TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / b9309b69b76b04fcdfe331fbd96d1fc5e040f85a / . / interface / include / mbedtls / check_config.h
blob: aec5050b70a89f6a1fee34f383a446195c41e263 [file] [log] [blame]
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame]1/**
2 * \file check_config.h
3 *
4 * \brief Consistency checks for configuration options
Antonio de Angelisa0b00f42024-09-18 12:07:25 +0100[diff] [blame]5 *
6 * This is an internal header. Do not include it directly.
7 *
8 * This header is included automatically by all public Mbed TLS headers
9 * (via mbedtls/build_info.h). Do not include it directly in a configuration
10 * file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE!
11 * It would run at the wrong time due to missing derived symbols.
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame]12 */
13/*
14 * Copyright The Mbed TLS Contributors
15 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
16 */
17
18#ifndef MBEDTLS_CHECK_CONFIG_H
19#define MBEDTLS_CHECK_CONFIG_H
20
21/* *INDENT-OFF* */
Antonio de Angelisa0b00f42024-09-18 12:07:25 +0100[diff] [blame]22
23#if !defined(MBEDTLS_CONFIG_IS_FINALIZED)
24#warning "Do not include mbedtls/check_config.h manually! " \
25 "This may cause spurious errors. " \
26 "It is included automatically at the right point since Mbed TLS 3.0."
27#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */
28
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame]29/*
30 * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
31 * target platforms, so not an issue, but let's just be extra sure.
32 */
33#include <limits.h>
34#if CHAR_BIT != 8
35#error "Mbed TLS requires a platform with 8-bit chars"
36#endif
37
38#include <stdint.h>
39
40#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
41#if !defined(MBEDTLS_PLATFORM_C)
42#error "MBEDTLS_PLATFORM_C is required on Windows"
43#endif
44/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT
45 * in * config_adjust_legacy_crypto.h */
46#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
47
48#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
49#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
50#endif
51
52#if defined(MBEDTLS_DEPRECATED_WARNING) && \
53 !defined(__GNUC__) && !defined(__clang__)
54#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
55#endif
56
57#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
58#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
59#endif
60
61/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
62 * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
63 * all 4 of them.
64 */
65#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
66 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
67 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
68 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
69#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
70 !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
71 !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
72 !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
73#error "Unsupported partial support for ECC key type acceleration, see docs/driver-only-builds.md"
74#endif /* not all of public, basic, import, export */
75#endif /* one of public, basic, import, export */
76
77/* Limitations on ECC curves acceleration: partial curve acceleration is only
78 * supported with crypto excluding PK, X.509 or TLS.
79 * Note: no need to check X.509 as it depends on PK. */
80#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \
81 defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \
82 defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \
83 defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
84 defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
85 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
86 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
87 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
88 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
89 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
90 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
91 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
92 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
93#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
94#if defined(MBEDTLS_PK_C) || \
95 defined(MBEDTLS_SSL_TLS_C)
96#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md"
97#endif /* modules beyond what's supported */
98#endif /* not all curves accelerated */
99#endif /* some curve accelerated */
100
101#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
102 (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \
103 defined(PSA_WANT_ALG_ECB_NO_PADDING)))
104#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
105#endif
106
107#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
108#error "MBEDTLS_DHM_C defined, but not all prerequisites"
109#endif
110
111#if defined(MBEDTLS_CMAC_C) && \
112 ( !defined(MBEDTLS_CIPHER_C ) || ( !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) ) )
113#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
114#endif
115
116#if defined(MBEDTLS_NIST_KW_C) && \
117 ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
118#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
119#endif
120
121#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && defined(MBEDTLS_PSA_CRYPTO_CONFIG)
122#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
123#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_NO_PADDING cannot be defined simultaneously"
124#endif
125#if defined(PSA_WANT_ALG_CBC_PKCS7)
126#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_PKCS7 cannot be defined simultaneously"
127#endif
128#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
129#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_ECB_NO_PADDING cannot be defined simultaneously"
130#endif
131#if defined(PSA_WANT_KEY_TYPE_DES)
132#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously"
133#endif
134#endif
135
136#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
137#if defined(MBEDTLS_CIPHER_MODE_CBC)
138#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC cannot be defined simultaneously"
139#endif
140#if defined(MBEDTLS_CIPHER_MODE_XTS)
141#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_XTS cannot be defined simultaneously"
142#endif
143#if defined(MBEDTLS_DES_C)
144#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_DES_C cannot be defined simultaneously"
145#endif
146#if defined(MBEDTLS_NIST_KW_C)
147#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_NIST_KW_C cannot be defined simultaneously"
148#endif
149#endif
150
151#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
152#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
153#endif
154
155#if defined(MBEDTLS_ECDSA_C) && \
156 ( !defined(MBEDTLS_ECP_C) || \
157 !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
158 defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
159 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
160 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
161 defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
162 defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
163 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
164 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
165 defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
166 defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
167 defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \
168 !defined(MBEDTLS_ASN1_PARSE_C) || \
