1/**
2 * \file config.h
3 *
4 * \brief Configuration options (set of defines)
5 *
6 * This set of compile-time options may be used to enable
7 * or disable features selectively, and reduce the global
8 * memory footprint.
9 */
10/*
11 * Copyright The Mbed TLS Contributors
12 * SPDX-License-Identifier: Apache-2.0
13 *
14 * Licensed under the Apache License, Version 2.0 (the "License"); you may
15 * not use this file except in compliance with the License.
16 * You may obtain a copy of the License at
17 *
18 * http://www.apache.org/licenses/LICENSE-2.0
19 *
20 * Unless required by applicable law or agreed to in writing, software
21 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
22 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23 * See the License for the specific language governing permissions and
24 * limitations under the License.
25 */
26
27#ifndef MBEDTLS_CONFIG_H
28#define MBEDTLS_CONFIG_H
29
30#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
31#define _CRT_SECURE_NO_DEPRECATE 1
32#endif
33
34/**
35 * \name SECTION: System support
36 *
37 * This section sets system specific settings.
38 * \{
39 */
40
41/**
42 * \def MBEDTLS_HAVE_ASM
43 *
44 * The compiler has support for asm().
45 *
46 * Requires support for asm() in compiler.
47 *
48 * Used in:
49 * library/aria.c
50 * library/timing.c
51 * include/mbedtls/bn_mul.h
52 *
53 * Required by:
54 * MBEDTLS_AESNI_C (on some platforms)
55 * MBEDTLS_PADLOCK_C
56 *
57 * Comment to disable the use of assembly code.
58 */
59#define MBEDTLS_HAVE_ASM
60
61/**
62 * \def MBEDTLS_NO_UDBL_DIVISION
63 *
64 * The platform lacks support for double-width integer division (64-bit
65 * division on a 32-bit platform, 128-bit division on a 64-bit platform).
66 *
67 * Used in:
68 * include/mbedtls/bignum.h
69 * library/bignum.c
70 *
71 * The bignum code uses double-width division to speed up some operations.
72 * Double-width division is often implemented in software that needs to
73 * be linked with the program. The presence of a double-width integer
74 * type is usually detected automatically through preprocessor macros,
75 * but the automatic detection cannot know whether the code needs to
76 * and can be linked with an implementation of division for that type.
77 * By default division is assumed to be usable if the type is present.
78 * Uncomment this option to prevent the use of double-width division.
79 *
80 * Note that division for the native integer type is always required.
81 * Furthermore, a 64-bit type is always required even on a 32-bit
82 * platform, but it need not support multiplication or division. In some
83 * cases it is also desirable to disable some double-width operations. For
84 * example, if double-width division is implemented in software, disabling
85 * it can reduce code size in some embedded targets.
86 */
87//#define MBEDTLS_NO_UDBL_DIVISION
88
89/**
90 * \def MBEDTLS_NO_64BIT_MULTIPLICATION
91 *
92 * The platform lacks support for 32x32 -> 64-bit multiplication.
93 *
94 * Used in:
95 * library/poly1305.c
96 *
97 * Some parts of the library may use multiplication of two unsigned 32-bit
98 * operands with a 64-bit result in order to speed up computations. On some
99 * platforms, this is not available in hardware and has to be implemented in
100 * software, usually in a library provided by the toolchain.
101 *
102 * Sometimes it is not desirable to have to link to that library. This option
103 * removes the dependency of that library on platforms that lack a hardware
104 * 64-bit multiplier by embedding a software implementation in Mbed TLS.
105 *
106 * Note that depending on the compiler, this may decrease performance compared
107 * to using the library function provided by the toolchain.
108 */
109//#define MBEDTLS_NO_64BIT_MULTIPLICATION
110
111/**
112 * \def MBEDTLS_HAVE_SSE2
113 *
114 * CPU supports SSE2 instruction set.
115 *
116 * Uncomment if the CPU supports SSE2 (IA-32 specific).
117 */
118//#define MBEDTLS_HAVE_SSE2
119
120/**
121 * \def MBEDTLS_HAVE_TIME
122 *
123 * System has time.h and time().
124 * The time does not need to be correct, only time differences are used,
125 * by contrast with MBEDTLS_HAVE_TIME_DATE
126 *
127 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
128 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
129 * MBEDTLS_PLATFORM_STD_TIME.
130 *
131 * Comment if your system does not support time functions.
132 *
133 * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
134 * interface - timing.c will include time.h on suitable platforms
135 * regardless of the setting of MBEDTLS_HAVE_TIME, unless
136 * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
137 */
138#define MBEDTLS_HAVE_TIME
139
140/**
141 * \def MBEDTLS_HAVE_TIME_DATE
142 *
143 * System has time.h, time(), and an implementation for
144 * mbedtls_platform_gmtime_r() (see below).
145 * The time needs to be correct (not necessarily very accurate, but at least
146 * the date should be correct). This is used to verify the validity period of
147 * X.509 certificates.
148 *
149 * Comment if your system does not have a correct clock.
150 *
151 * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
152 * behaves similarly to the gmtime_r() function from the C standard. Refer to
153 * the documentation for mbedtls_platform_gmtime_r() for more information.
154 *
155 * \note It is possible to configure an implementation for
156 * mbedtls_platform_gmtime_r() at compile-time by using the macro
157 * MBEDTLS_PLATFORM_GMTIME_R_ALT.
158 */
159#define MBEDTLS_HAVE_TIME_DATE
160
161/**
162 * \def MBEDTLS_PLATFORM_MEMORY
163 *
164 * Enable the memory allocation layer.
165 *
166 * By default mbed TLS uses the system-provided calloc() and free().
167 * This allows different allocators (self-implemented or provided) to be
168 * provided to the platform abstraction layer.
169 *
170 * Enabling MBEDTLS_PLATFORM_MEMORY without the
171 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
172 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
173 * free() function pointer at runtime.
174 *
175 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
176 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
177 * alternate function at compile time.
178 *
179 * Requires: MBEDTLS_PLATFORM_C
180 *
181 * Enable this layer to allow use of alternative memory allocators.
182 */
183//#define MBEDTLS_PLATFORM_MEMORY
184
185/**
186 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
187 *
188 * Do not assign standard functions in the platform layer (e.g. calloc() to
189 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
190 *
191 * This makes sure there are no linking errors on platforms that do not support
192 * these functions. You will HAVE to provide alternatives, either at runtime
193 * via the platform_set_xxx() functions or at compile time by setting
194 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
195 * MBEDTLS_PLATFORM_XXX_MACRO.
196 *
197 * Requires: MBEDTLS_PLATFORM_C
198 *
199 * Uncomment to prevent default assignment of standard functions in the
200 * platform layer.
201 */
202//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
203
204/**
205 * \def MBEDTLS_PLATFORM_EXIT_ALT
206 *
207 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
208 * function in the platform abstraction layer.
209 *
210 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
211 * provide a function "mbedtls_platform_set_printf()" that allows you to set an
212 * alternative printf function pointer.
213 *
214 * All these define require MBEDTLS_PLATFORM_C to be defined!
215 *
216 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
217 * it will be enabled automatically by check_config.h
218 *
219 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
220 * MBEDTLS_PLATFORM_XXX_MACRO!
221 *
222 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
223 *
224 * Uncomment a macro to enable alternate implementation of specific base
225 * platform function
226 */
227//#define MBEDTLS_PLATFORM_EXIT_ALT
228//#define MBEDTLS_PLATFORM_TIME_ALT
229//#define MBEDTLS_PLATFORM_FPRINTF_ALT
230//#define MBEDTLS_PLATFORM_PRINTF_ALT
231//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
232//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
233//#define MBEDTLS_PLATFORM_NV_SEED_ALT
234//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
235
236/**
237 * \def MBEDTLS_DEPRECATED_WARNING
238 *
239 * Mark deprecated functions and features so that they generate a warning if
240 * used. Functionality deprecated in one version will usually be removed in the
241 * next version. You can enable this to help you prepare the transition to a
242 * new major version by making sure your code is not using this functionality.
243 *
244 * This only works with GCC and Clang. With other compilers, you may want to
245 * use MBEDTLS_DEPRECATED_REMOVED
246 *
247 * Uncomment to get warnings on using deprecated functions and features.
248 */
249//#define MBEDTLS_DEPRECATED_WARNING
250
251/**
252 * \def MBEDTLS_DEPRECATED_REMOVED
253 *
254 * Remove deprecated functions and features so that they generate an error if
255 * used. Functionality deprecated in one version will usually be removed in the
256 * next version. You can enable this to help you prepare the transition to a
257 * new major version by making sure your code is not using this functionality.
258 *
259 * Uncomment to get errors on using deprecated functions and features.
260 */
261//#define MBEDTLS_DEPRECATED_REMOVED
262
263/**
264 * \def MBEDTLS_CHECK_PARAMS
265 *
266 * This configuration option controls whether the library validates more of
267 * the parameters passed to it.
268 *
269 * When this flag is not defined, the library only attempts to validate an
270 * input parameter if: (1) they may come from the outside world (such as the
271 * network, the filesystem, etc.) or (2) not validating them could result in
272 * internal memory errors such as overflowing a buffer controlled by the
273 * library. On the other hand, it doesn't attempt to validate parameters whose
274 * values are fully controlled by the application (such as pointers).
275 *
276 * When this flag is defined, the library additionally attempts to validate
277 * parameters that are fully controlled by the application, and should always
278 * be valid if the application code is fully correct and trusted.
279 *
280 * For example, when a function accepts as input a pointer to a buffer that may
281 * contain untrusted data, and its documentation mentions that this pointer
282 * must not be NULL:
283 * - The pointer is checked to be non-NULL only if this option is enabled.
284 * - The content of the buffer is always validated.
285 *
286 * When this flag is defined, if a library function receives a parameter that
287 * is invalid:
288 * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
289 * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
290 * will immediately return. If the function returns an Mbed TLS error code,
291 * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
292 *
293 * When defining this flag, you also need to arrange a definition for
294 * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
295 * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
296 * function mbedtls_param_failed(), but the library does not define this
297 * function. If you do not make any other arrangements, you must provide
298 * the function mbedtls_param_failed() in your application.
299 * See `platform_util.h` for its prototype.
300 * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
301 * library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
302 * You can still supply an alternative definition of
303 * MBEDTLS_PARAM_FAILED(), which may call `assert`.
304 * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
305 * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
306 * the library will call the macro that you defined and will not supply
307 * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
308 * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
309 * files include `<assert.h>`.
310 *
311 * Uncomment to enable validation of application-controlled parameters.
312 */
313//#define MBEDTLS_CHECK_PARAMS
314
315/**
316 * \def MBEDTLS_CHECK_PARAMS_ASSERT
317 *
318 * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
319 * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
320 *
321 * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
322 * calling a function mbedtls_param_failed(). See the documentation of
323 * #MBEDTLS_CHECK_PARAMS for details.
324 *
325 * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
326 */
327//#define MBEDTLS_CHECK_PARAMS_ASSERT
328
329/** \} name SECTION: System support */
330
331/**
332 * \name SECTION: mbed TLS feature support
333 *
334 * This section sets support for features that are or are not needed
335 * within the modules that are enabled.
336 * \{
337 */
338
339/**
340 * \def MBEDTLS_TIMING_ALT
341 *
342 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
343 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
344 *
345 * Only works if you have MBEDTLS_TIMING_C enabled.
346 *
347 * You will need to provide a header "timing_alt.h" and an implementation at
348 * compile time.
349 */
350//#define MBEDTLS_TIMING_ALT
351
352/**
353 * \def MBEDTLS_AES_ALT
354 *
355 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
356 * alternate core implementation of a symmetric crypto, an arithmetic or hash
357 * module (e.g. platform specific assembly optimized implementations). Keep
358 * in mind that the function prototypes should remain the same.
359 *
360 * This replaces the whole module. If you only want to replace one of the
361 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
362 *
363 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
364 * provide the "struct mbedtls_aes_context" definition and omit the base
365 * function declarations and implementations. "aes_alt.h" will be included from
366 * "aes.h" to include the new function definitions.
367 *
368 * Uncomment a macro to enable alternate implementation of the corresponding
369 * module.
370 *
371 * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
372 * use constitutes a security risk. If possible, we recommend
373 * avoiding dependencies on them, and considering stronger message
374 * digests and ciphers instead.
375 *
376 */
377//#define MBEDTLS_AES_ALT
378//#define MBEDTLS_ARC4_ALT
379//#define MBEDTLS_ARIA_ALT
380//#define MBEDTLS_BLOWFISH_ALT
381//#define MBEDTLS_CAMELLIA_ALT
382//#define MBEDTLS_CCM_ALT
383//#define MBEDTLS_CHACHA20_ALT
384//#define MBEDTLS_CHACHAPOLY_ALT
385//#define MBEDTLS_CMAC_ALT
386//#define MBEDTLS_DES_ALT
387//#define MBEDTLS_DHM_ALT
388//#define MBEDTLS_ECJPAKE_ALT
389//#define MBEDTLS_GCM_ALT
390//#define MBEDTLS_NIST_KW_ALT
391//#define MBEDTLS_MD2_ALT
392//#define MBEDTLS_MD4_ALT
393//#define MBEDTLS_MD5_ALT
394//#define MBEDTLS_POLY1305_ALT
395//#define MBEDTLS_RIPEMD160_ALT
396//#define MBEDTLS_RSA_ALT
397//#define MBEDTLS_SHA1_ALT
398//#define MBEDTLS_SHA256_ALT
399//#define MBEDTLS_SHA512_ALT
400//#define MBEDTLS_XTEA_ALT
401
402/*
403 * When replacing the elliptic curve module, please consider, that it is
404 * implemented with two .c files:
405 * - ecp.c
406 * - ecp_curves.c
407 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
408 * macros as described above. The only difference is that you have to make sure
409 * that you provide functionality for both .c files.
410 */
411//#define MBEDTLS_ECP_ALT
412
413/**
414 * \def MBEDTLS_MD2_PROCESS_ALT
415 *
416 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
417 * alternate core implementation of symmetric crypto or hash function. Keep in
418 * mind that function prototypes should remain the same.
419 *
420 * This replaces only one function. The header file from mbed TLS is still
421 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
422 *
423 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
424 * no longer provide the mbedtls_sha1_process() function, but it will still provide
425 * the other function (using your mbedtls_sha1_process() function) and the definition
426 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
427 * with this definition.
428 *
429 * \note Because of a signature change, the core AES encryption and decryption routines are
430 * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
431 * respectively. When setting up alternative implementations, these functions should
432 * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
433 * must stay untouched.
434 *
435 * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
436 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
437 * tables.
438 *
439 * Uncomment a macro to enable alternate implementation of the corresponding
440 * function.
441 *
442 * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
443 * constitutes a security risk. If possible, we recommend avoiding
444 * dependencies on them, and considering stronger message digests
445 * and ciphers instead.
446 *
447 * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
448 * enabled, then the deterministic ECDH signature functions pass the
449 * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
450 * alternative implementations should use the RNG only for generating
451 * the ephemeral key and nothing else. If this is not possible, then
452 * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
453 * implementation should be provided for mbedtls_ecdsa_sign_det_ext()
454 * (and for mbedtls_ecdsa_sign_det() too if backward compatibility is
455 * desirable).
456 *
457 */
458//#define MBEDTLS_MD2_PROCESS_ALT
459//#define MBEDTLS_MD4_PROCESS_ALT
460//#define MBEDTLS_MD5_PROCESS_ALT
461//#define MBEDTLS_RIPEMD160_PROCESS_ALT
462//#define MBEDTLS_SHA1_PROCESS_ALT
463//#define MBEDTLS_SHA256_PROCESS_ALT
464//#define MBEDTLS_SHA512_PROCESS_ALT
465//#define MBEDTLS_DES_SETKEY_ALT
466//#define MBEDTLS_DES_CRYPT_ECB_ALT
467//#define MBEDTLS_DES3_CRYPT_ECB_ALT
468//#define MBEDTLS_AES_SETKEY_ENC_ALT
469//#define MBEDTLS_AES_SETKEY_DEC_ALT
470//#define MBEDTLS_AES_ENCRYPT_ALT
471//#define MBEDTLS_AES_DECRYPT_ALT
472//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
473//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
474//#define MBEDTLS_ECDSA_VERIFY_ALT
475//#define MBEDTLS_ECDSA_SIGN_ALT
476//#define MBEDTLS_ECDSA_GENKEY_ALT
477
478/**
479 * \def MBEDTLS_ECP_INTERNAL_ALT
480 *
481 * Expose a part of the internal interface of the Elliptic Curve Point module.
