blob: d878e0aacf63964b234e15a5ac835fd168d8188d [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/**
2 * \file config.h
3 *
Paul Bakker37ca75d2011-01-06 12:28:03 +00004 * \brief Configuration options (set of defines)
5 *
Simon Butcher5b331b92016-01-03 16:14:14 +00006 * This set of compile-time options may be used to enable
7 * or disable features selectively, and reduce the global
8 * memory footprint.
9 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +020010 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +020011 * SPDX-License-Identifier: Apache-2.0
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +000024 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +000025 * This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnarde2b0efe2015-08-11 10:38:37 +020026 */
27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020028#ifndef MBEDTLS_CONFIG_H
29#define MBEDTLS_CONFIG_H
Paul Bakker5121ce52009-01-03 21:22:43 +000030
Paul Bakkercce9d772011-11-18 14:26:47 +000031#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
Paul Bakker5121ce52009-01-03 21:22:43 +000032#define _CRT_SECURE_NO_DEPRECATE 1
33#endif
34
Paul Bakkerf3b86c12011-01-27 15:24:17 +000035/**
Paul Bakker0a62cd12011-01-21 11:00:08 +000036 * \name SECTION: System support
37 *
38 * This section sets system specific settings.
39 * \{
40 */
41
Paul Bakkerf3b86c12011-01-27 15:24:17 +000042/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020043 * \def MBEDTLS_HAVE_ASM
Paul Bakkerf3b86c12011-01-27 15:24:17 +000044 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +020045 * The compiler has support for asm().
Paul Bakker68041ec2009-04-19 21:17:55 +000046 *
47 * Requires support for asm() in compiler.
48 *
49 * Used in:
50 * library/timing.c
51 * library/padlock.c
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +000052 * include/mbedtls/bn_mul.h
Paul Bakker68041ec2009-04-19 21:17:55 +000053 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +020054 * Comment to disable the use of assembly code.
Paul Bakker5121ce52009-01-03 21:22:43 +000055 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020056#define MBEDTLS_HAVE_ASM
Paul Bakker5121ce52009-01-03 21:22:43 +000057
Paul Bakkerf3b86c12011-01-27 15:24:17 +000058/**
Gilles Peskine9a9adcd2017-06-08 15:19:20 +020059 * \def MBEDTLS_NO_UDBL_DIVISION
60 *
61 * The platform lacks support for double-width integer division (64-bit
62 * division on a 32-bit platform, 128-bit division on a 64-bit platform).
63 *
64 * Used in:
65 * include/mbedtls/bignum.h
66 * library/bignum.c
67 *
68 * The bignum code uses double-width division to speed up some operations.
69 * Double-width division is often implemented in software that needs to
70 * be linked with the program. The presence of a double-width integer
71 * type is usually detected automatically through preprocessor macros,
72 * but the automatic detection cannot know whether the code needs to
73 * and can be linked with an implementation of division for that type.
74 * By default division is assumed to be usable if the type is present.
75 * Uncomment this option to prevent the use of double-width division.
76 *
77 * Note that division for the native integer type is always required.
78 * Furthermore, a 64-bit type is always required even on a 32-bit
Andres Amaya Garciafdd11b22017-07-21 10:56:22 +010079 * platform, but it need not support multiplication or division. In some
80 * cases it is also desirable to disable some double-width operations. For
81 * example, if double-width division is implemented in software, disabling
82 * it can reduce code size in some embedded targets.
Gilles Peskine9a9adcd2017-06-08 15:19:20 +020083 */
84//#define MBEDTLS_NO_UDBL_DIVISION
85
86/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020087 * \def MBEDTLS_HAVE_SSE2
Paul Bakkerf3b86c12011-01-27 15:24:17 +000088 *
Paul Bakkere23c3152012-10-01 14:42:47 +000089 * CPU supports SSE2 instruction set.
Paul Bakkerf3b86c12011-01-27 15:24:17 +000090 *
Paul Bakker5121ce52009-01-03 21:22:43 +000091 * Uncomment if the CPU supports SSE2 (IA-32 specific).
Paul Bakker5121ce52009-01-03 21:22:43 +000092 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020093//#define MBEDTLS_HAVE_SSE2
Paul Bakkerfa9b1002013-07-03 15:31:03 +020094
95/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020096 * \def MBEDTLS_HAVE_TIME
Paul Bakkerfa9b1002013-07-03 15:31:03 +020097 *
Manuel Pégourié-Gonnard60c793b2015-06-18 20:52:58 +020098 * System has time.h and time().
99 * The time does not need to be correct, only time differences are used,
100 * by contrast with MBEDTLS_HAVE_TIME_DATE
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200101 *
Andres Amaya Garcia1e4ec662016-07-20 10:16:25 +0100102 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
103 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
104 * MBEDTLS_PLATFORM_STD_TIME.
105 *
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200106 * Comment if your system does not support time functions
107 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200108#define MBEDTLS_HAVE_TIME
Manuel Pégourié-Gonnard10934de2013-12-13 12:54:09 +0100109
110/**
Manuel Pégourié-Gonnard60c793b2015-06-18 20:52:58 +0200111 * \def MBEDTLS_HAVE_TIME_DATE
112 *
113 * System has time.h and time(), gmtime() and the clock is correct.
114 * The time needs to be correct (not necesarily very accurate, but at least
115 * the date should be correct). This is used to verify the validity period of
116 * X.509 certificates.
117 *
118 * Comment if your system does not have a correct clock.
119 */
120#define MBEDTLS_HAVE_TIME_DATE
121
122/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200123 * \def MBEDTLS_PLATFORM_MEMORY
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100124 *
125 * Enable the memory allocation layer.
126 *
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +0200127 * By default mbed TLS uses the system-provided calloc() and free().
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100128 * This allows different allocators (self-implemented or provided) to be
129 * provided to the platform abstraction layer.
130 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200131 * Enabling MBEDTLS_PLATFORM_MEMORY without the
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +0200132 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
133 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
Rich Evans16f8cd82015-02-06 16:14:34 +0000134 * free() function pointer at runtime.
135 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200136 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +0200137 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
Rich Evans16f8cd82015-02-06 16:14:34 +0000138 * alternate function at compile time.
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100139 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200140 * Requires: MBEDTLS_PLATFORM_C
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100141 *
142 * Enable this layer to allow use of alternative memory allocators.
143 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200144//#define MBEDTLS_PLATFORM_MEMORY
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100145
146/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200147 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
Paul Bakker088c5c52014-04-25 11:11:10 +0200148 *
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +0200149 * Do not assign standard functions in the platform layer (e.g. calloc() to
150 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
Paul Bakker088c5c52014-04-25 11:11:10 +0200151 *
152 * This makes sure there are no linking errors on platforms that do not support
153 * these functions. You will HAVE to provide alternatives, either at runtime
154 * via the platform_set_xxx() functions or at compile time by setting
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200155 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
156 * MBEDTLS_PLATFORM_XXX_MACRO.
Paul Bakker088c5c52014-04-25 11:11:10 +0200157 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200158 * Requires: MBEDTLS_PLATFORM_C
Paul Bakker088c5c52014-04-25 11:11:10 +0200159 *
160 * Uncomment to prevent default assignment of standard functions in the
161 * platform layer.
162 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200163//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
Paul Bakker088c5c52014-04-25 11:11:10 +0200164
165/**
Janos Follathc351d182016-03-21 08:43:59 +0000166 * \def MBEDTLS_PLATFORM_EXIT_ALT
Paul Bakker747a83a2014-02-01 22:50:07 +0100167 *
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100168 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
169 * function in the platform abstraction layer.
Paul Bakker747a83a2014-02-01 22:50:07 +0100170 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200171 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
172 * provide a function "mbedtls_platform_set_printf()" that allows you to set an
Paul Bakker747a83a2014-02-01 22:50:07 +0100173 * alternative printf function pointer.
174 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200175 * All these define require MBEDTLS_PLATFORM_C to be defined!
Paul Bakker747a83a2014-02-01 22:50:07 +0100176 *
Manuel Pégourié-Gonnard9db28872015-06-26 10:52:01 +0200177 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
178 * it will be enabled automatically by check_config.h
179 *
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +0200180 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200181 * MBEDTLS_PLATFORM_XXX_MACRO!
Rich Evans16f8cd82015-02-06 16:14:34 +0000182 *
Andres Amaya Garcia1e4ec662016-07-20 10:16:25 +0100183 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
184 *
Paul Bakker747a83a2014-02-01 22:50:07 +0100185 * Uncomment a macro to enable alternate implementation of specific base
186 * platform function
187 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200188//#define MBEDTLS_PLATFORM_EXIT_ALT
SimonBd5800b72016-04-26 07:43:27 +0100189//#define MBEDTLS_PLATFORM_TIME_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200190//#define MBEDTLS_PLATFORM_FPRINTF_ALT
191//#define MBEDTLS_PLATFORM_PRINTF_ALT
192//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
Paul Bakkercf0a9f92016-06-01 11:25:44 +0100193//#define MBEDTLS_PLATFORM_NV_SEED_ALT
Andres Amaya Garcia9da69512017-07-18 10:23:04 +0100194//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100195
196/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200197 * \def MBEDTLS_DEPRECATED_WARNING
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100198 *
199 * Mark deprecated functions so that they generate a warning if used.
200 * Functions deprecated in one version will usually be removed in the next
201 * version. You can enable this to help you prepare the transition to a new
202 * major version by making sure your code is not using these functions.
203 *
204 * This only works with GCC and Clang. With other compilers, you may want to
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200205 * use MBEDTLS_DEPRECATED_REMOVED
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100206 *
207 * Uncomment to get warnings on using deprecated functions.
208 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200209//#define MBEDTLS_DEPRECATED_WARNING
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100210
211/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200212 * \def MBEDTLS_DEPRECATED_REMOVED
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100213 *
214 * Remove deprecated functions so that they generate an error if used.
215 * Functions deprecated in one version will usually be removed in the next
216 * version. You can enable this to help you prepare the transition to a new
217 * major version by making sure your code is not using these functions.
218 *
219 * Uncomment to get errors on using deprecated functions.
220 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200221//#define MBEDTLS_DEPRECATED_REMOVED
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100222
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200223/* \} name SECTION: System support */
Paul Bakker0a62cd12011-01-21 11:00:08 +0000224
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000225/**
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +0000226 * \name SECTION: mbed TLS feature support
Paul Bakker0a62cd12011-01-21 11:00:08 +0000227 *
228 * This section sets support for features that are or are not needed
229 * within the modules that are enabled.
230 * \{
231 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000232
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000233/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200234 * \def MBEDTLS_TIMING_ALT
Paul Bakkerf2561b32014-02-06 15:11:55 +0100235 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200236 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
Manuel Pégourié-Gonnarda63bc942015-05-14 18:22:47 +0200237 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
Paul Bakkerf2561b32014-02-06 15:11:55 +0100238 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200239 * Only works if you have MBEDTLS_TIMING_C enabled.
Paul Bakkerf2561b32014-02-06 15:11:55 +0100240 *
241 * You will need to provide a header "timing_alt.h" and an implementation at
242 * compile time.
243 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200244//#define MBEDTLS_TIMING_ALT
Paul Bakkerf2561b32014-02-06 15:11:55 +0100245
246/**
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100247 * \def MBEDTLS_AES_ALT
Paul Bakker90995b52013-06-24 19:20:35 +0200248 *
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100249 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
Janos Follathb0697532016-08-18 12:38:46 +0100250 * alternate core implementation of a symmetric crypto, an arithmetic or hash
251 * module (e.g. platform specific assembly optimized implementations). Keep
252 * in mind that the function prototypes should remain the same.
Paul Bakker90995b52013-06-24 19:20:35 +0200253 *
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200254 * This replaces the whole module. If you only want to replace one of the
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200255 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200256 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200257 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
Janos Follathee782bc2016-11-07 15:41:26 +0000258 * provide the "struct mbedtls_aes_context" definition and omit the base
259 * function declarations and implementations. "aes_alt.h" will be included from
Paul Bakker90995b52013-06-24 19:20:35 +0200260 * "aes.h" to include the new function definitions.
261 *
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200262 * Uncomment a macro to enable alternate implementation of the corresponding
263 * module.
Paul Bakker90995b52013-06-24 19:20:35 +0200264 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200265//#define MBEDTLS_AES_ALT
266//#define MBEDTLS_ARC4_ALT
267//#define MBEDTLS_BLOWFISH_ALT
268//#define MBEDTLS_CAMELLIA_ALT
269//#define MBEDTLS_DES_ALT
Hanno Beckerab377312017-08-23 16:24:51 +0100270//#define MBEDTLS_RSA_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200271//#define MBEDTLS_XTEA_ALT
272//#define MBEDTLS_MD2_ALT
273//#define MBEDTLS_MD4_ALT
274//#define MBEDTLS_MD5_ALT
275//#define MBEDTLS_RIPEMD160_ALT
276//#define MBEDTLS_SHA1_ALT
277//#define MBEDTLS_SHA256_ALT
278//#define MBEDTLS_SHA512_ALT
Janos Follathb0697532016-08-18 12:38:46 +0100279/*
280 * When replacing the elliptic curve module, pleace consider, that it is
281 * implemented with two .c files:
282 * - ecp.c
283 * - ecp_curves.c
Janos Follathee782bc2016-11-07 15:41:26 +0000284 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
285 * macros as described above. The only difference is that you have to make sure
286 * that you provide functionality for both .c files.
Janos Follathb0697532016-08-18 12:38:46 +0100287 */
288//#define MBEDTLS_ECP_ALT
Paul Bakker90995b52013-06-24 19:20:35 +0200289
290/**
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100291 * \def MBEDTLS_MD2_PROCESS_ALT
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200292 *
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100293 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
294 * alternate core implementation of symmetric crypto or hash function. Keep in
295 * mind that function prototypes should remain the same.