169 !defined(MBEDTLS_ASN1_WRITE_C) )
170#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
171#endif
172
173#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
174#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && !defined(MBEDTLS_ASN1_WRITE_C)
175#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_WRITE_C for ECDSA signature"
176#endif
177#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && !defined(MBEDTLS_ASN1_PARSE_C)
178#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_PARSE_C for ECDSA verification"
179#endif
180#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
181
182#if defined(MBEDTLS_ECJPAKE_C) && \
183 !defined(MBEDTLS_ECP_C)
184#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
185#endif
186
187#if defined(MBEDTLS_ECP_RESTARTABLE) && \
188 ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
189 defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
190 defined(MBEDTLS_ECDSA_SIGN_ALT) || \
191 defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
192 defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
193 defined(MBEDTLS_ECP_INTERNAL_ALT) || \
194 defined(MBEDTLS_ECP_ALT) )
195#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
196#endif
197
198#if defined(MBEDTLS_ECP_RESTARTABLE) && \
199 !defined(MBEDTLS_ECP_C)
200#error "MBEDTLS_ECP_RESTARTABLE defined, but not all prerequisites"
201#endif
202
203#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
204#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
205#endif
206
207#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
208 !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
209 !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
210 !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
211 !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
212 !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
213 !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \
214 !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \
215 !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
216 !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
217 !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
218 !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
219 !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
220 !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
221#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
222#endif
223
224#if defined(MBEDTLS_ENTROPY_C) && \
225 !(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256))
226#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
227#endif
228#if defined(MBEDTLS_ENTROPY_C) && \
229 defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
230#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
231#endif
232#if defined(MBEDTLS_ENTROPY_C) && \
233 (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \
234 && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
235#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
236#endif
237#if defined(MBEDTLS_ENTROPY_C) && \
238 defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256)
239#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
240#endif
241
242#if defined(__has_feature)
243#if __has_feature(memory_sanitizer)
244#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph
245#endif
246#endif
247#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
248#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
249#endif
David Vincze485c5ac2025-03-21 11:14:56 +0000[diff] [blame]250#if defined(MBEDTLS_HAS_MEMSAN) && defined(MBEDTLS_HAVE_ASM)
251#error "MemorySanitizer does not support assembly implementation"
252#endif
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame]253#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above
254
255#if defined(MBEDTLS_CCM_C) && \
256 !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
257 defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA))
258#error "MBEDTLS_CCM_C defined, but not all prerequisites"
259#endif
260
261#if defined(MBEDTLS_GCM_C) && \
262 !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
263 defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA))
264#error "MBEDTLS_GCM_C defined, but not all prerequisites"
265#endif
266
267#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
268#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
269#endif
270
271#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
272#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
273#endif
274
275#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
276#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
277#endif
278
279#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
280#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
281#endif
282
283#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
284#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
285#endif
286
287#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
288#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
289#endif
290
291#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
292#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
293#endif
294
295#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
296#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
297#endif
298
299#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
300#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
301#endif
302
303#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
304#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
305#endif
306
307#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
308#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
309#endif
310
311#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
312#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
313#endif
314
315#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
316#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
317#endif
318
319#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
320 ( !defined(MBEDTLS_CAN_ECDH) || \
321 !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \
322 !defined(MBEDTLS_X509_CRT_PARSE_C) )
323#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
324#endif
325
326#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
327 ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
328 !defined(MBEDTLS_X509_CRT_PARSE_C) )
329#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
330#endif
331
332#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
333#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
334#endif
335
336#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
337 !defined(MBEDTLS_CAN_ECDH)
338#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
339#endif
340
341#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
342 ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
343 !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
344#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
345#endif
346
347#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
348 ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
349 !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
350#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
351#endif
352
353#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
354 ( !defined(MBEDTLS_CAN_ECDH) || \
355 !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \
356 !defined(MBEDTLS_X509_CRT_PARSE_C) )
357#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
358#endif
359
360#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
