The external dependencies Mbed TLS relies on
External function dependencies
Mbed TLS is as loosely coupled as possible and does not rely on any external libraries for its code. It does use a number of standard
libc function calls. This page describes which external calls are present and how you can remove them if no support for that function is available; it focuses on the core library only (excluding the example programs and test suites, but including the self test functions as they are part of the library).
Configuration flags control some of the dependencies. Please see How do I configure mbed TLS and How do I port Mbed TLS to a new environment or OS for a full description of how to set the configuration flags to port Mbed TLS to a new environment.
Signals and alarms
timing.c use signal handlers. The
timing.c file uses them as support code for example programs. The signal handlers in
net_sockets.c serve a more direct purpose. You can remove this dependency by disabling or adapting the example programs and using alternate I/O callbacks instead of
net_sockets.c in the TLS layer.
alarm(). This code is only used in example programs as support code, not in the actual library. You can remove this dependency.
select(), for the purposes of sleeping (only used in the example programs, not in the library) or providing blocking reads with timeouts. You can remove this dependency by using alternate I/O callbacks instead of
net_sockets.c in the TLS layer.
Network/socket based functions
The network and socket based functions are only used in the Network module (
net_sockets.c). As the TLS part only uses function pointers, you can replace these dependencies with something else (such as lwIP) as long as the behavior is similar. To use different networking functions, disable
MBEDTLS_NET_C, and implement your own socket module, as described in the porting article.
Functions covered: on Windows, functions from the Windows Sockets API, and on Unix:
File (stream) functions
MBEDTLS_FS_IO is defined, the file functions are used in several Mbed TLS modules:
The MD layer for file hashing (
X509 Parsing (
x509_csr.c) use the file functions for reading the certificate, CSR and CRL files; it also uses
The PK layer (
pkparse.c) uses file functions for reading and parsing keys from files.
The MPI module (
fwritefor writing MPIs to files and streams and
fgetsfor reading files and streams into MPIs.
The entropy, CTR-DRBG and HMAC_DRBG modules use file functions for reading and updating seed files.
The DHM module uses file operations to read DH parameters files (
You can disable all by commenting
Dynamic memory functions
A number of modules (ASN1, Bignum/MPI, Cipher, CMAC, DHM, ECP, MD, PEM, PK, PKCS11, RSA, TLS, X.509) use dynamic memory allocation. You can provide your own implementations, and we even provide a buffer-based memory allocator. For further details, read Letting Mbed TLS use static memory instead of the heap.
memset() are really basic in any system and used in several places. The assumption is that everybody has support for these.
memmove() function is used as an optimization in the TLS module. It is also used in the nist key wrapping module (
nist_kw.c) and in the NULL cipher wrap (
null_crypt_stream) to avoid buffer overlapping. You can remove this dependency by providing your own implementation of the same functionality.
printf() function is used in all self test functions as
mbedtls_printf(), controlled by the
MBEDTLS_SELF_TEST configuration flags. In addition, in the MPI module (
mbedtls_printf() to print to
MBEDTLS_FS_IO is defined. You can disable these dependencies in the
mbedtls_config.h file. You can also provide your own implementation through the platform layer, see
MBEDTLS_PLATFORM_PRINTF_ALT for an example. If your platform supports a print function with a different name, you can set it as
snprintf() function is defined as
mbedtls_snprintf(). It is used in the X.509 module for the various
mbedtls_x509_xxx_info() functions and
mbedtls_x509_crt_parse_path(). It is also used by the SSL debug module (
debug.c) for formatting debug messages, by
mbedtls_strerror() and by
mbedtls_oid_get_numeric_string() (not used in the library). You can provide your own implementation through the platform layer, see
MBEDTLS_PLATFORM_PRINTF_ALT for an example. If your platform supports a similar function with a different name, you can set it as
The other string functions are used in actual core scenarios. There are workarounds possible in any of there scenarios.
rand() function is used only in the self tests of the RSA module (
rsa.c). You can disable it by
Variable argument functions
To make a half-compatible
snprintf() function under Windows, you can use
vsnprintf(). All three are also used in the Debug module (
debug.c). You can remove
vsnprintf() by commenting