config: Remove X.509 options
Note that this fails check-names.sh because options that TLS and X.509 files use are no longer present in config.h.
This commit is contained in:
parent
1c66e48670
commit
bb1f701212
9 changed files with 4 additions and 657 deletions
|
@ -51,8 +51,6 @@
|
|||
#define MBEDTLS_PKCS1_V21
|
||||
#define MBEDTLS_SELF_TEST
|
||||
#define MBEDTLS_VERSION_FEATURES
|
||||
#define MBEDTLS_X509_CHECK_KEY_USAGE
|
||||
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
|
||||
|
||||
/* mbed TLS modules */
|
||||
#define MBEDTLS_AES_C
|
||||
|
@ -78,9 +76,6 @@
|
|||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SHA512_C
|
||||
#define MBEDTLS_VERSION_C
|
||||
#define MBEDTLS_X509_USE_C
|
||||
#define MBEDTLS_X509_CRT_PARSE_C
|
||||
#define MBEDTLS_X509_CRL_PARSE_C
|
||||
//#define MBEDTLS_CMAC_C
|
||||
|
||||
/* Miscellaneous options */
|
||||
|
|
|
@ -1024,64 +1024,6 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_FEATURES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
*
|
||||
* If set, the X509 parser will not break-off when parsing an X509 certificate
|
||||
* and encountering an extension in a v1 or v2 certificate.
|
||||
*
|
||||
* Uncomment to prevent an error.
|
||||
*/
|
||||
//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
*
|
||||
* If set, the X509 parser will not break-off when parsing an X509 certificate
|
||||
* and encountering an unknown critical extension.
|
||||
*
|
||||
* \warning Depending on your PKI use, enabling this can be a security risk!
|
||||
*
|
||||
* Uncomment to prevent an error.
|
||||
*/
|
||||
//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CHECK_KEY_USAGE
|
||||
*
|
||||
* Enable verification of the keyUsage extension (CA and leaf certificates).
|
||||
*
|
||||
* Disabling this avoids problems with mis-issued and/or misused
|
||||
* (intermediate) CA and leaf certificates.
|
||||
*
|
||||
* \warning Depending on your PKI use, disabling this can be a security risk!
|
||||
*
|
||||
* Comment to skip keyUsage checking for both CA and leaf certificates.
|
||||
*/
|
||||
#define MBEDTLS_X509_CHECK_KEY_USAGE
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
|
||||
*
|
||||
* Enable verification of the extendedKeyUsage extension (leaf certificates).
|
||||
*
|
||||
* Disabling this avoids problems with mis-issued and/or misused certificates.
|
||||
*
|
||||
* \warning Depending on your PKI use, disabling this can be a security risk!
|
||||
*
|
||||
* Comment to skip extendedKeyUsage checking for certificates.
|
||||
*/
|
||||
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
*
|
||||
* Enable parsing and verification of X.509 certificates, CRLs and CSRS
|
||||
* signed with RSASSA-PSS (aka PKCS#1 v2.1).
|
||||
*
|
||||
* Comment this macro to disallow using RSASSA-PSS in certificates.
|
||||
*/
|
||||
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
/* \} name SECTION: mbed TLS feature support */
|
||||
|
||||
/**
|
||||
|
@ -1212,8 +1154,7 @@
|
|||
* Enable the generic ASN1 parser.
|
||||
*
|
||||
* Module: library/asn1.c
|
||||
* Caller: library/x509.c
|
||||
* library/dhm.c
|
||||
* Caller: library/dhm.c
|
||||
* library/pkcs12.c
|
||||
* library/pkcs5.c
|
||||
* library/pkparse.c
|
||||
|
@ -1228,9 +1169,6 @@
|
|||
* Module: library/asn1write.c
|
||||
* Caller: library/ecdsa.c
|
||||
* library/pkwrite.c
|
||||
* library/x509_create.c
|
||||
* library/x509write_crt.c
|
||||
* library/x509write_csr.c
|
||||
*/
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
|
||||
|
@ -1388,18 +1326,6 @@
|
|||
*/
|
||||
#define MBEDTLS_CCM_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CERTS_C
|
||||
*
|
||||
* Enable the test certificates.