482 *
483 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
484 * alternative core implementation of elliptic curve arithmetic. Keep in mind
485 * that function prototypes should remain the same.
486 *
487 * This partially replaces one function. The header file from mbed TLS is still
488 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
489 * is still present and it is used for group structures not supported by the
490 * alternative.
491 *
492 * The original implementation can in addition be removed by setting the
493 * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
494 * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
495 * able to fallback to curves not supported by the alternative implementation.
496 *
497 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
498 * and implementing the following functions:
499 * unsigned char mbedtls_internal_ecp_grp_capable(
500 * const mbedtls_ecp_group *grp )
501 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
502 * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
503 * The mbedtls_internal_ecp_grp_capable function should return 1 if the
504 * replacement functions implement arithmetic for the given group and 0
505 * otherwise.
506 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
507 * called before and after each point operation and provide an opportunity to
508 * implement optimized set up and tear down instructions.
509 *
510 * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
511 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
512 * function, but will use your mbedtls_internal_ecp_double_jac() if the group
513 * for the operation is supported by your implementation (i.e. your
514 * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
515 * group is not supported by your implementation, then the original mbed TLS
516 * implementation of ecp_double_jac() is used instead, unless this fallback
517 * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
518 * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
519 *
520 * The function prototypes and the definition of mbedtls_ecp_group and
521 * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
522 * implementation of mbedtls_internal_ecp__function_name__ must be compatible
523 * with their definitions.
524 *
525 * Uncomment a macro to enable alternate implementation of the corresponding
526 * function.
527 */
528/* Required for all the functions in this section */
529//#define MBEDTLS_ECP_INTERNAL_ALT
530/* Turn off software fallback for curves not supported in hardware */
531//#define MBEDTLS_ECP_NO_FALLBACK
532/* Support for Weierstrass curves with Jacobi representation */
533//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
534//#define MBEDTLS_ECP_ADD_MIXED_ALT
535//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
536//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
537//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
538/* Support for curves with Montgomery arithmetic */
539//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
540//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
541//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
542
543/**
544 * \def MBEDTLS_TEST_NULL_ENTROPY
545 *
546 * Enables testing and use of mbed TLS without any configured entropy sources.
547 * This permits use of the library on platforms before an entropy source has
548 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
549 * MBEDTLS_ENTROPY_NV_SEED switches).
550 *
551 * WARNING! This switch MUST be disabled in production builds, and is suitable
552 * only for development.
553 * Enabling the switch negates any security provided by the library.
554 *
555 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
556 *
557 */
558//#define MBEDTLS_TEST_NULL_ENTROPY
559
560/**
561 * \def MBEDTLS_ENTROPY_HARDWARE_ALT
562 *
563 * Uncomment this macro to let mbed TLS use your own implementation of a
564 * hardware entropy collector.
565 *
566 * Your function must be called \c mbedtls_hardware_poll(), have the same
567 * prototype as declared in entropy_poll.h, and accept NULL as first argument.
568 *
569 * Uncomment to use your own hardware entropy collector.
570 */
571//#define MBEDTLS_ENTROPY_HARDWARE_ALT
572
573/**
574 * \def MBEDTLS_AES_ROM_TABLES
575 *
576 * Use precomputed AES tables stored in ROM.
577 *
578 * Uncomment this macro to use precomputed AES tables stored in ROM.
579 * Comment this macro to generate AES tables in RAM at runtime.
580 *
581 * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
582 * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
583 * initialization time before the first AES operation can be performed.
584 * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
585 * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
586 * performance if ROM access is slower than RAM access.
587 *
588 * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
589 *
590 */
591//#define MBEDTLS_AES_ROM_TABLES
592
593/**
594 * \def MBEDTLS_AES_FEWER_TABLES
595 *
596 * Use less ROM/RAM for AES tables.
597 *
598 * Uncommenting this macro omits 75% of the AES tables from
599 * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
600 * by computing their values on the fly during operations
601 * (the tables are entry-wise rotations of one another).
602 *
603 * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
604 * by ~6kb but at the cost of more arithmetic operations during
605 * runtime. Specifically, one has to compare 4 accesses within
606 * different tables to 4 accesses with additional arithmetic
607 * operations within the same table. The performance gain/loss
608 * depends on the system and memory details.
609 *
610 * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
611 *
612 */
613//#define MBEDTLS_AES_FEWER_TABLES
614
615/**
616 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
617 *
618 * Use less ROM for the Camellia implementation (saves about 768 bytes).
619 *
620 * Uncomment this macro to use less memory for Camellia.
621 */
622//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
623
624/**
625 * \def MBEDTLS_CHECK_RETURN_WARNING
626 *
627 * If this macro is defined, emit a compile-time warning if application code
628 * calls a function without checking its return value, but the return value
629 * should generally be checked in portable applications.
630 *
631 * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
632 * implemented. Otherwise this option has no effect.
633 *
634 * Uncomment to get warnings on using fallible functions without checking
635 * their return value.
636 *
637 * \note This feature is a work in progress.
638 * Warnings will be added to more functions in the future.
639 *
640 * \note A few functions are considered critical, and ignoring the return
641 * value of these functions will trigger a warning even if this
642 * macro is not defined. To completely disable return value check
643 * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
644 */
645//#define MBEDTLS_CHECK_RETURN_WARNING
646
647/**
648 * \def MBEDTLS_CIPHER_MODE_CBC
649 *
650 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
651 */
652#define MBEDTLS_CIPHER_MODE_CBC
653
654/**
655 * \def MBEDTLS_CIPHER_MODE_CFB
656 *
657 * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
658 */
659#define MBEDTLS_CIPHER_MODE_CFB
660
661/**
662 * \def MBEDTLS_CIPHER_MODE_CTR
663 *
664 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
665 */
666#define MBEDTLS_CIPHER_MODE_CTR
667
668/**
669 * \def MBEDTLS_CIPHER_MODE_OFB
670 *
671 * Enable Output Feedback mode (OFB) for symmetric ciphers.
672 */
673#define MBEDTLS_CIPHER_MODE_OFB
674
675/**
676 * \def MBEDTLS_CIPHER_MODE_XTS
677 *
678 * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
679 */
680#define MBEDTLS_CIPHER_MODE_XTS
681
682/**
683 * \def MBEDTLS_CIPHER_NULL_CIPHER
684 *
685 * Enable NULL cipher.
686 * Warning: Only do so when you know what you are doing. This allows for
687 * encryption or channels without any security!
688 *
689 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
690 * the following ciphersuites:
691 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
692 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
693 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
694 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
695 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
696 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
697 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
698 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
699 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
700 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
701 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
702 * MBEDTLS_TLS_RSA_WITH_NULL_SHA
703 * MBEDTLS_TLS_RSA_WITH_NULL_MD5
704 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
705 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
706 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
707 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
708 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
709 * MBEDTLS_TLS_PSK_WITH_NULL_SHA
710 *
711 * Uncomment this macro to enable the NULL cipher and ciphersuites
712 */
713//#define MBEDTLS_CIPHER_NULL_CIPHER
714
715/**
716 * \def MBEDTLS_CIPHER_PADDING_PKCS7
717 *
718 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
719 * specific padding modes in the cipher layer with cipher modes that support
720 * padding (e.g. CBC)
721 *
722 * If you disable all padding modes, only full blocks can be used with CBC.
723 *
724 * Enable padding modes in the cipher layer.
725 */
726#define MBEDTLS_CIPHER_PADDING_PKCS7
727#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
728#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
729#define MBEDTLS_CIPHER_PADDING_ZEROS
730
731/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
732 *
733 * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
734 * By default, CTR_DRBG uses a 256-bit key.
735 */
736//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
737
738/**
739 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
740 *
741 * Enable weak ciphersuites in SSL / TLS.
742 * Warning: Only do so when you know what you are doing. This allows for
743 * channels with virtually no security at all!
744 *
745 * This enables the following ciphersuites:
746 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
747 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
748 *
749 * Uncomment this macro to enable weak ciphersuites
750 *
751 * \warning DES is considered a weak cipher and its use constitutes a
752 * security risk. We recommend considering stronger ciphers instead.
753 */
754//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
755
756/**
757 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
758 *
759 * Remove RC4 ciphersuites by default in SSL / TLS.
760 * This flag removes the ciphersuites based on RC4 from the default list as
761 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
762 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
763 * explicitly.
764 *
765 * Uncomment this macro to remove RC4 ciphersuites by default.
766 */
767#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
768
769/**
770 * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
771 *
772 * Remove 3DES ciphersuites by default in SSL / TLS.
773 * This flag removes the ciphersuites based on 3DES from the default list as
774 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
775 * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
776 * them explicitly.
777 *
778 * A man-in-the-browser attacker can recover authentication tokens sent through
779 * a TLS connection using a 3DES based cipher suite (see "On the Practical
780 * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
781 * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
782 * in your threat model or you are unsure, then you should keep this option
783 * enabled to remove 3DES based cipher suites.
784 *
785 * Comment this macro to keep 3DES in the default ciphersuite list.
786 */
787#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
788
789/**
790 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
791 *
792 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
793 * module. By default all supported curves are enabled.
794 *
795 * Comment macros to disable the curve and functions for it
796 */
797/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
798#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
799#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
800#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
801#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
802#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
803#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
804#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
805#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
806#define MBEDTLS_ECP_DP_BP256R1_ENABLED
807#define MBEDTLS_ECP_DP_BP384R1_ENABLED
808#define MBEDTLS_ECP_DP_BP512R1_ENABLED
809/* Montgomery curves (supporting ECP) */
810#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
811#define MBEDTLS_ECP_DP_CURVE448_ENABLED
812
813/**
814 * \def MBEDTLS_ECP_NIST_OPTIM
815 *
816 * Enable specific 'modulo p' routines for each NIST prime.
817 * Depending on the prime and architecture, makes operations 4 to 8 times
818 * faster on the corresponding curve.
819 *
820 * Comment this macro to disable NIST curves optimisation.
821 */
822#define MBEDTLS_ECP_NIST_OPTIM
823
824/**
825 * \def MBEDTLS_ECP_NO_INTERNAL_RNG
826 *
827 * When this option is disabled, mbedtls_ecp_mul() will make use of an
828 * internal RNG when called with a NULL \c f_rng argument, in order to protect
829 * against some side-channel attacks.
830 *
831 * This protection introduces a dependency of the ECP module on one of the
832 * DRBG modules. For very constrained implementations that don't require this
833 * protection (for example, because you're only doing signature verification,
834 * so not manipulating any secret, or because local/physical side-channel
835 * attacks are outside your threat model), it might be desirable to get rid of
836 * that dependency.
837 *
838 * \warning Enabling this option makes some uses of ECP vulnerable to some
839 * side-channel attacks. Only enable it if you know that's not a problem for
840 * your use case.
841 *
842 * Uncomment this macro to disable some counter-measures in ECP.
843 */
844//#define MBEDTLS_ECP_NO_INTERNAL_RNG
845
846/**
847 * \def MBEDTLS_ECP_RESTARTABLE
848 *
849 * Enable "non-blocking" ECC operations that can return early and be resumed.
850 *
851 * This allows various functions to pause by returning
852 * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
853 * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
854 * order to further progress and eventually complete their operation. This is
855 * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
856 * number of ECC operations a function may perform before pausing; see
857 * mbedtls_ecp_set_max_ops() for more information.
858 *
859 * This is useful in non-threaded environments if you want to avoid blocking
860 * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
861 *
862 * This option:
863 * - Adds xxx_restartable() variants of existing operations in the
864 * following modules, with corresponding restart context types:
865 * - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
866 * linear combination (muladd);
867 * - ECDSA: signature generation & verification;
868 * - PK: signature generation & verification;
869 * - X509: certificate chain verification.
870 * - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
871 * - Changes the behaviour of TLS 1.2 clients (not servers) when using the
872 * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
873 * computations restartable:
874 * - ECDH operations from the key exchange, only for Short Weierstrass
875 * curves;
876 * - verification of the server's key exchange signature;
877 * - verification of the server's certificate chain;
878 * - generation of the client's signature if client authentication is used,
879 * with an ECC key/certificate.
880 *
881 * \note In the cases above, the usual SSL/TLS functions, such as
882 * mbedtls_ssl_handshake(), can now return
883 * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
884 *
885 * \note This option only works with the default software implementation of
886 * elliptic curve functionality. It is incompatible with
887 * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT,
888 * MBEDTLS_ECDH_LEGACY_CONTEXT, and MBEDTLS_USE_PSA_CRYPTO.
889 *
890 * Requires: MBEDTLS_ECP_C
891 *
892 * Uncomment this macro to enable restartable ECC computations.
893 */
894//#define MBEDTLS_ECP_RESTARTABLE
895
896/**
897 * \def MBEDTLS_ECDH_LEGACY_CONTEXT
898 *
899 * Use a backward compatible ECDH context.
900 *
901 * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
902 * defined in `ecdh.h`). For most applications, the choice of format makes
903 * no difference, since all library functions can work with either format,
904 * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
905
906 * The new format used when this option is disabled is smaller
907 * (56 bytes on a 32-bit platform). In future versions of the library, it
908 * will support alternative implementations of ECDH operations.
909 * The new format is incompatible with applications that access
910 * context fields directly and with restartable ECP operations.
911 *
912 * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
913 * want to access ECDH context fields directly. Otherwise you should
914 * comment out this macro definition.
915 *
916 * This option has no effect if #MBEDTLS_ECDH_C is not enabled.
917 *
918 * \note This configuration option is experimental. Future versions of the
919 * library may modify the way the ECDH context layout is configured
920 * and may modify the layout of the new context type.
921 */
922#define MBEDTLS_ECDH_LEGACY_CONTEXT
923
924/**
925 * \def MBEDTLS_ECDSA_DETERMINISTIC
926 *
927 * Enable deterministic ECDSA (RFC 6979).
928 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
929 * may result in a compromise of the long-term signing key. This is avoided by
930 * the deterministic variant.
931 *
932 * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
933 *
934 * Comment this macro to disable deterministic ECDSA.
935 */
936#define MBEDTLS_ECDSA_DETERMINISTIC
937
938/**
939 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
940 *
941 * Enable the PSK based ciphersuite modes in SSL / TLS.
942 *
943 * This enables the following ciphersuites (if other requisites are
944 * enabled as well):
945 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
946 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
947 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
948 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
949 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
950 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
951 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
952 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
953 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
954 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
955 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
956 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
957 */
958#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
959
960/**
961 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
962 *
963 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
964 *
965 * Requires: MBEDTLS_DHM_C
966 *
967 * This enables the following ciphersuites (if other requisites are
968 * enabled as well):
969 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
970 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
971 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
972 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
973 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
974 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
975 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
976 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
977 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
978 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
979 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
980 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
981 *
982 * \warning Using DHE constitutes a security risk as it
983 * is not possible to validate custom DH parameters.
984 * If possible, it is recommended users should consider
985 * preferring other methods of key exchange.
986 * See dhm.h for more details.
