mirror of
https://github.com/espressif/esp-idf.git
synced 2025-08-03 20:54:32 +02:00
feat(mbedtls): restructure mbedtls configuration page
This commit is contained in:
Ashish Sharma
@@ -8,6 +8,7 @@ menu "ESP-TLS"
|
||||
usage. Consult the ESP-TLS documentation in ESP-IDF Programming guide for more details.
|
||||
config ESP_TLS_USING_MBEDTLS
|
||||
bool "mbedTLS"
|
||||
select MBEDTLS_TLS_ENABLED
|
||||
config ESP_TLS_USING_WOLFSSL
|
||||
depends on TLS_STACK_WOLFSSL
|
||||
bool "wolfSSL (License info in wolfSSL directory README)"
|
||||
|
||||
@@ -357,8 +357,19 @@ foreach(target ${mbedtls_targets})
|
||||
if(CONFIG_COMPILER_STATIC_ANALYZER AND CMAKE_C_COMPILER_ID STREQUAL "GNU") # TODO IDF-10087
|
||||
target_compile_options(${target} PRIVATE "-fno-analyzer")
|
||||
endif()
|
||||
if(CONFIG_MBEDTLS_COMPILER_OPTIMIZATION_SIZE)
|
||||
target_compile_options(${target} PRIVATE "-Os")
|
||||
elseif(CONFIG_MBEDTLS_COMPILER_OPTIMIZATION_SPEED)
|
||||
target_compile_options(${target} PRIVATE "-O2")
|
||||
endif()
|
||||
endforeach()
|
||||
|
||||
if(CONFIG_MBEDTLS_COMPILER_OPTIMIZATION_SIZE)
|
||||
target_compile_options(${COMPONENT_LIB} PRIVATE "-Os")
|
||||
elseif(CONFIG_MBEDTLS_COMPILER_OPTIMIZATION_SPEED)
|
||||
target_compile_options(${COMPONENT_LIB} PRIVATE "-O2")
|
||||
endif()
|
||||
|
||||
if(CONFIG_MBEDTLS_DYNAMIC_BUFFER)
|
||||
set(WRAP_FUNCTIONS
|
||||
mbedtls_ssl_write_client_hello
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
98
components/mbedtls/config/mbedtls_preset_bt.conf
Normal file
98
components/mbedtls/config/mbedtls_preset_bt.conf
Normal file
@@ -0,0 +1,98 @@
|
||||
#
|
||||
# mbedTLS Bluetooth Configuration Preset
|
||||
#
|
||||
|
||||
# Core Configuration
|
||||
CONFIG_MBEDTLS_FS_IO=n
|
||||
CONFIG_MBEDTLS_ERROR_STRINGS=n
|
||||
CONFIG_MBEDTLS_HAVE_TIME=n
|
||||
CONFIG_MBEDTLS_SELF_TEST=n
|
||||
|
||||
# Certificates
|
||||
CONFIG_MBEDTLS_PEM_PARSE_C=n
|
||||
CONFIG_MBEDTLS_PEM_WRITE_C=n
|
||||
CONFIG_MBEDTLS_X509_REMOVE_INFO=y
|
||||
CONFIG_MBEDTLS_X509_CRL_PARSE_C=n
|
||||
CONFIG_MBEDTLS_X509_CSR_PARSE_C=n
|
||||
CONFIG_MBEDTLS_X509_RSASSA_PSS_SUPPORT=n
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=n
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=y
|
||||
|
||||
# TLS Protocol Configuration
|
||||
CONFIG_MBEDTLS_TLS_ENABLED=n
|
||||
CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
|
||||
CONFIG_MBEDTLS_TLS_DISABLED=y
|
||||
|
||||
# TLS 1.2 Configuration
|
||||
CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
|
||||
|
||||
# TLS 1.3 Configuration
|
||||
CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=n
|
||||
|
||||
# TLS Key Exchange Configuration
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=n
|
||||
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=n
|
||||
CONFIG_MBEDTLS_SSL_ALPN=n
|
||||
CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
|
||||
CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
|
||||
CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
|
||||
|
||||
# DTLS Protocol Configuration
|
||||
|
||||
# Cipher Abstraction Layer
|
||||
CONFIG_MBEDTLS_CIPHER_C=y
|
||||
|
||||
# Symmetric Ciphers
|
||||
CONFIG_MBEDTLS_ARIA_C=n
|
||||
CONFIG_MBEDTLS_CCM_C=n
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_CBC=n
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_CFB=n
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_CTR=n
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_OFB=n
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_XTS=y
|
||||
CONFIG_MBEDTLS_GCM_C=n
|
||||
CONFIG_MBEDTLS_PKCS5_C=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS=n
