OpenWrt
/
openwrt
mirrorاز https://github.com/openwrt/openwrt.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230
							if PACKAGE_libmbedtls

comment "Option details in source code: include/mbedtls/mbedtls_config.h"

comment "Ciphers - unselect old or less-used ciphers to reduce binary size"

config MBEDTLS_AES_C
	bool "MBEDTLS_AES_C"
	default y

config MBEDTLS_ARIA_C
	bool "MBEDTLS_ARIA_C"
	default n

config MBEDTLS_CAMELLIA_C
	bool "MBEDTLS_CAMELLIA_C"
	default n

config MBEDTLS_CCM_C
	bool "MBEDTLS_CCM_C"
	default n

config MBEDTLS_CMAC_C
	bool "MBEDTLS_CMAC_C (old but used by hostapd)"
	default y

config MBEDTLS_DES_C
	bool "MBEDTLS_DES_C (old but used by hostapd)"
	default y

config MBEDTLS_GCM_C
	bool "MBEDTLS_GCM_C"
	default y

config MBEDTLS_NIST_KW_C
	bool "MBEDTLS_NIST_KW_C (old but used by hostapd)"
	default y

config MBEDTLS_RIPEMD160_C
	bool "MBEDTLS_RIPEMD160_C"
	default n

config MBEDTLS_RSA_NO_CRT
	bool "MBEDTLS_RSA_NO_CRT"
	default y

config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED"
	default y

config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED"
	default n

config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED"
	default y

config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED"
	default n

config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED"
	default n

config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED"
	default n

config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED"
	default y

config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
	default y

config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
	default n

config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
	bool "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED"
	default n

comment "Curves - unselect old or less-used curves to reduce binary size"

config MBEDTLS_ECP_DP_SECP192R1_ENABLED
	bool "MBEDTLS_ECP_DP_SECP192R1_ENABLED"
	default n

config MBEDTLS_ECP_DP_SECP224R1_ENABLED
	bool "MBEDTLS_ECP_DP_SECP224R1_ENABLED"
	default n

config MBEDTLS_ECP_DP_SECP256R1_ENABLED
	bool "MBEDTLS_ECP_DP_SECP256R1_ENABLED"
	default y

config MBEDTLS_ECP_DP_SECP384R1_ENABLED
	bool "MBEDTLS_ECP_DP_SECP384R1_ENABLED"
	default y

config MBEDTLS_ECP_DP_SECP521R1_ENABLED
	bool "MBEDTLS_ECP_DP_SECP521R1_ENABLED"
	default y

config MBEDTLS_ECP_DP_SECP192K1_ENABLED
	bool "MBEDTLS_ECP_DP_SECP192K1_ENABLED"
	default n

config MBEDTLS_ECP_DP_SECP224K1_ENABLED
	bool "MBEDTLS_ECP_DP_SECP224K1_ENABLED"
	default n

config MBEDTLS_ECP_DP_SECP256K1_ENABLED
	bool "MBEDTLS_ECP_DP_SECP256K1_ENABLED"
	default y

config MBEDTLS_ECP_DP_BP256R1_ENABLED
	bool "MBEDTLS_ECP_DP_BP256R1_ENABLED"
	default n

config MBEDTLS_ECP_DP_BP384R1_ENABLED
	bool "MBEDTLS_ECP_DP_BP384R1_ENABLED"
	default n

config MBEDTLS_ECP_DP_BP512R1_ENABLED
	bool "MBEDTLS_ECP_DP_BP512R1_ENABLED"
	default n

config MBEDTLS_ECP_DP_CURVE25519_ENABLED
	bool "MBEDTLS_ECP_DP_CURVE25519_ENABLED"
	default y

config MBEDTLS_ECP_DP_CURVE448_ENABLED
	bool "MBEDTLS_ECP_DP_CURVE448_ENABLED"
	default n

comment "Build Options - unselect features to reduce binary size"

config MBEDTLS_CIPHER_MODE_OFB
	bool "MBEDTLS_CIPHER_MODE_OFB"
	default n

config MBEDTLS_CIPHER_MODE_XTS
	bool "MBEDTLS_CIPHER_MODE_XTS"
	default n

config MBEDTLS_DEBUG_C
	bool "MBEDTLS_DEBUG_C"
	default n

config MBEDTLS_HKDF_C
	bool "MBEDTLS_HKDF_C"
	default n

config MBEDTLS_PLATFORM_C
	bool "MBEDTLS_PLATFORM_C"
	default n

config MBEDTLS_SELF_TEST
	bool "MBEDTLS_SELF_TEST"
	default n

config MBEDTLS_THREADING_C
	bool "MBEDTLS_THREADING_C"
	default y

config MBEDTLS_THREADING_PTHREAD
	def_bool MBEDTLS_THREADING_C

config MBEDTLS_VERSION_C
	bool "MBEDTLS_VERSION_C"
	default n

config MBEDTLS_VERSION_FEATURES
	bool "MBEDTLS_VERSION_FEATURES"
	default n

config MBEDTLS_PSA_CRYPTO_CLIENT
	bool "MBEDTLS_PSA_CRYPTO_CLIENT"

config MBEDTLS_DEPRECATED_WARNING
	bool "MBEDTLS_DEPRECATED_WARNING"
	default n

config MBEDTLS_SSL_PROTO_TLS1_2
	bool "MBEDTLS_SSL_PROTO_TLS1_2"
	default y

config MBEDTLS_SSL_PROTO_TLS1_3
	bool "MBEDTLS_SSL_PROTO_TLS1_3"
	select MBEDTLS_PSA_CRYPTO_CLIENT
	select MBEDTLS_HKDF_C
	default y

config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
	bool "MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE"
	depends on MBEDTLS_SSL_PROTO_TLS1_3
	default y

config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
	bool "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED"
	depends on MBEDTLS_SSL_PROTO_TLS1_3
	default y

config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
	bool "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED"
	depends on MBEDTLS_SSL_PROTO_TLS1_3
	default y

config MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
	bool "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED"
	depends on MBEDTLS_SSL_PROTO_TLS1_3
	default y

comment "Build Options"

config MBEDTLS_ENTROPY_FORCE_SHA256
	bool "MBEDTLS_ENTROPY_FORCE_SHA256"
	default y

config MBEDTLS_SSL_RENEGOTIATION
	bool "MBEDTLS_SSL_RENEGOTIATION"
	depends on MBEDTLS_SSL_PROTO_TLS1_2
	default n

endif