mirror of
https://github.com/espressif/esp-idf.git
synced 2025-09-30 19:19:21 +00:00
mbedtls: Remove deprecated options from mbedtls/esp_config.h
- Removed options related to RC4 ciphersuite, SSL3 and TLS1 (as per mbedtls v3.1.0)
This commit is contained in:
Laukik Hase
@@ -290,43 +290,6 @@
|
||||
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
|
||||
#define MBEDTLS_CIPHER_PADDING_ZEROS
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES & MBEDTLS_ARC4_C
|
||||
*
|
||||
* MBEDTLS_ARC4_C
|
||||
* Enable the ARCFOUR stream cipher.
|
||||
*
|
||||
* This module enables/disables the following ciphersuites
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
|
||||
*
|
||||
* MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
* This flag removes the ciphersuites based on RC4 from the default list as
|
||||
* returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
|
||||
* enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
|
||||
* explicitly.
|
||||
*
|
||||
* Uncomment this macro to remove RC4 ciphersuites by default.
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_RC4_ENABLED
|
||||
#define MBEDTLS_ARC4_C
|
||||
#undef MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
#elif defined CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT
|
||||
#define MBEDTLS_ARC4_C
|
||||
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
#else
|
||||
#undef MBEDTLS_ARC4_C
|
||||
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_RESTARTABLE
|
||||
*
|
||||
@@ -529,7 +492,6 @@
|
||||
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_PSK
|
||||
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
@@ -557,7 +519,6 @@
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK
|
||||
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
@@ -581,7 +542,6 @@
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
|
||||
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
@@ -610,7 +570,6 @@
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK
|
||||
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
@@ -641,8 +600,6 @@
|
||||
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
* MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA
|
||||
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
@@ -701,7 +658,6 @@
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
|
||||
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
@@ -729,7 +685,6 @@
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
|
||||
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
@@ -746,7 +701,6 @@
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
@@ -774,7 +728,6 @@
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||
@@ -1071,41 +1024,6 @@
|
||||
#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1
|
||||
*
|
||||
* Enable support for TLS 1.0.
|
||||
*
|
||||
* Requires: MBEDTLS_MD5_C
|
||||
* MBEDTLS_SHA1_C
|
||||
*
|
||||
* Comment this macro to disable support for TLS 1.0
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1
|
||||
#define MBEDTLS_SSL_PROTO_TLS1
|
||||
#else
|
||||
#undef MBEDTLS_SSL_PROTO_TLS1
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_SSL3
|
||||
*
|
||||
* Enable support for SSL 3.0.
|
||||
*
|
||||
* Requires: MBEDTLS_MD5_C
|
||||
* MBEDTLS_SHA1_C
|
||||
*
|
||||
* \deprecated This option is deprecated and will be removed in a future
|
||||
* version of Mbed TLS.
|
||||
*
|
||||
* Comment this macro to disable support for SSL 3.0
|
||||
*/
|
||||
#ifdef CONFIG_MBEDTLS_SSL_PROTO_SSL3
|
||||
#define MBEDTLS_SSL_PROTO_SSL3
|
||||
#else
|
||||
#undef MBEDTLS_SSL_PROTO_SSL3
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||
*
|
||||
@@ -1393,7 +1311,7 @@
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
*/
|
||||
#if defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH && CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
#ifdef CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
#else
|
||||
#undef MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
@@ -1787,6 +1705,19 @@
|
||||
#undef MBEDTLS_DES_C
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ARC4_C
|
||||
*
|
||||
* NOTE: mbedTLS-3.x release has removed support for RC4 cipher-suite.
|
||||
* TODO: IDF-4983
|
||||
*
|
||||
* Following option is kept as there are a few places in the
|
||||
* WPA supplicant component in ESP-IDF that relies on this config.
|
||||
* This shall be removed once the RC4 cipher-suite support is cleanly
|
||||
* removed from WPA supplicant component.
|
||||
*/
|
||||
#undef MBEDTLS_ARC4_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_DHM_C
|
||||
*
|
||||
@@ -2151,7 +2082,6 @@
|
||||
* Caller: library/pkparse.c
|
||||
*
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
|
||||
* Can use: MBEDTLS_ARC4_C
|
||||
*
|
||||
* This module enables PKCS#12 functions.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user