|
||||
*
|
||||
* Module: library/certs.c
|
||||
* Caller:
|
||||
*
|
||||
* This module is used for testing (ssl_client/server).
|
||||
*/
|
||||
#define MBEDTLS_CERTS_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CHACHA20_C
|
||||
*
|
||||
|
@ -1768,13 +1694,6 @@
|
|||
* library/pkparse.c
|
||||
* library/pkwrite.c
|
||||
* library/rsa.c
|
||||
* library/x509.c
|
||||
* library/x509_create.c
|
||||
* library/x509_crl.c
|
||||
* library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
* library/x509write_crt.c
|
||||
* library/x509write_csr.c
|
||||
*
|
||||
* This modules translates between OIDs and internal values.
|
||||
*/
|
||||
|
@ -1802,9 +1721,6 @@
|
|||
* Module: library/pem.c
|
||||
* Caller: library/dhm.c
|
||||
* library/pkparse.c
|
||||
* library/x509_crl.c
|
||||
* library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_BASE64_C
|
||||
*
|
||||
|
@ -1819,8 +1735,6 @@
|
|||
*
|
||||
* Module: library/pem.c
|
||||
* Caller: library/pkwrite.c
|
||||
* library/x509write_crt.c
|
||||
* library/x509write_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_BASE64_C
|
||||
*
|
||||
|
@ -1847,8 +1761,6 @@
|
|||
* Enable the generic public (asymetric) key parser.
|
||||
*
|
||||
* Module: library/pkparse.c
|
||||
* Caller: library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
*
|
||||
|
@ -1862,7 +1774,6 @@
|
|||
* Enable the generic public (asymetric) key writer.
|
||||
*
|
||||
* Module: library/pkwrite.c
|
||||
* Caller: library/x509write.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
*
|
||||
|
@ -1883,21 +1794,6 @@
|
|||
*/
|
||||
#define MBEDTLS_PKCS5_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PKCS11_C
|
||||
*
|
||||
* Enable wrapper for PKCS#11 smartcard support.
|
||||
*
|
||||
* Module: library/pkcs11.c
|
||||
* Caller: library/pk.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
*
|
||||
* This module enables SSL/TLS PKCS #11 smartcard support.
|
||||
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
|
||||
*/
|
||||
//#define MBEDTLS_PKCS11_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PKCS12_C
|
||||
*
|
||||
|
@ -1999,7 +1895,6 @@
|
|||
*
|
||||
* Module: library/rsa.c
|
||||
* library/rsa_internal.c
|
||||
* Caller: library/x509.c
|
||||
*
|
||||
* This module is used by the following key exchanges:
|
||||
* RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
|
||||
|
@ -2015,7 +1910,6 @@
|
|||
*
|
||||
* Module: library/sha1.c
|
||||
* Caller: library/md.c
|
||||
* library/x509write_crt.c
|
||||
*
|
||||
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||
|
@ -2110,106 +2004,6 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_USE_C
|
||||
*
|
||||
* Enable X.509 core for using certificates.
|
||||
*
|
||||
* Module: library/x509.c
|
||||
* Caller: library/x509_crl.c
|
||||
* library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
|
||||
* MBEDTLS_PK_PARSE_C
|
||||
*
|
||||
* This module is required for the X.509 parsing modules.
|
||||
*/
|
||||
#define MBEDTLS_X509_USE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CRT_PARSE_C
|
||||
*
|
||||
* Enable X.509 certificate parsing.
|
||||
*
|
||||
* Module: library/x509_crt.c
|
||||
* Caller: library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_USE_C
|
||||
*
|
||||
* This module is required for X.509 certificate parsing.
|
||||
*/
|
||||
#define MBEDTLS_X509_CRT_PARSE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CRL_PARSE_C
|
||||
*
|
||||
* Enable X.509 CRL parsing.