361 ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
362 !defined(MBEDTLS_PKCS1_V15) )
363#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
364#endif
365
366#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
367 ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
368 !defined(MBEDTLS_PKCS1_V15) )
369#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
370#endif
371
372#if defined(MBEDTLS_USE_PSA_CRYPTO)
373#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
374 ( !defined(PSA_WANT_ALG_JPAKE) || \
375 !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
376 !defined(PSA_WANT_ECC_SECP_R1_256) )
377#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
378#endif
379#else /* MBEDTLS_USE_PSA_CRYPTO */
380#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
381 ( !defined(MBEDTLS_ECJPAKE_C) || \
382 !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
383#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
384#endif
385#endif /* MBEDTLS_USE_PSA_CRYPTO */
386
387/* Use of EC J-PAKE in TLS requires SHA-256. */
388#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
389 !defined(MBEDTLS_MD_CAN_SHA256)
390#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
391#endif
392
393#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
394 !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
395 !defined(MBEDTLS_MD_CAN_SHA256) && \
396 !defined(MBEDTLS_MD_CAN_SHA512) && \
397 !defined(MBEDTLS_MD_CAN_SHA1)
398#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
399#endif
400
401#if defined(MBEDTLS_MD_C) && \
402 !defined(MBEDTLS_MD_CAN_MD5) && \
403 !defined(MBEDTLS_MD_CAN_RIPEMD160) && \
404 !defined(MBEDTLS_MD_CAN_SHA1) && \
405 !defined(MBEDTLS_MD_CAN_SHA224) && \
406 !defined(MBEDTLS_MD_CAN_SHA256) && \
407 !defined(MBEDTLS_MD_CAN_SHA384) && \
408 !defined(MBEDTLS_MD_CAN_SHA512) && \
409 !defined(MBEDTLS_MD_CAN_SHA3_224) && \
410 !defined(MBEDTLS_MD_CAN_SHA3_256) && \
411 !defined(MBEDTLS_MD_CAN_SHA3_384) && \
412 !defined(MBEDTLS_MD_CAN_SHA3_512)
413#error "MBEDTLS_MD_C defined, but no hash algorithm"
414#endif
415
416#if defined(MBEDTLS_LMS_C) && \
417 ! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) )
418#error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
419#endif
420
421#if defined(MBEDTLS_LMS_PRIVATE) && \
422 ( !defined(MBEDTLS_LMS_C) )
423#error "MBEDTLS_LMS_PRIVATE requires MBEDTLS_LMS_C"
424#endif
425
426#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
427 ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
428#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
429#endif
430
431#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
432#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
433#endif
434
435#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
436#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
437#endif
438
439#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
440#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
441#endif
442
443#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
444#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
445#endif
446
447#if defined(MBEDTLS_PK_C) && \
448 !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_PK_HAVE_ECC_KEYS)
449#error "MBEDTLS_PK_C defined, but not all prerequisites"
450#endif
451
452#if defined(MBEDTLS_PK_PARSE_C) && \
453 (!defined(MBEDTLS_ASN1_PARSE_C) || \
454 !defined(MBEDTLS_OID_C) || \
455 !defined(MBEDTLS_PK_C))
456#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
457#endif
458
459#if defined(MBEDTLS_PK_WRITE_C) && \
460 (!defined(MBEDTLS_ASN1_WRITE_C) || \
461 !defined(MBEDTLS_OID_C) || \
462 !defined(MBEDTLS_PK_C))
463#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
464#endif
465
466#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
467#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
468#endif
469
470#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
471#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
472#endif
473
474#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
475 ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
476 defined(MBEDTLS_PLATFORM_EXIT_ALT) )
477#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
478#endif
479
480#if defined(MBEDTLS_PLATFORM_SETBUF_ALT) && !defined(MBEDTLS_PLATFORM_C)
481#error "MBEDTLS_PLATFORM_SETBUF_ALT defined, but not all prerequisites"
482#endif
483
484#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
485#error "MBEDTLS_PLATFORM_SETBUF_MACRO defined, but not all prerequisites"
486#endif
487
488#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) &&\
489 ( defined(MBEDTLS_PLATFORM_STD_SETBUF) ||\
490 defined(MBEDTLS_PLATFORM_SETBUF_ALT) )
491#error "MBEDTLS_PLATFORM_SETBUF_MACRO and MBEDTLS_PLATFORM_STD_SETBUF/MBEDTLS_PLATFORM_SETBUF_ALT cannot be defined simultaneously"
492#endif
493
494#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
495 ( !defined(MBEDTLS_PLATFORM_C) ||\
496 !defined(MBEDTLS_HAVE_TIME) )
497#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
498#endif
499
500#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
501 ( !defined(MBEDTLS_PLATFORM_C) ||\
502 !defined(MBEDTLS_HAVE_TIME) )
503#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
504#endif
505
506#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) &&\
507 ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME) )
508#error "MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO defined, but not all prerequisites"
509#endif
510
511#if defined(MBEDTLS_PLATFORM_MS_TIME_ALT) && \
512 ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME) )
513#error "MBEDTLS_PLATFORM_MS_TIME_ALT defined, but not all prerequisites"
514#endif
515
516#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
517 ( !defined(MBEDTLS_PLATFORM_C) ||\
518 !defined(MBEDTLS_HAVE_TIME) )
519#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
520#endif
521
522#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
523 ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
524 defined(MBEDTLS_PLATFORM_TIME_ALT) )
525#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
526#endif
527
528#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
529 ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
530 defined(MBEDTLS_PLATFORM_TIME_ALT) )
531#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
532#endif
533
534#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
535#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
536#endif
537
538#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
539#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
540#endif
541
542#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
543 ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
544 defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
545#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
546#endif
547
548#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
549 ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
550#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
551#endif
552
553#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
554 defined(MBEDTLS_PLATFORM_STD_FREE)
555#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
556#endif
557
558#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
559#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
560#endif
561
562#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
563 ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
564#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
565#endif
566
567#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