|
||||
CONFIG_MBEDTLS_AES_FEWER_TABLES=y
|
||||
|
||||
# Elliptic Curve Ciphers Configuration
|
||||
CONFIG_MBEDTLS_ECP_NIST_OPTIM=n
|
||||
CONFIG_MBEDTLS_DHM_C=n
|
||||
CONFIG_MBEDTLS_ECDSA_C=y
|
||||
CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED=n
|
||||
CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=n
|
||||
|
||||
# Hash functions
|
||||
CONFIG_MBEDTLS_SHA1_C=n
|
||||
CONFIG_MBEDTLS_SHA384_C=n
|
||||
CONFIG_MBEDTLS_SHA512_C=n
|
||||
CONFIG_MBEDTLS_MD5_C=n
|
||||
CONFIG_MBEDTLS_MPI_USE_INTERRUPT=n
|
||||
CONFIG_MBEDTLS_ECC_OTHER_CURVES_SOFT_FALLBACK=n
|
||||
CONFIG_MBEDTLS_GENPRIME=y
|
||||
|
||||
CONFIG_MBEDTLS_PKCS12_C=n
|
||||
CONFIG_MBEDTLS_PKCS1_V21=n
|
||||
|
||||
CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256=y
|
||||
CONFIG_MBEDTLS_CTR_DRBG_C=y
|
||||
CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT=n
|
||||
|
||||
#
|
||||
# End of mbedTLS Minimal Configuration Preset
|
||||
#
|
||||
199
components/mbedtls/config/mbedtls_preset_default.conf
Normal file
199
components/mbedtls/config/mbedtls_preset_default.conf
Normal file
@@ -0,0 +1,199 @@
|
||||
#
|
||||
# mbedTLS Default Configuration Preset
|
||||
#
|
||||
|
||||
# Core Configuration
|
||||
CONFIG_MBEDTLS_FS_IO=y
|
||||
CONFIG_MBEDTLS_THREADING_C=n
|
||||
CONFIG_MBEDTLS_ERROR_STRINGS=y
|
||||
CONFIG_MBEDTLS_VERSION_C=n
|
||||
CONFIG_MBEDTLS_HAVE_TIME=y
|
||||
CONFIG_MBEDTLS_PLATFORM_TIME_ALT=n
|
||||
CONFIG_MBEDTLS_HAVE_TIME_DATE=n
|
||||
CONFIG_MBEDTLS_BIGNUM_C=y
|
||||
CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC=y
|
||||
CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC=n
|
||||
CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=n
|
||||
CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC=n
|
||||
CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
|
||||
CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
|
||||
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
|
||||
CONFIG_MBEDTLS_DYNAMIC_BUFFER=n
|
||||
CONFIG_MBEDTLS_VERSION_FEATURES=n
|
||||
CONFIG_MBEDTLS_DEBUG=n
|
||||
CONFIG_MBEDTLS_SELF_TEST=y
|
||||
|
||||
# Certificates
|
||||
CONFIG_MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION=n
|
||||
CONFIG_MBEDTLS_X509_USE_C=y
|
||||
CONFIG_MBEDTLS_PEM_PARSE_C=y
|
||||
CONFIG_MBEDTLS_PEM_WRITE_C=y
|
||||
CONFIG_MBEDTLS_PK_C=y
|
||||
CONFIG_MBEDTLS_PK_PARSE_C=y
|
||||
CONFIG_MBEDTLS_PK_WRITE_C=y
|
||||
CONFIG_MBEDTLS_X509_REMOVE_INFO=n
|
||||
CONFIG_MBEDTLS_X509_CRL_PARSE_C=y
|
||||
CONFIG_MBEDTLS_X509_CRT_PARSE_C=y
|
||||
CONFIG_MBEDTLS_X509_CSR_PARSE_C=y
|
||||
CONFIG_MBEDTLS_X509_CREATE_C=n
|
||||
CONFIG_MBEDTLS_X509_CRT_WRITE_C=y
|
||||
CONFIG_MBEDTLS_X509_CSR_WRITE_C=y
|
||||
CONFIG_MBEDTLS_X509_RSASSA_PSS_SUPPORT=y
|
||||
CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK=n
|
||||
CONFIG_MBEDTLS_ASN1_PARSE_C=y
|
||||
CONFIG_MBEDTLS_ASN1_WRITE_C=y
|
||||
CONFIG_MBEDTLS_OID_C=y
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=n
|
||||
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=n
|
||||
|
||||
# TLS Protocol Configuration
|
||||
CONFIG_MBEDTLS_TLS_ENABLED=y
|
||||
CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
|
||||
CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=y
|
||||
CONFIG_MBEDTLS_TLS_SERVER_ONLY=n
|
||||
CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
|
||||
CONFIG_MBEDTLS_TLS_DISABLED=n
|
||||
CONFIG_MBEDTLS_TLS_SERVER=y
|
||||
CONFIG_MBEDTLS_TLS_CLIENT=y
|
||||
CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY=1
|
||||
CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=n
|
||||
CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION=n
|
||||
CONFIG_MBEDTLS_SSL_CACHE_C=n
|
||||
CONFIG_MBEDTLS_SSL_ALL_ALERT_MESSAGES=n
|
||||
|
||||
# TLS 1.2 Configuration
|
||||
CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
|
||||
|
||||
# TLS 1.3 Configuration
|
||||
CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y
|
||||
|
||||
# TLS Key Exchange Configuration
|
||||
CONFIG_MBEDTLS_PSK_MODES=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=y
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=y
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=y
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=y
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=y
|
||||
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
|
||||
CONFIG_MBEDTLS_SSL_ALPN=y
|
||||
CONFIG_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH=y
|
||||
CONFIG_MBEDTLS_SSL_RECORD_SIZE_LIMIT=n
|
||||
CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH=n
|
||||
CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
|
||||
CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=y
|
||||
CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=y
|
||||
|
||||
# DTLS Protocol Configuration
|
||||
CONFIG_MBEDTLS_SSL_PROTO_DTLS=n
|
||||
|
||||
# Cipher Abstraction Layer
|
||||
CONFIG_MBEDTLS_CIPHER_C=n
|
||||
|
||||
# Symmetric Ciphers
|
||||
CONFIG_MBEDTLS_AES_C=y
|
||||
CONFIG_MBEDTLS_CAMELLIA_C=n
|
||||
CONFIG_MBEDTLS_ARIA_C=y
|
||||
CONFIG_MBEDTLS_DES_C=n
|
||||
CONFIG_MBEDTLS_BLOWFISH_C=n
|
||||
CONFIG_MBEDTLS_XTEA_C=n
|
||||
CONFIG_MBEDTLS_CCM_C=y
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_CBC=y
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_CFB=y
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_CTR=y
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_OFB=y
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_XTS=y
|
||||
CONFIG_MBEDTLS_GCM_C=y
|
||||
CONFIG_MBEDTLS_NIST_KW_C=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING=y
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7=y
|
||||
CONFIG_MBEDTLS_PKCS5_C=y
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS=y
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN=y
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS=y
|
||||
CONFIG_MBEDTLS_AES_ROM_TABLES=y
|
||||
CONFIG_MBEDTLS_AES_FEWER_TABLES=n
|
||||
CONFIG_MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH=n
|
||||
CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC=n
|
||||
CONFIG_MBEDTLS_CMAC_C=y
|
||||
|
||||
# Asymmetric Ciphers
|
||||
CONFIG_MBEDTLS_RSA_C=y
|
||||
|
||||
# Elliptic Curve Ciphers Configuration
|
||||
CONFIG_MBEDTLS_ECP_C=y
|
||||
CONFIG_MBEDTLS_ECP_NIST_OPTIM=y
|
||||
CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=n
|
||||
CONFIG_MBEDTLS_DHM_C=y
|
||||
CONFIG_MBEDTLS_ECDH_C=y
|
||||
CONFIG_MBEDTLS_ECJPAKE_C=n
|
||||
CONFIG_MBEDTLS_ECDSA_C=y
|
||||
CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED=y
|
||||
CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED=y
|
||||
CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y
|
||||
CONFIG_MBEDTLS_ECP_RESTARTABLE=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y
|
||||
CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=y
|
||||
|
||||
# Hash functions
|
||||
CONFIG_MBEDTLS_MD_C=y
|
||||
CONFIG_MBEDTLS_ROM_MD5=y
|
||||
CONFIG_MBEDTLS_SHA256_C=y
|
||||
CONFIG_MBEDTLS_SHA1_C=y
|
||||
CONFIG_MBEDTLS_SHA384_C=y
|
||||
CONFIG_MBEDTLS_SHA512_C=y
|
||||
CONFIG_MBEDTLS_MD5_C=y
|
||||
CONFIG_MBEDTLS_SHA3_C=n
|
||||
|
||||
CONFIG_MBEDTLS_HARDWARE_SHA=y
|
||||
CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER=y
|
||||
CONFIG_MBEDTLS_HARDWARE_AES=y
|
||||
CONFIG_MBEDTLS_AES_USE_INTERRUPT=y
|
||||
CONFIG_MBEDTLS_AES_INTERRUPT_LEVEL=0
|
||||
CONFIG_MBEDTLS_PK_RSA_ALT_SUPPORT=y
|
||||
CONFIG_MBEDTLS_HARDWARE_MPI=y
|
||||
# CONFIG_MBEDTLS_LARGE_KEY_SOFTWARE_MPI=n
|
||||
CONFIG_MBEDTLS_MPI_USE_INTERRUPT=y
|
||||
CONFIG_MBEDTLS_MPI_INTERRUPT_LEVEL=0
|
||||
CONFIG_MBEDTLS_HARDWARE_ECC=y
|
||||
CONFIG_MBEDTLS_ECC_OTHER_CURVES_SOFT_FALLBACK=y
|
||||
CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN=n
|
||||
CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY=y
|
||||
CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN=n
|
||||
CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY=n
|
||||
|
||||
CONFIG_MBEDTLS_PKCS7_C=y
|
||||
CONFIG_MBEDTLS_PKCS12_C=y
|
||||
CONFIG_MBEDTLS_PKCS1_V15=y
|
||||
CONFIG_MBEDTLS_PKCS1_V21=y
|
||||
|
||||
CONFIG_MBEDTLS_ENTROPY_C=y
|
||||
CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256=n
|
||||
CONFIG_MBEDTLS_CTR_DRBG_C=y
|
||||
CONFIG_MBEDTLS_HMAC_DRBG_C=y
|
||||
|
||||
CONFIG_MBEDTLS_BASE64_C=y
|
||||
|
||||
CONFIG_MBEDTLS_CHACHA20_C=n
|
||||
CONFIG_MBEDTLS_POLY1305_C=n
|
||||
CONFIG_MBEDTLS_HKDF_C=n
|
||||
|
||||
#
|
||||
# End of mbedTLS Minimal Configuration Preset
|
||||
#
|
||||
102
components/mbedtls/config/mbedtls_preset_minimal.conf
Normal file
102
components/mbedtls/config/mbedtls_preset_minimal.conf
Normal file
@@ -0,0 +1,102 @@
|
||||
#
|
||||
# mbedTLS Minimal Configuration Preset
|
||||
#
|
||||
|
||||
# Core Configuration
|
||||
CONFIG_MBEDTLS_FS_IO=n
|
||||
CONFIG_MBEDTLS_ERROR_STRINGS=n
|
||||
CONFIG_MBEDTLS_HAVE_TIME=n
|
||||
CONFIG_MBEDTLS_SELF_TEST=n
|
||||
|
||||
# Certificates
|
||||
CONFIG_MBEDTLS_PEM_PARSE_C=n
|
||||
CONFIG_MBEDTLS_PEM_WRITE_C=n
|
||||
CONFIG_MBEDTLS_X509_REMOVE_INFO=y
|
||||
CONFIG_MBEDTLS_X509_CRL_PARSE_C=n
|
||||
CONFIG_MBEDTLS_X509_CSR_PARSE_C=n
|
||||
CONFIG_MBEDTLS_X509_CRT_WRITE_C=n
|
||||
CONFIG_MBEDTLS_X509_CSR_WRITE_C=n
|
||||
CONFIG_MBEDTLS_X509_RSASSA_PSS_SUPPORT=n
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=n
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=y
|
||||
|
||||
# TLS Protocol Configuration
|
||||
CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
|
||||
CONFIG_MBEDTLS_TLS_CLIENT_ONLY=y
|
||||
CONFIG_MBEDTLS_TLS_SERVER=n
|
||||
|
||||
# TLS 1.3 Configuration
|
||||
CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=n
|
||||
|
||||
# TLS Key Exchange Configuration
|
||||
CONFIG_MBEDTLS_PSK_MODES=y
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK=y
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE=n
|
||||
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=n
|
||||
CONFIG_MBEDTLS_SSL_ALPN=n
|
||||
CONFIG_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH=n
|
||||
CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
|
||||
CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
|
||||
CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
|
||||
|
||||
|
||||
# Cipher Abstraction Layer
|
||||
CONFIG_MBEDTLS_CIPHER_C=y
|
||||
|
||||
# Symmetric Ciphers
|
||||
CONFIG_MBEDTLS_ARIA_C=n
|
||||
CONFIG_MBEDTLS_BLOWFISH_C=n
|
||||
CONFIG_MBEDTLS_CCM_C=n
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_OFB=n
|
||||
CONFIG_MBEDTLS_CIPHER_MODE_XTS=y
|
||||
CONFIG_MBEDTLS_GCM_C=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7=n
|
||||
CONFIG_MBEDTLS_PKCS5_C=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN=n
|
||||
CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS=n
|
||||
CONFIG_MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH=y
|
||||
