_H='include/mbedtls/mbedtls_config.h'
CONFIG_BAK="$CONFIG_H.bak" CONFIG_BAK="$CONFIG_H.bak"
CRYPTO_CONFIG_H='include/psa/crypto_config.h' CRYPTO_CONFIG_H='include/psa/crypto_config.h'
CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak" CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak"
@ -463,8 +463,8 @@ pre_check_git () {
exit 1 exit 1
fi fi
if ! git diff --quiet include/mbedtls/config.h; then if ! git diff --quiet include/mbedtls/mbedtls_config.h; then
err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. "
echo "You can either delete or preserve your work, or force the test by rerunning the" echo "You can either delete or preserve your work, or force the test by rerunning the"
echo "script as: $0 --force" echo "script as: $0 --force"
exit 1 exit 1

4
tests/scripts/basic-build-test.sh
View file

@ -30,7 +30,7 @@
# #
# The tests focus on functionality and do not consider performance. # The tests focus on functionality and do not consider performance.
# #
# Note the tests self-adapt due to configurations in include/mbedtls/config.h # Note the tests self-adapt due to configurations in include/mbedtls/mbedtls_config.h
# which can lead to some tests being skipped, and can cause the number of # which can lead to some tests being skipped, and can cause the number of
# available tests to fluctuate. # available tests to fluctuate.
# #
@ -68,7 +68,7 @@ export OPENSSL_CMD="$OPENSSL"
export GNUTLS_CLI="$GNUTLS_CLI" export GNUTLS_CLI="$GNUTLS_CLI"
export GNUTLS_SERV="$GNUTLS_SERV" export GNUTLS_SERV="$GNUTLS_SERV"
CONFIG_H='include/mbedtls/config.h' CONFIG_H='include/mbedtls/mbedtls_config.h'
CONFIG_BAK="$CONFIG_H.bak" CONFIG_BAK="$CONFIG_H.bak"
# Step 0 - print build environment info # Step 0 - print build environment info

4
tests/scripts/curves.pl
View file

@ -36,7 +36,7 @@
# #
# This script should be executed from the root of the project directory. # This script should be executed from the root of the project directory.
# #
# Only curves that are enabled in config.h will be tested. # Only curves that are enabled in mbedtls_config.h will be tested.
# #
# For best effect, run either with cmake disabled, or cmake enabled in a mode # For best effect, run either with cmake disabled, or cmake enabled in a mode
# that includes -Werror. # that includes -Werror.
@ -47,7 +47,7 @@ use strict;
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; -d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
my $sed_cmd = 's/^#define \(MBEDTLS_ECP_DP.*_ENABLED\)/\1/p'; my $sed_cmd = 's/^#define \(MBEDTLS_ECP_DP.*_ENABLED\)/\1/p';
my $config_h = 'include/mbedtls/config.h'; my $config_h = 'include/mbedtls/mbedtls_config.h';
my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
# Determine which curves support ECDSA by checking the dependencies of # Determine which curves support ECDSA by checking the dependencies of

2
tests/scripts/depends-hashes.pl
View file

@ -42,7 +42,7 @@ use strict;
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; -d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
my $config_h = 'include/mbedtls/config.h'; my $config_h = 'include/mbedtls/mbedtls_config.h';
# as many SSL options depend on specific hashes, # as many SSL options depend on specific hashes,
# and SSL is not in the test suites anyways, # and SSL is not in the test suites anyways,

2
tests/scripts/depends-pkalgs.pl
View file

@ -43,7 +43,7 @@ use strict;
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; -d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
my $config_h = 'include/mbedtls/config.h'; my $config_h = 'include/mbedtls/mbedtls_config.h';
# Some algorithms can't be disabled on their own as others depend on them, so # Some algorithms can't be disabled on their own as others depend on them, so
# we list those reverse-dependencies here to keep check_config.h happy. # we list those reverse-dependencies here to keep check_config.h happy.

2
tests/scripts/key-exchanges.pl
View file

@ -40,7 +40,7 @@ use strict;
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; -d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p'; my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
my $config_h = 'include/mbedtls/config.h'; my $config_h = 'include/mbedtls/mbedtls_config.h';
my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
system( "cp $config_h $config_h.bak" ) and die; system( "cp $config_h $config_h.bak" ) and die;

4
tests/scripts/list-symbols.sh
View file

@ -27,7 +27,7 @@ if grep -i cmake Makefile >/dev/null; then
exit 1 exit 1
fi fi
cp include/mbedtls/config.h include/mbedtls/config.h.bak cp include/mbedtls/mbedtls_config.h include/mbedtls/mbedtls_config.h.bak
scripts/config.py full scripts/config.py full
make clean make clean
make_ret= make_ret=
@ -39,7 +39,7 @@ CFLAGS=-fno-asynchronous-unwind-tables make lib \
cat list-symbols.make.log >&2 cat list-symbols.make.log >&2
} }
rm list-symbols.make.log rm list-symbols.make.log
mv include/mbedtls/config.h.bak include/mbedtls/config.h mv include/mbedtls/mbedtls_config.h.bak include/mbedtls/mbedtls_config.h
if [ -n "$make_ret" ]; then if [ -n "$make_ret" ]; then
exit "$make_ret" exit "$make_ret"
fi fi