987 *
988 */
989#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
990
991/**
992 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
993 *
994 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
995 *
996 * Requires: MBEDTLS_ECDH_C
997 *
998 * This enables the following ciphersuites (if other requisites are
999 * enabled as well):
1000 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
1001 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
1002 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
1003 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
1004 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
1005 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
1006 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
1007 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
1008 */
1009#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
1010
1011/**
1012 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
1013 *
1014 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
1015 *
1016 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
1017 * MBEDTLS_X509_CRT_PARSE_C
1018 *
1019 * This enables the following ciphersuites (if other requisites are
1020 * enabled as well):
1021 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
1022 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
1023 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
1024 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
1025 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
1026 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
1027 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
1028 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
1029 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
1030 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
1031 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
1032 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
1033 */
1034#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
1035
1036/**
1037 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
1038 *
1039 * Enable the RSA-only based ciphersuite modes in SSL / TLS.
1040 *
1041 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
1042 * MBEDTLS_X509_CRT_PARSE_C
1043 *
1044 * This enables the following ciphersuites (if other requisites are
1045 * enabled as well):
1046 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
1047 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
1048 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
1049 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
1050 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1051 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1052 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
1053 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
1054 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
1055 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
1056 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1057 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1058 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
1059 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
1060 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
1061 */
1062#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
1063
1064/**
1065 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1066 *
1067 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
1068 *
1069 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
1070 * MBEDTLS_X509_CRT_PARSE_C
1071 *
1072 * This enables the following ciphersuites (if other requisites are
1073 * enabled as well):
1074 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1075 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1076 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1077 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1078 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
1079 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1080 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1081 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1082 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1083 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1084 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1085 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1086 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1087 *
1088 * \warning Using DHE constitutes a security risk as it
1089 * is not possible to validate custom DH parameters.
1090 * If possible, it is recommended users should consider
1091 * preferring other methods of key exchange.
1092 * See dhm.h for more details.
1093 *
1094 */
1095#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1096
1097/**
1098 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1099 *
1100 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
1101 *
1102 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
1103 * MBEDTLS_X509_CRT_PARSE_C
1104 *
1105 * This enables the following ciphersuites (if other requisites are
1106 * enabled as well):
1107 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1108 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
1109 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1110 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1111 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
1112 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1113 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
1114 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1115 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1116 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1117 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
1118 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
1119 */
1120#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1121
1122/**
1123 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
1124 *
1125 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
1126 *
1127 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
1128 *
1129 * This enables the following ciphersuites (if other requisites are
1130 * enabled as well):
1131 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1132 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
1133 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1134 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1135 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1136 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1137 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
1138 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1139 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1140 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1141 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
1142 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
1143 */
1144#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
1145
1146/**
1147 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
1148 *
1149 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
1150 *
1151 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
1152 *
1153 * This enables the following ciphersuites (if other requisites are
1154 * enabled as well):
1155 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
1156 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
1157 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
1158 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
1159 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
1160 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
1161 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
1162 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
1163 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1164 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1165 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1166 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1167 */
1168#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
1169
1170/**
1171 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1172 *
1173 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
1174 *
1175 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
1176 *
1177 * This enables the following ciphersuites (if other requisites are
1178 * enabled as well):
1179 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
1180 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
1181 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
1182 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
1183 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
1184 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
1185 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
1186 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
1187 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
1188 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
1189 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
1190 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
1191 */
1192#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1193
1194/**
1195 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1196 *
1197 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
1198 *
1199 * \warning This is currently experimental. EC J-PAKE support is based on the
1200 * Thread v1.0.0 specification; incompatible changes to the specification
1201 * might still happen. For this reason, this is disabled by default.
1202 *
1203 * Requires: MBEDTLS_ECJPAKE_C
1204 * MBEDTLS_SHA256_C
1205 * MBEDTLS_ECP_DP_SECP256R1_ENABLED
1206 *
1207 * This enables the following ciphersuites (if other requisites are
1208 * enabled as well):
1209 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
1210 */
1211//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1212
1213/**
1214 * \def MBEDTLS_PK_PARSE_EC_EXTENDED
1215 *
1216 * Enhance support for reading EC keys using variants of SEC1 not allowed by
1217 * RFC 5915 and RFC 5480.
1218 *
1219 * Currently this means parsing the SpecifiedECDomain choice of EC
1220 * parameters (only known groups are supported, not arbitrary domains, to
1221 * avoid validation issues).
1222 *
1223 * Disable if you only need to support RFC 5915 + 5480 key formats.
1224 */
1225#define MBEDTLS_PK_PARSE_EC_EXTENDED
1226
1227/**
1228 * \def MBEDTLS_ERROR_STRERROR_DUMMY
1229 *
1230 * Enable a dummy error function to make use of mbedtls_strerror() in
1231 * third party libraries easier when MBEDTLS_ERROR_C is disabled
1232 * (no effect when MBEDTLS_ERROR_C is enabled).
1233 *
1234 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
1235 * not using mbedtls_strerror() or error_strerror() in your application.
1236 *
1237 * Disable if you run into name conflicts and want to really remove the
1238 * mbedtls_strerror()
1239 */
1240#define MBEDTLS_ERROR_STRERROR_DUMMY
1241
1242/**
1243 * \def MBEDTLS_GENPRIME
1244 *
1245 * Enable the prime-number generation code.
1246 *
1247 * Requires: MBEDTLS_BIGNUM_C
1248 */
1249#define MBEDTLS_GENPRIME
1250
1251/**
1252 * \def MBEDTLS_FS_IO
1253 *
1254 * Enable functions that use the filesystem.
1255 */
1256#define MBEDTLS_FS_IO
1257
1258/**
1259 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
1260 *
1261 * Do not add default entropy sources. These are the platform specific,
1262 * mbedtls_timing_hardclock and HAVEGE based poll functions.
1263 *
1264 * This is useful to have more control over the added entropy sources in an
1265 * application.
1266 *
1267 * Uncomment this macro to prevent loading of default entropy functions.
1268 */
1269//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
1270
1271/**
1272 * \def MBEDTLS_NO_PLATFORM_ENTROPY
1273 *
1274 * Do not use built-in platform entropy functions.
1275 * This is useful if your platform does not support
1276 * standards like the /dev/urandom or Windows CryptoAPI.
1277 *
1278 * Uncomment this macro to disable the built-in platform entropy functions.
1279 */
1280//#define MBEDTLS_NO_PLATFORM_ENTROPY
1281
1282/**
1283 * \def MBEDTLS_ENTROPY_FORCE_SHA256
1284 *
1285 * Force the entropy accumulator to use a SHA-256 accumulator instead of the
1286 * default SHA-512 based one (if both are available).
1287 *
1288 * Requires: MBEDTLS_SHA256_C
1289 *
1290 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
1291 * if you have performance concerns.
1292 *
1293 * This option is only useful if both MBEDTLS_SHA256_C and
1294 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
1295 */
1296//#define MBEDTLS_ENTROPY_FORCE_SHA256
1297
1298/**
1299 * \def MBEDTLS_ENTROPY_NV_SEED
1300 *
1301 * Enable the non-volatile (NV) seed file-based entropy source.
1302 * (Also enables the NV seed read/write functions in the platform layer)
1303 *
1304 * This is crucial (if not required) on systems that do not have a
1305 * cryptographic entropy source (in hardware or kernel) available.
1306 *
1307 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
1308 *
1309 * \note The read/write functions that are used by the entropy source are
1310 * determined in the platform layer, and can be modified at runtime and/or
1311 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
1312 *
1313 * \note If you use the default implementation functions that read a seedfile
1314 * with regular fopen(), please make sure you make a seedfile with the
1315 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
1316 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
1317 * and written to or you will get an entropy source error! The default
1318 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
1319 * bytes from the file.
1320 *
1321 * \note The entropy collector will write to the seed file before entropy is
1322 * given to an external source, to update it.
1323 */
1324//#define MBEDTLS_ENTROPY_NV_SEED
1325
1326/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
1327 *
1328 * Enable key identifiers that encode a key owner identifier.
1329 *
1330 * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
1331 * which is currently hard-coded to be int32_t.
1332 *
1333 * Note that this option is meant for internal use only and may be removed
1334 * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO.
1335 */
1336//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
1337
1338/**
1339 * \def MBEDTLS_MEMORY_DEBUG
1340 *
1341 * Enable debugging of buffer allocator memory issues. Automatically prints
1342 * (to stderr) all (fatal) messages on memory allocation issues. Enables
1343 * function for 'debug output' of allocated memory.
1344 *
1345 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
1346 *
1347 * Uncomment this macro to let the buffer allocator print out error messages.
1348 */
1349//#define MBEDTLS_MEMORY_DEBUG
1350
1351/**
1352 * \def MBEDTLS_MEMORY_BACKTRACE
1353 *
1354 * Include backtrace information with each allocated block.
1355 *
1356 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
1357 * GLIBC-compatible backtrace() and backtrace_symbols() support
1358 *
1359 * Uncomment this macro to include backtrace information
1360 */
1361//#define MBEDTLS_MEMORY_BACKTRACE
1362
1363/**
1364 * \def MBEDTLS_PK_RSA_ALT_SUPPORT
1365 *
1366 * Support external private RSA keys (eg from a HSM) in the PK layer.
1367 *
1368 * Comment this macro to disable support for external private RSA keys.
1369 */
1370#define MBEDTLS_PK_RSA_ALT_SUPPORT
1371
1372/**
1373 * \def MBEDTLS_PKCS1_V15
1374 *
1375 * Enable support for PKCS#1 v1.5 encoding.
1376 *
1377 * Requires: MBEDTLS_RSA_C
1378 *
1379 * This enables support for PKCS#1 v1.5 operations.
1380 */
1381#define MBEDTLS_PKCS1_V15
1382
1383/**
1384 * \def MBEDTLS_PKCS1_V21
1385 *
1386 * Enable support for PKCS#1 v2.1 encoding.
1387 *
1388 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
1389 *
1390 * This enables support for RSAES-OAEP and RSASSA-PSS operations.
1391 */
1392#define MBEDTLS_PKCS1_V21
1393
1394/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
1395 *
1396 * Enable support for platform built-in keys. If you enable this feature,
1397 * you must implement the function mbedtls_psa_platform_get_builtin_key().
1398 * See the documentation of that function for more information.
1399 *
1400 * Built-in keys are typically derived from a hardware unique key or
1401 * stored in a secure element.
1402 *
1403 * Requires: MBEDTLS_PSA_CRYPTO_C.
1404 *
1405 * \warning This interface is experimental and may change or be removed
1406 * without notice.
1407 */
1408//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
1409
1410/** \def MBEDTLS_PSA_CRYPTO_CLIENT
1411 *
1412 * Enable support for PSA crypto client.
1413 *
1414 * \note This option allows to include the code necessary for a PSA
1415 * crypto client when the PSA crypto implementation is not included in
1416 * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
1417 * code to set and get PSA key attributes.
1418 * The development of PSA drivers partially relying on the library to
1419 * fulfill the hardware gaps is another possible usage of this option.
1420 *
1421 * \warning This interface is experimental and may change or be removed
1422 * without notice.
1423 */
1424//#define MBEDTLS_PSA_CRYPTO_CLIENT
1425
1426/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
1427 *
1428 * Enable support for the experimental PSA crypto driver interface.
1429 *
1430 * Requires: MBEDTLS_PSA_CRYPTO_C
1431 *
1432 * \warning This interface is experimental and may change or be removed
1433 * without notice.
1434 */
1435//#define MBEDTLS_PSA_CRYPTO_DRIVERS
1436
1437/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
1438 *
1439 * Make the PSA Crypto module use an external random generator provided
1440 * by a driver, instead of Mbed TLS's entropy and DRBG modules.
1441 *
1442 * \note This random generator must deliver random numbers with cryptographic
1443 * quality and high performance. It must supply unpredictable numbers
1444 * with a uniform distribution. The implementation of this function
1445 * is responsible for ensuring that the random generator is seeded
1446 * with sufficient entropy. If you have a hardware TRNG which is slow
1447 * or delivers non-uniform output, declare it as an entropy source
1448 * with mbedtls_entropy_add_source() instead of enabling this option.
1449 *
1450 * If you enable this option, you must configure the type
1451 * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
1452 * and define a function called mbedtls_psa_external_get_random()
1453 * with the following prototype:
1454 * ```
1455 * psa_status_t mbedtls_psa_external_get_random(
1456 * mbedtls_psa_external_random_context_t *context,
1457 * uint8_t *output, size_t output_size, size_t *output_length);
1458 * );
1459 * ```
1460 * The \c context value is initialized to 0 before the first call.
1461 * The function must fill the \c output buffer with \c output_size bytes
1462 * of random data and set \c *output_length to \c output_size.
1463 *
1464 * Requires: MBEDTLS_PSA_CRYPTO_C
1465 *
1466 * \warning If you enable this option, code that uses the PSA cryptography
1467 * interface will not use any of the entropy sources set up for
1468 * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED
1469 * enables.
1470 *
1471 * \note This option is experimental and may be removed without notice.
1472 */
1473//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
1474
1475/**
1476 * \def MBEDTLS_PSA_CRYPTO_SPM
1477 *
1478 * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
1479 * Partition Manager) integration which separates the code into two parts: a
1480 * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
1481 * Environment).
1482 *
1483 * Module: library/psa_crypto.c
1484 * Requires: MBEDTLS_PSA_CRYPTO_C
1485 *
1486 */
1487//#define MBEDTLS_PSA_CRYPTO_SPM
1488
1489/**
1490 * \def MBEDTLS_PSA_INJECT_ENTROPY
1491 *
1492 * Enable support for entropy injection at first boot. This feature is
1493 * required on systems that do not have a built-in entropy source (TRNG).
1494 * This feature is currently not supported on systems that have a built-in
1495 * entropy source.
1496 *
1497 * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
1498 *
1499 */
1500//#define MBEDTLS_PSA_INJECT_ENTROPY
1501
1502/**
1503 * \def MBEDTLS_RSA_NO_CRT
1504 *
1505 * Do not use the Chinese Remainder Theorem
1506 * for the RSA private operation.
1507 *
1508 * Uncomment this macro to disable the use of CRT in RSA.
1509 *
1510 */
1511//#define MBEDTLS_RSA_NO_CRT
1512
1513/**
1514 * \def MBEDTLS_SELF_TEST
1515 *
1516 * Enable the checkup functions (*_self_test).
1517 */
1518#define MBEDTLS_SELF_TEST
1519
1520/**
1521 * \def MBEDTLS_SHA256_SMALLER
1522 *
1523 * Enable an implementation of SHA-256 that has lower ROM footprint but also
1524 * lower performance.
1525 *
1526 * The default implementation is meant to be a reasonable compromise between
1527 * performance and size. This version optimizes more aggressively for size at
1528 * the expense of performance. Eg on Cortex-M4 it reduces the size of
1529 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
1530 * 30%.
1531 *
1532 * Uncomment to enable the smaller implementation of SHA256.
1533 */
1534//#define MBEDTLS_SHA256_SMALLER
1535
1536/**
1537 * \def MBEDTLS_SHA512_SMALLER
1538 *
1539 * Enable an implementation of SHA-512 that has lower ROM footprint but also
1540 * lower performance.
1541 *
1542 * Uncomment to enable the smaller implementation of SHA512.
1543 */
1544//#define MBEDTLS_SHA512_SMALLER
1545
1546/**
1547 * \def MBEDTLS_SHA512_NO_SHA384
1548 *
1549 * Disable the SHA-384 option of the SHA-512 module. Use this to save some
1550 * code size on devices that don't use SHA-384.
1551 *
1552 * Requires: MBEDTLS_SHA512_C
1553 *
1554 * Uncomment to disable SHA-384
1555 */
1556//#define MBEDTLS_SHA512_NO_SHA384
1557
1558/**
1559 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
1560 *
1561 * Enable sending of alert messages in case of encountered errors as per RFC.
1562 * If you choose not to send the alert messages, mbed TLS can still communicate
1563 * with other servers, only debugging of failures is harder.
1564 *
1565 * The advantage of not sending alert messages, is that no information is given
1566 * about reasons for failures thus preventing adversaries of gaining intel.