CONFIG_MBEDTLS_CMAC_C=n
|
||||
|
||||
# Asymmetric Ciphers
|
||||
CONFIG_MBEDTLS_RSA_C=y
|
||||
|
||||
# Elliptic Curve Ciphers Configuration
|
||||
CONFIG_MBEDTLS_ECP_C=n
|
||||
CONFIG_MBEDTLS_ECP_NIST_OPTIM=n
|
||||
CONFIG_MBEDTLS_DHM_C=n
|
||||
CONFIG_MBEDTLS_ECDH_C=n
|
||||
CONFIG_MBEDTLS_ECDSA_C=n
|
||||
CONFIG_MBEDTLS_PK_PARSE_EC_EXTENDED=n
|
||||
CONFIG_MBEDTLS_PK_PARSE_EC_COMPRESSED=n
|
||||
CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=n
|
||||
CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=n
|
||||
|
||||
# Hash functions
|
||||
CONFIG_MBEDTLS_ROM_MD5=n
|
||||
CONFIG_MBEDTLS_SHA1_C=n
|
||||
CONFIG_MBEDTLS_SHA384_C=n
|
||||
CONFIG_MBEDTLS_SHA512_C=n
|
||||
CONFIG_MBEDTLS_MD5_C=n
|
||||
#
|
||||
# End of mbedTLS Minimal Configuration Preset
|
||||
#
|
||||
@@ -458,6 +458,7 @@ int esp_aes_crypt_ofb(esp_aes_context *ctx,
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_MBEDTLS_CIPHER_MODE_CTR
|
||||
/*
|
||||
* AES-CTR buffer encryption/decryption
|
||||
*/
|
||||
@@ -529,3 +530,4 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx,
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* CONFIG_MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
#ifdef ESP_PLATFORM
|
||||
#include "esp_system.h"
|
||||
#endif
|
||||
|
||||
#include "sdkconfig.h"
|
||||
#include <errno.h>
|
||||
#include "utils/includes.h"
|
||||
#include "utils/common.h"
|
||||
@@ -469,6 +469,7 @@ void aes_decrypt_deinit(void *ctx)
|
||||
return aes_crypt_deinit(ctx);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_MBEDTLS_CIPHER_MODE_CBC
|
||||
int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -513,6 +514,7 @@ int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
|
||||
return ret;
|
||||
|
||||
}
|
||||
#endif /* CONFIG_MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#ifdef CONFIG_TLS_INTERNAL_CLIENT
|
||||
struct crypto_cipher {
|
||||
@@ -613,13 +615,14 @@ struct crypto_cipher *crypto_cipher_init(enum crypto_cipher_alg alg,
|
||||
key_len, MBEDTLS_DECRYPT) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
#if defined(CONFIG_MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
if (mbedtls_cipher_set_padding_mode(&ctx->ctx_enc, MBEDTLS_PADDING_NONE) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
if (mbedtls_cipher_set_padding_mode(&ctx->ctx_dec, MBEDTLS_PADDING_NONE) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
#endif /* CONFIG_MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
return ctx;
|
||||
|
||||
cleanup:
|
||||
@@ -673,6 +676,7 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_MBEDTLS_CIPHER_MODE_CTR
|
||||
int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce,
|
||||
u8 *data, size_t data_len)
|
||||
{
|
||||
@@ -692,6 +696,7 @@ cleanup:
|
||||
mbedtls_aes_free(&ctx);
|
||||
return ret;
|
||||
}
|
||||
#endif /* CONFIG_MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
|
||||
u8 *data, size_t data_len)
|
||||
|
||||
@@ -39,6 +39,133 @@ Please find the information about the Mbed TLS versions presented in different b
|
||||
|
||||
Please refer the :ref:`migration_guide_mbedtls` to migrate from Mbed TLS version 2.x to version 3.0 or greater.
|
||||
|
||||
Configuration Presets
|
||||
^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
ESP-IDF provides a preset-based configuration system for Mbed TLS to simplify setup and provide optimized starting points for different use cases. This system works alongside the existing manual configuration system and provides baseline configurations that can be further customized through menuconfig or additional configuration files.