|
||||
*
|
||||
* Module: library/x509_crl.c
|
||||
* Caller: library/x509_crt.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_USE_C
|
||||
*
|
||||
* This module is required for X.509 CRL parsing.
|
||||
*/
|
||||
#define MBEDTLS_X509_CRL_PARSE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CSR_PARSE_C
|
||||
*
|
||||
* Enable X.509 Certificate Signing Request (CSR) parsing.
|
||||
*
|
||||
* Module: library/x509_csr.c
|
||||
* Caller: library/x509_crt_write.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_USE_C
|
||||
*
|
||||
* This module is used for reading X.509 certificate request.
|
||||
*/
|
||||
#define MBEDTLS_X509_CSR_PARSE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CREATE_C
|
||||
*
|
||||
* Enable X.509 core for creating certificates.
|
||||
*
|
||||
* Module: library/x509_create.c
|
||||
*
|
||||
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
|
||||
*
|
||||
* This module is the basis for creating X.509 certificates and CSRs.
|
||||
*/
|
||||
#define MBEDTLS_X509_CREATE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CRT_WRITE_C
|
||||
*
|
||||
* Enable creating X.509 certificates.
|
||||
*
|
||||
* Module: library/x509_crt_write.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_CREATE_C
|
||||
*
|
||||
* This module is required for X.509 certificate creation.
|
||||
*/
|
||||
#define MBEDTLS_X509_CRT_WRITE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CSR_WRITE_C
|
||||
*
|
||||
* Enable creating X.509 Certificate Signing Requests (CSR).
|
||||
*
|
||||
* Module: library/x509_csr_write.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_CREATE_C
|
||||
*
|
||||
* This module is required for X.509 certificate request writing.
|
||||
*/
|
||||
#define MBEDTLS_X509_CSR_WRITE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_XTEA_C
|
||||
*
|
||||
|
|
|
@ -66,12 +66,9 @@
|
|||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SHA512_C
|
||||
#define MBEDTLS_X509_CRT_PARSE_C
|
||||
#define MBEDTLS_X509_USE_C
|
||||
|
||||
/* For test certificates */
|
||||
#define MBEDTLS_BASE64_C
|
||||
#define MBEDTLS_CERTS_C
|
||||
#define MBEDTLS_PEM_PARSE_C
|
||||
|
||||
/* Save RAM at the expense of ROM */
|
||||
|
|
|
@ -255,10 +255,6 @@
|
|||
#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
|
||||
#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -493,11 +489,6 @@
|
|||
#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
|
||||
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
|
||||
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
||||
|
@ -525,38 +516,6 @@
|
|||
#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
|
||||
!defined(MBEDTLS_PK_PARSE_C) )
|
||||
#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
|
||||
!defined(MBEDTLS_PK_WRITE_C) )
|
||||
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
|
||||
#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
|
||||
#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
|
||||
#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
|
||||
#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
|
||||
|
|
|
@ -1053,83 +1053,6 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_FEATURES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
*
|
||||
* If set, the X509 parser will not break-off when parsing an X509 certificate
|
||||
* and encountering an extension in a v1 or v2 certificate.
|
||||
*
|
||||
* Uncomment to prevent an error.
|
||||
*/
|
||||
//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
*
|
||||
* If set, the X509 parser will not break-off when parsing an X509 certificate
|
||||
* and encountering an unknown critical extension.
|
||||
*
|
||||
* \warning Depending on your PKI use, enabling this can be a security risk!
|
||||
*
|
||||
* Uncomment to prevent an error.
|
||||
*/
|
||||
//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
*
|
||||
* If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
|
||||
* and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
|
||||
* the set of trusted certificates through a callback instead of a linked
|
||||
* list.
|
||||
*
|
||||
* This is useful for example in environments where a large number of trusted
|
||||
* certificates is present and storing them in a linked list isn't efficient
|
||||
* enough, or when the set of trusted certificates changes frequently.
|
||||
*
|
||||
* See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
|
||||
* `mbedtls_ssl_conf_ca_cb()` for more information.
|
||||
*
|
||||
* Uncomment to enable trusted certificate callbacks.
