yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-10 22:35:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

config: Remove explicit ciphersuite lists

Browse source 
Make maintaining config files easier by removing any explicit
ciphersuite lists. These explicit lists are prone to being incomplete as
TLS defines more and more ciphersuites. Rather than try to play catch
up, let's refer to sets of ciphersuites with declarative language.
This commit is contained in:
Jaeden Amero 2019-04-10 18:00:15 +01:00
parent 8cedaec509
commit 7242ea688a
2 changed files with 26 additions and 370 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

198
configs/config-psa-crypto.h
View file

@ -614,26 +614,8 @@
* Warning: Only do so when you know what you are doing. This allows for
* encryption or channels without any security!
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_NULL_SHA
* TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_PSK_WITH_NULL_SHA384
* TLS_ECDHE_PSK_WITH_NULL_SHA256
* TLS_ECDHE_PSK_WITH_NULL_SHA
* TLS_DHE_PSK_WITH_NULL_SHA384
* TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_DHE_PSK_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_MD5
* TLS_RSA_PSK_WITH_NULL_SHA384
* TLS_RSA_PSK_WITH_NULL_SHA256
* TLS_RSA_PSK_WITH_NULL_SHA
* TLS_PSK_WITH_NULL_SHA384
* TLS_PSK_WITH_NULL_SHA256
* TLS_PSK_WITH_NULL_SHA
* This module is required to support the TLS ciphersuites that use the NULL
* cipher.
*
* Uncomment this macro to enable the NULL cipher
*/
@ -1057,65 +1039,8 @@
* library/pem.c
* library/ctr_drbg.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_GCM_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA
* This module is required to support the TLS ciphersuites that use the AES
* cipher.
*
* PEM_PARSE uses AES for decrypting encrypted keys.
*/
@ -1129,17 +1054,8 @@
* Module: library/arc4.c
* Caller: library/cipher.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_PSK_WITH_RC4_128_SHA
* TLS_PSK_WITH_RC4_128_SHA
* This module is required to support the TLS ciphersuites that use the ARC4
* cipher.
*
* \warning ARC4 is considered a weak cipher and its use constitutes a
* security risk. If possible, we recommend avoidng dependencies on
@ -1217,49 +1133,8 @@
* Module: library/camellia.c
* Caller: library/cipher.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* This module is required to support the TLS ciphersuites that use the
* Camellia cipher.
*/
#define MBEDTLS_CAMELLIA_C
@ -1271,45 +1146,8 @@
* Module: library/aria.c
* Caller: library/cipher.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_RSA_WITH_ARIA_128_CBC_SHA256
* TLS_RSA_WITH_ARIA_256_CBC_SHA384
* TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
* TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
* TLS_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_PSK_WITH_ARIA_128_CBC_SHA256
* TLS_PSK_WITH_ARIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
* TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
* TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
* TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
* TLS_PSK_WITH_ARIA_128_GCM_SHA256
* TLS_PSK_WITH_ARIA_256_GCM_SHA384
* TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
* TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
* TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
* TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
* This module is required to support the TLS ciphersuites that use the
* ARIA cipher.
*/
//#define MBEDTLS_ARIA_C
@ -1395,17 +1233,8 @@
* Caller: library/pem.c
* library/cipher.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* This module is required to support the TLS ciphersuites that use the DES
* cipher.
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*
@ -1530,8 +1359,7 @@
*
* Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
*
* This module is required to support AES-GCM and CAMELLIA-GCM ciphersuites in
* TLS.
* This module is required to support the TLS ciphersuites that use GCM.
*/
#define MBEDTLS_GCM_C

198
include/mbedtls/config.h
View file

@ -614,26 +614,8 @@
* Warning: Only do so when you know what you are doing. This allows for
* encryption or channels without any security!
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_NULL_SHA
* TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_PSK_WITH_NULL_SHA384
* TLS_ECDHE_PSK_WITH_NULL_SHA256
* TLS_ECDHE_PSK_WITH_NULL_SHA
* TLS_DHE_PSK_WITH_NULL_SHA384
* TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_DHE_PSK_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_MD5
* TLS_RSA_PSK_WITH_NULL_SHA384
* TLS_RSA_PSK_WITH_NULL_SHA256
* TLS_RSA_PSK_WITH_NULL_SHA
* TLS_PSK_WITH_NULL_SHA384
* TLS_PSK_WITH_NULL_SHA256
* TLS_PSK_WITH_NULL_SHA
* This module is required to support the TLS ciphersuites that use the NULL
* cipher.
*
* Uncomment this macro to enable the NULL cipher
*/
@ -1086,65 +1068,8 @@
* library/pem.c
* library/ctr_drbg.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_GCM_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA
* This module is required to support the TLS ciphersuites that use the AES
* cipher.
*
* PEM_PARSE uses AES for decrypting encrypted keys.
*/
@ -1158,17 +1083,8 @@
* Module: library/arc4.c
* Caller: library/cipher.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_PSK_WITH_RC4_128_SHA
* TLS_PSK_WITH_RC4_128_SHA
* This module is required to support the TLS ciphersuites that use the ARC4
* cipher.
*
* \warning ARC4 is considered a weak cipher and its use constitutes a
* security risk. If possible, we recommend avoidng dependencies on
@ -1246,49 +1162,8 @@
* Module: library/camellia.c
* Caller: library/cipher.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* This module is required to support the TLS ciphersuites that use the
* Camellia cipher.
*/
#define MBEDTLS_CAMELLIA_C
@ -1300,45 +1175,8 @@
* Module: library/aria.c
* Caller: library/cipher.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_RSA_WITH_ARIA_128_CBC_SHA256
* TLS_RSA_WITH_ARIA_256_CBC_SHA384
* TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
* TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
* TLS_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_PSK_WITH_ARIA_128_CBC_SHA256
* TLS_PSK_WITH_ARIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
* TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
* TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
* TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
* TLS_PSK_WITH_ARIA_128_GCM_SHA256
* TLS_PSK_WITH_ARIA_256_GCM_SHA384
* TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
* TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
* TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
* TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
* This module is required to support the TLS ciphersuites that use the
* ARIA cipher.
*/
//#define MBEDTLS_ARIA_C
@ -1424,17 +1262,8 @@
* Caller: library/pem.c
* library/cipher.c
*
* This module is required to support the following ciphersuites in TLS:
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* This module is required to support the TLS ciphersuites that use the DES
* cipher.
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*
@ -1559,8 +1388,7 @@
*
* Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
*
* This module is required to support AES-GCM and CAMELLIA-GCM ciphersuites in
* TLS.
* This module is required to support the TLS ciphersuites that use GCM.
*/
#define MBEDTLS_GCM_C