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200296 *
297 * This replaces only one function. The header file from mbed TLS is still
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200298 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200299 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200300 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
301 * no longer provide the mbedtls_sha1_process() function, but it will still provide
302 * the other function (using your mbedtls_sha1_process() function) and the definition
303 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200304 * with this definition.
305 *
Hanno Becker649dcab2017-06-26 12:46:19 +0100306 * \note Because of a signature change, the core AES encryption and decryption routines are
307 * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
308 * respectively. When setting up alternative implementations, these functions should
309 * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
Hanno Becker1a28b012017-07-20 09:50:59 +0100310 * must stay untouched.
Hanno Becker649dcab2017-06-26 12:46:19 +0100311 *
312 * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
313 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
314 * tables.
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200315 *
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200316 * Uncomment a macro to enable alternate implementation of the corresponding
317 * function.
318 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200319//#define MBEDTLS_MD2_PROCESS_ALT
320//#define MBEDTLS_MD4_PROCESS_ALT
321//#define MBEDTLS_MD5_PROCESS_ALT
322//#define MBEDTLS_RIPEMD160_PROCESS_ALT
323//#define MBEDTLS_SHA1_PROCESS_ALT
324//#define MBEDTLS_SHA256_PROCESS_ALT
325//#define MBEDTLS_SHA512_PROCESS_ALT
Manuel Pégourié-Gonnard70a50102015-05-12 15:02:45 +0200326//#define MBEDTLS_DES_SETKEY_ALT
327//#define MBEDTLS_DES_CRYPT_ECB_ALT
328//#define MBEDTLS_DES3_CRYPT_ECB_ALT
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200329//#define MBEDTLS_AES_SETKEY_ENC_ALT
330//#define MBEDTLS_AES_SETKEY_DEC_ALT
331//#define MBEDTLS_AES_ENCRYPT_ALT
332//#define MBEDTLS_AES_DECRYPT_ALT
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200333
334/**
Janos Follathc44ab972016-11-18 16:38:23 +0000335 * \def MBEDTLS_ECP_INTERNAL_ALT
336 *
337 * Expose a part of the internal interface of the Elliptic Curve Point module.
Janos Follathb0697532016-08-18 12:38:46 +0100338 *
339 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
Janos Follath372697b2016-10-28 16:53:11 +0100340 * alternative core implementation of elliptic curve arithmetic. Keep in mind
341 * that function prototypes should remain the same.
Janos Follathb0697532016-08-18 12:38:46 +0100342 *
343 * This partially replaces one function. The header file from mbed TLS is still
344 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
345 * is still present and it is used for group structures not supported by the
346 * alternative.
347 *
Janos Follathc44ab972016-11-18 16:38:23 +0000348 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
349 * and implementing the following functions:
350 * unsigned char mbedtls_internal_ecp_grp_capable(
351 * const mbedtls_ecp_group *grp )
352 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
353 * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
354 * The mbedtls_internal_ecp_grp_capable function should return 1 if the
355 * replacement functions implement arithmetic for the given group and 0
356 * otherwise.
357 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
358 * called before and after each point operation and provide an opportunity to
359 * implement optimized set up and tear down instructions.
Janos Follathb0697532016-08-18 12:38:46 +0100360 *
Janos Follathc44ab972016-11-18 16:38:23 +0000361 * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
Janos Follath4d9c69d2016-11-01 13:27:03 +0000362 * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
Janos Follathc44ab972016-11-18 16:38:23 +0000363 * function, but will use your mbedtls_internal_ecp_double_jac if the group is
364 * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
365 * receives it as an argument). If the group is not supported then the original
Janos Follathee782bc2016-11-07 15:41:26 +0000366 * implementation is used. The other functions and the definition of
367 * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
Janos Follathc44ab972016-11-18 16:38:23 +0000368 * implementation of mbedtls_internal_ecp_double_jac and
369 * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
Janos Follathb0697532016-08-18 12:38:46 +0100370 *
371 * Uncomment a macro to enable alternate implementation of the corresponding
372 * function.
373 */
374/* Required for all the functions in this section */
Janos Follathc44ab972016-11-18 16:38:23 +0000375//#define MBEDTLS_ECP_INTERNAL_ALT
Janos Follathb0697532016-08-18 12:38:46 +0100376/* Support for Weierstrass curves with Jacobi representation */
377//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
378//#define MBEDTLS_ECP_ADD_MIXED_ALT
379//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
380//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
381//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
382/* Support for curves with Montgomery arithmetic */
383//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
384//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
385//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
386
387/**
Simon Butcherab5df402016-06-11 02:31:21 +0100388 * \def MBEDTLS_TEST_NULL_ENTROPY
Janos Follath53de7842016-06-08 15:29:18 +0100389 *
Simon Butcherab5df402016-06-11 02:31:21 +0100390 * Enables testing and use of mbed TLS without any configured entropy sources.
391 * This permits use of the library on platforms before an entropy source has
392 * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
393 * MBEDTLS_ENTROPY_NV_SEED switches).
394 *
395 * WARNING! This switch MUST be disabled in production builds, and is suitable
396 * only for development.
397 * Enabling the switch negates any security provided by the library.
Janos Follath53de7842016-06-08 15:29:18 +0100398 *
Janos Follathf93b8bc2016-06-09 13:54:15 +0100399 * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
400 *
Janos Follath53de7842016-06-08 15:29:18 +0100401 */
Simon Butcherab5df402016-06-11 02:31:21 +0100402//#define MBEDTLS_TEST_NULL_ENTROPY
Janos Follath53de7842016-06-08 15:29:18 +0100403
404/**
Manuel Pégourié-Gonnard8ba88f02015-06-22 12:14:20 +0200405 * \def MBEDTLS_ENTROPY_HARDWARE_ALT
Manuel Pégourié-Gonnard3f77dfb2015-06-19 10:06:21 +0200406 *
407 * Uncomment this macro to let mbed TLS use your own implementation of a
408 * hardware entropy collector.
409 *
410 * Your function must be called \c mbedtls_hardware_poll(), have the same
411 * prototype as declared in entropy_poll.h, and accept NULL as first argument.
412 *
413 * Uncomment to use your own hardware entropy collector.
414 */
415//#define MBEDTLS_ENTROPY_HARDWARE_ALT
416
417/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200418 * \def MBEDTLS_AES_ROM_TABLES
Paul Bakker15566e42011-04-24 21:19:15 +0000419 *
420 * Store the AES tables in ROM.
421 *
422 * Uncomment this macro to store the AES tables in ROM.
Paul Bakker15566e42011-04-24 21:19:15 +0000423 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200424//#define MBEDTLS_AES_ROM_TABLES
Paul Bakker15566e42011-04-24 21:19:15 +0000425
426/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200427 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
Manuel Pégourié-Gonnard62edcc82015-04-03 16:28:19 +0200428 *
429 * Use less ROM for the Camellia implementation (saves about 768 bytes).
430 *
431 * Uncomment this macro to use less memory for Camellia.
432 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200433//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
Manuel Pégourié-Gonnard62edcc82015-04-03 16:28:19 +0200434
435/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200436 * \def MBEDTLS_CIPHER_MODE_CBC
Manuel Pégourié-Gonnardf7dc3782013-09-13 14:10:44 +0200437 *
438 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
439 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200440#define MBEDTLS_CIPHER_MODE_CBC
Manuel Pégourié-Gonnardf7dc3782013-09-13 14:10:44 +0200441
442/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200443 * \def MBEDTLS_CIPHER_MODE_CFB
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000444 *
445 * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
446 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200447#define MBEDTLS_CIPHER_MODE_CFB
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000448
449/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200450 * \def MBEDTLS_CIPHER_MODE_CTR
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000451 *
452 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
453 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200454#define MBEDTLS_CIPHER_MODE_CTR
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000455
456/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200457 * \def MBEDTLS_CIPHER_NULL_CIPHER
Paul Bakkerfab5c822012-02-06 16:45:10 +0000458 *
459 * Enable NULL cipher.
460 * Warning: Only do so when you know what you are doing. This allows for
461 * encryption or channels without any security!
462 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200463 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
Paul Bakkerfab5c822012-02-06 16:45:10 +0000464 * the following ciphersuites:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200465 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
466 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
467 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
468 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
469 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
470 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
471 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
472 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
473 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
474 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
475 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
476 * MBEDTLS_TLS_RSA_WITH_NULL_SHA
477 * MBEDTLS_TLS_RSA_WITH_NULL_MD5
478 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
479 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
480 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
481 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
482 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
483 * MBEDTLS_TLS_PSK_WITH_NULL_SHA
Paul Bakkerfab5c822012-02-06 16:45:10 +0000484 *
485 * Uncomment this macro to enable the NULL cipher and ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000486 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200487//#define MBEDTLS_CIPHER_NULL_CIPHER
Paul Bakkerfab5c822012-02-06 16:45:10 +0000488
489/**
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100490 * \def MBEDTLS_CIPHER_PADDING_PKCS7
Paul Bakker48e93c82013-08-14 12:21:18 +0200491 *
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100492 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
493 * specific padding modes in the cipher layer with cipher modes that support
494 * padding (e.g. CBC)
Paul Bakker48e93c82013-08-14 12:21:18 +0200495 *
496 * If you disable all padding modes, only full blocks can be used with CBC.
497 *
498 * Enable padding modes in the cipher layer.
499 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200500#define MBEDTLS_CIPHER_PADDING_PKCS7
501#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
502#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
503#define MBEDTLS_CIPHER_PADDING_ZEROS
Paul Bakker48e93c82013-08-14 12:21:18 +0200504
505/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200506 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
Paul Bakkerfab5c822012-02-06 16:45:10 +0000507 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200508 * Enable weak ciphersuites in SSL / TLS.
Paul Bakkerfab5c822012-02-06 16:45:10 +0000509 * Warning: Only do so when you know what you are doing. This allows for
Paul Bakker9a736322012-11-14 12:39:52 +0000510 * channels with virtually no security at all!
Paul Bakkerfab5c822012-02-06 16:45:10 +0000511 *
512 * This enables the following ciphersuites:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200513 * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
514 * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
Paul Bakkerfab5c822012-02-06 16:45:10 +0000515 *
516 * Uncomment this macro to enable weak ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000517 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200518//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
Paul Bakkerfab5c822012-02-06 16:45:10 +0000519
520/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200521 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
Manuel Pégourié-Gonnard01edb102014-06-24 22:42:34 +0200522 *
523 * Remove RC4 ciphersuites by default in SSL / TLS.
524 * This flag removes the ciphersuites based on RC4 from the default list as
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200525 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +0200526 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
Manuel Pégourié-Gonnard01edb102014-06-24 22:42:34 +0200527 * explicitly.
528 *
529 * Uncomment this macro to remove RC4 ciphersuites by default.
530 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200531#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
Manuel Pégourié-Gonnard01edb102014-06-24 22:42:34 +0200532
533/**
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100534 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
Paul Bakker5dc6b5f2013-06-29 23:26:34 +0200535 *
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100536 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
537 * module. By default all supported curves are enabled.
Paul Bakker5dc6b5f2013-06-29 23:26:34 +0200538 *
539 * Comment macros to disable the curve and functions for it
540 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200541#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
542#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
543#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
544#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
545#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
546#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
547#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
548#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
549#define MBEDTLS_ECP_DP_BP256R1_ENABLED
550#define MBEDTLS_ECP_DP_BP384R1_ENABLED
551#define MBEDTLS_ECP_DP_BP512R1_ENABLED
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200552#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
Paul Bakker5dc6b5f2013-06-29 23:26:34 +0200553
554/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200555 * \def MBEDTLS_ECP_NIST_OPTIM
Manuel Pégourié-Gonnardc04c5302013-10-23 16:11:52 +0200556 *
557 * Enable specific 'modulo p' routines for each NIST prime.
558 * Depending on the prime and architecture, makes operations 4 to 8 times
559 * faster on the corresponding curve.
560 *
561 * Comment this macro to disable NIST curves optimisation.
562 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200563#define MBEDTLS_ECP_NIST_OPTIM
Manuel Pégourié-Gonnardc04c5302013-10-23 16:11:52 +0200564
565/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200566 * \def MBEDTLS_ECDSA_DETERMINISTIC
Manuel Pégourié-Gonnard461d4162014-01-06 10:16:28 +0100567 *
568 * Enable deterministic ECDSA (RFC 6979).
569 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
570 * may result in a compromise of the long-term signing key. This is avoided by
571 * the deterministic variant.
572 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200573 * Requires: MBEDTLS_HMAC_DRBG_C
Manuel Pégourié-Gonnard5b1a5732014-01-07 16:46:17 +0100574 *
Manuel Pégourié-Gonnard461d4162014-01-06 10:16:28 +0100575 * Comment this macro to disable deterministic ECDSA.
576 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200577#define MBEDTLS_ECDSA_DETERMINISTIC
Manuel Pégourié-Gonnard461d4162014-01-06 10:16:28 +0100578
579/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200580 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200581 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200582 * Enable the PSK based ciphersuite modes in SSL / TLS.