|
||||
|
||||
.. list-table::
|
||||
:header-rows: 1
|
||||
:widths: 15 25 35
|
||||
:align: center
|
||||
|
||||
* - Preset
|
||||
- Use Case
|
||||
- Key Features
|
||||
* - **Default**
|
||||
- General purpose applications
|
||||
- • TLS 1.2 & 1.3 support
|
||||
• Certificate bundle enabled
|
||||
• Hardware acceleration
|
||||
• Full cipher suite support
|
||||
* - **Minimal**
|
||||
- Resource-constrained applications
|
||||
- • TLS 1.2 client only
|
||||
• RSA & PSK key exchange
|
||||
• AES-128 CBC/CTR modes
|
||||
• Basic X.509 parsing
|
||||
* - **Bluetooth (BT)**
|
||||
- Bluetooth applications
|
||||
- • Optimized for BLE security
|
||||
• ECC P-256 curve support
|
||||
• Minimal TLS overhead
|
||||
• Bluetooth-specific algorithms
|
||||
|
||||
Using Configuration Presets
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Presets serve as **starting points** for your mbedTLS configuration. You can use them as-is or customize them further using standard ESP-IDF configuration methods.
|
||||
|
||||
To use a preset configuration, add the following line to your project's ``CMakeLists.txt`` file **before** the ``project()`` call:
|
||||
|
||||
.. code-block:: cmake
|
||||
|
||||
# Include the default preset (recommended for most applications)
|
||||
list(APPEND sdkconfig_defaults $ENV{IDF_PATH}/components/mbedtls/config/mbedtls_preset_default.conf)
|
||||
|
||||
# Or for resource-constrained applications
|
||||
list(APPEND sdkconfig_defaults $ENV{IDF_PATH}/components/mbedtls/config/mbedtls_preset_minimal.conf)
|
||||
|
||||
# Or for Bluetooth applications
|
||||
list(APPEND sdkconfig_defaults $ENV{IDF_PATH}/components/mbedtls/config/mbedtls_preset_bt.conf)
|
||||
|
||||
# Standard ESP-IDF project setup
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
project(my_project)
|
||||
|
||||
.. note::
|
||||
|
||||
The preset configurations are located in ``components/mbedtls/config/`` and can be customized or used as a starting point for your own configurations.
|
||||
|
||||
Customizing Preset Configurations
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
After applying a preset, you can further customize the configuration using any of these methods:
|
||||
|
||||
**Method 1: Using menuconfig (Recommended)**
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
# After applying a preset in CMakeLists.txt
|
||||
idf.py menuconfig
|
||||
|
||||
Navigate to ``Component Config -> mbedTLS`` to modify any settings. Your changes will override the preset defaults.
|
||||
|
||||
**Method 2: Additional Configuration Files**
|
||||
|
||||
You can combine a preset with your own custom configuration by creating an additional configuration file:
|
||||
|
||||
.. code-block:: cmake
|
||||
|
||||
# Use the minimal preset as a base, then add custom settings
|
||||
list(APPEND SDKCONFIG_DEFAULTS
|
||||
$ENV{IDF_PATH}/components/mbedtls/config/mbedtls_preset_minimal.conf
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/my_custom_mbedtls.conf
|
||||
)
|
||||
|
||||
|
||||
Migration from Manual Configuration
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The preset system complements manual configuration. If you have an existing manually configured mbedTLS setup:
|
||||
|
||||
**Option 1: Keep Your Existing Configuration**
|
||||
|
||||
Your current manual configuration will continue to work without any changes.
|
||||
|
||||
**Option 2: Migrate to Preset + Customization**
|
||||
|
||||
1. **Choose a base preset** that's closest to your current configuration
|
||||
2. **Apply the preset** in your CMakeLists.txt
|
||||
3. **Use menuconfig** to adjust settings to match your requirements
|
||||
4. **Test thoroughly** to ensure functionality is maintained
|
||||
|
||||
Configuration Categories
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The new mbedTLS configuration system is organized into logical categories for easier navigation:
|
||||
|
||||
**Core Configuration**
|
||||
Basic mbedTLS settings including memory allocation, threading, and debug options.
|
||||
|
||||
**TLS Protocol Configuration**
|
||||
TLS/DTLS protocol versions, modes (client/server), and protocol-specific features.
|
||||
|
||||
**Symmetric Ciphers**
|
||||
Block ciphers (AES, ARIA, etc.), cipher modes (CBC, GCM, etc.), and symmetric cryptography.
