blob: c59dd68acd84d71d1618a0541cd0a54a04e12328 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/**
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +02002 * \file mbedtls_config.h
Paul Bakker5121ce52009-01-03 21:22:43 +00003 *
Paul Bakker37ca75d2011-01-06 12:28:03 +00004 * \brief Configuration options (set of defines)
5 *
Simon Butcher5b331b92016-01-03 16:14:14 +00006 * This set of compile-time options may be used to enable
7 * or disable features selectively, and reduce the global
8 * memory footprint.
Darryl Greena40a1012018-01-05 15:33:17 +00009 */
10/*
Bence Szépkúti1e148272020-08-07 13:07:28 +020011 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +000012 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Manuel Pégourié-Gonnarde2b0efe2015-08-11 10:38:37 +020013 */
14
Bence Szépkúti2bb74562021-06-21 16:19:00 +020015/**
Tom Cosgrove1e211442022-05-26 11:51:00 +010016 * This is an optional version symbol that enables compatibility handling of
Bence Szépkúti2bb74562021-06-21 16:19:00 +020017 * config files.
18 *
Bence Szépkúti1b2a8832021-06-28 10:26:11 +010019 * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
Bence Szépkúti2bb74562021-06-21 16:19:00 +020020 * introduced the config format we want to be compatible with.
21 */
Bence Szépkúti1cafe5c2021-06-22 09:30:08 +020022//#define MBEDTLS_CONFIG_VERSION 0x03000000
Bence Szépkútiba7248a2021-05-31 16:53:56 +020023
Paul Bakkerf3b86c12011-01-27 15:24:17 +000024/**
Paul Bakker0a62cd12011-01-21 11:00:08 +000025 * \name SECTION: System support
26 *
27 * This section sets system specific settings.
28 * \{
29 */
30
Paul Bakkerf3b86c12011-01-27 15:24:17 +000031/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020032 * \def MBEDTLS_HAVE_ASM
Paul Bakkerf3b86c12011-01-27 15:24:17 +000033 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +020034 * The compiler has support for asm().
Paul Bakker68041ec2009-04-19 21:17:55 +000035 *
36 * Requires support for asm() in compiler.
37 *
38 * Used in:
Dave Rodgmancb0f2c42022-12-23 13:15:37 +000039 * library/aesni.h
Manuel Pégourié-Gonnard26b54fa2018-02-27 12:20:20 +010040 * library/aria.c
Chris Jones4c5819c2021-03-03 17:45:34 +000041 * library/bn_mul.h
Dave Rodgmancb0f2c42022-12-23 13:15:37 +000042 * library/constant_time.c
43 * library/padlock.h
Paul Bakker68041ec2009-04-19 21:17:55 +000044 *
Manuel Pégourié-Gonnard26b54fa2018-02-27 12:20:20 +010045 * Required by:
Tom Cosgrovef586aa22023-03-20 14:45:27 +000046 * MBEDTLS_AESCE_C
Gilles Peskine0bfccfa2023-03-16 17:49:44 +010047 * MBEDTLS_AESNI_C (on some platforms)
Manuel Pégourié-Gonnard26b54fa2018-02-27 12:20:20 +010048 * MBEDTLS_PADLOCK_C
49 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +020050 * Comment to disable the use of assembly code.
Paul Bakker5121ce52009-01-03 21:22:43 +000051 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020052#define MBEDTLS_HAVE_ASM
Paul Bakker5121ce52009-01-03 21:22:43 +000053
Paul Bakkerf3b86c12011-01-27 15:24:17 +000054/**
Gilles Peskineed942f82017-06-08 15:19:20 +020055 * \def MBEDTLS_NO_UDBL_DIVISION
56 *
57 * The platform lacks support for double-width integer division (64-bit
58 * division on a 32-bit platform, 128-bit division on a 64-bit platform).
59 *
60 * Used in:
61 * include/mbedtls/bignum.h
62 * library/bignum.c
63 *
64 * The bignum code uses double-width division to speed up some operations.