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200583 *
Paul Bakkere07f41d2013-04-19 09:08:57 +0200584 * This enables the following ciphersuites (if other requisites are
585 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200586 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
587 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
588 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
589 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
590 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
591 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
592 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
593 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
594 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
595 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
596 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
597 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200598 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200599#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200600
601/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200602 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200603 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200604 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200605 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200606 * Requires: MBEDTLS_DHM_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200607 *
608 * This enables the following ciphersuites (if other requisites are
609 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200610 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
611 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
612 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
613 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
614 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
615 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
616 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
617 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
618 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
619 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
620 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
621 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
Paul Bakkere07f41d2013-04-19 09:08:57 +0200622 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200623#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200624
625/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200626 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
Manuel Pégourié-Gonnard3ce3bbd2013-10-11 16:53:50 +0200627 *
628 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
629 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200630 * Requires: MBEDTLS_ECDH_C
Manuel Pégourié-Gonnard3ce3bbd2013-10-11 16:53:50 +0200631 *
632 * This enables the following ciphersuites (if other requisites are
633 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200634 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
635 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
636 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
637 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
638 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
639 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
640 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
641 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
Manuel Pégourié-Gonnard3ce3bbd2013-10-11 16:53:50 +0200642 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200643#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
Manuel Pégourié-Gonnard3ce3bbd2013-10-11 16:53:50 +0200644
645/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200646 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200647 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200648 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
Manuel Pégourié-Gonnard0fae60b2013-10-14 17:39:48 +0200649 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200650 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
651 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200652 *
653 * This enables the following ciphersuites (if other requisites are
654 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200655 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
656 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
657 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
658 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
659 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
660 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
661 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
662 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
663 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
664 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
665 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
666 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
Paul Bakkere07f41d2013-04-19 09:08:57 +0200667 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200668#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200669
670/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200671 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200672 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200673 * Enable the RSA-only based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200674 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200675 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
676 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200677 *
678 * This enables the following ciphersuites (if other requisites are
679 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200680 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
681 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
682 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
683 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
684 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
685 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
686 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
687 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
688 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
689 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
690 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
691 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
692 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
693 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
694 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
Paul Bakkere07f41d2013-04-19 09:08:57 +0200695 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200696#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200697
698/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200699 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200700 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200701 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200702 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200703 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
704 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200705 *
706 * This enables the following ciphersuites (if other requisites are
707 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200708 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
709 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
710 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
711 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
712 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
713 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
714 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
715 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
716 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
717 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
718 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
719 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
720 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Paul Bakkere07f41d2013-04-19 09:08:57 +0200721 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200722#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200723
724/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200725 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200726 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200727 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200728 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200729 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
730 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200731 *
732 * This enables the following ciphersuites (if other requisites are
733 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200734 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
735 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
736 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
737 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
738 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
739 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
740 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
741 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
742 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
743 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
744 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
745 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
Paul Bakkere07f41d2013-04-19 09:08:57 +0200746 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200747#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200748
749/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200750 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200751 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200752 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200753 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200754 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200755 *
756 * This enables the following ciphersuites (if other requisites are
757 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200758 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
759 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
760 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
761 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
762 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
763 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
764 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
765 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
766 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
767 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
768 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
769 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200770 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200771#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200772
773/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200774 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100775 *
776 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
777 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200778 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100779 *
780 * This enables the following ciphersuites (if other requisites are
781 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200782 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
783 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
784 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
785 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
786 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
787 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
788 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
789 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
790 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
791 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
792 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
793 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100794 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200795#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100796
797/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200798 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100799 *
800 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
801 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200802 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100803 *
804 * This enables the following ciphersuites (if other requisites are
805 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200806 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
807 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
808 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
809 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
810 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
811 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
812 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
813 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
814 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
815 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
816 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
817 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100818 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200819#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100820
821/**
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200822 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
823 *
824 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
825 *
Manuel Pégourié-Gonnard75df9022015-09-16 23:21:01 +0200826 * \warning This is currently experimental. EC J-PAKE support is based on the
827 * Thread v1.0.0 specification; incompatible changes to the specification
828 * might still happen. For this reason, this is disabled by default.
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200829 *
830 * Requires: MBEDTLS_ECJPAKE_C
831 * MBEDTLS_SHA256_C
832 * MBEDTLS_ECP_DP_SECP256R1_ENABLED
833 *
834 * This enables the following ciphersuites (if other requisites are
835 * enabled as well):
836 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
837 */
Manuel Pégourié-Gonnardcf828932015-10-20 14:57:00 +0200838//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200839
840/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200841 * \def MBEDTLS_PK_PARSE_EC_EXTENDED
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100842 *
843 * Enhance support for reading EC keys using variants of SEC1 not allowed by
844 * RFC 5915 and RFC 5480.
845 *
846 * Currently this means parsing the SpecifiedECDomain choice of EC
847 * parameters (only known groups are supported, not arbitrary domains, to
848 * avoid validation issues).
849 *
850 * Disable if you only need to support RFC 5915 + 5480 key formats.
851 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200852#define MBEDTLS_PK_PARSE_EC_EXTENDED
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100853
854/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200855 * \def MBEDTLS_ERROR_STRERROR_DUMMY
Paul Bakker8fe40dc2013-02-02 12:43:08 +0100856 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200857 * Enable a dummy error function to make use of mbedtls_strerror() in
858 * third party libraries easier when MBEDTLS_ERROR_C is disabled
859 * (no effect when MBEDTLS_ERROR_C is enabled).
Manuel Pégourié-Gonnarddc16aa72014-06-25 12:55:12 +0200860 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200861 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
862 * not using mbedtls_strerror() or error_strerror() in your application.
Paul Bakker8fe40dc2013-02-02 12:43:08 +0100863 *
864 * Disable if you run into name conflicts and want to really remove the
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200865 * mbedtls_strerror()
Paul Bakker8fe40dc2013-02-02 12:43:08 +0100866 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200867#define MBEDTLS_ERROR_STRERROR_DUMMY
Paul Bakker8fe40dc2013-02-02 12:43:08 +0100868
869/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200870 * \def MBEDTLS_GENPRIME
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000871 *
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +0200872 * Enable the prime-number generation code.
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200873 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200874 * Requires: MBEDTLS_BIGNUM_C
Paul Bakker5121ce52009-01-03 21:22:43 +0000875 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200876#define MBEDTLS_GENPRIME
Paul Bakker5121ce52009-01-03 21:22:43 +0000877
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000878/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200879 * \def MBEDTLS_FS_IO
Paul Bakker335db3f2011-04-25 15:28:35 +0000880 *
881 * Enable functions that use the filesystem.
882 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200883#define MBEDTLS_FS_IO
Paul Bakker335db3f2011-04-25 15:28:35 +0000884
885/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200886 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
Paul Bakker43655f42011-12-15 20:11:16 +0000887 *
888 * Do not add default entropy sources. These are the platform specific,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200889 * mbedtls_timing_hardclock and HAVEGE based poll functions.
Paul Bakker43655f42011-12-15 20:11:16 +0000890 *
Shuo Chen95a0d112014-04-04 21:04:40 -0700891 * This is useful to have more control over the added entropy sources in an
Paul Bakker43655f42011-12-15 20:11:16 +0000892 * application.
893 *
894 * Uncomment this macro to prevent loading of default entropy functions.
Paul Bakker43655f42011-12-15 20:11:16 +0000895 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200896//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
Paul Bakker43655f42011-12-15 20:11:16 +0000897
898/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200899 * \def MBEDTLS_NO_PLATFORM_ENTROPY
Paul Bakker6083fd22011-12-03 21:45:14 +0000900 *
901 * Do not use built-in platform entropy functions.
902 * This is useful if your platform does not support
903 * standards like the /dev/urandom or Windows CryptoAPI.
904 *
905 * Uncomment this macro to disable the built-in platform entropy functions.
Paul Bakker6083fd22011-12-03 21:45:14 +0000906 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200907//#define MBEDTLS_NO_PLATFORM_ENTROPY
Paul Bakker6083fd22011-12-03 21:45:14 +0000908
909/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200910 * \def MBEDTLS_ENTROPY_FORCE_SHA256
Paul Bakker2ceda572014-02-06 15:55:25 +0100911 *
912 * Force the entropy accumulator to use a SHA-256 accumulator instead of the
913 * default SHA-512 based one (if both are available).
914 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200915 * Requires: MBEDTLS_SHA256_C
Paul Bakker2ceda572014-02-06 15:55:25 +0100916 *
917 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
918 * if you have performance concerns.
919 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200920 * This option is only useful if both MBEDTLS_SHA256_C and
921 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
Paul Bakker2ceda572014-02-06 15:55:25 +0100922 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200923//#define MBEDTLS_ENTROPY_FORCE_SHA256
Paul Bakker2ceda572014-02-06 15:55:25 +0100924
925/**
Paul Bakkercf0a9f92016-06-01 11:25:44 +0100926 * \def MBEDTLS_ENTROPY_NV_SEED
927 *
928 * Enable the non-volatile (NV) seed file-based entropy source.
929 * (Also enables the NV seed read/write functions in the platform layer)
930 *
931 * This is crucial (if not required) on systems that do not have a
932 * cryptographic entropy source (in hardware or kernel) available.
933 *
934 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
935 *
Paul Bakker71a597a2016-06-07 10:59:03 +0100936 * \note The read/write functions that are used by the entropy source are
937 * determined in the platform layer, and can be modified at runtime and/or
938 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
939 *
940 * \note If you use the default implementation functions that read a seedfile
Paul Bakkercf0a9f92016-06-01 11:25:44 +0100941 * with regular fopen(), please make sure you make a seedfile with the
942 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
943 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
Paul Bakker71a597a2016-06-07 10:59:03 +0100944 * and written to or you will get an entropy source error! The default
945 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
946 * bytes from the file.
947 *
948 * \note The entropy collector will write to the seed file before entropy is
949 * given to an external source, to update it.
Paul Bakkercf0a9f92016-06-01 11:25:44 +0100950 */
951//#define MBEDTLS_ENTROPY_NV_SEED
952
953/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200954 * \def MBEDTLS_MEMORY_DEBUG
Paul Bakker6e339b52013-07-03 13:37:05 +0200955 *
956 * Enable debugging of buffer allocator memory issues. Automatically prints
957 * (to stderr) all (fatal) messages on memory allocation issues. Enables
958 * function for 'debug output' of allocated memory.
959 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200960 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
Paul Bakker6e339b52013-07-03 13:37:05 +0200961 *
962 * Uncomment this macro to let the buffer allocator print out error messages.
Paul Bakkera7ea6a52013-10-15 11:55:10 +0200963 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200964//#define MBEDTLS_MEMORY_DEBUG
Paul Bakker6e339b52013-07-03 13:37:05 +0200965
966/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200967 * \def MBEDTLS_MEMORY_BACKTRACE
Paul Bakker6e339b52013-07-03 13:37:05 +0200968 *
969 * Include backtrace information with each allocated block.
970 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200971 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
Paul Bakker6e339b52013-07-03 13:37:05 +0200972 * GLIBC-compatible backtrace() an backtrace_symbols() support
973 *
974 * Uncomment this macro to include backtrace information
Paul Bakker6e339b52013-07-03 13:37:05 +0200975 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200976//#define MBEDTLS_MEMORY_BACKTRACE
Paul Bakker6e339b52013-07-03 13:37:05 +0200977
978/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200979 * \def MBEDTLS_PK_RSA_ALT_SUPPORT
Manuel Pégourié-Gonnard348bcb32015-03-31 14:01:33 +0200980 *
981 * Support external private RSA keys (eg from a HSM) in the PK layer.
982 *
983 * Comment this macro to disable support for external private RSA keys.
984 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200985#define MBEDTLS_PK_RSA_ALT_SUPPORT
Manuel Pégourié-Gonnard348bcb32015-03-31 14:01:33 +0200986
987/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200988 * \def MBEDTLS_PKCS1_V15
Paul Bakker48377d92013-08-30 12:06:24 +0200989 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200990 * Enable support for PKCS#1 v1.5 encoding.
991 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200992 * Requires: MBEDTLS_RSA_C
Paul Bakker48377d92013-08-30 12:06:24 +0200993 *
Paul Bakker48377d92013-08-30 12:06:24 +0200994 * This enables support for PKCS#1 v1.5 operations.
995 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200996#define MBEDTLS_PKCS1_V15
Paul Bakker48377d92013-08-30 12:06:24 +0200997
998/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200999 * \def MBEDTLS_PKCS1_V21
Paul Bakker9dcc3222011-03-08 14:16:06 +00001000 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001001 * Enable support for PKCS#1 v2.1 encoding.
1002 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001003 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
Paul Bakker5690efc2011-05-26 13:16:06 +00001004 *
Paul Bakker9dcc3222011-03-08 14:16:06 +00001005 * This enables support for RSAES-OAEP and RSASSA-PSS operations.
1006 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001007#define MBEDTLS_PKCS1_V21
Paul Bakker9dcc3222011-03-08 14:16:06 +00001008
1009/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001010 * \def MBEDTLS_RSA_NO_CRT
Paul Bakker0216cc12011-03-26 13:40:23 +00001011 *
1012 * Do not use the Chinese Remainder Theorem for the RSA private operation.
1013 *
1014 * Uncomment this macro to disable the use of CRT in RSA.
1015 *
Paul Bakker0216cc12011-03-26 13:40:23 +00001016 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001017//#define MBEDTLS_RSA_NO_CRT
Paul Bakker15566e42011-04-24 21:19:15 +00001018
1019/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001020 * \def MBEDTLS_SELF_TEST
Paul Bakker15566e42011-04-24 21:19:15 +00001021 *
1022 * Enable the checkup functions (*_self_test).
1023 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001024#define MBEDTLS_SELF_TEST
Paul Bakker5c721f92011-07-27 16:51:09 +00001025
1026/**
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +02001027 * \def MBEDTLS_SHA256_SMALLER
1028 *
1029 * Enable an implementation of SHA-256 that has lower ROM footprint but also
1030 * lower performance.
1031 *
1032 * The default implementation is meant to be a reasonnable compromise between
1033 * performance and size. This version optimizes more aggressively for size at
1034 * the expense of performance. Eg on Cortex-M4 it reduces the size of
1035 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
1036 * 30%.
1037 *
1038 * Uncomment to enable the smaller implementation of SHA256.