|
||||
*/
|
||||
//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CHECK_KEY_USAGE
|
||||
*
|
||||
* Enable verification of the keyUsage extension (CA and leaf certificates).
|
||||
*
|
||||
* Disabling this avoids problems with mis-issued and/or misused
|
||||
* (intermediate) CA and leaf certificates.
|
||||
*
|
||||
* \warning Depending on your PKI use, disabling this can be a security risk!
|
||||
*
|
||||
* Comment to skip keyUsage checking for both CA and leaf certificates.
|
||||
*/
|
||||
#define MBEDTLS_X509_CHECK_KEY_USAGE
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
|
||||
*
|
||||
* Enable verification of the extendedKeyUsage extension (leaf certificates).
|
||||
*
|
||||
* Disabling this avoids problems with mis-issued and/or misused certificates.
|
||||
*
|
||||
* \warning Depending on your PKI use, disabling this can be a security risk!
|
||||
*
|
||||
* Comment to skip extendedKeyUsage checking for certificates.
|
||||
*/
|
||||
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
*
|
||||
* Enable parsing and verification of X.509 certificates, CRLs and CSRS
|
||||
* signed with RSASSA-PSS (aka PKCS#1 v2.1).
|
||||
*
|
||||
* Comment this macro to disallow using RSASSA-PSS in certificates.
|
||||
*/
|
||||
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
/* \} name SECTION: mbed TLS feature support */
|
||||
|
||||
/**
|
||||
|
@ -1260,8 +1183,7 @@
|
|||
* Enable the generic ASN1 parser.
|
||||
*
|
||||
* Module: library/asn1.c
|
||||
* Caller: library/x509.c
|
||||
* library/dhm.c
|
||||
* Caller: library/dhm.c
|
||||
* library/pkcs12.c
|
||||
* library/pkcs5.c
|
||||
* library/pkparse.c
|
||||
|
@ -1276,9 +1198,6 @@
|
|||
* Module: library/asn1write.c
|
||||
* Caller: library/ecdsa.c
|
||||
* library/pkwrite.c
|
||||
* library/x509_create.c
|
||||
* library/x509write_crt.c
|
||||
* library/x509write_csr.c
|
||||
*/
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
|
||||
|
@ -1436,18 +1355,6 @@
|
|||
*/
|
||||
#define MBEDTLS_CCM_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CERTS_C
|
||||
*
|
||||
* Enable the test certificates.
|
||||
*
|
||||
* Module: library/certs.c
|
||||
* Caller:
|
||||
*
|
||||
* This module is used for testing (ssl_client/server).
|
||||
*/
|
||||
#define MBEDTLS_CERTS_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CHACHA20_C
|
||||
*
|
||||
|
@ -1816,13 +1723,6 @@
|
|||
* library/pkparse.c
|
||||
* library/pkwrite.c
|
||||
* library/rsa.c
|
||||
* library/x509.c
|
||||
* library/x509_create.c
|
||||
* library/x509_crl.c
|
||||
* library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
* library/x509write_crt.c
|
||||
* library/x509write_csr.c
|
||||
*
|
||||
* This modules translates between OIDs and internal values.
|
||||
*/
|
||||
|
@ -1850,9 +1750,6 @@
|
|||
* Module: library/pem.c
|
||||
* Caller: library/dhm.c
|
||||
* library/pkparse.c
|
||||
* library/x509_crl.c
|
||||
* library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_BASE64_C
|
||||
*
|
||||
|
@ -1867,8 +1764,6 @@
|
|||
*
|
||||
* Module: library/pem.c
|
||||
* Caller: library/pkwrite.c
|
||||
* library/x509write_crt.c
|
||||
* library/x509write_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_BASE64_C
|
||||
*
|
||||
|
@ -1895,8 +1790,6 @@
|
|||
* Enable the generic public (asymetric) key parser.
|
||||
*
|
||||
* Module: library/pkparse.c
|
||||
* Caller: library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
*
|
||||
|
@ -1910,7 +1803,6 @@
|
|||
* Enable the generic public (asymetric) key writer.