65 * Double-width division is often implemented in software that needs to
66 * be linked with the program. The presence of a double-width integer
67 * type is usually detected automatically through preprocessor macros,
68 * but the automatic detection cannot know whether the code needs to
69 * and can be linked with an implementation of division for that type.
70 * By default division is assumed to be usable if the type is present.
71 * Uncomment this option to prevent the use of double-width division.
72 *
73 * Note that division for the native integer type is always required.
74 * Furthermore, a 64-bit type is always required even on a 32-bit
Andres Amaya Garcia2801d002017-07-21 10:56:22 +010075 * platform, but it need not support multiplication or division. In some
76 * cases it is also desirable to disable some double-width operations. For
77 * example, if double-width division is implemented in software, disabling
78 * it can reduce code size in some embedded targets.
Gilles Peskineed942f82017-06-08 15:19:20 +020079 */
80//#define MBEDTLS_NO_UDBL_DIVISION
81
82/**
Manuel Pégourié-Gonnard2adb3752018-06-07 10:51:44 +020083 * \def MBEDTLS_NO_64BIT_MULTIPLICATION
84 *
85 * The platform lacks support for 32x32 -> 64-bit multiplication.
86 *
87 * Used in:
88 * library/poly1305.c
89 *
90 * Some parts of the library may use multiplication of two unsigned 32-bit
91 * operands with a 64-bit result in order to speed up computations. On some
92 * platforms, this is not available in hardware and has to be implemented in
93 * software, usually in a library provided by the toolchain.
94 *
95 * Sometimes it is not desirable to have to link to that library. This option
96 * removes the dependency of that library on platforms that lack a hardware
97 * 64-bit multiplier by embedding a software implementation in Mbed TLS.
98 *
99 * Note that depending on the compiler, this may decrease performance compared
100 * to using the library function provided by the toolchain.
101 */
102//#define MBEDTLS_NO_64BIT_MULTIPLICATION
103
104/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200105 * \def MBEDTLS_HAVE_SSE2
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000106 *
Paul Bakkere23c3152012-10-01 14:42:47 +0000107 * CPU supports SSE2 instruction set.
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000108 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000109 * Uncomment if the CPU supports SSE2 (IA-32 specific).
Paul Bakker5121ce52009-01-03 21:22:43 +0000110 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200111//#define MBEDTLS_HAVE_SSE2
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200112
113/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200114 * \def MBEDTLS_HAVE_TIME
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200115 *
Manuel Pégourié-Gonnard60c793b2015-06-18 20:52:58 +0200116 * System has time.h and time().
117 * The time does not need to be correct, only time differences are used,
118 * by contrast with MBEDTLS_HAVE_TIME_DATE
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200119 *
Andres Amaya Garcia1e4ec662016-07-20 10:16:25 +0100120 * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
121 * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
122 * MBEDTLS_PLATFORM_STD_TIME.
123 *
Andrzej Kurek57353692022-04-07 08:08:21 -0400124 * Comment if your system does not support time functions.
125 *
126 * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
127 * interface - timing.c will include time.h on suitable platforms
128 * regardless of the setting of MBEDTLS_HAVE_TIME, unless
129 * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200130 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200131#define MBEDTLS_HAVE_TIME
Manuel Pégourié-Gonnard10934de2013-12-13 12:54:09 +0100132
133/**
Manuel Pégourié-Gonnard60c793b2015-06-18 20:52:58 +0200134 * \def MBEDTLS_HAVE_TIME_DATE
135 *
Hanno Becker4e67cca2018-09-05 16:18:38 +0100136 * System has time.h, time(), and an implementation for
137 * mbedtls_platform_gmtime_r() (see below).
Antonin Décimo36e89b52019-01-23 15:24:37 +0100138 * The time needs to be correct (not necessarily very accurate, but at least
Manuel Pégourié-Gonnard60c793b2015-06-18 20:52:58 +0200139 * the date should be correct). This is used to verify the validity period of
140 * X.509 certificates.
141 *
142 * Comment if your system does not have a correct clock.