1039 */
1040//#define MBEDTLS_SHA256_SMALLER
1041
1042/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001043 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
Paul Bakker40865c82013-01-31 17:13:13 +01001044 *
1045 * Enable sending of alert messages in case of encountered errors as per RFC.
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +00001046 * If you choose not to send the alert messages, mbed TLS can still communicate
Paul Bakker40865c82013-01-31 17:13:13 +01001047 * with other servers, only debugging of failures is harder.
1048 *
1049 * The advantage of not sending alert messages, is that no information is given
1050 * about reasons for failures thus preventing adversaries of gaining intel.
1051 *
1052 * Enable sending of all alert messages
1053 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001054#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
Paul Bakker40865c82013-01-31 17:13:13 +01001055
1056/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001057 * \def MBEDTLS_SSL_DEBUG_ALL
Paul Bakkerd66f0702013-01-31 16:57:45 +01001058 *
1059 * Enable the debug messages in SSL module for all issues.
1060 * Debug messages have been disabled in some places to prevent timing
1061 * attacks due to (unbalanced) debugging function calls.
1062 *
1063 * If you need all error reporting you should enable this during debugging,
1064 * but remove this for production servers that should log as well.
1065 *
1066 * Uncomment this macro to report all debug messages on errors introducing
1067 * a timing side-channel.
1068 *
Paul Bakkerd66f0702013-01-31 16:57:45 +01001069 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001070//#define MBEDTLS_SSL_DEBUG_ALL
Paul Bakkerd66f0702013-01-31 16:57:45 +01001071
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001072/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01001073 *
1074 * Enable support for Encrypt-then-MAC, RFC 7366.
1075 *
1076 * This allows peers that both support it to use a more robust protection for
1077 * ciphersuites using CBC, providing deep resistance against timing attacks
1078 * on the padding or underlying cipher.
1079 *
1080 * This only affects CBC ciphersuites, and is useless if none is defined.
1081 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001082 * Requires: MBEDTLS_SSL_PROTO_TLS1 or
1083 * MBEDTLS_SSL_PROTO_TLS1_1 or
1084 * MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01001085 *
1086 * Comment this macro to disable support for Encrypt-then-MAC
1087 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001088#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01001089
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001090/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001091 *
1092 * Enable support for Extended Master Secret, aka Session Hash
1093 * (draft-ietf-tls-session-hash-02).
1094 *
1095 * This was introduced as "the proper fix" to the Triple Handshake familiy of
1096 * attacks, but it is recommended to always use it (even if you disable
1097 * renegotiation), since it actually fixes a more fundamental issue in the
1098 * original SSL/TLS design, and has implications beyond Triple Handshake.
1099 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001100 * Requires: MBEDTLS_SSL_PROTO_TLS1 or
1101 * MBEDTLS_SSL_PROTO_TLS1_1 or
1102 * MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard769c6b62014-10-28 14:13:55 +01001103 *
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001104 * Comment this macro to disable support for Extended Master Secret.
1105 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001106#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001107
Paul Bakkerd66f0702013-01-31 16:57:45 +01001108/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001109 * \def MBEDTLS_SSL_FALLBACK_SCSV
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +02001110 *
1111 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
1112 *
1113 * For servers, it is recommended to always enable this, unless you support
1114 * only one version of TLS, or know for sure that none of your clients
1115 * implements a fallback strategy.
1116 *
1117 * For clients, you only need this if you're using a fallback strategy, which
1118 * is not recommended in the first place, unless you absolutely need it to
1119 * interoperate with buggy (version-intolerant) servers.
1120 *
1121 * Comment this macro to disable support for FALLBACK_SCSV
1122 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001123#define MBEDTLS_SSL_FALLBACK_SCSV
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +02001124
1125/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001126 * \def MBEDTLS_SSL_HW_RECORD_ACCEL
Paul Bakker05ef8352012-05-08 09:17:57 +00001127 *
1128 * Enable hooking functions in SSL module for hardware acceleration of
1129 * individual records.
1130 *
1131 * Uncomment this macro to enable hooking functions.
Paul Bakker05ef8352012-05-08 09:17:57 +00001132 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001133//#define MBEDTLS_SSL_HW_RECORD_ACCEL
Paul Bakker05ef8352012-05-08 09:17:57 +00001134
1135/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001136 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
Manuel Pégourié-Gonnardd76314c2015-01-07 12:39:44 +01001137 *
1138 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
1139 *
1140 * This is a countermeasure to the BEAST attack, which also minimizes the risk
1141 * of interoperability issues compared to sending 0-length records.
1142 *
1143 * Comment this macro to disable 1/n-1 record splitting.
1144 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001145#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
Manuel Pégourié-Gonnardd76314c2015-01-07 12:39:44 +01001146
1147/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001148 * \def MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001149 *
Manuel Pégourié-Gonnard03717042014-11-04 19:52:10 +01001150 * Disable support for TLS renegotiation.
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001151 *
1152 * The two main uses of renegotiation are (1) refresh keys on long-lived
1153 * connections and (2) client authentication after the initial handshake.
1154 * If you don't need renegotiation, it's probably better to disable it, since
1155 * it has been associated with security issues in the past and is easy to
1156 * misuse/misunderstand.
Manuel Pégourié-Gonnard03717042014-11-04 19:52:10 +01001157 *
Manuel Pégourié-Gonnard55f968b2015-03-09 16:23:15 +00001158 * Comment this to disable support for renegotiation.
Hanno Becker6851b102017-10-12 14:57:48 +01001159 *
1160 * \note Even if this option is disabled, both client and server are aware
1161 * of the Renegotiation Indication Extension (RFC 5746) used to
1162 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
1163 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
1164 * configuration of this extension).
1165 *
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001166 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001167#define MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001168
1169/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001170 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
Paul Bakker78a8c712013-03-06 17:01:52 +01001171 *
1172 * Enable support for receiving and parsing SSLv2 Client Hello messages for the
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001173 * SSL Server module (MBEDTLS_SSL_SRV_C).
Paul Bakker78a8c712013-03-06 17:01:52 +01001174 *
Manuel Pégourié-Gonnard265dd5c2015-03-10 13:48:34 +00001175 * Uncomment this macro to enable support for SSLv2 Client Hello messages.
Paul Bakker78a8c712013-03-06 17:01:52 +01001176 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001177//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
Paul Bakker78a8c712013-03-06 17:01:52 +01001178
1179/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001180 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
Manuel Pégourié-Gonnard1a9f2c72013-11-30 18:30:06 +01001181 *
1182 * Pick the ciphersuite according to the client's preferences rather than ours
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001183 * in the SSL Server module (MBEDTLS_SSL_SRV_C).
Manuel Pégourié-Gonnard1a9f2c72013-11-30 18:30:06 +01001184 *
1185 * Uncomment this macro to respect client's ciphersuite order
1186 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001187//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
Manuel Pégourié-Gonnard1a9f2c72013-11-30 18:30:06 +01001188
1189/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001190 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakker05decb22013-08-15 13:33:48 +02001191 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001192 * Enable support for RFC 6066 max_fragment_length extension in SSL.
Paul Bakker05decb22013-08-15 13:33:48 +02001193 *
1194 * Comment this macro to disable support for the max_fragment_length extension
1195 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001196#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakker05decb22013-08-15 13:33:48 +02001197
1198/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001199 * \def MBEDTLS_SSL_PROTO_SSL3
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001200 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001201 * Enable support for SSL 3.0.
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001202 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001203 * Requires: MBEDTLS_MD5_C
1204 * MBEDTLS_SHA1_C
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001205 *
1206 * Comment this macro to disable support for SSL 3.0
1207 */
Janos Follathe2681a42016-03-07 15:57:05 +00001208//#define MBEDTLS_SSL_PROTO_SSL3
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001209
1210/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001211 * \def MBEDTLS_SSL_PROTO_TLS1
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001212 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001213 * Enable support for TLS 1.0.
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001214 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001215 * Requires: MBEDTLS_MD5_C
1216 * MBEDTLS_SHA1_C
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001217 *
1218 * Comment this macro to disable support for TLS 1.0
1219 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001220#define MBEDTLS_SSL_PROTO_TLS1
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001221
1222/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001223 * \def MBEDTLS_SSL_PROTO_TLS1_1
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001224 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001225 * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001226 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001227 * Requires: MBEDTLS_MD5_C
1228 * MBEDTLS_SHA1_C
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001229 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001230 * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001231 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001232#define MBEDTLS_SSL_PROTO_TLS1_1
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001233
1234/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001235 * \def MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001236 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001237 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001238 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001239 * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001240 * (Depends on ciphersuites)
1241 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001242 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001243 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001244#define MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001245
1246/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001247 * \def MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001248 *
1249 * Enable support for DTLS (all available versions).
1250 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001251 * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
1252 * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001253 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001254 * Requires: MBEDTLS_SSL_PROTO_TLS1_1
1255 * or MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001256 *
1257 * Comment this macro to disable support for DTLS
1258 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001259#define MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001260
1261/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001262 * \def MBEDTLS_SSL_ALPN
Manuel Pégourié-Gonnard7e250d42014-04-04 16:08:41 +02001263 *
Manuel Pégourié-Gonnard6b298e62014-11-20 18:28:50 +01001264 * Enable support for RFC 7301 Application Layer Protocol Negotiation.
Manuel Pégourié-Gonnard7e250d42014-04-04 16:08:41 +02001265 *
Paul Bakker27e36d32014-04-08 12:33:37 +02001266 * Comment this macro to disable support for ALPN.
Manuel Pégourié-Gonnard7e250d42014-04-04 16:08:41 +02001267 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001268#define MBEDTLS_SSL_ALPN
Manuel Pégourié-Gonnard7e250d42014-04-04 16:08:41 +02001269
1270/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001271 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +02001272 *
1273 * Enable support for the anti-replay mechanism in DTLS.
1274 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001275 * Requires: MBEDTLS_SSL_TLS_C
1276 * MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +02001277 *
Manuel Pégourié-Gonnarda6fcffe2014-10-13 18:15:52 +02001278 * \warning Disabling this is often a security risk!
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +02001279 * See mbedtls_ssl_conf_dtls_anti_replay() for details.
Manuel Pégourié-Gonnarda6fcffe2014-10-13 18:15:52 +02001280 *
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +02001281 * Comment this to disable anti-replay in DTLS.
1282 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001283#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +02001284
1285/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001286 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
Manuel Pégourié-Gonnard82202f02014-07-23 00:28:58 +02001287 *
1288 * Enable support for HelloVerifyRequest on DTLS servers.
1289 *
1290 * This feature is highly recommended to prevent DTLS servers being used as
1291 * amplifiers in DoS attacks against other hosts. It should always be enabled
1292 * unless you know for sure amplification cannot be a problem in the
1293 * environment in which your server operates.
1294 *
Manuel Pégourié-Gonnarda6fcffe2014-10-13 18:15:52 +02001295 * \warning Disabling this can ba a security risk! (see above)
1296 *
Manuel Pégourié-Gonnarde057d3b2015-05-20 10:59:43 +02001297 * Requires: MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard82202f02014-07-23 00:28:58 +02001298 *
1299 * Comment this to disable support for HelloVerifyRequest.
1300 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001301#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
Manuel Pégourié-Gonnard82202f02014-07-23 00:28:58 +02001302
1303/**
Manuel Pégourié-Gonnard26d227d2015-09-04 10:53:25 +02001304 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1305 *
1306 * Enable server-side support for clients that reconnect from the same port.
1307 *
1308 * Some clients unexpectedly close the connection and try to reconnect using the
1309 * same source port. This needs special support from the server to handle the
Simon Butcher4f6882a2015-09-11 17:12:46 +01001310 * new connection securely, as described in section 4.2.8 of RFC 6347. This
Manuel Pégourié-Gonnard26d227d2015-09-04 10:53:25 +02001311 * flag enables that support.
1312 *
Manuel Pégourié-Gonnard62c74bb2015-09-08 17:50:29 +02001313 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
Manuel Pégourié-Gonnard62c74bb2015-09-08 17:50:29 +02001314 *
Manuel Pégourié-Gonnard26d227d2015-09-04 10:53:25 +02001315 * Comment this to disable support for clients reusing the source port.
1316 */
1317#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1318
1319/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001320 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
Manuel Pégourié-Gonnardb0643d12014-10-14 18:30:36 +02001321 *
1322 * Enable support for a limit of records with bad MAC.
1323 *
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +02001324 * See mbedtls_ssl_conf_dtls_badmac_limit().
Manuel Pégourié-Gonnardb0643d12014-10-14 18:30:36 +02001325 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001326 * Requires: MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnardb0643d12014-10-14 18:30:36 +02001327 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001328#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
Manuel Pégourié-Gonnardb0643d12014-10-14 18:30:36 +02001329
1330/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001331 * \def MBEDTLS_SSL_SESSION_TICKETS
Paul Bakkera503a632013-08-14 13:48:06 +02001332 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001333 * Enable support for RFC 5077 session tickets in SSL.
Manuel Pégourié-Gonnard0c0f11f2015-05-20 09:55:50 +02001334 * Client-side, provides full support for session tickets (maintainance of a
1335 * session store remains the responsibility of the application, though).
1336 * Server-side, you also need to provide callbacks for writing and parsing
1337 * tickets, including authenticated encryption and key management. Example
1338 * callbacks are provided by MBEDTLS_SSL_TICKET_C.
Paul Bakkera503a632013-08-14 13:48:06 +02001339 *
1340 * Comment this macro to disable support for SSL session tickets
1341 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001342#define MBEDTLS_SSL_SESSION_TICKETS
Paul Bakkera503a632013-08-14 13:48:06 +02001343
1344/**
Robert Cragie4feb7ae2015-10-02 13:33:37 +01001345 * \def MBEDTLS_SSL_EXPORT_KEYS
1346 *
Manuel Pégourié-Gonnard024b6df2015-10-19 13:52:53 +02001347 * Enable support for exporting key block and master secret.