568 defined(MBEDTLS_PLATFORM_STD_CALLOC)
569#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
570#endif
571
572#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
573#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
574#endif
575
576#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
577#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
578#endif
579
580#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
581#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
582#endif
583
584#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
585#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
586#endif
587
588#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
589 ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
590 defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
591#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
592#endif
593
594#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
595#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
596#endif
597
598#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
599#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
600#endif
601
602#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
603 ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
604 defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
605#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
606#endif
607
608#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
609#error "MBEDTLS_PLATFORM_VSNPRINTF_ALT defined, but not all prerequisites"
610#endif
611
612#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
613#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO defined, but not all prerequisites"
614#endif
615
616#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) &&\
617 ( defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) ||\
618 defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) )
619#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_VSNPRINTF/MBEDTLS_PLATFORM_VSNPRINTF_ALT cannot be defined simultaneously"
620#endif
621
622#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
623 !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
624#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
625#endif
626
627#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
628#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
629#endif
630
631#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
632#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
633#endif
634
635#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
636 !defined(MBEDTLS_PLATFORM_EXIT_ALT)
637#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
638#endif
639
640#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
641 ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
642 !defined(MBEDTLS_HAVE_TIME) )
643#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
644#endif
645
646#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
647 !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
648#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
649#endif
650
651#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
652 !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
653#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
654#endif
655
656#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
657 !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
658#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
659#endif
660
661#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
662 ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
663#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
664#endif
665
666#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
667 !defined(MBEDTLS_ENTROPY_NV_SEED)
668#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
669#endif
670
671#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
672 !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
673#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
674#endif
675
676#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
677 !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
678#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
679#endif
680
681#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
682 ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
683 defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
684#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
685#endif
686
687#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
688 ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
689 defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
690#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
691#endif
692
693#if defined(MBEDTLS_PSA_CRYPTO_C) && \
694 !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \
695 defined(MBEDTLS_ENTROPY_C) ) || \
696 defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) )
697#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
698#endif
699
700#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_HAVE_SOFT_BLOCK_MODE) && \
701 defined(PSA_HAVE_SOFT_BLOCK_CIPHER) && !defined(MBEDTLS_CIPHER_C)
702#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
703#endif
704
705#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
706#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
707#endif
708
709#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
710 ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
711 defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
712#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
713#endif
714
715#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
716#if defined(MBEDTLS_DEPRECATED_REMOVED)
717#error "MBEDTLS_PSA_CRYPTO_SE_C is deprecated and will be removed in a future version of Mbed TLS"
718#elif defined(MBEDTLS_DEPRECATED_WARNING)
719#warning "MBEDTLS_PSA_CRYPTO_SE_C is deprecated and will be removed in a future version of Mbed TLS"
720#endif
721#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
722
723#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
724 ! defined(MBEDTLS_PSA_CRYPTO_C)
725#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
726#endif
727
728#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
729 !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
730 defined(MBEDTLS_ENTROPY_NV_SEED) )
731#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
732#endif
733
734#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
735 !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
736#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
737#endif
738
739#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
740 defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
741#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
742#endif
743
David Vincze485c5ac2025-03-21 11:14:56 +0000[diff] [blame]744#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \
745 defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
746#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously"
747#endif
748
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame]749#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
750 !defined(MBEDTLS_FS_IO)
751#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
752#endif
753
754#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
755 !defined(MBEDTLS_OID_C) )
756#error "MBEDTLS_RSA_C defined, but not all prerequisites"
757#endif
758
759#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
760 !defined(MBEDTLS_PKCS1_V15) )