|
||||
|
||||
**Asymmetric Ciphers**
|
||||
RSA, ECC, and other public key cryptography algorithms.
|
||||
|
||||
**Hash Functions**
|
||||
Message digest algorithms (SHA-256, SHA-512, etc.) and HMAC.
|
||||
|
||||
**Hardware Acceleration**
|
||||
ESP32-specific hardware acceleration for cryptographic operations.
|
||||
|
||||
**Certificate Support**
|
||||
X.509 certificate parsing, validation, and certificate bundle management.
|
||||
|
||||
Application Examples
|
||||
--------------------
|
||||
|
||||
@@ -56,23 +183,87 @@ Alternatives
|
||||
|
||||
Please refer to :ref:`ESP-TLS: Underlying SSL/TLS Library Options <esp_tls_wolfssl>` docs for more information on this and comparison of Mbed TLS and wolfSSL.
|
||||
|
||||
|
||||
Important Config Options
|
||||
------------------------
|
||||
|
||||
Following is a brief list of important config options accessible at ``Component Config -> mbedTLS``. The full list of config options can be found :ref:`here <CONFIG_MBEDTLS_MEM_ALLOC_MODE>`.
|
||||
The Mbed TLS configuration system supports preset configurations. Following is a brief list of important config options accessible at ``Component Config -> mbedTLS``. The full list of config options can be found :ref:`here <CONFIG_MBEDTLS_MEM_ALLOC_MODE>`.
|
||||
|
||||
**Core Configuration:**
|
||||
|
||||
.. list::
|
||||
|
||||
- :ref:`CONFIG_MBEDTLS_SSL_PROTO_TLS1_2`: Support for TLS 1.2
|
||||
- :ref:`CONFIG_MBEDTLS_SSL_PROTO_TLS1_3`: Support for TLS 1.3
|
||||
- :ref:`CONFIG_MBEDTLS_CERTIFICATE_BUNDLE`: Support for trusted root certificate bundle (more about this: :doc:`/api-reference/protocols/esp_crt_bundle`)
|
||||
- :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Client session tickets
|
||||
- :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Server session tickets
|
||||
:SOC_SHA_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_SHA`: Support for hardware SHA acceleration
|
||||
:SOC_AES_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_AES`: Support for hardware AES acceleration
|
||||
:SOC_MPI_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration
|
||||
:SOC_ECC_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration
|
||||
- :ref:`CONFIG_MBEDTLS_MEM_ALLOC_MODE`: Memory allocation strategy (Internal/External/Custom)
|
||||
- :ref:`CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN`: Asymmetric in/out fragment length for memory optimization
|
||||
- :ref:`CONFIG_MBEDTLS_DYNAMIC_BUFFER`: Enable dynamic TX/RX buffer allocation
|
||||
- :ref:`CONFIG_MBEDTLS_DEBUG`: Enable mbedTLS debugging (useful for development)
|
||||
|
||||
**TLS Protocol Configuration:**
|
||||
|
||||
.. list::
|
||||
|
||||
- :ref:`CONFIG_MBEDTLS_TLS_ENABLED`: Enable TLS protocol support
|
||||
- :ref:`CONFIG_MBEDTLS_SSL_PROTO_TLS1_2`: Support for TLS 1.2 (recommended)
|
||||
- :ref:`CONFIG_MBEDTLS_SSL_PROTO_TLS1_3`: Support for TLS 1.3 (latest standard)
|
||||
- :ref:`CONFIG_MBEDTLS_SSL_PROTO_DTLS`: Support for DTLS (UDP-based TLS)
|
||||
- :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Client session tickets
|
||||
- :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Server session tickets
|
||||
- :ref:`CONFIG_MBEDTLS_SSL_ALPN`: Support for Application Layer Protocol Negotiation
|
||||
- :ref:`CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION`: Support for Server Name Indication (SNI)
|
||||
|
||||
**Certificate Support:**
|
||||
|
||||
.. list::
|
||||
|
||||
- :ref:`CONFIG_MBEDTLS_CERTIFICATE_BUNDLE`: Support for trusted root certificate bundle (more about this: :doc:`/api-reference/protocols/esp_crt_bundle`)
|
||||
- :ref:`CONFIG_MBEDTLS_X509_USE_C`: Enable X.509 certificate support
|
||||
- :ref:`CONFIG_MBEDTLS_PEM_PARSE_C`: Read & Parse PEM formatted certificates
|
||||