Robert Cragie4feb7ae2015-10-02 13:33:37 +01001348 * This is required for certain users of TLS, e.g. EAP-TLS.
1349 *
1350 * Comment this macro to disable support for key export
1351 */
1352#define MBEDTLS_SSL_EXPORT_KEYS
1353
1354/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001355 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
Paul Bakker0be444a2013-08-27 21:55:01 +02001356 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001357 * Enable support for RFC 6066 server name indication (SNI) in SSL.
Paul Bakker0be444a2013-08-27 21:55:01 +02001358 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001359 * Requires: MBEDTLS_X509_CRT_PARSE_C
Manuel Pégourié-Gonnardbbbb3cf2015-01-28 16:44:37 +00001360 *
Paul Bakker0be444a2013-08-27 21:55:01 +02001361 * Comment this macro to disable support for server name indication in SSL
1362 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001363#define MBEDTLS_SSL_SERVER_NAME_INDICATION
Paul Bakker0be444a2013-08-27 21:55:01 +02001364
1365/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001366 * \def MBEDTLS_SSL_TRUNCATED_HMAC
Paul Bakker1f2bc622013-08-15 13:45:55 +02001367 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001368 * Enable support for RFC 6066 truncated HMAC in SSL.
Paul Bakker1f2bc622013-08-15 13:45:55 +02001369 *
1370 * Comment this macro to disable support for truncated HMAC in SSL
1371 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001372#define MBEDTLS_SSL_TRUNCATED_HMAC
Paul Bakker1f2bc622013-08-15 13:45:55 +02001373
1374/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001375 * \def MBEDTLS_THREADING_ALT
Paul Bakker2466d932013-09-28 14:40:38 +02001376 *
1377 * Provide your own alternate threading implementation.
1378 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001379 * Requires: MBEDTLS_THREADING_C
Paul Bakker2466d932013-09-28 14:40:38 +02001380 *
1381 * Uncomment this to allow your own alternate threading implementation.
Paul Bakker2466d932013-09-28 14:40:38 +02001382 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001383//#define MBEDTLS_THREADING_ALT
Paul Bakker2466d932013-09-28 14:40:38 +02001384
1385/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001386 * \def MBEDTLS_THREADING_PTHREAD
Paul Bakker2466d932013-09-28 14:40:38 +02001387 *
1388 * Enable the pthread wrapper layer for the threading layer.
1389 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001390 * Requires: MBEDTLS_THREADING_C
Paul Bakker2466d932013-09-28 14:40:38 +02001391 *
1392 * Uncomment this to enable pthread mutexes.
Paul Bakker2466d932013-09-28 14:40:38 +02001393 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001394//#define MBEDTLS_THREADING_PTHREAD
Paul Bakker2466d932013-09-28 14:40:38 +02001395
1396/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001397 * \def MBEDTLS_VERSION_FEATURES
Paul Bakker0f90d7d2014-04-30 11:49:44 +02001398 *
1399 * Allow run-time checking of compile-time enabled features. Thus allowing users
1400 * to check at run-time if the library is for instance compiled with threading
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001401 * support via mbedtls_version_check_feature().
Paul Bakker0f90d7d2014-04-30 11:49:44 +02001402 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001403 * Requires: MBEDTLS_VERSION_C
Paul Bakker0f90d7d2014-04-30 11:49:44 +02001404 *
1405 * Comment this to disable run-time checking and save ROM space
1406 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001407#define MBEDTLS_VERSION_FEATURES
Paul Bakker0f90d7d2014-04-30 11:49:44 +02001408
1409/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001410 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
Paul Bakkerc27c4e22013-09-23 15:01:36 +02001411 *
1412 * If set, the X509 parser will not break-off when parsing an X509 certificate
1413 * and encountering an extension in a v1 or v2 certificate.
1414 *
1415 * Uncomment to prevent an error.
Paul Bakkerc27c4e22013-09-23 15:01:36 +02001416 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001417//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
Paul Bakkerc27c4e22013-09-23 15:01:36 +02001418
1419/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001420 * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
Paul Bakker5c721f92011-07-27 16:51:09 +00001421 *
1422 * If set, the X509 parser will not break-off when parsing an X509 certificate
1423 * and encountering an unknown critical extension.
1424 *
Manuel Pégourié-Gonnardcb6af002015-10-05 12:12:39 +01001425 * \warning Depending on your PKI use, enabling this can be a security risk!
1426 *
Paul Bakker5c721f92011-07-27 16:51:09 +00001427 * Uncomment to prevent an error.
Paul Bakker5c721f92011-07-27 16:51:09 +00001428 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001429//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
Paul Bakker2770fbd2012-07-03 13:30:23 +00001430
1431/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001432 * \def MBEDTLS_X509_CHECK_KEY_USAGE
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +02001433 *
1434 * Enable verification of the keyUsage extension (CA and leaf certificates).
1435 *
1436 * Disabling this avoids problems with mis-issued and/or misused
1437 * (intermediate) CA and leaf certificates.
1438 *
1439 * \warning Depending on your PKI use, disabling this can be a security risk!
1440 *
1441 * Comment to skip keyUsage checking for both CA and leaf certificates.
1442 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001443#define MBEDTLS_X509_CHECK_KEY_USAGE
Manuel Pégourié-Gonnard603116c2014-04-09 09:50:03 +02001444
1445/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001446 * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +02001447 *
1448 * Enable verification of the extendedKeyUsage extension (leaf certificates).
1449 *
1450 * Disabling this avoids problems with mis-issued and/or misused certificates.
1451 *
1452 * \warning Depending on your PKI use, disabling this can be a security risk!
1453 *
1454 * Comment to skip extendedKeyUsage checking for certificates.
1455 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001456#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
Manuel Pégourié-Gonnard7afb8a02014-04-10 17:53:56 +02001457
1458/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001459 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
Manuel Pégourié-Gonnardd1539b12014-06-06 16:42:37 +02001460 *
1461 * Enable parsing and verification of X.509 certificates, CRLs and CSRS
1462 * signed with RSASSA-PSS (aka PKCS#1 v2.1).
1463 *
1464 * Comment this macro to disallow using RSASSA-PSS in certificates.
1465 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001466#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
Manuel Pégourié-Gonnardd1539b12014-06-06 16:42:37 +02001467
1468/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001469 * \def MBEDTLS_ZLIB_SUPPORT
Paul Bakker2770fbd2012-07-03 13:30:23 +00001470 *
1471 * If set, the SSL/TLS module uses ZLIB to support compression and
1472 * decompression of packet data.
1473 *
Manuel Pégourié-Gonnardbb4dd372014-03-11 10:30:38 +01001474 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
1475 * CRIME attack. Before enabling this option, you should examine with care if
1476 * CRIME or similar exploits may be a applicable to your use case.
1477 *
Manuel Pégourié-Gonnard7c3b4ab2015-07-02 17:59:52 +02001478 * \note Currently compression can't be used with DTLS.
Manuel Pégourié-Gonnarda0e16322014-07-14 17:38:41 +02001479 *
Paul Bakker2770fbd2012-07-03 13:30:23 +00001480 * Used in: library/ssl_tls.c
1481 * library/ssl_cli.c
1482 * library/ssl_srv.c
1483 *
1484 * This feature requires zlib library and headers to be present.
1485 *
1486 * Uncomment to enable use of ZLIB
Paul Bakker2770fbd2012-07-03 13:30:23 +00001487 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001488//#define MBEDTLS_ZLIB_SUPPORT
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +00001489/* \} name SECTION: mbed TLS feature support */
Paul Bakker0a62cd12011-01-21 11:00:08 +00001490
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001491/**
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +00001492 * \name SECTION: mbed TLS modules
Paul Bakker0a62cd12011-01-21 11:00:08 +00001493 *
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +00001494 * This section enables or disables entire modules in mbed TLS
Paul Bakker0a62cd12011-01-21 11:00:08 +00001495 * \{
1496 */
Paul Bakker5121ce52009-01-03 21:22:43 +00001497
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001498/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001499 * \def MBEDTLS_AESNI_C
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01001500 *
1501 * Enable AES-NI support on x86-64.
1502 *
1503 * Module: library/aesni.c
1504 * Caller: library/aes.c
1505 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001506 * Requires: MBEDTLS_HAVE_ASM
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01001507 *
1508 * This modules adds support for the AES-NI instructions on x86-64
1509 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001510#define MBEDTLS_AESNI_C
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01001511
1512/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001513 * \def MBEDTLS_AES_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001514 *
1515 * Enable the AES block cipher.
1516 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001517 * Module: library/aes.c
1518 * Caller: library/ssl_tls.c
Paul Bakker96743fc2011-02-12 14:30:57 +00001519 * library/pem.c
Paul Bakker6083fd22011-12-03 21:45:14 +00001520 * library/ctr_drbg.c
Paul Bakker5121ce52009-01-03 21:22:43 +00001521 *
Paul Bakker645ce3a2012-10-31 12:32:41 +00001522 * This module enables the following ciphersuites (if other requisites are
1523 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001524 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
1525 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
1526 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
1527 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
1528 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
1529 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
1530 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
1531 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
1532 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
1533 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
1534 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
1535 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
1536 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1537 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1538 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1539 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
1540 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
1541 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1542 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1543 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1544 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1545 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1546 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1547 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1548 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
1549 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
1550 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1551 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1552 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1553 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1554 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1555 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
1556 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1557 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
1558 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
1559 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1560 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
1561 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1562 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
1563 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
1564 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
1565 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
1566 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
1567 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
1568 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
1569 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
1570 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
1571 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
1572 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
1573 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
1574 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
1575 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
1576 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
1577 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
1578 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
1579 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
1580 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
1581 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
Paul Bakker6deb37e2013-02-19 13:17:08 +01001582 *
Paul Bakkercff68422013-09-15 20:43:33 +02001583 * PEM_PARSE uses AES for decrypting encrypted keys.
Paul Bakker5121ce52009-01-03 21:22:43 +00001584 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001585#define MBEDTLS_AES_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001586
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001587/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001588 * \def MBEDTLS_ARC4_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001589 *
1590 * Enable the ARCFOUR stream cipher.
1591 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001592 * Module: library/arc4.c
1593 * Caller: library/ssl_tls.c
1594 *
Paul Bakker41c83d32013-03-20 14:39:14 +01001595 * This module enables the following ciphersuites (if other requisites are
1596 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001597 * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
1598 * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
1599 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
1600 * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
1601 * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
1602 * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
1603 * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
1604 * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
1605 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
1606 * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
Paul Bakker5121ce52009-01-03 21:22:43 +00001607 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001608#define MBEDTLS_ARC4_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001609
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001610/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001611 * \def MBEDTLS_ASN1_PARSE_C
Paul Bakkerefc30292011-11-10 14:43:23 +00001612 *
1613 * Enable the generic ASN1 parser.
1614 *
1615 * Module: library/asn1.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02001616 * Caller: library/x509.c
1617 * library/dhm.c
1618 * library/pkcs12.c
1619 * library/pkcs5.c
1620 * library/pkparse.c
Paul Bakkerefc30292011-11-10 14:43:23 +00001621 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001622#define MBEDTLS_ASN1_PARSE_C
Paul Bakkerefc30292011-11-10 14:43:23 +00001623
1624/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001625 * \def MBEDTLS_ASN1_WRITE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00001626 *
1627 * Enable the generic ASN1 writer.
1628 *
1629 * Module: library/asn1write.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02001630 * Caller: library/ecdsa.c
1631 * library/pkwrite.c
1632 * library/x509_create.c
1633 * library/x509write_crt.c
Simon Butcher2cb47392016-11-04 12:23:11 +00001634 * library/x509write_csr.c
Paul Bakkerbdb912d2012-02-13 23:11:30 +00001635 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001636#define MBEDTLS_ASN1_WRITE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00001637
1638/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001639 * \def MBEDTLS_BASE64_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001640 *
1641 * Enable the Base64 module.
1642 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001643 * Module: library/base64.c
Paul Bakker5690efc2011-05-26 13:16:06 +00001644 * Caller: library/pem.c
Paul Bakker5121ce52009-01-03 21:22:43 +00001645 *
Paul Bakker5690efc2011-05-26 13:16:06 +00001646 * This module is required for PEM support (required by X.509).
Paul Bakker5121ce52009-01-03 21:22:43 +00001647 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001648#define MBEDTLS_BASE64_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001649
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001650/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001651 * \def MBEDTLS_BIGNUM_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001652 *
Paul Bakker9a736322012-11-14 12:39:52 +00001653 * Enable the multi-precision integer library.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001654 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001655 * Module: library/bignum.c
1656 * Caller: library/dhm.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02001657 * library/ecp.c
Manuel Pégourié-Gonnardbf319772014-06-25 13:00:17 +02001658 * library/ecdsa.c
Paul Bakker5121ce52009-01-03 21:22:43 +00001659 * library/rsa.c
Hanno Beckera565f542017-10-11 11:00:19 +01001660 * library/rsa_internal.c
Paul Bakker5121ce52009-01-03 21:22:43 +00001661 * library/ssl_tls.c
Paul Bakker5121ce52009-01-03 21:22:43 +00001662 *
Manuel Pégourié-Gonnardbf319772014-06-25 13:00:17 +02001663 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
Paul Bakker5121ce52009-01-03 21:22:43 +00001664 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001665#define MBEDTLS_BIGNUM_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001666
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001667/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001668 * \def MBEDTLS_BLOWFISH_C
Paul Bakkera9379c02012-07-04 11:02:11 +00001669 *
1670 * Enable the Blowfish block cipher.
1671 *
1672 * Module: library/blowfish.c
1673 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001674#define MBEDTLS_BLOWFISH_C
Paul Bakkera9379c02012-07-04 11:02:11 +00001675
1676/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001677 * \def MBEDTLS_CAMELLIA_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001678 *
1679 * Enable the Camellia block cipher.
