mbedtls/configs
Hanno Becker 56595f4f7b Allow hardcoding single signature hash at compile-time
This commit introduces the option MBEDTLS_SSL_CONF_SINGLE_HASH
which can be used to register a single supported signature hash
algorithm at compile time. It replaces the runtime configuration
API mbedtls_ssl_conf_sig_hashes() which allows to register a _list_
of supported signature hash algorithms.

In contrast to other options used to hardcode configuration options,
MBEDTLS_SSL_CONF_SINGLE_HASH isn't a numeric option, but instead it's
only relevant if it's defined or not. To actually set the single
supported hash algorithm that should be supported, numeric options

MBEDTLS_SSL_CONF_SINGLE_HASH_TLS_ID
MBEDTLS_SSL_CONF_SINGLE_HASH_MD_ID

must both be defined and provide the TLS ID and the Mbed TLS internal
ID and the chosen hash algorithm, respectively.
2019-07-17 10:19:27 +01:00
..
baremetal.h Allow hardcoding single signature hash at compile-time 2019-07-17 10:19:27 +01:00
baremetal_test.h Allow compile-time configuration of PRNG in SSL module 2019-07-04 10:27:41 +01:00
config-ccm-psk-tls1_2.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-mini-tls1_1.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-no-entropy.h Add a disabled CMAC define in the no-entropy configuration 2018-06-06 13:55:05 +02:00
config-suite-b.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-thread.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
README.txt Fix typo in configs/README.txt file 2017-10-06 11:58:50 +01:00

This directory contains example configuration files.

The examples are generally focused on a particular usage case (eg, support for
a restricted number of ciphersuites) and aim at minimizing resource usage for
this target. They can be used as a basis for custom configurations.

These files are complete replacements for the default config.h. To use one of
them, you can pick one of the following methods:

1. Replace the default file include/mbedtls/config.h with the chosen one.
   (Depending on your compiler, you may need to adjust the line with
   #include "mbedtls/check_config.h" then.)

2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
   For example, using make:

    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make

   Or, using cmake:

    find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
    make

Note that the second method also works if you want to keep your custom
configuration file outside the mbed TLS tree.