1567 *
1568 * Enable sending of all alert messages
1569 */
1570#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
1571
1572/**
1573 * \def MBEDTLS_SSL_RECORD_CHECKING
1574 *
1575 * Enable the function mbedtls_ssl_check_record() which can be used to check
1576 * the validity and authenticity of an incoming record, to verify that it has
1577 * not been seen before. These checks are performed without modifying the
1578 * externally visible state of the SSL context.
1579 *
1580 * See mbedtls_ssl_check_record() for more information.
1581 *
1582 * Uncomment to enable support for record checking.
1583 */
1584#define MBEDTLS_SSL_RECORD_CHECKING
1585
1586/**
1587 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
1588 *
1589 * Enable support for the DTLS Connection ID extension
1590 * (version draft-ietf-tls-dtls-connection-id-05,
1591 * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
1592 * which allows to identify DTLS connections across changes
1593 * in the underlying transport.
1594 *
1595 * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
1596 * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
1597 * See the corresponding documentation for more information.
1598 *
1599 * \warning The Connection ID extension is still in draft state.
1600 * We make no stability promises for the availability
1601 * or the shape of the API controlled by this option.
1602 *
1603 * The maximum lengths of outgoing and incoming CIDs can be configured
1604 * through the options
1605 * - MBEDTLS_SSL_CID_OUT_LEN_MAX
1606 * - MBEDTLS_SSL_CID_IN_LEN_MAX.
1607 *
1608 * Requires: MBEDTLS_SSL_PROTO_DTLS
1609 *
1610 * Uncomment to enable the Connection ID extension.
1611 */
1612//#define MBEDTLS_SSL_DTLS_CONNECTION_ID
1613
1614/**
1615 * \def MBEDTLS_SSL_ASYNC_PRIVATE
1616 *
1617 * Enable asynchronous external private key operations in SSL. This allows
1618 * you to configure an SSL connection to call an external cryptographic
1619 * module to perform private key operations instead of performing the
1620 * operation inside the library.
1621 *
1622 */
1623//#define MBEDTLS_SSL_ASYNC_PRIVATE
1624
1625/**
1626 * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
1627 *
1628 * Enable serialization of the TLS context structures, through use of the
1629 * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
1630 *
1631 * This pair of functions allows one side of a connection to serialize the
1632 * context associated with the connection, then free or re-use that context
1633 * while the serialized state is persisted elsewhere, and finally deserialize
1634 * that state to a live context for resuming read/write operations on the
1635 * connection. From a protocol perspective, the state of the connection is
1636 * unaffected, in particular this is entirely transparent to the peer.
1637 *
1638 * Note: this is distinct from TLS session resumption, which is part of the
1639 * protocol and fully visible by the peer. TLS session resumption enables
1640 * establishing new connections associated to a saved session with shorter,
1641 * lighter handshakes, while context serialization is a local optimization in
1642 * handling a single, potentially long-lived connection.
1643 *
1644 * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
1645 * saved after the handshake to allow for more efficient serialization, so if
1646 * you don't need this feature you'll save RAM by disabling it.
1647 *
1648 * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
1649 *
1650 * Comment to disable the context serialization APIs.
1651 */
1652#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
1653
1654/**
1655 * \def MBEDTLS_SSL_DEBUG_ALL
1656 *
1657 * Enable the debug messages in SSL module for all issues.
1658 * Debug messages have been disabled in some places to prevent timing
1659 * attacks due to (unbalanced) debugging function calls.
1660 *
1661 * If you need all error reporting you should enable this during debugging,
1662 * but remove this for production servers that should log as well.
1663 *
1664 * Uncomment this macro to report all debug messages on errors introducing
1665 * a timing side-channel.
1666 *
1667 */
1668//#define MBEDTLS_SSL_DEBUG_ALL
1669
1670/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
1671 *
1672 * Enable support for Encrypt-then-MAC, RFC 7366.
1673 *
1674 * This allows peers that both support it to use a more robust protection for
1675 * ciphersuites using CBC, providing deep resistance against timing attacks
1676 * on the padding or underlying cipher.
1677 *
1678 * This only affects CBC ciphersuites, and is useless if none is defined.
1679 *
1680 * Requires: MBEDTLS_SSL_PROTO_TLS1 or
1681 * MBEDTLS_SSL_PROTO_TLS1_1 or
1682 * MBEDTLS_SSL_PROTO_TLS1_2
1683 *
1684 * Comment this macro to disable support for Encrypt-then-MAC
1685 */
1686#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
1687
1688/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
1689 *
1690 * Enable support for RFC 7627: Session Hash and Extended Master Secret
1691 * Extension.
1692 *
1693 * This was introduced as "the proper fix" to the Triple Handshake family of
1694 * attacks, but it is recommended to always use it (even if you disable
1695 * renegotiation), since it actually fixes a more fundamental issue in the
1696 * original SSL/TLS design, and has implications beyond Triple Handshake.
1697 *
1698 * Requires: MBEDTLS_SSL_PROTO_TLS1 or
1699 * MBEDTLS_SSL_PROTO_TLS1_1 or
1700 * MBEDTLS_SSL_PROTO_TLS1_2
1701 *
1702 * Comment this macro to disable support for Extended Master Secret.
1703 */
1704#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
1705
1706/**
1707 * \def MBEDTLS_SSL_FALLBACK_SCSV
1708 *
1709 * Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
1710 * for Preventing Protocol Downgrade Attacks.
1711 *
1712 * For servers, it is recommended to always enable this, unless you support
1713 * only one version of TLS, or know for sure that none of your clients
1714 * implements a fallback strategy.
1715 *
1716 * For clients, you only need this if you're using a fallback strategy, which
1717 * is not recommended in the first place, unless you absolutely need it to
1718 * interoperate with buggy (version-intolerant) servers.
1719 *
1720 * Comment this macro to disable support for FALLBACK_SCSV
1721 */
1722#define MBEDTLS_SSL_FALLBACK_SCSV
1723
1724/**
1725 * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1726 *
1727 * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
1728 * giving access to the peer's certificate after completion of the handshake.
1729 *
1730 * Unless you need mbedtls_ssl_peer_cert() in your application, it is
1731 * recommended to disable this option for reduced RAM usage.
1732 *
1733 * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
1734 * defined, but always returns \c NULL.
1735 *
1736 * \note This option has no influence on the protection against the
1737 * triple handshake attack. Even if it is disabled, Mbed TLS will
1738 * still ensure that certificates do not change during renegotiation,
1739 * for example by keeping a hash of the peer's certificate.
1740 *
1741 * Comment this macro to disable storing the peer's certificate
1742 * after the handshake.
1743 */
1744#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1745
1746/**
1747 * \def MBEDTLS_SSL_HW_RECORD_ACCEL
1748 *
1749 * Enable hooking functions in SSL module for hardware acceleration of
1750 * individual records.
1751 *
1752 * \deprecated This option is deprecated and will be removed in a future
1753 * version of Mbed TLS.
1754 *
1755 * Uncomment this macro to enable hooking functions.
1756 */
1757//#define MBEDTLS_SSL_HW_RECORD_ACCEL
1758
1759/**
1760 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
1761 *
1762 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
1763 *
1764 * This is a countermeasure to the BEAST attack, which also minimizes the risk
1765 * of interoperability issues compared to sending 0-length records.
1766 *
1767 * Comment this macro to disable 1/n-1 record splitting.
1768 */
1769#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
1770
1771/**
1772 * \def MBEDTLS_SSL_RENEGOTIATION
1773 *
1774 * Enable support for TLS renegotiation.
1775 *
1776 * The two main uses of renegotiation are (1) refresh keys on long-lived
1777 * connections and (2) client authentication after the initial handshake.
1778 * If you don't need renegotiation, it's probably better to disable it, since
1779 * it has been associated with security issues in the past and is easy to
1780 * misuse/misunderstand.
1781 *
1782 * Comment this to disable support for renegotiation.
1783 *
1784 * \note Even if this option is disabled, both client and server are aware
1785 * of the Renegotiation Indication Extension (RFC 5746) used to
1786 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
1787 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
1788 * configuration of this extension).
1789 *
1790 */
1791#define MBEDTLS_SSL_RENEGOTIATION
1792
1793/**
1794 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
1795 *
1796 * Enable support for receiving and parsing SSLv2 Client Hello messages for the
1797 * SSL Server module (MBEDTLS_SSL_SRV_C).
1798 *
1799 * \deprecated This option is deprecated and will be removed in a future
1800 * version of Mbed TLS.
1801 *
1802 * Uncomment this macro to enable support for SSLv2 Client Hello messages.
1803 */
1804//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
1805
1806/**
1807 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
1808 *
1809 * Pick the ciphersuite according to the client's preferences rather than ours
1810 * in the SSL Server module (MBEDTLS_SSL_SRV_C).
1811 *
1812 * Uncomment this macro to respect client's ciphersuite order
1813 */
1814//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
1815
1816/**
1817 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1818 *
1819 * Enable support for RFC 6066 max_fragment_length extension in SSL.
1820 *
1821 * Comment this macro to disable support for the max_fragment_length extension
1822 */
1823#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1824
1825/**
1826 * \def MBEDTLS_SSL_PROTO_SSL3
1827 *
1828 * Enable support for SSL 3.0.
1829 *
1830 * Requires: MBEDTLS_MD5_C
1831 * MBEDTLS_SHA1_C
1832 *
1833 * \deprecated This option is deprecated and will be removed in a future
1834 * version of Mbed TLS.
1835 *
1836 * Comment this macro to disable support for SSL 3.0
1837 */
1838//#define MBEDTLS_SSL_PROTO_SSL3
1839
1840/**
1841 * \def MBEDTLS_SSL_PROTO_TLS1
1842 *
1843 * Enable support for TLS 1.0.
1844 *
1845 * Requires: MBEDTLS_MD5_C
1846 * MBEDTLS_SHA1_C
1847 *
1848 * Comment this macro to disable support for TLS 1.0
1849 */
1850#define MBEDTLS_SSL_PROTO_TLS1
1851
1852/**
1853 * \def MBEDTLS_SSL_PROTO_TLS1_1
1854 *
1855 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
1856 *
1857 * Requires: MBEDTLS_MD5_C
1858 * MBEDTLS_SHA1_C
1859 *
1860 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
1861 */
1862#define MBEDTLS_SSL_PROTO_TLS1_1
1863
1864/**
1865 * \def MBEDTLS_SSL_PROTO_TLS1_2
1866 *
1867 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
1868 *
1869 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
1870 * (Depends on ciphersuites)
1871 *
1872 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
1873 */
1874#define MBEDTLS_SSL_PROTO_TLS1_2
1875
1876/**
1877 * \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1878 *
1879 * This macro is used to selectively enable experimental parts
1880 * of the code that contribute to the ongoing development of
1881 * the prototype TLS 1.3 and DTLS 1.3 implementation, and provide
1882 * no other purpose.
1883 *
1884 * \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS,
1885 * and no feature exposed through this macro is part of the
1886 * public API. In particular, features under the control
1887 * of this macro are experimental and don't come with any
1888 * stability guarantees.
1889 *
1890 * Uncomment this macro to enable experimental and partial
1891 * functionality specific to TLS 1.3.
1892 */
1893//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1894
1895/**
1896 * \def MBEDTLS_SSL_PROTO_DTLS
1897 *
1898 * Enable support for DTLS (all available versions).
1899 *
1900 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
1901 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
1902 *
1903 * Requires: MBEDTLS_SSL_PROTO_TLS1_1
1904 * or MBEDTLS_SSL_PROTO_TLS1_2
1905 *
1906 * Comment this macro to disable support for DTLS
1907 */
1908#define MBEDTLS_SSL_PROTO_DTLS
1909
1910/**
1911 * \def MBEDTLS_SSL_ALPN
1912 *
1913 * Enable support for RFC 7301 Application Layer Protocol Negotiation.
1914 *
1915 * Comment this macro to disable support for ALPN.
1916 */
1917#define MBEDTLS_SSL_ALPN
1918
1919/**
1920 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
1921 *
1922 * Enable support for the anti-replay mechanism in DTLS.
1923 *
1924 * Requires: MBEDTLS_SSL_TLS_C
1925 * MBEDTLS_SSL_PROTO_DTLS
1926 *
1927 * \warning Disabling this is often a security risk!
1928 * See mbedtls_ssl_conf_dtls_anti_replay() for details.
1929 *
1930 * Comment this to disable anti-replay in DTLS.
1931 */
1932#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
1933
1934/**
1935 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
1936 *
1937 * Enable support for HelloVerifyRequest on DTLS servers.
1938 *
1939 * This feature is highly recommended to prevent DTLS servers being used as
1940 * amplifiers in DoS attacks against other hosts. It should always be enabled
1941 * unless you know for sure amplification cannot be a problem in the
1942 * environment in which your server operates.
1943 *
1944 * \warning Disabling this can be a security risk! (see above)
1945 *
1946 * Requires: MBEDTLS_SSL_PROTO_DTLS
1947 *
1948 * Comment this to disable support for HelloVerifyRequest.
1949 */
1950#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
1951
1952/**
1953 * \def MBEDTLS_SSL_DTLS_SRTP
1954 *
1955 * Enable support for negotiation of DTLS-SRTP (RFC 5764)
1956 * through the use_srtp extension.
1957 *
1958 * \note This feature provides the minimum functionality required
1959 * to negotiate the use of DTLS-SRTP and to allow the derivation of
1960 * the associated SRTP packet protection key material.
1961 * In particular, the SRTP packet protection itself, as well as the
1962 * demultiplexing of RTP and DTLS packets at the datagram layer
1963 * (see Section 5 of RFC 5764), are not handled by this feature.
1964 * Instead, after successful completion of a handshake negotiating
1965 * the use of DTLS-SRTP, the extended key exporter API
1966 * mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement
1967 * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
1968 * (this is implemented in the SSL example programs).
1969 * The resulting key should then be passed to an SRTP stack.
1970 *
1971 * Setting this option enables the runtime API
1972 * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
1973 * through which the supported DTLS-SRTP protection
1974 * profiles can be configured. You must call this API at
1975 * runtime if you wish to negotiate the use of DTLS-SRTP.
1976 *
1977 * Requires: MBEDTLS_SSL_PROTO_DTLS
1978 *
1979 * Uncomment this to enable support for use_srtp extension.
1980 */
1981//#define MBEDTLS_SSL_DTLS_SRTP
1982
1983/**
1984 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1985 *
1986 * Enable server-side support for clients that reconnect from the same port.
1987 *
1988 * Some clients unexpectedly close the connection and try to reconnect using the
1989 * same source port. This needs special support from the server to handle the
1990 * new connection securely, as described in section 4.2.8 of RFC 6347. This
1991 * flag enables that support.
1992 *
1993 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
1994 *
1995 * Comment this to disable support for clients reusing the source port.
1996 */
1997#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1998
1999/**
2000 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
2001 *
2002 * Enable support for a limit of records with bad MAC.
2003 *
2004 * See mbedtls_ssl_conf_dtls_badmac_limit().
2005 *
2006 * Requires: MBEDTLS_SSL_PROTO_DTLS
2007 */
2008#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
2009
2010/**
2011 * \def MBEDTLS_SSL_SESSION_TICKETS
2012 *
2013 * Enable support for RFC 5077 session tickets in SSL.
2014 * Client-side, provides full support for session tickets (maintenance of a
2015 * session store remains the responsibility of the application, though).
2016 * Server-side, you also need to provide callbacks for writing and parsing
2017 * tickets, including authenticated encryption and key management. Example
2018 * callbacks are provided by MBEDTLS_SSL_TICKET_C.
2019 *
2020 * Comment this macro to disable support for SSL session tickets
2021 */
2022#define MBEDTLS_SSL_SESSION_TICKETS
2023
2024/**
2025 * \def MBEDTLS_SSL_EXPORT_KEYS
2026 *
2027 * Enable support for exporting key block and master secret.
2028 * This is required for certain users of TLS, e.g. EAP-TLS.
2029 *
2030 * Comment this macro to disable support for key export
2031 */
2032#define MBEDTLS_SSL_EXPORT_KEYS
2033
2034/**
2035 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
2036 *
2037 * Enable support for RFC 6066 server name indication (SNI) in SSL.