|
||||
*
|
||||
* Module: library/pkwrite.c
|
||||
* Caller: library/x509write.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
*
|
||||
|
@ -1931,21 +1823,6 @@
|
|||
*/
|
||||
#define MBEDTLS_PKCS5_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PKCS11_C
|
||||
*
|
||||
* Enable wrapper for PKCS#11 smartcard support.
|
||||
*
|
||||
* Module: library/pkcs11.c
|
||||
* Caller: library/pk.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
*
|
||||
* This module enables SSL/TLS PKCS #11 smartcard support.
|
||||
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
|
||||
*/
|
||||
//#define MBEDTLS_PKCS11_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PKCS12_C
|
||||
*
|
||||
|
@ -2047,7 +1924,6 @@
|
|||
*
|
||||
* Module: library/rsa.c
|
||||
* library/rsa_internal.c
|
||||
* Caller: library/x509.c
|
||||
*
|
||||
* This module is used by the following key exchanges:
|
||||
* RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
|
||||
|
@ -2063,7 +1939,6 @@
|
|||
*
|
||||
* Module: library/sha1.c
|
||||
* Caller: library/md.c
|
||||
* library/x509write_crt.c
|
||||
*
|
||||
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||
|
@ -2158,106 +2033,6 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_USE_C
|
||||
*
|
||||
* Enable X.509 core for using certificates.
|
||||
*
|
||||
* Module: library/x509.c
|
||||
* Caller: library/x509_crl.c
|
||||
* library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
|
||||
* MBEDTLS_PK_PARSE_C
|
||||
*
|
||||
* This module is required for the X.509 parsing modules.
|
||||
*/
|
||||
#define MBEDTLS_X509_USE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CRT_PARSE_C
|
||||
*
|
||||
* Enable X.509 certificate parsing.
|
||||
*
|
||||
* Module: library/x509_crt.c
|
||||
* Caller: library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_USE_C
|
||||
*
|
||||
* This module is required for X.509 certificate parsing.
|
||||
*/
|
||||
#define MBEDTLS_X509_CRT_PARSE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CRL_PARSE_C
|
||||
*
|
||||
* Enable X.509 CRL parsing.
|
||||
*
|
||||
* Module: library/x509_crl.c
|
||||
* Caller: library/x509_crt.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_USE_C
|
||||
*
|
||||
* This module is required for X.509 CRL parsing.
|
||||
*/
|
||||
#define MBEDTLS_X509_CRL_PARSE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CSR_PARSE_C
|
||||
*
|
||||
* Enable X.509 Certificate Signing Request (CSR) parsing.
|
||||
*
|
||||
* Module: library/x509_csr.c
|
||||
* Caller: library/x509_crt_write.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_USE_C
|
||||
*
|
||||
* This module is used for reading X.509 certificate request.
|
||||
*/
|
||||
#define MBEDTLS_X509_CSR_PARSE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CREATE_C
|
||||
*
|
||||
* Enable X.509 core for creating certificates.
|
||||
*
|
||||
* Module: library/x509_create.c
|
||||
*
|
||||
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
|
||||
*
|
||||
* This module is the basis for creating X.509 certificates and CSRs.
|
||||
*/
|
||||
#define MBEDTLS_X509_CREATE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CRT_WRITE_C
|
||||
*
|
||||
* Enable creating X.509 certificates.
|
||||
*
|
||||
* Module: library/x509_crt_write.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_CREATE_C
|
||||
*
|
||||
* This module is required for X.509 certificate creation.
|
||||
*/
|
||||
#define MBEDTLS_X509_CRT_WRITE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_X509_CSR_WRITE_C
|
||||
*
|
||||
* Enable creating X.509 Certificate Signing Requests (CSR).
|
||||
*
|
||||
* Module: library/x509_csr_write.c
|
||||
*
|
||||
* Requires: MBEDTLS_X509_CREATE_C
|
||||
*
|
||||
* This module is required for X.509 certificate request writing.