Andres Amaya Garcia97f3ecb2018-08-07 20:39:27 +0100143 *
Hanno Becker6a739782018-09-05 15:06:19 +0100144 * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
Hanno Beckerc52ef402018-09-05 16:28:59 +0100145 * behaves similarly to the gmtime_r() function from the C standard. Refer to
146 * the documentation for mbedtls_platform_gmtime_r() for more information.
Andres Amaya Garciac99b12b2018-08-21 19:32:44 +0100147 *
148 * \note It is possible to configure an implementation for
Hanno Becker6a739782018-09-05 15:06:19 +0100149 * mbedtls_platform_gmtime_r() at compile-time by using the macro
150 * MBEDTLS_PLATFORM_GMTIME_R_ALT.
Manuel Pégourié-Gonnard60c793b2015-06-18 20:52:58 +0200151 */
152#define MBEDTLS_HAVE_TIME_DATE
153
154/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200155 * \def MBEDTLS_PLATFORM_MEMORY
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100156 *
157 * Enable the memory allocation layer.
158 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200159 * By default Mbed TLS uses the system-provided calloc() and free().
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100160 * This allows different allocators (self-implemented or provided) to be
161 * provided to the platform abstraction layer.
162 *
Andrzej Kurekf14a5c32023-07-14 06:15:15 -0400163 * Enabling #MBEDTLS_PLATFORM_MEMORY without the
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +0200164 * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
165 * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
Rich Evans16f8cd82015-02-06 16:14:34 +0000166 * free() function pointer at runtime.
167 *
Andrzej Kurekf14a5c32023-07-14 06:15:15 -0400168 * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +0200169 * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
Rich Evans16f8cd82015-02-06 16:14:34 +0000170 * alternate function at compile time.
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100171 *
Andrzej Kurekf14a5c32023-07-14 06:15:15 -0400172 * An overview of how the value of mbedtls_calloc is determined:
173 *
174 * - if !MBEDTLS_PLATFORM_MEMORY
175 * - mbedtls_calloc = calloc
176 * - if MBEDTLS_PLATFORM_MEMORY
177 * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
178 * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
179 * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
180 * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
181 * - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
182 * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
183 * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
184 * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
185 * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
186 * - if MBEDTLS_PLATFORM_STD_CALLOC is present:
187 * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
188 * - if !MBEDTLS_PLATFORM_STD_CALLOC:
189 * - MBEDTLS_PLATFORM_STD_CALLOC = calloc
190 *
191 * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
192 * - if !MBEDTLS_PLATFORM_STD_CALLOC
193 * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
194 *
195 * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
196 *
197 * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
198 * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
199 * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
200 * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
201 * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
202 * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
203 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200204 * Requires: MBEDTLS_PLATFORM_C
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100205 *
206 * Enable this layer to allow use of alternative memory allocators.
207 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200208//#define MBEDTLS_PLATFORM_MEMORY
Paul Bakkerdefc0ca2014-02-04 17:30:24 +0100209
210/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200211 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
Paul Bakker088c5c52014-04-25 11:11:10 +0200212 *
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +0200213 * Do not assign standard functions in the platform layer (e.g. calloc() to
214 * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
Paul Bakker088c5c52014-04-25 11:11:10 +0200215 *
216 * This makes sure there are no linking errors on platforms that do not support
217 * these functions. You will HAVE to provide alternatives, either at runtime
218 * via the platform_set_xxx() functions or at compile time by setting
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200219 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
220 * MBEDTLS_PLATFORM_XXX_MACRO.
Paul Bakker088c5c52014-04-25 11:11:10 +0200221 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200222 * Requires: MBEDTLS_PLATFORM_C
Paul Bakker088c5c52014-04-25 11:11:10 +0200223 *
224 * Uncomment to prevent default assignment of standard functions in the
225 * platform layer.
226 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200227//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
Paul Bakker088c5c52014-04-25 11:11:10 +0200228
229/**
Janos Follathc351d182016-03-21 08:43:59 +0000230 * \def MBEDTLS_PLATFORM_EXIT_ALT
Paul Bakker747a83a2014-02-01 22:50:07 +0100231 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200232 * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100233 * function in the platform abstraction layer.