2038 *
2039 * Requires: MBEDTLS_X509_CRT_PARSE_C
2040 *
2041 * Comment this macro to disable support for server name indication in SSL
2042 */
2043#define MBEDTLS_SSL_SERVER_NAME_INDICATION
2044
2045/**
2046 * \def MBEDTLS_SSL_TRUNCATED_HMAC
2047 *
2048 * Enable support for RFC 6066 truncated HMAC in SSL.
2049 *
2050 * Comment this macro to disable support for truncated HMAC in SSL
2051 */
2052#define MBEDTLS_SSL_TRUNCATED_HMAC
2053
2054/**
2055 * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
2056 *
2057 * Fallback to old (pre-2.7), non-conforming implementation of the truncated
2058 * HMAC extension which also truncates the HMAC key. Note that this option is
2059 * only meant for a transitory upgrade period and will be removed in a future
2060 * version of the library.
2061 *
2062 * \warning The old implementation is non-compliant and has a security weakness
2063 * (2^80 brute force attack on the HMAC key used for a single,
2064 * uninterrupted connection). This should only be enabled temporarily
2065 * when (1) the use of truncated HMAC is essential in order to save
2066 * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
2067 * the fixed implementation yet (pre-2.7).
2068 *
2069 * \deprecated This option is deprecated and will be removed in a
2070 * future version of Mbed TLS.
2071 *
2072 * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
2073 *
2074 * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
2075 */
2076//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
2077
2078/**
2079 * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
2080 *
2081 * When this option is enabled, the SSL buffer will be resized automatically
2082 * based on the negotiated maximum fragment length in each direction.
2083 *
2084 * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2085 */
2086//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
2087
2088/**
2089 * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
2090 *
2091 * Enable testing of the constant-flow nature of some sensitive functions with
2092 * clang's MemorySanitizer. This causes some existing tests to also test
2093 * this non-functional property of the code under test.
2094 *
2095 * This setting requires compiling with clang -fsanitize=memory. The test
2096 * suites can then be run normally.
2097 *
2098 * \warning This macro is only used for extended testing; it is not considered
2099 * part of the library's API, so it may change or disappear at any time.
2100 *
2101 * Uncomment to enable testing of the constant-flow nature of selected code.
2102 */
2103//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
2104
2105/**
2106 * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
2107 *
2108 * Enable testing of the constant-flow nature of some sensitive functions with
2109 * valgrind's memcheck tool. This causes some existing tests to also test
2110 * this non-functional property of the code under test.
2111 *
2112 * This setting requires valgrind headers for building, and is only useful for
2113 * testing if the tests suites are run with valgrind's memcheck. This can be
2114 * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
2115 * using CMake, this can be done for all test suites with 'make memcheck'.
2116 *
2117 * \warning This macro is only used for extended testing; it is not considered
2118 * part of the library's API, so it may change or disappear at any time.
2119 *
2120 * Uncomment to enable testing of the constant-flow nature of selected code.
2121 */
2122//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
2123
2124/**
2125 * \def MBEDTLS_TEST_HOOKS
2126 *
2127 * Enable features for invasive testing such as introspection functions and
2128 * hooks for fault injection. This enables additional unit tests.
2129 *
2130 * Merely enabling this feature should not change the behavior of the product.
2131 * It only adds new code, and new branching points where the default behavior
2132 * is the same as when this feature is disabled.
2133 * However, this feature increases the attack surface: there is an added
2134 * risk of vulnerabilities, and more gadgets that can make exploits easier.
2135 * Therefore this feature must never be enabled in production.
2136 *
2137 * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
2138 * information.
2139 *
2140 * Uncomment to enable invasive tests.
2141 */
2142//#define MBEDTLS_TEST_HOOKS
2143
2144/**
2145 * \def MBEDTLS_THREADING_ALT
2146 *
2147 * Provide your own alternate threading implementation.
2148 *
2149 * Requires: MBEDTLS_THREADING_C
2150 *
2151 * Uncomment this to allow your own alternate threading implementation.
2152 */
2153//#define MBEDTLS_THREADING_ALT
2154
2155/**
2156 * \def MBEDTLS_THREADING_PTHREAD
2157 *
2158 * Enable the pthread wrapper layer for the threading layer.
2159 *
2160 * Requires: MBEDTLS_THREADING_C
2161 *
2162 * Uncomment this to enable pthread mutexes.
2163 */
2164//#define MBEDTLS_THREADING_PTHREAD
2165
2166/**
2167 * \def MBEDTLS_USE_PSA_CRYPTO
2168 *
2169 * Make the X.509 and TLS library use PSA for cryptographic operations, and
2170 * enable new APIs for using keys handled by PSA Crypto.
2171 *
2172 * \note Development of this option is currently in progress, and parts of Mbed
2173 * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
2174 * will still continue to work as usual, so enabling this option should not
2175 * break backwards compatibility.
2176 *
2177 * \note See docs/use-psa-crypto.md for a complete description of what this
2178 * option currently does, and of parts that are not affected by it so far.
2179 *
2180 * \warning This option enables new Mbed TLS APIs which are currently
2181 * considered experimental and may change in incompatible ways at any time.
2182 * That is, the APIs enabled by this option are not covered by the usual
2183 * promises of API stability.
2184 *
2185 * Requires: MBEDTLS_PSA_CRYPTO_C.
2186 *
2187 * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
2188 */
2189//#define MBEDTLS_USE_PSA_CRYPTO
2190
2191/**
2192 * \def MBEDTLS_PSA_CRYPTO_CONFIG
2193 *
2194 * This setting allows support for cryptographic mechanisms through the PSA
2195 * API to be configured separately from support through the mbedtls API.
2196 *
2197 * When this option is disabled, the PSA API exposes the cryptographic
2198 * mechanisms that can be implemented on top of the `mbedtls_xxx` API
2199 * configured with `MBEDTLS_XXX` symbols.
2200 *
2201 * When this option is enabled, the PSA API exposes the cryptographic
2202 * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
2203 * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
2204 * automatically enabled if required (i.e. if no PSA driver provides the
2205 * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
2206 * in config.h.
2207 *
2208 * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
2209 * an alternative header to include instead of include/psa/crypto_config.h.
2210 *
2211 * If you enable this option and write your own configuration file, you must
2212 * include mbedtls/config_psa.h in your configuration file. The default
2213 * provided mbedtls/config.h contains the necessary inclusion.
2214 *
2215 * This feature is still experimental and is not ready for production since
2216 * it is not completed.
2217 */
2218//#define MBEDTLS_PSA_CRYPTO_CONFIG
2219
2220/**
2221 * \def MBEDTLS_VERSION_FEATURES
2222 *
2223 * Allow run-time checking of compile-time enabled features. Thus allowing users
2224 * to check at run-time if the library is for instance compiled with threading
2225 * support via mbedtls_version_check_feature().
2226 *
2227 * Requires: MBEDTLS_VERSION_C
2228 *
2229 * Comment this to disable run-time checking and save ROM space
2230 */
2231#define MBEDTLS_VERSION_FEATURES
2232
2233/**
2234 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
2235 *
2236 * If set, the X509 parser will not break-off when parsing an X509 certificate
2237 * and encountering an extension in a v1 or v2 certificate.
2238 *
2239 * Uncomment to prevent an error.
2240 */
2241//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
2242
2243/**
2244 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
2245 *
2246 * If set, the X509 parser will not break-off when parsing an X509 certificate
2247 * and encountering an unknown critical extension.
2248 *
2249 * \warning Depending on your PKI use, enabling this can be a security risk!
2250 *
2251 * Uncomment to prevent an error.
2252 */
2253//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
2254
2255/**
2256 * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
2257 *
2258 * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
2259 * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
2260 * the set of trusted certificates through a callback instead of a linked
2261 * list.
2262 *
2263 * This is useful for example in environments where a large number of trusted
2264 * certificates is present and storing them in a linked list isn't efficient
2265 * enough, or when the set of trusted certificates changes frequently.
2266 *
2267 * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
2268 * `mbedtls_ssl_conf_ca_cb()` for more information.
2269 *
2270 * Uncomment to enable trusted certificate callbacks.
2271 */
2272//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
2273
2274/**
2275 * \def MBEDTLS_X509_CHECK_KEY_USAGE
2276 *
2277 * Enable verification of the keyUsage extension (CA and leaf certificates).
2278 *
2279 * Disabling this avoids problems with mis-issued and/or misused
2280 * (intermediate) CA and leaf certificates.
2281 *
2282 * \warning Depending on your PKI use, disabling this can be a security risk!
2283 *
2284 * Comment to skip keyUsage checking for both CA and leaf certificates.
2285 */
2286#define MBEDTLS_X509_CHECK_KEY_USAGE
2287
2288/**
2289 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
2290 *
2291 * Enable verification of the extendedKeyUsage extension (leaf certificates).
2292 *
2293 * Disabling this avoids problems with mis-issued and/or misused certificates.
2294 *
2295 * \warning Depending on your PKI use, disabling this can be a security risk!
2296 *
2297 * Comment to skip extendedKeyUsage checking for certificates.
2298 */
2299#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
2300
2301/**
2302 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
2303 *
2304 * Enable parsing and verification of X.509 certificates, CRLs and CSRS
2305 * signed with RSASSA-PSS (aka PKCS#1 v2.1).
2306 *
2307 * Comment this macro to disallow using RSASSA-PSS in certificates.
2308 */
2309#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
2310
2311/**
2312 * \def MBEDTLS_ZLIB_SUPPORT
2313 *
2314 * If set, the SSL/TLS module uses ZLIB to support compression and
2315 * decompression of packet data.
2316 *
2317 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
2318 * CRIME attack. Before enabling this option, you should examine with care if
2319 * CRIME or similar exploits may be applicable to your use case.
2320 *
2321 * \note Currently compression can't be used with DTLS.
2322 *
2323 * \deprecated This feature is deprecated and will be removed
2324 * in the next major revision of the library.
2325 *
2326 * Used in: library/ssl_tls.c
2327 * library/ssl_cli.c
2328 * library/ssl_srv.c
2329 *
2330 * This feature requires zlib library and headers to be present.
2331 *
2332 * Uncomment to enable use of ZLIB
2333 */
2334//#define MBEDTLS_ZLIB_SUPPORT
2335/** \} name SECTION: mbed TLS feature support */
2336
2337/**
2338 * \name SECTION: mbed TLS modules
2339 *
2340 * This section enables or disables entire modules in mbed TLS
2341 * \{
2342 */
2343
2344/**
2345 * \def MBEDTLS_AESNI_C
2346 *
2347 * Enable AES-NI support on x86-64 or x86-32.
2348 *
2349 * \note AESNI is only supported with certain compilers and target options:
2350 * - Visual Studio 2013: supported.
2351 * - GCC, x86-64, target not explicitly supporting AESNI:
2352 * requires MBEDTLS_HAVE_ASM.
2353 * - GCC, x86-32, target not explicitly supporting AESNI:
2354 * not supported.
2355 * - GCC, x86-64 or x86-32, target supporting AESNI: supported.
2356 * For this assembly-less implementation, you must currently compile
2357 * `library/aesni.c` and `library/aes.c` with machine options to enable
2358 * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
2359 * `clang -maes -mpclmul`.
2360 * - Non-x86 targets: this option is silently ignored.
2361 * - Other compilers: this option is silently ignored.
2362 *
2363 * \note
2364 * Above, "GCC" includes compatible compilers such as Clang.
2365 * The limitations on target support are likely to be relaxed in the future.
2366 *
2367 * Module: library/aesni.c
2368 * Caller: library/aes.c
2369 *
2370 * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
2371 *
2372 * This modules adds support for the AES-NI instructions on x86.
2373 */
2374#define MBEDTLS_AESNI_C
2375
2376/**
2377 * \def MBEDTLS_AES_C
2378 *
2379 * Enable the AES block cipher.
2380 *
2381 * Module: library/aes.c
2382 * Caller: library/cipher.c
2383 * library/pem.c
2384 * library/ctr_drbg.c
2385 *
2386 * This module enables the following ciphersuites (if other requisites are
2387 * enabled as well):
2388 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
2389 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
2390 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
2391 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
2392 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
2393 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
2394 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
2395 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
2396 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
2397 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
2398 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
2399 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
2400 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
2401 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2402 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2403 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
2404 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
2405 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
2406 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
2407 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2408 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
2409 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2410 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2411 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
2412 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
2413 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2414 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
2415 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
2416 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2417 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
2418 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
2419 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
2420 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
2421 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
2422 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
2423 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
2424 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
2425 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
2426 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
2427 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
2428 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
2429 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
2430 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
2431 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
2432 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
2433 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
2434 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
2435 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
2436 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
2437 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
2438 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
2439 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
2440 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
2441 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
2442 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
2443 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
2444 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
2445 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
2446 *
2447 * PEM_PARSE uses AES for decrypting encrypted keys.
2448 */
2449#define MBEDTLS_AES_C
2450
2451/**
2452 * \def MBEDTLS_ARC4_C
2453 *
2454 * Enable the ARCFOUR stream cipher.
2455 *
2456 * Module: library/arc4.c
2457 * Caller: library/cipher.c
2458 *
2459 * This module enables the following ciphersuites (if other requisites are
2460 * enabled as well):
2461 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
2462 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
2463 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
2464 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
2465 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
2466 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
2467 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
2468 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
2469 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
2470 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
2471 *
2472 * \warning ARC4 is considered a weak cipher and its use constitutes a
2473 * security risk. If possible, we recommend avoiding dependencies on
2474 * it, and considering stronger ciphers instead.
2475 *
2476 */
2477#define MBEDTLS_ARC4_C
2478
2479/**
2480 * \def MBEDTLS_ASN1_PARSE_C
2481 *
2482 * Enable the generic ASN1 parser.
2483 *
2484 * Module: library/asn1.c
2485 * Caller: library/x509.c
2486 * library/dhm.c
2487 * library/pkcs12.c
2488 * library/pkcs5.c
2489 * library/pkparse.c
2490 */
2491#define MBEDTLS_ASN1_PARSE_C
2492
2493/**
2494 * \def MBEDTLS_ASN1_WRITE_C
2495 *
2496 * Enable the generic ASN1 writer.
2497 *
2498 * Module: library/asn1write.c
2499 * Caller: library/ecdsa.c
2500 * library/pkwrite.c
2501 * library/x509_create.c
2502 * library/x509write_crt.c
2503 * library/x509write_csr.c
2504 */
2505#define MBEDTLS_ASN1_WRITE_C
2506
2507/**
2508 * \def MBEDTLS_BASE64_C
2509 *
2510 * Enable the Base64 module.
2511 *
2512 * Module: library/base64.c
2513 * Caller: library/pem.c
2514 *
2515 * This module is required for PEM support (required by X.509).
2516 */
2517#define MBEDTLS_BASE64_C
2518
2519/**
2520 * \def MBEDTLS_BIGNUM_C
2521 *
2522 * Enable the multi-precision integer library.
2523 *
2524 * Module: library/bignum.c
2525 * Caller: library/dhm.c
2526 * library/ecp.c
2527 * library/ecdsa.c
2528 * library/rsa.c
2529 * library/rsa_internal.c
2530 * library/ssl_tls.c
2531 *
2532 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
2533 */
2534#define MBEDTLS_BIGNUM_C
2535
2536/**
2537 * \def MBEDTLS_BLOWFISH_C
2538 *
2539 * Enable the Blowfish block cipher.
2540 *
2541 * Module: library/blowfish.c
2542 */
2543#define MBEDTLS_BLOWFISH_C
2544
2545/**
2546 * \def MBEDTLS_CAMELLIA_C
2547 *
2548 * Enable the Camellia block cipher.
2549 *
2550 * Module: library/camellia.c
2551 * Caller: library/cipher.c
2552 *
2553 * This module enables the following ciphersuites (if other requisites are
2554 * enabled as well):
2555 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
2556 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
2557 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
2558 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
2559 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
2560 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
2561 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
2562 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
2563 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
2564 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
2565 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
2566 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
2567 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
2568 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2569 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2570 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
2571 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2572 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2573 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
2574 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2575 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2576 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
2577 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
2578 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2579 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2580 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
2581 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2582 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2583 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
2584 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
2585 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
2586 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
2587 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
2588 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
2589 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
2590 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
2591 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
2592 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
2593 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
2594 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
2595 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
2596 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
2597 */
2598#define MBEDTLS_CAMELLIA_C
2599
2600/**
2601 * \def MBEDTLS_ARIA_C
2602 *
2603 * Enable the ARIA block cipher.
2604 *
2605 * Module: library/aria.c
2606 * Caller: library/cipher.c
2607 *
2608 * This module enables the following ciphersuites (if other requisites are
2609 * enabled as well):
2610 *
2611 * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
2612 * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
2613 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
2614 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
2615 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
2616 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
2617 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
2618 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
2619 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
2620 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
2621 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
2622 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
2623 * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
2624 * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
2625 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
2626 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
2627 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
2628 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
2629 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
2630 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
2631 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
2632 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
2633 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
2634 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
2635 * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
2636 * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
2637 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
2638 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
2639 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
2640 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
2641 * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
2642 * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
2643 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
2644 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
2645 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
2646 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
2647 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
2648 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
2649 */
2650//#define MBEDTLS_ARIA_C
2651
2652/**
2653 * \def MBEDTLS_CCM_C
2654 *
2655 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
2656 *
2657 * Module: library/ccm.c
2658 *
2659 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
2660 *
2661 * This module enables the AES-CCM ciphersuites, if other requisites are
2662 * enabled as well.
2663 */
2664#define MBEDTLS_CCM_C
2665
2666/**
2667 * \def MBEDTLS_CERTS_C
2668 *
2669 * Enable the test certificates.
2670 *
2671 * Module: library/certs.c
2672 * Caller:
2673 *
2674 * This module is used for testing (ssl_client/server).
2675 */
2676#define MBEDTLS_CERTS_C
2677
2678/**
2679 * \def MBEDTLS_CHACHA20_C
2680 *
2681 * Enable the ChaCha20 stream cipher.
2682 *
2683 * Module: library/chacha20.c
2684 */
2685#define MBEDTLS_CHACHA20_C
2686
2687/**
2688 * \def MBEDTLS_CHACHAPOLY_C
2689 *
2690 * Enable the ChaCha20-Poly1305 AEAD algorithm.
2691 *
2692 * Module: library/chachapoly.c
2693 *
2694 * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
2695 */
2696#define MBEDTLS_CHACHAPOLY_C
2697
2698/**
2699 * \def MBEDTLS_CIPHER_C
2700 *
2701 * Enable the generic cipher layer.
2702 *
2703 * Module: library/cipher.c
2704 * Caller: library/ssl_tls.c
2705 *
2706 * Uncomment to enable generic cipher wrappers.
2707 */
2708#define MBEDTLS_CIPHER_C
2709
2710/**
2711 * \def MBEDTLS_CMAC_C
2712 *
2713 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
2714 * ciphers.
2715 *
2716 * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
2717 * implementation of the CMAC algorithm is provided by an alternate
2718 * implementation, that alternate implementation may opt to not support
2719 * AES-192 or 3DES as underlying block ciphers for the CMAC operation.
2720 *
2721 * Module: library/cmac.c
2722 *
2723 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
2724 *
2725 */
2726//#define MBEDTLS_CMAC_C
2727
2728/**
2729 * \def MBEDTLS_CTR_DRBG_C
2730 *
2731 * Enable the CTR_DRBG AES-based random generator.
2732 * The CTR_DRBG generator uses AES-256 by default.
2733 * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
2734 *
2735 * \note To achieve a 256-bit security strength with CTR_DRBG,
2736 * you must use AES-256 *and* use sufficient entropy.
2737 * See ctr_drbg.h for more details.
2738 *
2739 * Module: library/ctr_drbg.c
2740 * Caller:
2741 *
2742 * Requires: MBEDTLS_AES_C
2743 *
2744 * This module provides the CTR_DRBG AES random number generator.
2745 */
2746#define MBEDTLS_CTR_DRBG_C
2747
2748/**
2749 * \def MBEDTLS_DEBUG_C
2750 *
2751 * Enable the debug functions.
2752 *
2753 * Module: library/debug.c
2754 * Caller: library/ssl_cli.c
2755 * library/ssl_srv.c
2756 * library/ssl_tls.c
2757 *
2758 * This module provides debugging functions.
2759 */
2760#define MBEDTLS_DEBUG_C
2761
2762/**
2763 * \def MBEDTLS_DES_C
2764 *
2765 * Enable the DES block cipher.
2766 *
2767 * Module: library/des.c
2768 * Caller: library/pem.c
2769 * library/cipher.c
2770 *
2771 * This module enables the following ciphersuites (if other requisites are
2772 * enabled as well):
2773 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
2774 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
2775 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
2776 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
2777 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
2778 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
2779 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
2780 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
2781 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
2782 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
2783 *
2784 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
2785 *
2786 * \warning DES/3DES are considered weak ciphers and their use constitutes a
2787 * security risk. We recommend considering stronger ciphers instead.
2788 */
2789#define MBEDTLS_DES_C
2790
2791/**
2792 * \def MBEDTLS_DHM_C
2793 *
2794 * Enable the Diffie-Hellman-Merkle module.
2795 *
2796 * Module: library/dhm.c
2797 * Caller: library/ssl_cli.c
2798 * library/ssl_srv.c
2799 *
2800 * This module is used by the following key exchanges:
2801 * DHE-RSA, DHE-PSK
2802 *
2803 * \warning Using DHE constitutes a security risk as it
2804 * is not possible to validate custom DH parameters.
2805 * If possible, it is recommended users should consider
2806 * preferring other methods of key exchange.
2807 * See dhm.h for more details.
2808 *
2809 */
2810#define MBEDTLS_DHM_C
2811
2812/**
2813 * \def MBEDTLS_ECDH_C
2814 *
2815 * Enable the elliptic curve Diffie-Hellman library.
2816 *
2817 * Module: library/ecdh.c
2818 * Caller: library/ssl_cli.c
2819 * library/ssl_srv.c
2820 *
2821 * This module is used by the following key exchanges:
2822 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
2823 *
2824 * Requires: MBEDTLS_ECP_C
2825 */
2826#define MBEDTLS_ECDH_C
2827
2828/**
2829 * \def MBEDTLS_ECDSA_C
2830 *
2831 * Enable the elliptic curve DSA library.
2832 *
2833 * Module: library/ecdsa.c
2834 * Caller:
2835 *
2836 * This module is used by the following key exchanges:
2837 * ECDHE-ECDSA
2838 *
2839 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
2840 * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
2841 * short Weierstrass curve.
2842 */
2843#define MBEDTLS_ECDSA_C
2844
2845/**
2846 * \def MBEDTLS_ECJPAKE_C
2847 *
2848 * Enable the elliptic curve J-PAKE library.
2849 *
2850 * \warning This is currently experimental. EC J-PAKE support is based on the
2851 * Thread v1.0.0 specification; incompatible changes to the specification
2852 * might still happen. For this reason, this is disabled by default.
2853 *
2854 * Module: library/ecjpake.c
2855 * Caller:
2856 *
2857 * This module is used by the following key exchanges:
2858 * ECJPAKE
2859 *
2860 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
2861 */
2862//#define MBEDTLS_ECJPAKE_C
2863
2864/**
2865 * \def MBEDTLS_ECP_C
2866 *
2867 * Enable the elliptic curve over GF(p) library.
2868 *
2869 * Module: library/ecp.c
2870 * Caller: library/ecdh.c
2871 * library/ecdsa.c
2872 * library/ecjpake.c
2873 *
2874 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
2875 */
2876#define MBEDTLS_ECP_C
2877
2878/**
2879 * \def MBEDTLS_ENTROPY_C
2880 *
2881 * Enable the platform-specific entropy code.
2882 *
2883 * Module: library/entropy.c
2884 * Caller:
2885 *
2886 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
2887 *
2888 * This module provides a generic entropy pool
2889 */
2890#define MBEDTLS_ENTROPY_C
2891
2892/**
2893 * \def MBEDTLS_ERROR_C
2894 *
2895 * Enable error code to error string conversion.
2896 *
2897 * Module: library/error.c
2898 * Caller:
2899 *
2900 * This module enables mbedtls_strerror().
2901 */
2902#define MBEDTLS_ERROR_C
2903
2904/**
2905 * \def MBEDTLS_GCM_C
2906 *
2907 * Enable the Galois/Counter Mode (GCM).
2908 *
2909 * Module: library/gcm.c
2910 *
2911 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
2912 *
2913 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
2914 * requisites are enabled as well.
2915 */
2916#define MBEDTLS_GCM_C
2917
2918/**
2919 * \def MBEDTLS_HAVEGE_C
2920 *
2921 * Enable the HAVEGE random generator.
2922 *
2923 * Warning: the HAVEGE random generator is not suitable for virtualized
2924 * environments
2925 *
2926 * Warning: the HAVEGE random generator is dependent on timing and specific
2927 * processor traits. It is therefore not advised to use HAVEGE as
2928 * your applications primary random generator or primary entropy pool
2929 * input. As a secondary input to your entropy pool, it IS able add
2930 * the (limited) extra entropy it provides.
2931 *
2932 * Module: library/havege.c
2933 * Caller:
2934 *
2935 * Requires: MBEDTLS_TIMING_C
2936 *
2937 * Uncomment to enable the HAVEGE random generator.
2938 */
2939//#define MBEDTLS_HAVEGE_C
2940
2941/**
2942 * \def MBEDTLS_HKDF_C
2943 *
2944 * Enable the HKDF algorithm (RFC 5869).
2945 *
2946 * Module: library/hkdf.c
2947 * Caller:
2948 *
2949 * Requires: MBEDTLS_MD_C
2950 *
2951 * This module adds support for the Hashed Message Authentication Code
2952 * (HMAC)-based key derivation function (HKDF).
2953 */
2954#define MBEDTLS_HKDF_C
2955
2956/**
2957 * \def MBEDTLS_HMAC_DRBG_C
2958 *
2959 * Enable the HMAC_DRBG random generator.
2960 *
2961 * Module: library/hmac_drbg.c
2962 * Caller:
2963 *
2964 * Requires: MBEDTLS_MD_C
2965 *
2966 * Uncomment to enable the HMAC_DRBG random number generator.
2967 */
2968#define MBEDTLS_HMAC_DRBG_C
2969
2970/**
2971 * \def MBEDTLS_NIST_KW_C
2972 *
2973 * Enable the Key Wrapping mode for 128-bit block ciphers,
2974 * as defined in NIST SP 800-38F. Only KW and KWP modes
2975 * are supported. At the moment, only AES is approved by NIST.
2976 *
2977 * Module: library/nist_kw.c
2978 *
2979 * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
2980 */
2981//#define MBEDTLS_NIST_KW_C
2982
2983/**
2984 * \def MBEDTLS_MD_C
2985 *
2986 * Enable the generic message digest layer.
2987 *
2988 * Module: library/md.c
2989 * Caller:
2990 *
2991 * Uncomment to enable generic message digest wrappers.
2992 */
2993#define MBEDTLS_MD_C
2994
2995/**
2996 * \def MBEDTLS_MD2_C
2997 *
2998 * Enable the MD2 hash algorithm.
2999 *
3000 * Module: library/md2.c
3001 * Caller:
3002 *
3003 * Uncomment to enable support for (rare) MD2-signed X.509 certs.
3004 *
3005 * \warning MD2 is considered a weak message digest and its use constitutes a
3006 * security risk. If possible, we recommend avoiding dependencies on
3007 * it, and considering stronger message digests instead.
3008 *
3009 */
3010//#define MBEDTLS_MD2_C
3011
3012/**
3013 * \def MBEDTLS_MD4_C
3014 *
3015 * Enable the MD4 hash algorithm.
3016 *
3017 * Module: library/md4.c
3018 * Caller:
3019 *
3020 * Uncomment to enable support for (rare) MD4-signed X.509 certs.
3021 *
3022 * \warning MD4 is considered a weak message digest and its use constitutes a
3023 * security risk. If possible, we recommend avoiding dependencies on
3024 * it, and considering stronger message digests instead.
3025 *
3026 */
3027//#define MBEDTLS_MD4_C
3028
3029/**
3030 * \def MBEDTLS_MD5_C
3031 *
3032 * Enable the MD5 hash algorithm.
3033 *
3034 * Module: library/md5.c
3035 * Caller: library/md.c
3036 * library/pem.c
3037 * library/ssl_tls.c
3038 *
3039 * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
3040 * depending on the handshake parameters. Further, it is used for checking
3041 * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
3042 * encrypted keys.
3043 *
3044 * \warning MD5 is considered a weak message digest and its use constitutes a
3045 * security risk. If possible, we recommend avoiding dependencies on
3046 * it, and considering stronger message digests instead.
3047 *
3048 */
3049#define MBEDTLS_MD5_C
3050
3051/**
3052 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
3053 *
3054 * Enable the buffer allocator implementation that makes use of a (stack)
3055 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
3056 * calls)
3057 *
3058 * Module: library/memory_buffer_alloc.c
3059 *
3060 * Requires: MBEDTLS_PLATFORM_C
3061 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
3062 *
3063 * Enable this module to enable the buffer memory allocator.
3064 */
3065//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
3066
3067/**
3068 * \def MBEDTLS_NET_C
3069 *
3070 * Enable the TCP and UDP over IPv6/IPv4 networking routines.
3071 *
3072 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
3073 * and Windows. For other platforms, you'll want to disable it, and write your
3074 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
3075 *
3076 * \note See also our Knowledge Base article about porting to a new
3077 * environment:
3078 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
3079 *
3080 * Module: library/net_sockets.c
3081 *
3082 * This module provides networking routines.
3083 */
3084#define MBEDTLS_NET_C
3085
3086/**
3087 * \def MBEDTLS_OID_C
3088 *
3089 * Enable the OID database.
3090 *
3091 * Module: library/oid.c
3092 * Caller: library/asn1write.c
3093 * library/pkcs5.c
3094 * library/pkparse.c
3095 * library/pkwrite.c
3096 * library/rsa.c
3097 * library/x509.c
3098 * library/x509_create.c
3099 * library/x509_crl.c
3100 * library/x509_crt.c
3101 * library/x509_csr.c
3102 * library/x509write_crt.c
3103 * library/x509write_csr.c
3104 *
3105 * This modules translates between OIDs and internal values.
3106 */
3107#define MBEDTLS_OID_C
3108
3109/**
3110 * \def MBEDTLS_PADLOCK_C
3111 *
3112 * Enable VIA Padlock support on x86.
3113 *
3114 * Module: library/padlock.c
3115 * Caller: library/aes.c
3116 *
3117 * Requires: MBEDTLS_HAVE_ASM
3118 *
3119 * This modules adds support for the VIA PadLock on x86.
3120 */
3121#define MBEDTLS_PADLOCK_C
3122
3123/**
3124 * \def MBEDTLS_PEM_PARSE_C
3125 *
3126 * Enable PEM decoding / parsing.
3127 *
3128 * Module: library/pem.c
3129 * Caller: library/dhm.c
3130 * library/pkparse.c
3131 * library/x509_crl.c
3132 * library/x509_crt.c
3133 * library/x509_csr.c
3134 *
3135 * Requires: MBEDTLS_BASE64_C
3136 *
3137 * This modules adds support for decoding / parsing PEM files.
3138 */
3139#define MBEDTLS_PEM_PARSE_C
3140
3141/**
3142 * \def MBEDTLS_PEM_WRITE_C
3143 *
3144 * Enable PEM encoding / writing.
3145 *
3146 * Module: library/pem.c
3147 * Caller: library/pkwrite.c
3148 * library/x509write_crt.c
3149 * library/x509write_csr.c
3150 *
3151 * Requires: MBEDTLS_BASE64_C
3152 *
3153 * This modules adds support for encoding / writing PEM files.