2
tests/scripts/set_psa_test_dependencies.py
View file

@ -23,7 +23,7 @@ import re
import sys import sys
CLASSIC_DEPENDENCIES = frozenset([ CLASSIC_DEPENDENCIES = frozenset([
# This list is manually filtered from config.h. # This list is manually filtered from mbedtls_config.h.
# Mbed TLS feature support. # Mbed TLS feature support.
# Only features that affect what can be done are listed here. # Only features that affect what can be done are listed here.

2
tests/scripts/test-ref-configs.pl
View file

@ -60,7 +60,7 @@ if ($#ARGV >= 0) {
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; -d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
my $config_h = 'include/mbedtls/config.h'; my $config_h = 'include/mbedtls/mbedtls_config.h';
system( "cp $config_h $config_h.bak" ) and die; system( "cp $config_h $config_h.bak" ) and die;
sub abort { sub abort {

4
tests/scripts/test_config_script.py
View file

@ -8,7 +8,7 @@ This is a harness to help regression testing, not a functional tester.
Sample usage: Sample usage:
test_config_script.py -d old test_config_script.py -d old
## Modify config.py and/or config.h ## ## Modify config.py and/or mbedtls_config.h ##
test_config_script.py -d new test_config_script.py -d new
diff -ru old new diff -ru old new
""" """
@ -170,7 +170,7 @@ def main():
dest='output_directory', required=True, dest='output_directory', required=True,
help="""Output directory.""") help="""Output directory.""")
parser.add_argument('-f', metavar='FILE', parser.add_argument('-f', metavar='FILE',
dest='input_file', default='include/mbedtls/config.h', dest='input_file', default='include/mbedtls/mbedtls_config.h',
help="""Config file (default: %(default)s).""") help="""Config file (default: %(default)s).""")
parser.add_argument('-p', metavar='PRESET,...', parser.add_argument('-p', metavar='PRESET,...',
dest='presets', dest='presets',

14
tests/ssl-opt.sh
View file

@ -51,7 +51,7 @@ fi
: ${PERL:=perl} : ${PERL:=perl}
guess_config_name() { guess_config_name() {
if git diff --quiet ../include/mbedtls/config.h 2>/dev/null; then if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then
echo "default" echo "default"
else else
echo "unknown" echo "unknown"
@ -93,7 +93,7 @@ TESTS=0
FAILS=0 FAILS=0
SKIPS=0 SKIPS=0
CONFIG_H='../include/mbedtls/config.h' CONFIG_H='../include/mbedtls/mbedtls_config.h'
MEMCHECK=0 MEMCHECK=0
FILTER='.*' FILTER='.*'
@ -178,7 +178,7 @@ case "$MBEDTLS_TEST_OUTCOME_FILE" in
;; ;;
esac esac
# Read boolean configuration options from config.h for easy and quick # Read boolean configuration options from mbedtls_config.h for easy and quick
# testing. Skip non-boolean options (with something other than spaces # testing. Skip non-boolean options (with something other than spaces
# and a comment after "#define SYMBOL"). The variable contains a # and a comment after "#define SYMBOL"). The variable contains a
# space-separated list of symbols. # space-separated list of symbols.
@ -194,7 +194,7 @@ skip_next_test() {
SKIP_NEXT="YES" SKIP_NEXT="YES"
} }
# skip next test if the flag is not enabled in config.h # skip next test if the flag is not enabled in mbedtls_config.h
requires_config_enabled() { requires_config_enabled() {
case $CONFIGS_ENABLED in case $CONFIGS_ENABLED in
*" $1 "*) :;; *" $1 "*) :;;
@ -202,7 +202,7 @@ requires_config_enabled() {
esac esac
} }
# skip next test if the flag is enabled in config.h # skip next test if the flag is enabled in mbedtls_config.h
requires_config_disabled() { requires_config_disabled() {
case $CONFIGS_ENABLED in case $CONFIGS_ENABLED in
*" $1 "*) SKIP_NEXT="YES";; *" $1 "*) SKIP_NEXT="YES";;
@ -3146,7 +3146,7 @@ run_test "Renegotiation: server-initiated" \
# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that # Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD # the server did not parse the Signature Algorithm extension. This test is valid only if an MD
# algorithm stronger than SHA-1 is enabled in config.h # algorithm stronger than SHA-1 is enabled in mbedtls_config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
@ -3164,7 +3164,7 @@ run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that # Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD # the server did not parse the Signature Algorithm extension. This test is valid only if an MD
# algorithm stronger than SHA-1 is enabled in config.h # algorithm stronger than SHA-1 is enabled in mbedtls_config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \