Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'feature/mbedtls_add_config_options' into 'master'

Browse source 
Add config options in mbedtls

See merge request espressif/esp-idf!8760
This commit is contained in:
Mahavir Jain 2020-05-15 15:53:21 +08:00
parent 62754ff90a ca3daa50de
commit 5b5a8c276d
2 changed files with 98 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
components/mbedtls/Kconfig
View file

@ -266,6 +266,19 @@ menu "mbedTLS"
It is suggested that you should get the real time by "SNTP".
config MBEDTLS_ECDSA_DETERMINISTIC
bool "Enable deterministic ECDSA"
default y
help
Standard ECDSA is "fragile" in the sense that lack of entropy when signing
may result in a compromise of the long-term signing key.
config MBEDTLS_SHA512_C
bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms"
default y
help
Enable MBEDTLS_SHA512_C adds support for SHA-384 and SHA-512.
choice MBEDTLS_TLS_MODE
bool "TLS Protocol Role"
default MBEDTLS_TLS_SERVER_AND_CLIENT
@ -721,6 +734,27 @@ menu "mbedTLS"
Enable support for the Hashed Message Authentication Code
(HMAC)-based key derivation function (HKDF).
config MBEDTLS_THREADING_C
bool "Enable the threading abstraction layer"
default n
help
If you do intend to use contexts between threads, you will need to enable
this layer to prevent race conditions.
config MBEDTLS_THREADING_ALT
bool "Enable threading alternate implementation"
depends on MBEDTLS_THREADING_C
default y
help
Enable threading alt to allow your own alternate threading implementation.
config MBEDTLS_THREADING_PTHREAD
bool "Enable threading pthread implementation"
depends on MBEDTLS_THREADING_C
default n
help
Enable the pthread wrapper layer for the threading layer.
menuconfig MBEDTLS_SECURITY_RISKS
bool "Show configurations with potential security risks"
default n

64
components/mbedtls/port/include/mbedtls/esp_config.h
View file

@ -400,7 +400,11 @@
*
* Comment this macro to disable deterministic ECDSA.
*/
#ifdef CONFIG_MBEDTLS_ECDSA_DETERMINISTIC
#define MBEDTLS_ECDSA_DETERMINISTIC
#else
#undef MBEDTLS_ECDSA_DETERMINISTIC
#endif
/**
* \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@ -2028,7 +2032,11 @@
*
* This module adds support for SHA-384 and SHA-512.
*/
#ifdef CONFIG_MBEDTLS_SHA512_C
#define MBEDTLS_SHA512_C
#else
#undef MBEDTLS_SHA512_C
#endif
/**
* \def MBEDTLS_SSL_CACHE_C
@ -2370,6 +2378,62 @@
*/
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
/**
* \def MBEDTLS_THREADING_C
*
* Enable the threading abstraction layer.
* By default mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
* conditions. See also our Knowledge Base article about threading:
* https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
*
* Module: library/threading.c
*
* This allows different threading implementations (self-implemented or
* provided).
*
* You will have to enable either MBEDTLS_THREADING_ALT or
* MBEDTLS_THREADING_PTHREAD.
*
* Enable this layer to allow use of mutexes within mbed TLS
*/
#ifdef CONFIG_MBEDTLS_THREADING_C
#define MBEDTLS_THREADING_C
#else
#undef MBEDTLS_THREADING_C
#endif
/**
* \def MBEDTLS_THREADING_ALT
*
* Provide your own alternate threading implementation.
*
* Requires: MBEDTLS_THREADING_C
*
* Uncomment this to allow your own alternate threading implementation.
*/
#ifdef CONFIG_MBEDTLS_THREADING_ALT
#define MBEDTLS_THREADING_ALT
#else
#undef MBEDTLS_THREADING_ALT
#endif
/**
* \def MBEDTLS_THREADING_PTHREAD
*
* Enable the pthread wrapper layer for the threading layer.
*
* Requires: MBEDTLS_THREADING_C
*
* Uncomment this to enable pthread mutexes.
*/
#ifdef CONFIG_MBEDTLS_THREADING_PTHREAD
#define MBEDTLS_THREADING_PTHREAD
#else
#undef MBEDTLS_THREADING_PTHREAD
#endif
/* \} name SECTION: Module configuration options */
#if defined(TARGET_LIKE_MBED)