3154 */
3155#define MBEDTLS_PEM_WRITE_C
3156
3157/**
3158 * \def MBEDTLS_PK_C
3159 *
3160 * Enable the generic public (asymmetric) key layer.
3161 *
3162 * Module: library/pk.c
3163 * Caller: library/ssl_tls.c
3164 * library/ssl_cli.c
3165 * library/ssl_srv.c
3166 *
3167 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
3168 *
3169 * Uncomment to enable generic public key wrappers.
3170 */
3171#define MBEDTLS_PK_C
3172
3173/**
3174 * \def MBEDTLS_PK_PARSE_C
3175 *
3176 * Enable the generic public (asymmetric) key parser.
3177 *
3178 * Module: library/pkparse.c
3179 * Caller: library/x509_crt.c
3180 * library/x509_csr.c
3181 *
3182 * Requires: MBEDTLS_PK_C
3183 *
3184 * Uncomment to enable generic public key parse functions.
3185 */
3186#define MBEDTLS_PK_PARSE_C
3187
3188/**
3189 * \def MBEDTLS_PK_WRITE_C
3190 *
3191 * Enable the generic public (asymmetric) key writer.
3192 *
3193 * Module: library/pkwrite.c
3194 * Caller: library/x509write.c
3195 *
3196 * Requires: MBEDTLS_PK_C
3197 *
3198 * Uncomment to enable generic public key write functions.
3199 */
3200#define MBEDTLS_PK_WRITE_C
3201
3202/**
3203 * \def MBEDTLS_PKCS5_C
3204 *
3205 * Enable PKCS#5 functions.
3206 *
3207 * Module: library/pkcs5.c
3208 *
3209 * Requires: MBEDTLS_MD_C
3210 *
3211 * This module adds support for the PKCS#5 functions.
3212 */
3213#define MBEDTLS_PKCS5_C
3214
3215/**
3216 * \def MBEDTLS_PKCS11_C
3217 *
3218 * Enable wrapper for PKCS#11 smartcard support via the pkcs11-helper library.
3219 *
3220 * \deprecated This option is deprecated and will be removed in a future
3221 * version of Mbed TLS.
3222 *
3223 * Module: library/pkcs11.c
3224 * Caller: library/pk.c
3225 *
3226 * Requires: MBEDTLS_PK_C
3227 *
3228 * This module enables SSL/TLS PKCS #11 smartcard support.
3229 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
3230 */
3231//#define MBEDTLS_PKCS11_C
3232
3233/**
3234 * \def MBEDTLS_PKCS12_C
3235 *
3236 * Enable PKCS#12 PBE functions.
3237 * Adds algorithms for parsing PKCS#8 encrypted private keys
3238 *
3239 * Module: library/pkcs12.c
3240 * Caller: library/pkparse.c
3241 *
3242 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
3243 * Can use: MBEDTLS_ARC4_C
3244 *
3245 * This module enables PKCS#12 functions.
3246 */
3247#define MBEDTLS_PKCS12_C
3248
3249/**
3250 * \def MBEDTLS_PLATFORM_C
3251 *
3252 * Enable the platform abstraction layer that allows you to re-assign
3253 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
3254 *
3255 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
3256 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
3257 * above to be specified at runtime or compile time respectively.
3258 *
3259 * \note This abstraction layer must be enabled on Windows (including MSYS2)
3260 * as other module rely on it for a fixed snprintf implementation.
3261 *
3262 * Module: library/platform.c
3263 * Caller: Most other .c files
3264 *
3265 * This module enables abstraction of common (libc) functions.
3266 */
3267#define MBEDTLS_PLATFORM_C
3268
3269/**
3270 * \def MBEDTLS_POLY1305_C
3271 *
3272 * Enable the Poly1305 MAC algorithm.
3273 *
3274 * Module: library/poly1305.c
3275 * Caller: library/chachapoly.c
3276 */
3277#define MBEDTLS_POLY1305_C
3278
3279/**
3280 * \def MBEDTLS_PSA_CRYPTO_C
3281 *
3282 * Enable the Platform Security Architecture cryptography API.
3283 *
3284 * Module: library/psa_crypto.c
3285 *
3286 * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
3287 * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
3288 * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
3289 *
3290 */
3291#define MBEDTLS_PSA_CRYPTO_C
3292
3293/**
3294 * \def MBEDTLS_PSA_CRYPTO_SE_C
3295 *
3296 * Enable secure element support in the Platform Security Architecture
3297 * cryptography API.
3298 *
3299 * \warning This feature is not yet suitable for production. It is provided
3300 * for API evaluation and testing purposes only.
3301 *
3302 * Module: library/psa_crypto_se.c
3303 *
3304 * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
3305 *
3306 */
3307//#define MBEDTLS_PSA_CRYPTO_SE_C
3308
3309/**
3310 * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
3311 *
3312 * Enable the Platform Security Architecture persistent key storage.
3313 *
3314 * Module: library/psa_crypto_storage.c
3315 *
3316 * Requires: MBEDTLS_PSA_CRYPTO_C,
3317 * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
3318 * the PSA ITS interface
3319 */
3320#define MBEDTLS_PSA_CRYPTO_STORAGE_C
3321
3322/**
3323 * \def MBEDTLS_PSA_ITS_FILE_C
3324 *
3325 * Enable the emulation of the Platform Security Architecture
3326 * Internal Trusted Storage (PSA ITS) over files.
3327 *
3328 * Module: library/psa_its_file.c
3329 *
3330 * Requires: MBEDTLS_FS_IO
3331 */
3332#define MBEDTLS_PSA_ITS_FILE_C
3333
3334/**
3335 * \def MBEDTLS_RIPEMD160_C
3336 *
3337 * Enable the RIPEMD-160 hash algorithm.
3338 *
3339 * Module: library/ripemd160.c
3340 * Caller: library/md.c
3341 *
3342 */
3343#define MBEDTLS_RIPEMD160_C
3344
3345/**
3346 * \def MBEDTLS_RSA_C
3347 *
3348 * Enable the RSA public-key cryptosystem.
3349 *
3350 * Module: library/rsa.c
3351 * library/rsa_internal.c
3352 * Caller: library/ssl_cli.c
3353 * library/ssl_srv.c
3354 * library/ssl_tls.c
3355 * library/x509.c
3356 *
3357 * This module is used by the following key exchanges:
3358 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
3359 *
3360 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
3361 */
3362#define MBEDTLS_RSA_C
3363
3364/**
3365 * \def MBEDTLS_SHA1_C
3366 *
3367 * Enable the SHA1 cryptographic hash algorithm.
3368 *
3369 * Module: library/sha1.c
3370 * Caller: library/md.c
3371 * library/ssl_cli.c
3372 * library/ssl_srv.c
3373 * library/ssl_tls.c
3374 * library/x509write_crt.c
3375 *
3376 * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
3377 * depending on the handshake parameters, and for SHA1-signed certificates.
3378 *
3379 * \warning SHA-1 is considered a weak message digest and its use constitutes
3380 * a security risk. If possible, we recommend avoiding dependencies
3381 * on it, and considering stronger message digests instead.
3382 *
3383 */
3384#define MBEDTLS_SHA1_C
3385
3386/**
3387 * \def MBEDTLS_SHA256_C
3388 *
3389 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
3390 *
3391 * Module: library/sha256.c
3392 * Caller: library/entropy.c
3393 * library/md.c
3394 * library/ssl_cli.c
3395 * library/ssl_srv.c
3396 * library/ssl_tls.c
3397 *
3398 * This module adds support for SHA-224 and SHA-256.
3399 * This module is required for the SSL/TLS 1.2 PRF function.
3400 */
3401#define MBEDTLS_SHA256_C
3402
3403/**
3404 * \def MBEDTLS_SHA512_C
3405 *
3406 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
3407 *
3408 * Module: library/sha512.c
3409 * Caller: library/entropy.c
3410 * library/md.c
3411 * library/ssl_cli.c
3412 * library/ssl_srv.c
3413 *
3414 * This module adds support for SHA-384 and SHA-512.
3415 */
3416#define MBEDTLS_SHA512_C
3417
3418/**
3419 * \def MBEDTLS_SSL_CACHE_C
3420 *
3421 * Enable simple SSL cache implementation.
3422 *
3423 * Module: library/ssl_cache.c
3424 * Caller:
3425 *
3426 * Requires: MBEDTLS_SSL_CACHE_C
3427 */
3428#define MBEDTLS_SSL_CACHE_C
3429
3430/**
3431 * \def MBEDTLS_SSL_COOKIE_C
3432 *
3433 * Enable basic implementation of DTLS cookies for hello verification.
3434 *
3435 * Module: library/ssl_cookie.c
3436 * Caller:
3437 */
3438#define MBEDTLS_SSL_COOKIE_C
3439
3440/**
3441 * \def MBEDTLS_SSL_TICKET_C
3442 *
3443 * Enable an implementation of TLS server-side callbacks for session tickets.
3444 *
3445 * Module: library/ssl_ticket.c
3446 * Caller:
3447 *
3448 * Requires: MBEDTLS_CIPHER_C &&
3449 * ( MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C )
3450 */
3451#define MBEDTLS_SSL_TICKET_C
3452
3453/**
3454 * \def MBEDTLS_SSL_CLI_C
3455 *
3456 * Enable the SSL/TLS client code.
3457 *
3458 * Module: library/ssl_cli.c
3459 * Caller:
3460 *
3461 * Requires: MBEDTLS_SSL_TLS_C
3462 *
3463 * This module is required for SSL/TLS client support.
3464 */
3465#define MBEDTLS_SSL_CLI_C
3466
3467/**
3468 * \def MBEDTLS_SSL_SRV_C
3469 *
3470 * Enable the SSL/TLS server code.
3471 *
3472 * Module: library/ssl_srv.c
3473 * Caller:
3474 *
3475 * Requires: MBEDTLS_SSL_TLS_C
3476 *
3477 * This module is required for SSL/TLS server support.
3478 */
3479#define MBEDTLS_SSL_SRV_C
3480
3481/**
3482 * \def MBEDTLS_SSL_TLS_C
3483 *
3484 * Enable the generic SSL/TLS code.
3485 *
3486 * Module: library/ssl_tls.c
3487 * Caller: library/ssl_cli.c
3488 * library/ssl_srv.c
3489 *
3490 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
3491 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
3492 *
3493 * This module is required for SSL/TLS.
3494 */
3495#define MBEDTLS_SSL_TLS_C
3496
3497/**
3498 * \def MBEDTLS_THREADING_C
3499 *
3500 * Enable the threading abstraction layer.
3501 * By default mbed TLS assumes it is used in a non-threaded environment or that
3502 * contexts are not shared between threads. If you do intend to use contexts
3503 * between threads, you will need to enable this layer to prevent race
3504 * conditions. See also our Knowledge Base article about threading:
3505 * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
3506 *
3507 * Module: library/threading.c
3508 *
3509 * This allows different threading implementations (self-implemented or
3510 * provided).
3511 *
3512 * You will have to enable either MBEDTLS_THREADING_ALT or
3513 * MBEDTLS_THREADING_PTHREAD.
3514 *
3515 * Enable this layer to allow use of mutexes within mbed TLS
3516 */
3517//#define MBEDTLS_THREADING_C
3518
3519/**
3520 * \def MBEDTLS_TIMING_C
3521 *
3522 * Enable the semi-portable timing interface.
3523 *
3524 * \note The provided implementation only works on POSIX/Unix (including Linux,
3525 * BSD and OS X) and Windows. On other platforms, you can either disable that
3526 * module and provide your own implementations of the callbacks needed by
3527 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
3528 * your own implementation of the whole module by setting
3529 * \c MBEDTLS_TIMING_ALT in the current file.
3530 *
3531 * \note The timing module will include time.h on suitable platforms
3532 * regardless of the setting of MBEDTLS_HAVE_TIME, unless
3533 * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
3534 *
3535 * \note See also our Knowledge Base article about porting to a new
3536 * environment:
3537 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
3538 *
3539 * Module: library/timing.c
3540 * Caller: library/havege.c
3541 *
3542 * This module is used by the HAVEGE random number generator.
3543 */
3544#define MBEDTLS_TIMING_C
3545
3546/**
3547 * \def MBEDTLS_VERSION_C
3548 *
3549 * Enable run-time version information.
3550 *
3551 * Module: library/version.c
3552 *
3553 * This module provides run-time version information.
3554 */
3555#define MBEDTLS_VERSION_C
3556
3557/**
3558 * \def MBEDTLS_X509_USE_C
3559 *
3560 * Enable X.509 core for using certificates.
3561 *
3562 * Module: library/x509.c
3563 * Caller: library/x509_crl.c
3564 * library/x509_crt.c
3565 * library/x509_csr.c
3566 *
3567 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
3568 * MBEDTLS_PK_PARSE_C
3569 *
3570 * This module is required for the X.509 parsing modules.
3571 */
3572#define MBEDTLS_X509_USE_C
3573
3574/**
3575 * \def MBEDTLS_X509_CRT_PARSE_C
3576 *
3577 * Enable X.509 certificate parsing.
3578 *
3579 * Module: library/x509_crt.c
3580 * Caller: library/ssl_cli.c
3581 * library/ssl_srv.c
3582 * library/ssl_tls.c
3583 *
3584 * Requires: MBEDTLS_X509_USE_C
3585 *
3586 * This module is required for X.509 certificate parsing.
3587 */
3588#define MBEDTLS_X509_CRT_PARSE_C
3589
3590/**
3591 * \def MBEDTLS_X509_CRL_PARSE_C
3592 *
3593 * Enable X.509 CRL parsing.
3594 *
3595 * Module: library/x509_crl.c
3596 * Caller: library/x509_crt.c
3597 *
3598 * Requires: MBEDTLS_X509_USE_C
3599 *
3600 * This module is required for X.509 CRL parsing.
3601 */
3602#define MBEDTLS_X509_CRL_PARSE_C
3603
3604/**
3605 * \def MBEDTLS_X509_CSR_PARSE_C
3606 *
3607 * Enable X.509 Certificate Signing Request (CSR) parsing.
3608 *
3609 * Module: library/x509_csr.c
3610 * Caller: library/x509_crt_write.c
3611 *
3612 * Requires: MBEDTLS_X509_USE_C
3613 *
3614 * This module is used for reading X.509 certificate request.
3615 */
3616#define MBEDTLS_X509_CSR_PARSE_C
3617
3618/**
3619 * \def MBEDTLS_X509_CREATE_C
3620 *
3621 * Enable X.509 core for creating certificates.
3622 *
3623 * Module: library/x509_create.c
3624 *
3625 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
3626 *
3627 * This module is the basis for creating X.509 certificates and CSRs.
3628 */
3629#define MBEDTLS_X509_CREATE_C
3630
3631/**
3632 * \def MBEDTLS_X509_CRT_WRITE_C
3633 *
3634 * Enable creating X.509 certificates.
3635 *
3636 * Module: library/x509_crt_write.c
3637 *
3638 * Requires: MBEDTLS_X509_CREATE_C
3639 *
3640 * This module is required for X.509 certificate creation.
3641 */
3642#define MBEDTLS_X509_CRT_WRITE_C
3643
3644/**
3645 * \def MBEDTLS_X509_CSR_WRITE_C
3646 *
3647 * Enable creating X.509 Certificate Signing Requests (CSR).
3648 *
3649 * Module: library/x509_csr_write.c
3650 *
3651 * Requires: MBEDTLS_X509_CREATE_C
3652 *
3653 * This module is required for X.509 certificate request writing.
3654 */
3655#define MBEDTLS_X509_CSR_WRITE_C
3656
3657/**
3658 * \def MBEDTLS_XTEA_C
3659 *
3660 * Enable the XTEA block cipher.
3661 *
3662 * Module: library/xtea.c
3663 * Caller:
3664 */
3665#define MBEDTLS_XTEA_C
3666
3667/** \} name SECTION: mbed TLS modules */
3668
3669/**
3670 * \name SECTION: General configuration options
3671 *
3672 * This section contains Mbed TLS build settings that are not associated
3673 * with a particular module.