Paul Bakker747a83a2014-02-01 22:50:07 +0100234 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200235 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200236 * provide a function "mbedtls_platform_set_printf()" that allows you to set an
Paul Bakker747a83a2014-02-01 22:50:07 +0100237 * alternative printf function pointer.
238 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200239 * All these define require MBEDTLS_PLATFORM_C to be defined!
Paul Bakker747a83a2014-02-01 22:50:07 +0100240 *
Manuel Pégourié-Gonnard9db28872015-06-26 10:52:01 +0200241 * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
242 * it will be enabled automatically by check_config.h
243 *
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +0200244 * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200245 * MBEDTLS_PLATFORM_XXX_MACRO!
Rich Evans16f8cd82015-02-06 16:14:34 +0000246 *
Andres Amaya Garcia1e4ec662016-07-20 10:16:25 +0100247 * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
248 *
Paul Bakker747a83a2014-02-01 22:50:07 +0100249 * Uncomment a macro to enable alternate implementation of specific base
250 * platform function
251 */
Gilles Peskine6497b5a2022-06-30 17:01:40 +0200252//#define MBEDTLS_PLATFORM_SETBUF_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200253//#define MBEDTLS_PLATFORM_EXIT_ALT
SimonBd5800b72016-04-26 07:43:27 +0100254//#define MBEDTLS_PLATFORM_TIME_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200255//#define MBEDTLS_PLATFORM_FPRINTF_ALT
256//#define MBEDTLS_PLATFORM_PRINTF_ALT
257//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
k-stachowiak723f8672018-07-16 14:27:07 +0200258//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
Paul Bakkercf0a9f92016-06-01 11:25:44 +0100259//#define MBEDTLS_PLATFORM_NV_SEED_ALT
Andres Amaya Garcia59c20262017-07-18 10:23:04 +0100260//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
Jerry Yu38257492022-12-15 17:54:47 +0800261//#define MBEDTLS_PLATFORM_MS_TIME_ALT
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100262
263/**
Gilles Peskinea8861e02023-09-05 20:20:51 +0200264 * Uncomment the macro to let Mbed TLS use your alternate implementation of
265 * mbedtls_platform_gmtime_r(). This replaces the default implementation in
266 * platform_util.c.
267 *
268 * gmtime() is not a thread-safe function as defined in the C standard. The
269 * library will try to use safer implementations of this function, such as
270 * gmtime_r() when available. However, if Mbed TLS cannot identify the target
271 * system, the implementation of mbedtls_platform_gmtime_r() will default to
272 * using the standard gmtime(). In this case, calls from the library to
273 * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
274 * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
275 * library are also guarded with this mutex to avoid race conditions. However,
276 * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
277 * unconditionally use the implementation for mbedtls_platform_gmtime_r()
278 * supplied at compile time.
279 */
280//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
281
282/**
Gilles Peskine86733832023-09-07 15:02:39 +0200283 * Uncomment the macro to let Mbed TLS use your alternate implementation of
284 * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces
285 * the default implementation in platform_util.c.
Gilles Peskinea8861e02023-09-05 20:20:51 +0200286 *
Gilles Peskine86733832023-09-07 15:02:39 +0200287 * By default, the library uses a system function such as memset_s()
288 * (optional feature of C11), explicit_bzero() (BSD and compatible), or
289 * SecureZeroMemory (Windows). If no such function is detected, the library
290 * falls back to a plain C implementation. Compilers are technically
291 * permitted to optimize this implementation out, meaning that the memory is
292 * not actually wiped. The library tries to prevent that, but the C language
293 * makes it impossible to guarantee that the memory will always be wiped.
294 *
295 * If your platform provides a guaranteed method to wipe memory which
296 * `platform_util.c` does not detect, define this macro to the name of
297 * a function that takes two arguments, a `void *` pointer and a length,
298 * and wipes that many bytes starting at the specified address. For example,
299 * if your platform has explicit_bzero() but `platform_util.c` does not
300 * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be
301 * `explicit_bzero` to use that function as mbedtls_platform_zeroize().