- :ref:`CONFIG_MBEDTLS_PEM_WRITE_C`: Write PEM formatted certificates
|
||||
- :ref:`CONFIG_MBEDTLS_X509_CRT_PARSE_C`: Parse X.509 certificates
|
||||
- :ref:`CONFIG_MBEDTLS_X509_CRL_PARSE_C`: Parse X.509 Certificate Revocation Lists
|
||||
|
||||
**Cryptographic Algorithms:**
|
||||
|
||||
.. list::
|
||||
|
||||
- :ref:`CONFIG_MBEDTLS_AES_C`: AES block cipher support
|
||||
- :ref:`CONFIG_MBEDTLS_RSA_C`: RSA public key cryptosystem
|
||||
- :ref:`CONFIG_MBEDTLS_ECP_C`: Elliptic Curve Cryptography support
|
||||
- :ref:`CONFIG_MBEDTLS_ECDSA_C`: Elliptic Curve Digital Signature Algorithm
|
||||
- :ref:`CONFIG_MBEDTLS_ECDH_C`: Elliptic Curve Diffie-Hellman key exchange
|
||||
- :ref:`CONFIG_MBEDTLS_SHA256_C`: SHA-256 hash function
|
||||
- :ref:`CONFIG_MBEDTLS_SHA512_C`: SHA-512 hash function
|
||||
- :ref:`CONFIG_MBEDTLS_GCM_C`: Galois/Counter Mode for authenticated encryption
|
||||
|
||||
.. note::
|
||||
|
||||
The new configuration structure provides better organization with categories like "Core Configuration", "TLS Protocol Configuration", "Symmetric Ciphers", "Asymmetric Ciphers", "Hash Functions", and "Hardware Acceleration" for easier navigation and configuration management.
|
||||
|
||||
Debugging mbedTLS
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
To enable debugging, add these configurations:
|
||||
|
||||
.. code-block:: kconfig
|
||||
|
||||
CONFIG_MBEDTLS_DEBUG=y
|
||||
CONFIG_MBEDTLS_DEBUG_LEVEL=3
|
||||
CONFIG_LOG_DEFAULT_LEVEL_DEBUG=y
|
||||
|
||||
Performance Optimization
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
For optimal performance **Enable hardware acceleration** when available:
|
||||
|
||||
.. code-block:: kconfig
|
||||
|
||||
CONFIG_MBEDTLS_HARDWARE_AES=y
|
||||
CONFIG_MBEDTLS_HARDWARE_SHA=y
|
||||
CONFIG_MBEDTLS_HARDWARE_MPI=y
|
||||
CONFIG_MBEDTLS_HARDWARE_ECC=y
|
||||
|
||||
Performance and Memory Tweaks
|
||||
-----------------------------
|
||||
|
||||
@@ -2,6 +2,10 @@
|
||||
# CMakeLists in this exact order for cmake to work correctly
|
||||
cmake_minimum_required(VERSION 3.16)
|
||||
|
||||
# Include the Bluetooth-optimized mbedTLS preset configuration
|
||||
# This provides optimized settings for Bluetooth applications
|
||||
# You can customize these settings using 'idf.py menuconfig' or additional config files
|
||||
list(APPEND sdkconfig_defaults $ENV{IDF_PATH}/components/mbedtls/config/mbedtls_preset_bt.conf)
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
# "Trim" the build. Include the minimal set of components, main, and anything it depends on.
|
||||
idf_build_set_property(MINIMAL_BUILD ON)
|
||||
|
||||
@@ -2,8 +2,13 @@
|
||||
# CMakeLists in this exact order for cmake to work correctly
|
||||
cmake_minimum_required(VERSION 3.16)
|
||||
|
||||
# Include the default mbedTLS preset configuration
|
||||
# This provides optimized settings for general-purpose TLS applications
|
||||
# You can customize these settings using 'idf.py menuconfig' or additional config files
|
||||
list(APPEND sdkconfig_defaults $ENV{IDF_PATH}/components/mbedtls/config/mbedtls_preset_default.conf)
|
||||
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
# "Trim" the build. Include the minimal set of components, main, and anything it depends on.
|
||||
idf_build_set_property(MINIMAL_BUILD ON)
|
||||
|
||||
project(https_request)
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
# Few example dependencies need to be enabled by default for the build to succeed
|
||||
##############
|
||||
CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
|
||||
CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=n
|
||||
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA=y
|
||||
CONFIG_MBEDTLS_AES_C=y
|
||||
##############
|
||||
|
||||
Reference in New Issue
Block a user