3674 *
3675 * \{
3676 */
3677
3678/**
3679 * \def MBEDTLS_CONFIG_FILE
3680 *
3681 * If defined, this is a header which will be included instead of
3682 * `"mbedtls/config.h"`.
3683 * This header file specifies the compile-time configuration of Mbed TLS.
3684 * Unlike other configuration options, this one must be defined on the
3685 * compiler command line: a definition in `config.h` would have no effect.
3686 *
3687 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3688 * non-standard feature of the C language, so this feature is only available
3689 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3690 *
3691 * The value of this symbol is typically a path in double quotes, either
3692 * absolute or relative to a directory on the include search path.
3693 */
3694//#define MBEDTLS_CONFIG_FILE "mbedtls/config.h"
3695
3696/**
3697 * \def MBEDTLS_USER_CONFIG_FILE
3698 *
3699 * If defined, this is a header which will be included after
3700 * `"mbedtls/config.h"` or #MBEDTLS_CONFIG_FILE.
3701 * This allows you to modify the default configuration, including the ability
3702 * to undefine options that are enabled by default.
3703 *
3704 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3705 * non-standard feature of the C language, so this feature is only available
3706 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3707 *
3708 * The value of this symbol is typically a path in double quotes, either
3709 * absolute or relative to a directory on the include search path.
3710 */
3711//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
3712
3713/**
3714 * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
3715 *
3716 * If defined, this is a header which will be included instead of
3717 * `"psa/crypto_config.h"`.
3718 * This header file specifies which cryptographic mechanisms are available
3719 * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
3720 * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
3721 *
3722 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3723 * non-standard feature of the C language, so this feature is only available
3724 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3725 *
3726 * The value of this symbol is typically a path in double quotes, either
3727 * absolute or relative to a directory on the include search path.
3728 */
3729//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
3730
3731/**
3732 * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
3733 *
3734 * If defined, this is a header which will be included after
3735 * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
3736 * This allows you to modify the default configuration, including the ability
3737 * to undefine options that are enabled by default.
3738 *
3739 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3740 * non-standard feature of the C language, so this feature is only available
3741 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3742 *
3743 * The value of this symbol is typically a path in double quotes, either
3744 * absolute or relative to a directory on the include search path.
3745 */
3746//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
3747
3748/** \} name SECTION: General configuration options */
3749
3750/**
3751 * \name SECTION: Module configuration options
3752 *
3753 * This section allows for the setting of module specific sizes and
3754 * configuration options. The default values are already present in the
3755 * relevant header files and should suffice for the regular use cases.
3756 *
3757 * Our advice is to enable options and change their values here
3758 * only if you have a good reason and know the consequences.
3759 * \{
3760 */
3761/* The Doxygen documentation here is used when a user comments out a
3762 * setting and runs doxygen themselves. On the other hand, when we typeset
3763 * the full documentation including disabled settings, the documentation
3764 * in specific modules' header files is used if present. When editing this
3765 * file, make sure that each option is documented in exactly one place,
3766 * plus optionally a same-line Doxygen comment here if there is a Doxygen
3767 * comment in the specific module. */
3768
3769/* MPI / BIGNUM options */
3770//#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */
3771//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
3772
3773/* CTR_DRBG options */
3774//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
3775//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
3776//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
3777//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
3778//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
3779
3780/* HMAC_DRBG options */
3781//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
3782//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
3783//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
3784//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
3785
3786/* ECP options */
3787//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups. Normally determined automatically from the configured curves. */
3788//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
3789//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
3790
3791/* Entropy options */
3792//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
3793//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
3794//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
3795
3796/* Memory buffer allocator options */
3797//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
3798
3799/* Platform options */
3800//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
3801//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
3802//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
3803//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
3804//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3805//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
3806//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
3807/* Note: your snprintf must correctly zero-terminate the buffer! */
3808//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
3809//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
3810//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
3811//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3812//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3813//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
3814
3815/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
3816/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
3817//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
3818//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
3819//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
3820//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3821//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3822//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
3823//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
3824/* Note: your snprintf must correctly zero-terminate the buffer! */
3825//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
3826//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
3827//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3828//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3829
3830/**
3831 * \brief This macro is invoked by the library when an invalid parameter
3832 * is detected that is only checked with #MBEDTLS_CHECK_PARAMS
3833 * (see the documentation of that option for context).
3834 *
3835 * When you leave this undefined here, the library provides
3836 * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
3837 * is defined, the default definition is `assert(cond)`,
3838 * otherwise the default definition calls a function
3839 * mbedtls_param_failed(). This function is declared in
3840 * `platform_util.h` for the benefit of the library, but
3841 * you need to define in your application.
3842 *
3843 * When you define this here, this replaces the default
3844 * definition in platform_util.h (which no longer declares the
3845 * function mbedtls_param_failed()) and it is your responsibility
3846 * to make sure this macro expands to something suitable (in
3847 * particular, that all the necessary declarations are visible
3848 * from within the library - you can ensure that by providing
3849 * them in this file next to the macro definition).
3850 * If you define this macro to call `assert`, also define
3851 * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
3852 * include `<assert.h>`.
3853 *
3854 * Note that you may define this macro to expand to nothing, in
3855 * which case you don't have to worry about declarations or
3856 * definitions. However, you will then be notified about invalid
3857 * parameters only in non-void functions, and void function will
3858 * just silently return early on invalid parameters, which
3859 * partially negates the benefits of enabling
3860 * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
3861 *
3862 * \param cond The expression that should evaluate to true, but doesn't.
3863 */
3864//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
3865
3866/** \def MBEDTLS_CHECK_RETURN
3867 *
3868 * This macro is used at the beginning of the declaration of a function
3869 * to indicate that its return value should be checked. It should
3870 * instruct the compiler to emit a warning or an error if the function
3871 * is called without checking its return value.
3872 *
3873 * There is a default implementation for popular compilers in platform_util.h.
3874 * You can override the default implementation by defining your own here.
3875 *
3876 * If the implementation here is empty, this will effectively disable the
3877 * checking of functions' return values.
3878 */
3879//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
3880
3881/** \def MBEDTLS_IGNORE_RETURN
3882 *
3883 * This macro requires one argument, which should be a C function call.
3884 * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
3885 * warning is suppressed.
3886 */
3887//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
3888
3889/* PSA options */
3890/**
3891 * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
3892 * PSA crypto subsystem.
3893 *
3894 * If this option is unset:
3895 * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
3896 * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
3897 * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
3898 * on unspecified heuristics.
3899 */
3900//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
3901
3902/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
3903 * Restrict the PSA library to supporting a maximum amount of simultaneously
3904 * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
3905 * volatile key, or a persistent key which is loaded temporarily by the
3906 * library as part of a crypto operation in flight.
3907 *
3908 * If this option is unset, the library will fall back to a default value of
3909 * 32 keys.
3910 */
3911//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
3912
3913/* SSL Cache options */
3914//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
3915//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
3916
3917/* SSL options */
3918
3919/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
3920 *
3921 * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
3922 *
3923 * This determines the size of both the incoming and outgoing TLS I/O buffers
3924 * in such a way that both are capable of holding the specified amount of
3925 * plaintext data, regardless of the protection mechanism used.
3926 *
3927 * To configure incoming and outgoing I/O buffers separately, use
3928 * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
3929 * which overwrite the value set by this option.
3930 *
3931 * \note When using a value less than the default of 16KB on the client, it is
3932 * recommended to use the Maximum Fragment Length (MFL) extension to
3933 * inform the server about this limitation. On the server, there
3934 * is no supported, standardized way of informing the client about
3935 * restriction on the maximum size of incoming messages, and unless
3936 * the limitation has been communicated by other means, it is recommended
3937 * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
3938 * while keeping the default value of 16KB for the incoming buffer.
3939 *
3940 * Uncomment to set the maximum plaintext size of both
3941 * incoming and outgoing I/O buffers.
3942 */
3943//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
3944
3945/** \def MBEDTLS_SSL_IN_CONTENT_LEN
3946 *
3947 * Maximum length (in bytes) of incoming plaintext fragments.
3948 *
3949 * This determines the size of the incoming TLS I/O buffer in such a way
3950 * that it is capable of holding the specified amount of plaintext data,
3951 * regardless of the protection mechanism used.
3952 *
3953 * If this option is undefined, it inherits its value from
3954 * #MBEDTLS_SSL_MAX_CONTENT_LEN.
3955 *
3956 * \note When using a value less than the default of 16KB on the client, it is
3957 * recommended to use the Maximum Fragment Length (MFL) extension to
3958 * inform the server about this limitation. On the server, there
3959 * is no supported, standardized way of informing the client about
3960 * restriction on the maximum size of incoming messages, and unless
3961 * the limitation has been communicated by other means, it is recommended
3962 * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
3963 * while keeping the default value of 16KB for the incoming buffer.
3964 *
3965 * Uncomment to set the maximum plaintext size of the incoming I/O buffer
3966 * independently of the outgoing I/O buffer.
3967 */
3968//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
3969
3970/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
3971 *
3972 * The maximum length of CIDs used for incoming DTLS messages.
3973 *
3974 */
3975//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
3976
3977/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
3978 *
3979 * The maximum length of CIDs used for outgoing DTLS messages.
3980 *
3981 */
3982//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
3983
3984/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
3985 *
3986 * This option controls the use of record plaintext padding
3987 * when using the Connection ID extension in DTLS 1.2.
3988 *
3989 * The padding will always be chosen so that the length of the
3990 * padded plaintext is a multiple of the value of this option.
3991 *
3992 * Note: A value of \c 1 means that no padding will be used
3993 * for outgoing records.
3994 *
3995 * Note: On systems lacking division instructions,
3996 * a power of two should be preferred.
3997 *
3998 */
3999//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
4000
4001/** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY
4002 *
4003 * This option controls the use of record plaintext padding
4004 * in TLS 1.3.
4005 *
4006 * The padding will always be chosen so that the length of the
4007 * padded plaintext is a multiple of the value of this option.
4008 *
4009 * Note: A value of \c 1 means that no padding will be used
4010 * for outgoing records.
4011 *
4012 * Note: On systems lacking division instructions,
4013 * a power of two should be preferred.
4014 */
4015//#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
4016
4017/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
4018 *
4019 * Maximum length (in bytes) of outgoing plaintext fragments.
4020 *
4021 * This determines the size of the outgoing TLS I/O buffer in such a way
4022 * that it is capable of holding the specified amount of plaintext data,
4023 * regardless of the protection mechanism used.
4024 *
4025 * If this option undefined, it inherits its value from
4026 * #MBEDTLS_SSL_MAX_CONTENT_LEN.
4027 *
4028 * It is possible to save RAM by setting a smaller outward buffer, while keeping
4029 * the default inward 16384 byte buffer to conform to the TLS specification.
4030 *
4031 * The minimum required outward buffer size is determined by the handshake
4032 * protocol's usage. Handshaking will fail if the outward buffer is too small.
4033 * The specific size requirement depends on the configured ciphers and any
4034 * certificate data which is sent during the handshake.
4035 *
4036 * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
4037 * independently of the incoming I/O buffer.
4038 */
4039//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
4040
4041/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
4042 *
4043 * Maximum number of heap-allocated bytes for the purpose of
4044 * DTLS handshake message reassembly and future message buffering.
4045 *
4046 * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
4047 * to account for a reassembled handshake message of maximum size,
4048 * together with its reassembly bitmap.
4049 *
4050 * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
4051 * should be sufficient for all practical situations as it allows
4052 * to reassembly a large handshake message (such as a certificate)
4053 * while buffering multiple smaller handshake messages.
4054 *
4055 */
4056//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
4057
4058//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
4059//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
4060//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
4061
4062/** \def MBEDTLS_TLS_EXT_CID
4063 *
4064 * At the time of writing, the CID extension has not been assigned its
4065 * final value. Set this configuration option to make Mbed TLS use a
4066 * different value.
4067 *
4068 * A future minor revision of Mbed TLS may change the default value of
4069 * this option to match evolving standards and usage.
4070 */
4071//#define MBEDTLS_TLS_EXT_CID 254
4072
4073/**
4074 * Complete list of ciphersuites to use, in order of preference.
4075 *
4076 * \warning No dependency checking is done on that field! This option can only
4077 * be used to restrict the set of available ciphersuites. It is your
4078 * responsibility to make sure the needed modules are active.
4079 *
4080 * Use this to save a few hundred bytes of ROM (default ordering of all
4081 * available ciphersuites) and a few to a few hundred bytes of RAM.
4082 *
4083 * The value below is only an example, not the default.
4084 */
4085//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
4086
4087/* X509 options */
4088//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
4089//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
4090
4091/**
4092 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
4093 * signature and ciphersuite selection. Without this build-time option, SHA-1
4094 * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
4095 * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
4096 * default. At the time of writing, there is no practical attack on the use
4097 * of SHA-1 in handshake signatures, hence this option is turned on by default
4098 * to preserve compatibility with existing peers, but the general
4099 * warning applies nonetheless:
4100 *
4101 * \warning SHA-1 is considered a weak message digest and its use constitutes
4102 * a security risk. If possible, we recommend avoiding dependencies
4103 * on it, and considering stronger message digests instead.
4104 *
4105 */
4106//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
4107
4108/**
4109 * Uncomment the macro to let mbed TLS use your alternate implementation of
4110 * mbedtls_platform_zeroize(). This replaces the default implementation in
4111 * platform_util.c.
4112 *
4113 * mbedtls_platform_zeroize() is a widely used function across the library to
4114 * zero a block of memory. The implementation is expected to be secure in the
4115 * sense that it has been written to prevent the compiler from removing calls
4116 * to mbedtls_platform_zeroize() as part of redundant code elimination
4117 * optimizations. However, it is difficult to guarantee that calls to
4118 * mbedtls_platform_zeroize() will not be optimized by the compiler as older
4119 * versions of the C language standards do not provide a secure implementation
4120 * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
4121 * configure their own implementation of mbedtls_platform_zeroize(), for
4122 * example by using directives specific to their compiler, features from newer
4123 * C standards (e.g using memset_s() in C11) or calling a secure memset() from
4124 * their system (e.g explicit_bzero() in BSD).
4125 */
4126//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
4127
4128/**
4129 * Uncomment the macro to let Mbed TLS use your alternate implementation of
4130 * mbedtls_platform_gmtime_r(). This replaces the default implementation in
4131 * platform_util.c.
4132 *
4133 * gmtime() is not a thread-safe function as defined in the C standard. The
4134 * library will try to use safer implementations of this function, such as
4135 * gmtime_r() when available. However, if Mbed TLS cannot identify the target
4136 * system, the implementation of mbedtls_platform_gmtime_r() will default to
4137 * using the standard gmtime(). In this case, calls from the library to
4138 * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
4139 * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
4140 * library are also guarded with this mutex to avoid race conditions. However,
4141 * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
4142 * unconditionally use the implementation for mbedtls_platform_gmtime_r()
4143 * supplied at compile time.
4144 */
4145//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
4146
4147/**
4148 * Enable the verified implementations of ECDH primitives from Project Everest
4149 * (currently only Curve25519). This feature changes the layout of ECDH
4150 * contexts and therefore is a compatibility break for applications that access
4151 * fields of a mbedtls_ecdh_context structure directly. See also
4152 * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
4153 */
4154//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
4155
4156/** \} name SECTION: Module configuration options */
4157
4158/* Target and application specific configurations
4159 *
4160 * Allow user to override any previous default.
4161 *
4162 */
4163#if defined(MBEDTLS_USER_CONFIG_FILE)
4164#include MBEDTLS_USER_CONFIG_FILE
4165#endif
4166
4167#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
4168#include "mbedtls/config_psa.h"
4169#endif
4170
4171#include "mbedtls/check_config.h"
4172
4173#endif /* MBEDTLS_CONFIG_H */
4174