|
||||
*/
|
||||
#define MBEDTLS_X509_CSR_WRITE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_XTEA_C
|
||||
*
|
||||
|
|
|
@ -417,24 +417,6 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_VERSION_FEATURES)
|
||||
"MBEDTLS_VERSION_FEATURES",
|
||||
#endif /* MBEDTLS_VERSION_FEATURES */
|
||||
#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
|
||||
"MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3",
|
||||
#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */
|
||||
#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
|
||||
"MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION",
|
||||
#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
"MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK",
|
||||
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
|
||||
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
|
||||
"MBEDTLS_X509_CHECK_KEY_USAGE",
|
||||
#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
|
||||
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
||||
"MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE",
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
"MBEDTLS_X509_RSASSA_PSS_SUPPORT",
|
||||
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
|
||||
#if defined(MBEDTLS_AESNI_C)
|
||||
"MBEDTLS_AESNI_C",
|
||||
#endif /* MBEDTLS_AESNI_C */
|
||||
|
@ -468,9 +450,6 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_CCM_C)
|
||||
"MBEDTLS_CCM_C",
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#if defined(MBEDTLS_CERTS_C)
|
||||
"MBEDTLS_CERTS_C",
|
||||
#endif /* MBEDTLS_CERTS_C */
|
||||
#if defined(MBEDTLS_CHACHA20_C)
|
||||
"MBEDTLS_CHACHA20_C",
|
||||
#endif /* MBEDTLS_CHACHA20_C */
|
||||
|
@ -564,9 +543,6 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_PKCS5_C)
|
||||
"MBEDTLS_PKCS5_C",
|
||||
#endif /* MBEDTLS_PKCS5_C */
|
||||
#if defined(MBEDTLS_PKCS11_C)
|
||||
"MBEDTLS_PKCS11_C",
|
||||
#endif /* MBEDTLS_PKCS11_C */
|
||||
#if defined(MBEDTLS_PKCS12_C)
|
||||
"MBEDTLS_PKCS12_C",
|
||||
#endif /* MBEDTLS_PKCS12_C */
|
||||
|
@ -609,27 +585,6 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_VERSION_C)
|
||||
"MBEDTLS_VERSION_C",
|
||||
#endif /* MBEDTLS_VERSION_C */
|
||||
#if defined(MBEDTLS_X509_USE_C)
|
||||
"MBEDTLS_X509_USE_C",
|
||||
#endif /* MBEDTLS_X509_USE_C */
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
"MBEDTLS_X509_CRT_PARSE_C",
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_X509_CRL_PARSE_C)
|
||||
"MBEDTLS_X509_CRL_PARSE_C",
|
||||
#endif /* MBEDTLS_X509_CRL_PARSE_C */
|
||||
#if defined(MBEDTLS_X509_CSR_PARSE_C)
|
||||
"MBEDTLS_X509_CSR_PARSE_C",
|
||||
#endif /* MBEDTLS_X509_CSR_PARSE_C */
|
||||
#if defined(MBEDTLS_X509_CREATE_C)
|
||||
"MBEDTLS_X509_CREATE_C",
|
||||
#endif /* MBEDTLS_X509_CREATE_C */
|
||||
#if defined(MBEDTLS_X509_CRT_WRITE_C)
|
||||
"MBEDTLS_X509_CRT_WRITE_C",
|
||||
#endif /* MBEDTLS_X509_CRT_WRITE_C */
|
||||
#if defined(MBEDTLS_X509_CSR_WRITE_C)
|
||||
"MBEDTLS_X509_CSR_WRITE_C",
|
||||
#endif /* MBEDTLS_X509_CSR_WRITE_C */
|
||||
#if defined(MBEDTLS_XTEA_C)
|
||||
"MBEDTLS_XTEA_C",
|
||||
#endif /* MBEDTLS_XTEA_C */
|
||||
|
|
|
@ -1154,54 +1154,6 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_VERSION_FEATURES */
|
||||
|
||||
#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
|
||||
if( strcmp( "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */
|
||||
|
||||
#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
|
||||
if( strcmp( "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
|
||||
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
if( strcmp( "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
|
||||
|
||||
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
|
||||
if( strcmp( "MBEDTLS_X509_CHECK_KEY_USAGE", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_KEY_USAGE );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
|
||||
|
||||
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
||||
