mirror of
https://github.com/zephyrproject-rtos/zephyr
synced 2025-08-27 21:05:24 +00:00
378d6b137a
Same deal as in commit eddd98f811 ("kconfig: Replace some single-symbol
'if's with 'depends on'"), for the remaining cases outside defconfig
files. See that commit for an explanation.
Will do the defconfigs separately in case there are any complaints
there.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
133 lines
4.4 KiB
Plaintext
133 lines
4.4 KiB
Plaintext
# Cryptography primitive options for mbed TLS
|
|
|
|
# Copyright (c) 2016 Intel Corporation
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
menuconfig MBEDTLS
|
|
bool "mbedTLS Support"
|
|
help
|
|
This option enables the mbedTLS cryptography library.
|
|
|
|
if MBEDTLS
|
|
|
|
choice
|
|
prompt "Select implementation"
|
|
default MBEDTLS_BUILTIN
|
|
|
|
config MBEDTLS_BUILTIN
|
|
bool "Enable mbedTLS integrated sources"
|
|
help
|
|
Link with local mbedTLS sources instead of external library.
|
|
|
|
config MBEDTLS_LIBRARY
|
|
bool "Enable mbedTLS external library"
|
|
help
|
|
This option enables mbedTLS library.
|
|
|
|
endchoice
|
|
|
|
config MBEDTLS_CFG_FILE
|
|
string "mbed TLS configuration file"
|
|
depends on MBEDTLS_BUILTIN
|
|
default "config-tls-generic.h"
|
|
help
|
|
Use a specific mbed TLS configuration file. The default config file
|
|
file can be tweaked with Kconfig. The default configuration is
|
|
suitable to communicate with majority of HTTPS servers on the Internet,
|
|
but has relatively many features enabled. To optimize resources for
|
|
special TLS usage, use available Kconfig options, or select an
|
|
alternative config.
|
|
|
|
rsource "Kconfig.tls-generic"
|
|
|
|
config MBEDTLS_SSL_MAX_CONTENT_LEN
|
|
int "Max payload size for TLS protocol message"
|
|
default 1500
|
|
depends on MBEDTLS_BUILTIN
|
|
help
|
|
The TLS standards mandate max payload size of 16384 bytes. So, for
|
|
maximum operability and for general-purpose usage, that value must
|
|
be used. For specific usages, that value can be largely decreased.
|
|
E.g. for DTLS, payload size is limited by UDP datagram size, and
|
|
even for HTTPS REST API, the payload can be limited to max size of
|
|
(REST request, REST response, server certificate(s)).
|
|
mbedTLS uses this value separate for input and output buffers, so
|
|
twice this value will be allocated (on mbedTLS own heap, so the
|
|
value of MBEDTLS_HEAP_SIZE should accommodate that).
|
|
|
|
config MBEDTLS_DEBUG
|
|
bool "mbed TLS debug activation"
|
|
depends on MBEDTLS_BUILTIN
|
|
help
|
|
Enable debugging activation for mbed TLS configuration. If you use
|
|
mbedTLS/Zephyr integration (e.g. net_app), this will activate debug
|
|
logging (of the level configured by MBEDTLS_DEBUG_LEVEL).
|
|
If you use mbedTLS directly instead, you will need to perform
|
|
additional configuration yourself: call
|
|
mbedtls_ssl_conf_dbg(&mbedtls.conf, my_debug, NULL);
|
|
mbedtls_debug_set_threshold(level);
|
|
functions in your application, and create the my_debug() function to
|
|
actually print something useful.
|
|
|
|
config MBEDTLS_DEBUG_LEVEL
|
|
int "mbed TLS default debug level"
|
|
depends on MBEDTLS_DEBUG
|
|
default 0
|
|
range 0 4
|
|
help
|
|
Default mbed TLS debug logging level for Zephyr integration code
|
|
(from ext/lib/crypto/mbedtls/include/mbedtls/debug.h):
|
|
0 No debug
|
|
1 Error
|
|
2 State change
|
|
3 Information
|
|
4 Verbose
|
|
|
|
config MBEDTLS_TEST
|
|
bool "Compile internal self test functions"
|
|
depends on MBEDTLS_BUILTIN
|
|
help
|
|
Enable self test function for the crypto algorithms
|
|
|
|
config MBEDTLS_INSTALL_PATH
|
|
string "mbedTLS install path"
|
|
depends on MBEDTLS_LIBRARY
|
|
help
|
|
This option holds the path where the mbedTLS libraries and headers are
|
|
installed. Make sure this option is properly set when MBEDTLS_LIBRARY
|
|
is enabled otherwise the build will fail.
|
|
|
|
config MBEDTLS_ENABLE_HEAP
|
|
bool "Enable global heap for mbed TLS"
|
|
help
|
|
This option enables the mbedtls to use the heap. This setting must
|
|
be global so that various applications and libraries in Zephyr do not
|
|
try to do this themselves as there can be only one heap defined
|
|
in mbedtls. If this is enabled, then the Zephyr will, during the device
|
|
startup, initialize the heap automatically.
|
|
|
|
config MBEDTLS_HEAP_SIZE
|
|
int "Heap size for mbed TLS"
|
|
default 512
|
|
depends on MBEDTLS_ENABLE_HEAP
|
|
help
|
|
The mbedtls routines will use this heap if enabled.
|
|
See ext/lib/crypto/mbedtls/include/mbedtls/config.h and
|
|
MBEDTLS_MEMORY_BUFFER_ALLOC_C option for details. That option is not
|
|
enabled by default.
|
|
Default value for the heap size is not set as it depends on the
|
|
application. For streaming communication with arbitrary (HTTPS)
|
|
servers on the Internet, 32KB + overheads (up to another 20KB) may
|
|
be needed. For some dedicated and specific usage of mbedtls API, the
|
|
1000 bytes might be ok.
|
|
|
|
config APP_LINK_WITH_MBEDTLS
|
|
bool "Link 'app' with MBEDTLS"
|
|
default y
|
|
help
|
|
Add MBEDTLS header files to the 'app' include path. It may be
|
|
disabled if the include paths for MBEDTLS are causing aliasing
|
|
issues for 'app'.
|
|
|
|
endif # MBEDTLS
|