1680 *
Paul Bakker38119b12009-01-10 23:31:23 +00001681 * Module: library/camellia.c
Paul Bakker13e2dfe2009-07-28 07:18:38 +00001682 * Caller: library/ssl_tls.c
Paul Bakker38119b12009-01-10 23:31:23 +00001683 *
Paul Bakker645ce3a2012-10-31 12:32:41 +00001684 * This module enables the following ciphersuites (if other requisites are
1685 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001686 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1687 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1688 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
1689 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
1690 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1691 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1692 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
1693 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
1694 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1695 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1696 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1697 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1698 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
1699 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
1700 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1701 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1702 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1703 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1704 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1705 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1706 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1707 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1708 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
1709 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
1710 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
1711 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
1712 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
1713 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
1714 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
1715 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1716 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1717 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
1718 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1719 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1720 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
1721 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
1722 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
1723 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
1724 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
1725 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
1726 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
1727 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakker38119b12009-01-10 23:31:23 +00001728 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001729#define MBEDTLS_CAMELLIA_C
Paul Bakker38119b12009-01-10 23:31:23 +00001730
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001731/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001732 * \def MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +02001733 *
1734 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
1735 *
1736 * Module: library/ccm.c
1737 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001738 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +02001739 *
1740 * This module enables the AES-CCM ciphersuites, if other requisites are
1741 * enabled as well.
1742 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001743#define MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +02001744
1745/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001746 * \def MBEDTLS_CERTS_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001747 *
1748 * Enable the test certificates.
1749 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001750 * Module: library/certs.c
1751 * Caller:
1752 *
1753 * This module is used for testing (ssl_client/server).
1754 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001755#define MBEDTLS_CERTS_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001756
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001757/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001758 * \def MBEDTLS_CIPHER_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001759 *
1760 * Enable the generic cipher layer.
1761 *
Paul Bakker8123e9d2011-01-06 15:37:30 +00001762 * Module: library/cipher.c
Paul Bakker04784f52013-08-19 13:30:57 +02001763 * Caller: library/ssl_tls.c
Paul Bakker8123e9d2011-01-06 15:37:30 +00001764 *
1765 * Uncomment to enable generic cipher wrappers.
1766 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001767#define MBEDTLS_CIPHER_C
Paul Bakker8123e9d2011-01-06 15:37:30 +00001768
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001769/**
Robert Cragiedc5c7b92015-12-11 15:49:45 +00001770 * \def MBEDTLS_CMAC_C
1771 *
Simon Butcher327398a2016-10-05 14:09:11 +01001772 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
1773 * ciphers.
Robert Cragiedc5c7b92015-12-11 15:49:45 +00001774 *
1775 * Module: library/cmac.c
1776 *
Simon Butcher69283e52016-10-06 12:49:58 +01001777 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
Robert Cragiedc5c7b92015-12-11 15:49:45 +00001778 *
1779 */
Brian Murray53e23b62016-09-13 14:00:15 -07001780//#define MBEDTLS_CMAC_C
Robert Cragiedc5c7b92015-12-11 15:49:45 +00001781
1782/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001783 * \def MBEDTLS_CTR_DRBG_C
Paul Bakker0e04d0e2011-11-27 14:46:59 +00001784 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001785 * Enable the CTR_DRBG AES-256-based random generator.
Paul Bakker0e04d0e2011-11-27 14:46:59 +00001786 *
1787 * Module: library/ctr_drbg.c
1788 * Caller:
1789 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001790 * Requires: MBEDTLS_AES_C
Paul Bakker6083fd22011-12-03 21:45:14 +00001791 *
Paul Bakker0e04d0e2011-11-27 14:46:59 +00001792 * This module provides the CTR_DRBG AES-256 random number generator.
1793 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001794#define MBEDTLS_CTR_DRBG_C
Paul Bakker0e04d0e2011-11-27 14:46:59 +00001795
1796/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001797 * \def MBEDTLS_DEBUG_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001798 *
1799 * Enable the debug functions.
1800 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001801 * Module: library/debug.c
1802 * Caller: library/ssl_cli.c
1803 * library/ssl_srv.c
1804 * library/ssl_tls.c
1805 *
1806 * This module provides debugging functions.
1807 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001808#define MBEDTLS_DEBUG_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001809
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001810/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001811 * \def MBEDTLS_DES_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001812 *
1813 * Enable the DES block cipher.
1814 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001815 * Module: library/des.c
Paul Bakker6deb37e2013-02-19 13:17:08 +01001816 * Caller: library/pem.c
1817 * library/ssl_tls.c
Paul Bakker5121ce52009-01-03 21:22:43 +00001818 *
Paul Bakker645ce3a2012-10-31 12:32:41 +00001819 * This module enables the following ciphersuites (if other requisites are
1820 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001821 * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
1822 * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
1823 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
1824 * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
1825 * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1826 * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
1827 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
1828 * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
1829 * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
1830 * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
Paul Bakker6deb37e2013-02-19 13:17:08 +01001831 *
Paul Bakkercff68422013-09-15 20:43:33 +02001832 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
Paul Bakker5121ce52009-01-03 21:22:43 +00001833 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001834#define MBEDTLS_DES_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001835
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001836/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001837 * \def MBEDTLS_DHM_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001838 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02001839 * Enable the Diffie-Hellman-Merkle module.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001840 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001841 * Module: library/dhm.c
1842 * Caller: library/ssl_cli.c
1843 * library/ssl_srv.c
1844 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02001845 * This module is used by the following key exchanges:
1846 * DHE-RSA, DHE-PSK
Paul Bakker5121ce52009-01-03 21:22:43 +00001847 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001848#define MBEDTLS_DHM_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001849
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001850/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001851 * \def MBEDTLS_ECDH_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001852 *
1853 * Enable the elliptic curve Diffie-Hellman library.
1854 *
1855 * Module: library/ecdh.c
Paul Bakker41c83d32013-03-20 14:39:14 +01001856 * Caller: library/ssl_cli.c
1857 * library/ssl_srv.c
1858 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02001859 * This module is used by the following key exchanges:
1860 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001861 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001862 * Requires: MBEDTLS_ECP_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001863 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001864#define MBEDTLS_ECDH_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001865
1866/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001867 * \def MBEDTLS_ECDSA_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001868 *
1869 * Enable the elliptic curve DSA library.
1870 *
1871 * Module: library/ecdsa.c
1872 * Caller:
1873 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02001874 * This module is used by the following key exchanges:
1875 * ECDHE-ECDSA
1876 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001877 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001878 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001879#define MBEDTLS_ECDSA_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001880
1881/**
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02001882 * \def MBEDTLS_ECJPAKE_C
1883 *
1884 * Enable the elliptic curve J-PAKE library.
1885 *
Manuel Pégourié-Gonnard75df9022015-09-16 23:21:01 +02001886 * \warning This is currently experimental. EC J-PAKE support is based on the
1887 * Thread v1.0.0 specification; incompatible changes to the specification
1888 * might still happen. For this reason, this is disabled by default.
1889 *
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02001890 * Module: library/ecjpake.c
1891 * Caller:
1892 *
1893 * This module is used by the following key exchanges:
1894 * ECJPAKE
1895 *
1896 * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
1897 */
Manuel Pégourié-Gonnardcf828932015-10-20 14:57:00 +02001898//#define MBEDTLS_ECJPAKE_C
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02001899
1900/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001901 * \def MBEDTLS_ECP_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001902 *
1903 * Enable the elliptic curve over GF(p) library.
1904 *
1905 * Module: library/ecp.c
1906 * Caller: library/ecdh.c
1907 * library/ecdsa.c
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02001908 * library/ecjpake.c
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001909 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001910 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001911 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001912#define MBEDTLS_ECP_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01001913
1914/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001915 * \def MBEDTLS_ENTROPY_C
Paul Bakker6083fd22011-12-03 21:45:14 +00001916 *
1917 * Enable the platform-specific entropy code.
1918 *
1919 * Module: library/entropy.c
1920 * Caller:
1921 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001922 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
Paul Bakker6083fd22011-12-03 21:45:14 +00001923 *
1924 * This module provides a generic entropy pool
1925 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001926#define MBEDTLS_ENTROPY_C
Paul Bakker6083fd22011-12-03 21:45:14 +00001927
1928/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001929 * \def MBEDTLS_ERROR_C
Paul Bakker9d781402011-05-09 16:17:09 +00001930 *
1931 * Enable error code to error string conversion.
1932 *
1933 * Module: library/error.c
1934 * Caller:
1935 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001936 * This module enables mbedtls_strerror().
Paul Bakker9d781402011-05-09 16:17:09 +00001937 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001938#define MBEDTLS_ERROR_C
Paul Bakker9d781402011-05-09 16:17:09 +00001939
1940/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001941 * \def MBEDTLS_GCM_C
Paul Bakker89e80c92012-03-20 13:50:09 +00001942 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001943 * Enable the Galois/Counter Mode (GCM) for AES.
Paul Bakker89e80c92012-03-20 13:50:09 +00001944 *
1945 * Module: library/gcm.c
1946 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001947 * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
Paul Bakker645ce3a2012-10-31 12:32:41 +00001948 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02001949 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
1950 * requisites are enabled as well.
Paul Bakker89e80c92012-03-20 13:50:09 +00001951 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001952#define MBEDTLS_GCM_C
Paul Bakker89e80c92012-03-20 13:50:09 +00001953
1954/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001955 * \def MBEDTLS_HAVEGE_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001956 *
1957 * Enable the HAVEGE random generator.
1958 *
Paul Bakker2a844242013-06-24 13:01:53 +02001959 * Warning: the HAVEGE random generator is not suitable for virtualized
1960 * environments
1961 *
1962 * Warning: the HAVEGE random generator is dependent on timing and specific
1963 * processor traits. It is therefore not advised to use HAVEGE as
1964 * your applications primary random generator or primary entropy pool
1965 * input. As a secondary input to your entropy pool, it IS able add
1966 * the (limited) extra entropy it provides.
1967 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001968 * Module: library/havege.c
1969 * Caller:
1970 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001971 * Requires: MBEDTLS_TIMING_C
Paul Bakker5690efc2011-05-26 13:16:06 +00001972 *
Paul Bakker2a844242013-06-24 13:01:53 +02001973 * Uncomment to enable the HAVEGE random generator.
Paul Bakker2a844242013-06-24 13:01:53 +02001974 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001975//#define MBEDTLS_HAVEGE_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001976
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001977/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001978 * \def MBEDTLS_HMAC_DRBG_C
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +01001979 *
1980 * Enable the HMAC_DRBG random generator.
1981 *
1982 * Module: library/hmac_drbg.c
1983 * Caller:
1984 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001985 * Requires: MBEDTLS_MD_C
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +01001986 *
1987 * Uncomment to enable the HMAC_DRBG random number geerator.
1988 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001989#define MBEDTLS_HMAC_DRBG_C
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +01001990
1991/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001992 * \def MBEDTLS_MD_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001993 *
1994 * Enable the generic message digest layer.
1995 *
Simon Butcher2cb47392016-11-04 12:23:11 +00001996 * Module: library/md.c
Paul Bakker17373852011-01-06 14:20:01 +00001997 * Caller:
1998 *
1999 * Uncomment to enable generic message digest wrappers.
2000 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002001#define MBEDTLS_MD_C
Paul Bakker17373852011-01-06 14:20:01 +00002002
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002003/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002004 * \def MBEDTLS_MD2_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002005 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002006 * Enable the MD2 hash algorithm.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002007 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002008 * Module: library/md2.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002009 * Caller:
Paul Bakker5121ce52009-01-03 21:22:43 +00002010 *
2011 * Uncomment to enable support for (rare) MD2-signed X.509 certs.
Paul Bakker6506aff2009-07-28 20:52:02 +00002012 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002013//#define MBEDTLS_MD2_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002014
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002015/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002016 * \def MBEDTLS_MD4_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002017 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002018 * Enable the MD4 hash algorithm.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002019 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002020 * Module: library/md4.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002021 * Caller:
Paul Bakker5121ce52009-01-03 21:22:43 +00002022 *
2023 * Uncomment to enable support for (rare) MD4-signed X.509 certs.
Paul Bakker6506aff2009-07-28 20:52:02 +00002024 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002025//#define MBEDTLS_MD4_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002026
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002027/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002028 * \def MBEDTLS_MD5_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002029 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002030 * Enable the MD5 hash algorithm.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002031 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002032 * Module: library/md5.c
2033 * Caller: library/md.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002034 * library/pem.c
Paul Bakker6deb37e2013-02-19 13:17:08 +01002035 * library/ssl_tls.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002036 *
2037 * This module is required for SSL/TLS and X.509.
Paul Bakkercff68422013-09-15 20:43:33 +02002038 * PEM_PARSE uses MD5 for decrypting encrypted keys.
Paul Bakker5121ce52009-01-03 21:22:43 +00002039 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002040#define MBEDTLS_MD5_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002041
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002042/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002043 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002044 *
2045 * Enable the buffer allocator implementation that makes use of a (stack)
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +02002046 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002047 * calls)
Paul Bakker6e339b52013-07-03 13:37:05 +02002048 *
2049 * Module: library/memory_buffer_alloc.c
2050 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002051 * Requires: MBEDTLS_PLATFORM_C
2052 * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
Paul Bakker6e339b52013-07-03 13:37:05 +02002053 *
2054 * Enable this module to enable the buffer memory allocator.
Paul Bakker6e339b52013-07-03 13:37:05 +02002055 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002056//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
Paul Bakker6e339b52013-07-03 13:37:05 +02002057
2058/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002059 * \def MBEDTLS_NET_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002060 *
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01002061 * Enable the TCP and UDP over IPv6/IPv4 networking routines.