if( strcmp( "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_RSASSA_PSS_SUPPORT );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C)
|
||||
if( strcmp( "MBEDTLS_AESNI_C", config ) == 0 )
|
||||
{
|
||||
|
@ -1290,14 +1242,6 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#if defined(MBEDTLS_CERTS_C)
|
||||
if( strcmp( "MBEDTLS_CERTS_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_CERTS_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_CERTS_C */
|
||||
|
||||
#if defined(MBEDTLS_CHACHA20_C)
|
||||
if( strcmp( "MBEDTLS_CHACHA20_C", config ) == 0 )
|
||||
{
|
||||
|
@ -1546,14 +1490,6 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_PKCS5_C */
|
||||
|
||||
#if defined(MBEDTLS_PKCS11_C)
|
||||
if( strcmp( "MBEDTLS_PKCS11_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS11_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS11_C */
|
||||
|
||||
#if defined(MBEDTLS_PKCS12_C)
|
||||
if( strcmp( "MBEDTLS_PKCS12_C", config ) == 0 )
|
||||
{
|
||||
|
@ -1666,62 +1602,6 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_VERSION_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C)
|
||||
if( strcmp( "MBEDTLS_X509_USE_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_USE_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_USE_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( strcmp( "MBEDTLS_X509_CRT_PARSE_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_PARSE_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRL_PARSE_C)
|
||||
if( strcmp( "MBEDTLS_X509_CRL_PARSE_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRL_PARSE_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRL_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_PARSE_C)
|
||||
if( strcmp( "MBEDTLS_X509_CSR_PARSE_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_PARSE_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CSR_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CREATE_C)
|
||||
if( strcmp( "MBEDTLS_X509_CREATE_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CREATE_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CREATE_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_WRITE_C)
|
||||
if( strcmp( "MBEDTLS_X509_CRT_WRITE_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_WRITE_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_WRITE_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_WRITE_C)
|
||||
if( strcmp( "MBEDTLS_X509_CSR_WRITE_C", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_WRITE_C );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CSR_WRITE_C */
|
||||
|
||||
#if defined(MBEDTLS_XTEA_C)
|
||||
if( strcmp( "MBEDTLS_XTEA_C", config ) == 0 )
|
||||
{
|
||||
|
|
|
@ -29,10 +29,6 @@
|
|||
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||
# MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
# MBEDTLS_RSA_NO_CRT
|
||||
# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
# - this could be enabled if the respective tests were adapted
|
||||
# MBEDTLS_PKCS11_C
|
||||
# MBEDTLS_USE_PSA_CRYPTO
|
||||
# - experimental, and more an alternative implementation than a feature
|
||||
# and any symbol beginning _ALT
|
||||
|
@ -87,9 +83,6 @@ MBEDTLS_ECP_DP_M511_ENABLED
|
|||
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||
MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
MBEDTLS_RSA_NO_CRT
|
||||
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
MBEDTLS_PKCS11_C
|
||||
MBEDTLS_NO_UDBL_DIVISION
|
||||
MBEDTLS_NO_64BIT_MULTIPLICATION
|
||||
MBEDTLS_PSA_CRYPTO_SPM
|
||||
|
|
|
@ -39,10 +39,9 @@ my %algs = (
|
|||
'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C',
|
||||
'MBEDTLS_ECDH_C',
|
||||
'MBEDTLS_ECJPAKE_C'],
|
||||
'MBEDTLS_X509_RSASSA_PSS_SUPPORT' => [],
|
||||
'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
|
||||
'MBEDTLS_PKCS1_V21' => [],
|
||||
'MBEDTLS_PKCS1_V15' => [],
|
||||
'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
|
||||
'MBEDTLS_RSA_C' => [],
|
||||
);
|
||||
|
||||
system( "cp $config_h $config_h.bak" ) and die;
|
||||
|
|
Loading…
Reference in a new issue