mbedtls/configs
Gilles Peskine fec306452b Add a reference configuration without any asymmetric cryptography
Add a reference configuration with most symmetric cryptographic
algorithms enabled, but without any asymmetric cryptography. This
checks that we don't have spurious unexpected dependencies on
asymmetric-only modules such as bignum.

Keep HAVE_ASM disabled because it's platform-specific.

Keep HAVEGE disabled because it's untested and not recommended.

Keep MEMORY_BUFFER_ALLOC out because it isn't related to cryptography
at all and it makes memory sanitizers ineffective.

Keep THREADING disabled because it requires special build options.
2019-10-11 18:21:08 +02:00
..
config-no-entropy.h Use mbedtls-based path for includes 2019-07-15 15:52:25 +01:00
config-psa-crypto.h Use mbedtls-based path for includes 2019-07-15 15:52:25 +01:00
config-suite-b.h config: Remove X.509 options 2019-04-25 11:46:21 +01:00
config-symmetric-only.h Add a reference configuration without any asymmetric cryptography 2019-10-11 18:21:08 +02:00
README.txt config: Remove TLS and NET options 2019-04-25 11:46:21 +01:00

This directory contains example configuration files.

The examples are generally focused on a particular usage case (eg, support for
a restricted number of TLS ciphersuites) and aim at minimizing resource usage
for this target. They can be used as a basis for custom configurations.

These files are complete replacements for the default config.h. To use one of
them, you can pick one of the following methods:

1. Replace the default file include/mbedtls/config.h with the chosen one.
   (Depending on your compiler, you may need to adjust the line with
   #include "mbedtls/check_config.h" then.)

2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
   For example, using make:

    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make

   Or, using cmake:

    find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
    make

Note that the second method also works if you want to keep your custom
configuration file outside the mbed TLS tree.