761#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
762#endif
763
764#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
765 ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
766#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
767#endif
768
769#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && \
770 defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
771#error "Must only define one of MBEDTLS_SHA512_USE_A64_CRYPTO_*"
772#endif
773
774#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
775 defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
776#if !defined(MBEDTLS_SHA512_C)
777#error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C"
778#endif
779#if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT)
780#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*"
781#endif
782
783#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
784
785#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) && !defined(__aarch64__)
786#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
787#endif
788
789#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) && \
790 defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
791#error "Must only define one of MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
792#endif
793
794#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
795 defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
796#if !defined(MBEDTLS_SHA256_C)
797#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C"
798#endif
799#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT)
800#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
801#endif
802
803#endif
804
805#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) && !defined(MBEDTLS_ARCH_IS_ARMV8_A)
806#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY defined on non-Armv8-A system"
807#endif
808
809/* TLS 1.3 requires separate HKDF parts from PSA,
810 * and at least one ciphersuite, so at least SHA-256 or SHA-384
811 * from PSA to use with HKDF.
812 *
813 * Note: for dependencies common with TLS 1.2 (running handshake hash),
814 * see MBEDTLS_SSL_TLS_C. */
815#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
816 !(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
817 defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
818 defined(PSA_WANT_ALG_HKDF_EXPAND) && \
819 (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)))
820#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
821#endif
822
823#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
824#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
825 defined(MBEDTLS_X509_CRT_PARSE_C) && \
826 ( defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) )
827#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites"
828#endif
829#endif
830
831#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
832#if !( defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) )
833#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
834#endif
835#endif
836
837/*
838 * The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE.
839 */
840#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
841#error "MBEDTLS_SSL_PROTO_TLS1_3 defined without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
842#endif
843
844#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
845 !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
846 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
847 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
848 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
849 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
850 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
851 defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
852 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
853 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
854 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
855 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
856#error "One or more versions of the TLS protocol are enabled " \
857 "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
858#endif
859
860#if defined(MBEDTLS_SSL_EARLY_DATA) && \
861 ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \
862 ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
863 !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) )
864#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
865#endif
866
867#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
868 defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \
869 ((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) || \
870 (MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX))
871#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)"
872#endif
873
874#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
875 !defined(MBEDTLS_SSL_PROTO_TLS1_2)
876#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
877#endif
878
879#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
880#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
881#endif
882
883#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && !defined(MBEDTLS_X509_CRT_PARSE_C)
884#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites"
885#endif
886
887#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \
888 defined(MBEDTLS_USE_PSA_CRYPTO))
889#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
890#endif
891
892/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */
893#if defined(MBEDTLS_SSL_TLS_C)
894#if defined(MBEDTLS_USE_PSA_CRYPTO)
895#if !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))
896#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
897#endif
898#else /* MBEDTLS_USE_PSA_CRYPTO */
899#if !defined(MBEDTLS_MD_C) || \
900 !(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384))
901#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
902#endif
903#endif /* MBEDTLS_USE_PSA_CRYPTO */
904#endif /* MBEDTLS_SSL_TLS_C */
905
906#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
907#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
908#endif
909
910#if defined(MBEDTLS_SSL_TLS_C) && \
911 !( defined(MBEDTLS_SSL_PROTO_TLS1_2) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
912#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
913#endif
914
915#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
916#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
917#endif
918
919#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
920 !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
921#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites"
922#endif
923
924#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
925 ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
926#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
927#endif
928
929#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
930 ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
931#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
932#endif
933
934#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
935 defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \
936 MBEDTLS_SSL_CID_IN_LEN_MAX > 255
937#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
938#endif
939
940#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
941 defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \
942 MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
943#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
944#endif
945
946#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \
947 !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
948#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites"