2062 *
Simon Butcherd567a232016-03-09 20:19:21 +00002063 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
2064 * and Windows. For other platforms, you'll want to disable it, and write your
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01002065 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002066 *
Manuel Pégourié-Gonnard02049dc2016-02-22 16:42:51 +00002067 * \note See also our Knowledge Base article about porting to a new
2068 * environment:
2069 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
2070 *
Andres AG788aa4a2016-09-14 14:32:09 +01002071 * Module: library/net_sockets.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002072 *
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01002073 * This module provides networking routines.
Paul Bakker5121ce52009-01-03 21:22:43 +00002074 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002075#define MBEDTLS_NET_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002076
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002077/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002078 * \def MBEDTLS_OID_C
Paul Bakkerc70b9822013-04-07 22:00:46 +02002079 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002080 * Enable the OID database.
Paul Bakkerc70b9822013-04-07 22:00:46 +02002081 *
2082 * Module: library/oid.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002083 * Caller: library/asn1write.c
2084 * library/pkcs5.c
2085 * library/pkparse.c
2086 * library/pkwrite.c
2087 * library/rsa.c
2088 * library/x509.c
2089 * library/x509_create.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002090 * library/x509_crl.c
2091 * library/x509_crt.c
2092 * library/x509_csr.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002093 * library/x509write_crt.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002094 * library/x509write_csr.c
Paul Bakkerc70b9822013-04-07 22:00:46 +02002095 *
2096 * This modules translates between OIDs and internal values.
2097 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002098#define MBEDTLS_OID_C
Paul Bakkerc70b9822013-04-07 22:00:46 +02002099
2100/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002101 * \def MBEDTLS_PADLOCK_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002102 *
2103 * Enable VIA Padlock support on x86.
2104 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002105 * Module: library/padlock.c
2106 * Caller: library/aes.c
2107 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002108 * Requires: MBEDTLS_HAVE_ASM
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01002109 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002110 * This modules adds support for the VIA PadLock on x86.
2111 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002112#define MBEDTLS_PADLOCK_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002113
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002114/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002115 * \def MBEDTLS_PEM_PARSE_C
Paul Bakker96743fc2011-02-12 14:30:57 +00002116 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002117 * Enable PEM decoding / parsing.
Paul Bakker96743fc2011-02-12 14:30:57 +00002118 *
2119 * Module: library/pem.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002120 * Caller: library/dhm.c
Paul Bakkercff68422013-09-15 20:43:33 +02002121 * library/pkparse.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002122 * library/x509_crl.c
2123 * library/x509_crt.c
2124 * library/x509_csr.c
Paul Bakker96743fc2011-02-12 14:30:57 +00002125 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002126 * Requires: MBEDTLS_BASE64_C
Paul Bakker5690efc2011-05-26 13:16:06 +00002127 *
Paul Bakkercff68422013-09-15 20:43:33 +02002128 * This modules adds support for decoding / parsing PEM files.
Paul Bakker96743fc2011-02-12 14:30:57 +00002129 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002130#define MBEDTLS_PEM_PARSE_C
Paul Bakkercff68422013-09-15 20:43:33 +02002131
2132/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002133 * \def MBEDTLS_PEM_WRITE_C
Paul Bakkercff68422013-09-15 20:43:33 +02002134 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002135 * Enable PEM encoding / writing.
Paul Bakkercff68422013-09-15 20:43:33 +02002136 *
2137 * Module: library/pem.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002138 * Caller: library/pkwrite.c
2139 * library/x509write_crt.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002140 * library/x509write_csr.c
Paul Bakkercff68422013-09-15 20:43:33 +02002141 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002142 * Requires: MBEDTLS_BASE64_C
Paul Bakkercff68422013-09-15 20:43:33 +02002143 *
2144 * This modules adds support for encoding / writing PEM files.
2145 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002146#define MBEDTLS_PEM_WRITE_C
Paul Bakker96743fc2011-02-12 14:30:57 +00002147
2148/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002149 * \def MBEDTLS_PK_C
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02002150 *
2151 * Enable the generic public (asymetric) key layer.
2152 *
2153 * Module: library/pk.c
Manuel Pégourié-Gonnard1a483832013-09-20 12:29:15 +02002154 * Caller: library/ssl_tls.c
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02002155 * library/ssl_cli.c
2156 * library/ssl_srv.c
2157 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002158 * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
Manuel Pégourié-Gonnard1a483832013-09-20 12:29:15 +02002159 *
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02002160 * Uncomment to enable generic public key wrappers.
2161 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002162#define MBEDTLS_PK_C
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02002163
2164/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002165 * \def MBEDTLS_PK_PARSE_C
Paul Bakker4606c732013-09-15 17:04:23 +02002166 *
2167 * Enable the generic public (asymetric) key parser.
2168 *
2169 * Module: library/pkparse.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002170 * Caller: library/x509_crt.c
2171 * library/x509_csr.c
Paul Bakker4606c732013-09-15 17:04:23 +02002172 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002173 * Requires: MBEDTLS_PK_C
Paul Bakker4606c732013-09-15 17:04:23 +02002174 *
2175 * Uncomment to enable generic public key parse functions.
2176 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002177#define MBEDTLS_PK_PARSE_C
Paul Bakker4606c732013-09-15 17:04:23 +02002178
2179/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002180 * \def MBEDTLS_PK_WRITE_C
Paul Bakker4606c732013-09-15 17:04:23 +02002181 *
Paul Bakkerf20ba4b2013-09-16 22:46:20 +02002182 * Enable the generic public (asymetric) key writer.
Paul Bakker4606c732013-09-15 17:04:23 +02002183 *
2184 * Module: library/pkwrite.c
2185 * Caller: library/x509write.c
2186 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002187 * Requires: MBEDTLS_PK_C
Paul Bakker4606c732013-09-15 17:04:23 +02002188 *
2189 * Uncomment to enable generic public key write functions.
2190 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002191#define MBEDTLS_PK_WRITE_C
Paul Bakker4606c732013-09-15 17:04:23 +02002192
2193/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002194 * \def MBEDTLS_PKCS5_C
Paul Bakkerb0c19a42013-06-24 19:26:38 +02002195 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002196 * Enable PKCS#5 functions.
Paul Bakkerb0c19a42013-06-24 19:26:38 +02002197 *
2198 * Module: library/pkcs5.c
2199 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002200 * Requires: MBEDTLS_MD_C
Paul Bakkerb0c19a42013-06-24 19:26:38 +02002201 *
2202 * This module adds support for the PKCS#5 functions.
2203 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002204#define MBEDTLS_PKCS5_C
Paul Bakkerb0c19a42013-06-24 19:26:38 +02002205
2206/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002207 * \def MBEDTLS_PKCS11_C
Paul Bakker5690efc2011-05-26 13:16:06 +00002208 *
Paul Bakkereb2c6582012-09-27 19:15:01 +00002209 * Enable wrapper for PKCS#11 smartcard support.
Paul Bakker5690efc2011-05-26 13:16:06 +00002210 *
Manuel Pégourié-Gonnard51be5592013-08-22 13:35:53 +02002211 * Module: library/pkcs11.c
2212 * Caller: library/pk.c
Paul Bakker5690efc2011-05-26 13:16:06 +00002213 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002214 * Requires: MBEDTLS_PK_C
Paul Bakker5690efc2011-05-26 13:16:06 +00002215 *
Paul Bakkereb2c6582012-09-27 19:15:01 +00002216 * This module enables SSL/TLS PKCS #11 smartcard support.
Paul Bakker5690efc2011-05-26 13:16:06 +00002217 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
Paul Bakker5690efc2011-05-26 13:16:06 +00002218 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002219//#define MBEDTLS_PKCS11_C
Paul Bakker5690efc2011-05-26 13:16:06 +00002220
2221/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002222 * \def MBEDTLS_PKCS12_C
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02002223 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002224 * Enable PKCS#12 PBE functions.
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02002225 * Adds algorithms for parsing PKCS#8 encrypted private keys
2226 *
2227 * Module: library/pkcs12.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002228 * Caller: library/pkparse.c
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02002229 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002230 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
2231 * Can use: MBEDTLS_ARC4_C
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02002232 *
2233 * This module enables PKCS#12 functions.
2234 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002235#define MBEDTLS_PKCS12_C
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02002236
2237/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002238 * \def MBEDTLS_PLATFORM_C
Paul Bakker747a83a2014-02-01 22:50:07 +01002239 *
2240 * Enable the platform abstraction layer that allows you to re-assign
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +02002241 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
Paul Bakker747a83a2014-02-01 22:50:07 +01002242 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002243 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
2244 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
Rich Evans16f8cd82015-02-06 16:14:34 +00002245 * above to be specified at runtime or compile time respectively.
Paul Bakker747a83a2014-02-01 22:50:07 +01002246 *
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +02002247 * \note This abstraction layer must be enabled on Windows (including MSYS2)
2248 * as other module rely on it for a fixed snprintf implementation.
2249 *
Paul Bakker747a83a2014-02-01 22:50:07 +01002250 * Module: library/platform.c
2251 * Caller: Most other .c files
2252 *
2253 * This module enables abstraction of common (libc) functions.
2254 */
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +02002255#define MBEDTLS_PLATFORM_C
Paul Bakker747a83a2014-02-01 22:50:07 +01002256
2257/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002258 * \def MBEDTLS_RIPEMD160_C
Manuel Pégourié-Gonnardcab4a882014-01-17 12:42:35 +01002259 *
2260 * Enable the RIPEMD-160 hash algorithm.
2261 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002262 * Module: library/ripemd160.c
2263 * Caller: library/md.c
Manuel Pégourié-Gonnardcab4a882014-01-17 12:42:35 +01002264 *
2265 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002266#define MBEDTLS_RIPEMD160_C
Manuel Pégourié-Gonnardcab4a882014-01-17 12:42:35 +01002267
2268/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002269 * \def MBEDTLS_RSA_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002270 *
2271 * Enable the RSA public-key cryptosystem.
2272 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002273 * Module: library/rsa.c
Hanno Beckera565f542017-10-11 11:00:19 +01002274 * library/rsa_internal.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002275 * Caller: library/ssl_cli.c
2276 * library/ssl_srv.c
2277 * library/ssl_tls.c
2278 * library/x509.c
2279 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02002280 * This module is used by the following key exchanges:
2281 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
Paul Bakker5690efc2011-05-26 13:16:06 +00002282 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002283 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002284 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002285#define MBEDTLS_RSA_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002286
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002287/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002288 * \def MBEDTLS_SHA1_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002289 *
2290 * Enable the SHA1 cryptographic hash algorithm.
2291 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002292 * Module: library/sha1.c
2293 * Caller: library/md.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002294 * library/ssl_cli.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002295 * library/ssl_srv.c
2296 * library/ssl_tls.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002297 * library/x509write_crt.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002298 *
Gilles Peskine5e79cb32017-05-04 16:17:21 +02002299 * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
2300 * depending on the handshake parameters, and for SHA1-signed certificates.
Paul Bakker5121ce52009-01-03 21:22:43 +00002301 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002302#define MBEDTLS_SHA1_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002303
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002304/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002305 * \def MBEDTLS_SHA256_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002306 *
2307 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
2308 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002309 * Module: library/sha256.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002310 * Caller: library/entropy.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002311 * library/md.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002312 * library/ssl_cli.c
2313 * library/ssl_srv.c
2314 * library/ssl_tls.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002315 *
2316 * This module adds support for SHA-224 and SHA-256.
Paul Bakker769075d2012-11-24 11:26:46 +01002317 * This module is required for the SSL/TLS 1.2 PRF function.
Paul Bakker5121ce52009-01-03 21:22:43 +00002318 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002319#define MBEDTLS_SHA256_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002320
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002321/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002322 * \def MBEDTLS_SHA512_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002323 *
2324 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
2325 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002326 * Module: library/sha512.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002327 * Caller: library/entropy.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002328 * library/md.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002329 * library/ssl_cli.c
2330 * library/ssl_srv.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002331 *
2332 * This module adds support for SHA-384 and SHA-512.
2333 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002334#define MBEDTLS_SHA512_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002335
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002336/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002337 * \def MBEDTLS_SSL_CACHE_C
Paul Bakker0a597072012-09-25 21:55:46 +00002338 *
2339 * Enable simple SSL cache implementation.
2340 *
2341 * Module: library/ssl_cache.c
2342 * Caller:
2343 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002344 * Requires: MBEDTLS_SSL_CACHE_C
Paul Bakker0a597072012-09-25 21:55:46 +00002345 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002346#define MBEDTLS_SSL_CACHE_C
Paul Bakker0a597072012-09-25 21:55:46 +00002347
2348/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002349 * \def MBEDTLS_SSL_COOKIE_C
Manuel Pégourié-Gonnarda64acd42014-07-23 18:30:45 +02002350 *
2351 * Enable basic implementation of DTLS cookies for hello verification.
2352 *
2353 * Module: library/ssl_cookie.c
2354 * Caller:
Manuel Pégourié-Gonnarda64acd42014-07-23 18:30:45 +02002355 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002356#define MBEDTLS_SSL_COOKIE_C
Manuel Pégourié-Gonnarda64acd42014-07-23 18:30:45 +02002357
2358/**
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +02002359 * \def MBEDTLS_SSL_TICKET_C
2360 *
2361 * Enable an implementation of TLS server-side callbacks for session tickets.
2362 *
2363 * Module: library/ssl_ticket.c
2364 * Caller:
Manuel Pégourié-Gonnard0c0f11f2015-05-20 09:55:50 +02002365 *
Manuel Pégourié-Gonnard4214e3a2015-05-25 19:34:49 +02002366 * Requires: MBEDTLS_CIPHER_C
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +02002367 */
2368#define MBEDTLS_SSL_TICKET_C
2369
2370/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002371 * \def MBEDTLS_SSL_CLI_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002372 *
2373 * Enable the SSL/TLS client code.
2374 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002375 * Module: library/ssl_cli.c
2376 * Caller:
2377 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002378 * Requires: MBEDTLS_SSL_TLS_C
Paul Bakker5690efc2011-05-26 13:16:06 +00002379 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002380 * This module is required for SSL/TLS client support.
2381 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002382#define MBEDTLS_SSL_CLI_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002383
Paul Bakker9a736322012-11-14 12:39:52 +00002384/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002385 * \def MBEDTLS_SSL_SRV_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002386 *
2387 * Enable the SSL/TLS server code.
2388 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002389 * Module: library/ssl_srv.c
2390 * Caller:
2391 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002392 * Requires: MBEDTLS_SSL_TLS_C
Paul Bakker5690efc2011-05-26 13:16:06 +00002393 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002394 * This module is required for SSL/TLS server support.
2395 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002396#define MBEDTLS_SSL_SRV_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002397
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002398/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002399 * \def MBEDTLS_SSL_TLS_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002400 *
Paul Bakkere29ab062011-05-18 13:26:54 +00002401 * Enable the generic SSL/TLS code.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002402 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002403 * Module: library/ssl_tls.c
2404 * Caller: library/ssl_cli.c
2405 * library/ssl_srv.c
2406 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002407 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
2408 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
Paul Bakker5690efc2011-05-26 13:16:06 +00002409 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002410 * This module is required for SSL/TLS.
2411 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002412#define MBEDTLS_SSL_TLS_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002413
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002414/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002415 * \def MBEDTLS_THREADING_C
Paul Bakker2466d932013-09-28 14:40:38 +02002416 *
2417 * Enable the threading abstraction layer.
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +00002418 * By default mbed TLS assumes it is used in a non-threaded environment or that
Paul Bakker2466d932013-09-28 14:40:38 +02002419 * contexts are not shared between threads. If you do intend to use contexts
2420 * between threads, you will need to enable this layer to prevent race
Manuel Pégourié-Gonnard02049dc2016-02-22 16:42:51 +00002421 * conditions. See also our Knowledge Base article about threading:
2422 * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
Paul Bakker2466d932013-09-28 14:40:38 +02002423 *
2424 * Module: library/threading.c
2425 *
2426 * This allows different threading implementations (self-implemented or
2427 * provided).
2428 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002429 * You will have to enable either MBEDTLS_THREADING_ALT or
2430 * MBEDTLS_THREADING_PTHREAD.
Paul Bakker2466d932013-09-28 14:40:38 +02002431 *
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +00002432 * Enable this layer to allow use of mutexes within mbed TLS
Paul Bakker2466d932013-09-28 14:40:38 +02002433 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002434//#define MBEDTLS_THREADING_C
Paul Bakker2466d932013-09-28 14:40:38 +02002435
2436/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002437 * \def MBEDTLS_TIMING_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002438 *
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01002439 * Enable the semi-portable timing interface.
2440 *
Simon Butcherd567a232016-03-09 20:19:21 +00002441 * \note The provided implementation only works on POSIX/Unix (including Linux,
2442 * BSD and OS X) and Windows. On other platforms, you can either disable that
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01002443 * module and provide your own implementations of the callbacks needed by
2444 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
2445 * your own implementation of the whole module by setting
2446 * \c MBEDTLS_TIMING_ALT in the current file.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002447 *
Manuel Pégourié-Gonnard02049dc2016-02-22 16:42:51 +00002448 * \note See also our Knowledge Base article about porting to a new
2449 * environment:
2450 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
2451 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002452 * Module: library/timing.c
2453 * Caller: library/havege.c
2454 *
2455 * This module is used by the HAVEGE random number generator.
Paul Bakkerecd54fb2013-07-03 14:48:29 +02002456 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002457#define MBEDTLS_TIMING_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002458
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002459/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002460 * \def MBEDTLS_VERSION_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002461 *
2462 * Enable run-time version information.
2463 *
Paul Bakker0a62cd12011-01-21 11:00:08 +00002464 * Module: library/version.c
2465 *
2466 * This module provides run-time version information.
2467 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002468#define MBEDTLS_VERSION_C
Paul Bakker0a62cd12011-01-21 11:00:08 +00002469
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002470/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002471 * \def MBEDTLS_X509_USE_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002472 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002473 * Enable X.509 core for using certificates.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002474 *
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002475 * Module: library/x509.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002476 * Caller: library/x509_crl.c
2477 * library/x509_crt.c
2478 * library/x509_csr.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002479 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002480 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
2481 * MBEDTLS_PK_PARSE_C
Paul Bakker5690efc2011-05-26 13:16:06 +00002482 *
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002483 * This module is required for the X.509 parsing modules.
Paul Bakker5121ce52009-01-03 21:22:43 +00002484 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002485#define MBEDTLS_X509_USE_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002486
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002487/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002488 * \def MBEDTLS_X509_CRT_PARSE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002489 *
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002490 * Enable X.509 certificate parsing.
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002491 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002492 * Module: library/x509_crt.c
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002493 * Caller: library/ssl_cli.c
2494 * library/ssl_srv.c
2495 * library/ssl_tls.c
2496 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002497 * Requires: MBEDTLS_X509_USE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002498 *
2499 * This module is required for X.509 certificate parsing.
2500 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002501#define MBEDTLS_X509_CRT_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002502
2503/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002504 * \def MBEDTLS_X509_CRL_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002505 *
2506 * Enable X.509 CRL parsing.
2507 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002508 * Module: library/x509_crl.c
2509 * Caller: library/x509_crt.c
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002510 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002511 * Requires: MBEDTLS_X509_USE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002512 *
2513 * This module is required for X.509 CRL parsing.
2514 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002515#define MBEDTLS_X509_CRL_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002516
2517/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002518 * \def MBEDTLS_X509_CSR_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002519 *
2520 * Enable X.509 Certificate Signing Request (CSR) parsing.
2521 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002522 * Module: library/x509_csr.c
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002523 * Caller: library/x509_crt_write.c
2524 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002525 * Requires: MBEDTLS_X509_USE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002526 *
2527 * This module is used for reading X.509 certificate request.
2528 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002529#define MBEDTLS_X509_CSR_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002530
2531/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002532 * \def MBEDTLS_X509_CREATE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002533 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002534 * Enable X.509 core for creating certificates.
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002535 *
2536 * Module: library/x509_create.c
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002537 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002538 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002539 *
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002540 * This module is the basis for creating X.509 certificates and CSRs.
2541 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002542#define MBEDTLS_X509_CREATE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002543
2544/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002545 * \def MBEDTLS_X509_CRT_WRITE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002546 *
2547 * Enable creating X.509 certificates.
2548 *
2549 * Module: library/x509_crt_write.c
2550 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002551 * Requires: MBEDTLS_X509_CREATE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002552 *
2553 * This module is required for X.509 certificate creation.
2554 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002555#define MBEDTLS_X509_CRT_WRITE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002556
2557/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002558 * \def MBEDTLS_X509_CSR_WRITE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002559 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002560 * Enable creating X.509 Certificate Signing Requests (CSR).
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002561 *
2562 * Module: library/x509_csr_write.c
2563 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002564 * Requires: MBEDTLS_X509_CREATE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02002565 *
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002566 * This module is required for X.509 certificate request writing.
2567 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002568#define MBEDTLS_X509_CSR_WRITE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002569
2570/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002571 * \def MBEDTLS_XTEA_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002572 *
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002573 * Enable the XTEA block cipher.
2574 *
Paul Bakker7a7c78f2009-01-04 18:15:48 +00002575 * Module: library/xtea.c
2576 * Caller:
2577 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002578#define MBEDTLS_XTEA_C
Manuel Pégourié-Gonnard39d2adb2012-10-31 09:26:55 +01002579
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +00002580/* \} name SECTION: mbed TLS modules */
Paul Bakker7a7c78f2009-01-04 18:15:48 +00002581
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002582/**
2583 * \name SECTION: Module configuration options
2584 *
2585 * This section allows for the setting of module specific sizes and
2586 * configuration options. The default values are already present in the
2587 * relevant header files and should suffice for the regular use cases.
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002588 *
Paul Bakker088c5c52014-04-25 11:11:10 +02002589 * Our advice is to enable options and change their values here
2590 * only if you have a good reason and know the consequences.
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002591 *
2592 * Please check the respective header file for documentation on these
2593 * parameters (to prevent duplicate documentation).
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002594 * \{
2595 */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002596
Paul Bakker088c5c52014-04-25 11:11:10 +02002597/* MPI / BIGNUM options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002598//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
2599//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002600
Paul Bakker088c5c52014-04-25 11:11:10 +02002601/* CTR_DRBG options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002602//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
2603//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
2604//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
2605//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
2606//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002607
Paul Bakker088c5c52014-04-25 11:11:10 +02002608/* HMAC_DRBG options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002609//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
2610//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
2611//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
2612//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002613
Paul Bakker088c5c52014-04-25 11:11:10 +02002614/* ECP options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002615//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
2616//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
2617//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
Manuel Pégourié-Gonnard0520b602014-01-30 19:43:46 +01002618
Paul Bakker088c5c52014-04-25 11:11:10 +02002619/* Entropy options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002620//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
2621//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
Andres AG7abc9742016-09-23 17:58:49 +01002622//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
Paul Bakkere1b665e2013-12-11 16:02:58 +01002623
Paul Bakker088c5c52014-04-25 11:11:10 +02002624/* Memory buffer allocator options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002625//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002626
Paul Bakker088c5c52014-04-25 11:11:10 +02002627/* Platform options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002628//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +02002629//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002630//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
2631//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
Andres Amaya Garcia1e4ec662016-07-20 10:16:25 +01002632//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002633//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
2634//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +02002635/* Note: your snprintf must correclty zero-terminate the buffer! */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002636//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
Janos Follath91947442016-03-18 13:49:27 +00002637//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
2638//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
Paul Bakkercf0a9f92016-06-01 11:25:44 +01002639//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
2640//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
2641//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
Paul Bakker6e339b52013-07-03 13:37:05 +02002642
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002643/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
2644/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +02002645//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002646//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
2647//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
Andres Amaya Garcia1e4ec662016-07-20 10:16:25 +01002648//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
2649//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002650//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
2651//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +02002652/* Note: your snprintf must correclty zero-terminate the buffer! */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002653//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
Paul Bakkercf0a9f92016-06-01 11:25:44 +01002654//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
2655//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002656
Paul Bakker088c5c52014-04-25 11:11:10 +02002657/* SSL Cache options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002658//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
2659//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002660
Paul Bakker088c5c52014-04-25 11:11:10 +02002661/* SSL options */
Manuel Pégourié-Gonnardbb838442015-08-31 12:46:01 +02002662//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002663//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
2664//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
2665//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02002666
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +02002667/**
2668 * Complete list of ciphersuites to use, in order of preference.
2669 *
2670 * \warning No dependency checking is done on that field! This option can only
2671 * be used to restrict the set of available ciphersuites. It is your
2672 * responsibility to make sure the needed modules are active.
2673 *
2674 * Use this to save a few hundred bytes of ROM (default ordering of all
2675 * available ciphersuites) and a few to a few hundred bytes of RAM.
2676 *
2677 * The value below is only an example, not the default.
2678 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002679//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +02002680
Manuel Pégourié-Gonnardfd6c85c2014-11-20 16:34:20 +01002681/* X509 options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002682//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
Andres AGf9113192016-09-02 14:06:04 +01002683//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
Manuel Pégourié-Gonnardfd6c85c2014-11-20 16:34:20 +01002684
Gilles Peskine5e79cb32017-05-04 16:17:21 +02002685/**
Gilles Peskine5d2511c2017-05-12 13:16:40 +02002686 * Allow SHA-1 in the default TLS configuration for certificate signing.
2687 * Without this build-time option, SHA-1 support must be activated explicitly
2688 * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
2689 * recommended because of it is possible to generte SHA-1 collisions, however
2690 * this may be safe for legacy infrastructure where additional controls apply.
Gilles Peskine5e79cb32017-05-04 16:17:21 +02002691 */
Gilles Peskine5d2511c2017-05-12 13:16:40 +02002692// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
2693
2694/**
2695 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
2696 * signature and ciphersuite selection. Without this build-time option, SHA-1
2697 * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
2698 * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
2699 * default. At the time of writing, there is no practical attack on the use
2700 * of SHA-1 in handshake signatures, hence this option is turned on by default
2701 * for compatibility with existing peers.
2702 */
2703#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
Gilles Peskine5e79cb32017-05-04 16:17:21 +02002704
Simon Butcher30b5f972016-06-08 19:00:23 +01002705/* \} name SECTION: Customisation configuration options */
Manuel Pégourié-Gonnard43569a92015-07-31 15:37:29 +02002706
Simon Butcherb2c81b12016-06-23 13:56:06 +01002707/* Target and application specific configurations */
Simon Butcher1d46a2d2016-07-11 10:17:03 +01002708//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
2709
2710#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
2711#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
2712#endif
Simon Butcherb2c81b12016-06-23 13:56:06 +01002713
Manuel Pégourié-Gonnard32da9f62015-07-31 15:52:30 +02002714/*
2715 * Allow user to override any previous default.
2716 *
2717 * Use two macro names for that, as:
2718 * - with yotta the prefix YOTTA_CFG_ is forced
2719 * - without yotta is looks weird to have a YOTTA prefix.
2720 */
2721#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
2722#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
2723#elif defined(MBEDTLS_USER_CONFIG_FILE)
2724#include MBEDTLS_USER_CONFIG_FILE
2725#endif
2726
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +02002727#include "check_config.h"
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01002728
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002729#endif /* MBEDTLS_CONFIG_H */