949#endif
950
951#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0
952#if defined(MBEDTLS_DEPRECATED_REMOVED)
953#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
954#elif defined(MBEDTLS_DEPRECATED_WARNING)
955#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
956#endif
957#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */
958
959#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
960 !defined(MBEDTLS_SSL_PROTO_TLS1_2)
961#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
962#endif
963
964#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
965 !defined(MBEDTLS_SSL_PROTO_TLS1_2)
966#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
967#endif
968
969#if defined(MBEDTLS_SSL_RENEGOTIATION) && \
970 !defined(MBEDTLS_SSL_PROTO_TLS1_2)
971#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites"
972#endif
973
974#if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \
975 !defined(MBEDTLS_USE_PSA_CRYPTO) )
976#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
977#endif
978
979#if defined(MBEDTLS_SSL_TICKET_C) && \
980 !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
981 defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
982#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
983#endif
984
985#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) && \
986 MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH >= 256
987#error "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH must be less than 256"
988#endif
989
990#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
991 !defined(MBEDTLS_X509_CRT_PARSE_C)
992#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
993#endif
994
995#if defined(MBEDTLS_THREADING_PTHREAD)
996#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
997#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
998#endif
999#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
1000#endif
1001#if defined(MBEDTLS_THREADING_ALT)
1002#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
1003#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
1004#endif
1005#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
1006#endif
1007#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
1008#error "MBEDTLS_THREADING_C defined, single threading implementation required"
1009#endif
1010#undef MBEDTLS_THREADING_IMPL // temporary macro defined above
1011
1012#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT)
1013#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
1014#endif
1015
1016#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
1017#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
1018#endif
1019
1020#if defined(MBEDTLS_X509_USE_C) && \
1021 (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
1022 !defined(MBEDTLS_PK_PARSE_C) || \
1023 ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
1024#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
1025#endif
1026
1027#if defined(MBEDTLS_X509_CREATE_C) && \
1028 (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
1029 !defined(MBEDTLS_PK_PARSE_C) || \
1030 ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
1031#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
1032#endif
1033
1034#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
1035#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
1036#endif
1037
1038#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
1039#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
1040#endif
1041
1042#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
1043#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
1044#endif
1045
1046#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
1047#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
1048#endif
1049
1050#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
1051#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
1052#endif
1053
1054#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) && \
1055 ( !defined(MBEDTLS_X509_CRT_PARSE_C) )
1056#error "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK defined, but not all prerequisites"
1057#endif
1058
1059#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
1060#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
1061#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
1062
1063#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
1064 defined(MBEDTLS_HAVE_ASM)
1065#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
1066#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
1067
1068#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
1069#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
1070#endif
1071
1072#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) )
1073#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
1074#endif
1075
1076#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && ( !defined(MBEDTLS_SSL_PROTO_TLS1_3) )
1077#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites"
1078#endif
1079
1080#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \
1081 !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
1082 defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
1083#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
1084#endif
1085
1086/* Reject attempts to enable options that have been removed and that could
1087 * cause a build to succeed but with features removed. */
1088
1089#if defined(MBEDTLS_HAVEGE_C) //no-check-names
1090#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/2599"
1091#endif
1092
1093#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
1094#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
1095#endif
1096
1097#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
1098#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
1099#endif
1100
1101#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
1102#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
1103#endif
1104
1105#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
1106#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
1107#endif
1108
1109#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
1110#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
1111#endif
1112
1113#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
1114#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
1115#endif
1116
1117#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
1118#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4313"
1119#endif
1120
1121#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
1122#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
1123#endif
1124
1125#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
1126#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
1127#endif
1128
1129#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
1130#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341"
1131#endif
1132
1133#if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \
1134 ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \
1135 ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \
1136 ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \
1137 ( !defined(MBEDTLS_MD_C) ) )
1138#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
1139#endif
1140
1141/*
1142 * Avoid warning from -pedantic. This is a convenient place for this
1143 * workaround since this is included by every single file before the
1144 * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
1145 */
1146typedef int mbedtls_iso_c_forbids_empty_translation_units;
1147
1148/* *INDENT-ON* */
1149#endif /* MBEDTLS_CHECK_CONFIG_H */