Gilles Peskinea8861e02023-09-05 20:20:51 +0200302 */
303//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
304
305/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200306 * \def MBEDTLS_DEPRECATED_WARNING
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100307 *
Andres Amaya Garcia09634242018-11-29 09:55:41 +0000308 * Mark deprecated functions and features so that they generate a warning if
309 * used. Functionality deprecated in one version will usually be removed in the
310 * next version. You can enable this to help you prepare the transition to a
311 * new major version by making sure your code is not using this functionality.
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100312 *
313 * This only works with GCC and Clang. With other compilers, you may want to
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200314 * use MBEDTLS_DEPRECATED_REMOVED
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100315 *
Andres Amaya Garcia09634242018-11-29 09:55:41 +0000316 * Uncomment to get warnings on using deprecated functions and features.
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100317 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200318//#define MBEDTLS_DEPRECATED_WARNING
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100319
320/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200321 * \def MBEDTLS_DEPRECATED_REMOVED
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100322 *
Andres Amaya Garcia09634242018-11-29 09:55:41 +0000323 * Remove deprecated functions and features so that they generate an error if
324 * used. Functionality deprecated in one version will usually be removed in the
325 * next version. You can enable this to help you prepare the transition to a
326 * new major version by making sure your code is not using this functionality.
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100327 *
Andres Amaya Garcia09634242018-11-29 09:55:41 +0000328 * Uncomment to get errors on using deprecated functions and features.
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100329 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200330//#define MBEDTLS_DEPRECATED_REMOVED
Manuel Pégourié-Gonnardc70581c2015-03-23 13:58:27 +0100331
Andrzej Kurek38d4fdd2021-12-28 16:22:52 +0100332/** \} name SECTION: System support */
Paul Bakker0a62cd12011-01-21 11:00:08 +0000333
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000334/**
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200335 * \name SECTION: Mbed TLS feature support
Paul Bakker0a62cd12011-01-21 11:00:08 +0000336 *
337 * This section sets support for features that are or are not needed
338 * within the modules that are enabled.
339 * \{
340 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000341
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000342/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200343 * \def MBEDTLS_TIMING_ALT
Paul Bakkerf2561b32014-02-06 15:11:55 +0100344 *
TRodziewiczd8540832021-06-10 15:16:50 +0200345 * Uncomment to provide your own alternate implementation for
Manuel Pégourié-Gonnarda63bc942015-05-14 18:22:47 +0200346 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
Paul Bakkerf2561b32014-02-06 15:11:55 +0100347 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200348 * Only works if you have MBEDTLS_TIMING_C enabled.
Paul Bakkerf2561b32014-02-06 15:11:55 +0100349 *
350 * You will need to provide a header "timing_alt.h" and an implementation at
351 * compile time.
352 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200353//#define MBEDTLS_TIMING_ALT
Paul Bakkerf2561b32014-02-06 15:11:55 +0100354
355/**
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100356 * \def MBEDTLS_AES_ALT
Paul Bakker90995b52013-06-24 19:20:35 +0200357 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200358 * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
Janos Follathb0697532016-08-18 12:38:46 +0100359 * alternate core implementation of a symmetric crypto, an arithmetic or hash
360 * module (e.g. platform specific assembly optimized implementations). Keep
361 * in mind that the function prototypes should remain the same.
Paul Bakker90995b52013-06-24 19:20:35 +0200362 *
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200363 * This replaces the whole module. If you only want to replace one of the
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200364 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200365 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200366 * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
Janos Follathee782bc2016-11-07 15:41:26 +0000367 * provide the "struct mbedtls_aes_context" definition and omit the base
368 * function declarations and implementations. "aes_alt.h" will be included from
Paul Bakker90995b52013-06-24 19:20:35 +0200369 * "aes.h" to include the new function definitions.
370 *
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200371 * Uncomment a macro to enable alternate implementation of the corresponding
372 * module.
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100373 *
TRodziewicz10e8cf52021-05-31 17:58:57 +0200374 * \warning MD5, DES and SHA-1 are considered weak and their
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100375 * use constitutes a security risk. If possible, we recommend
376 * avoiding dependencies on them, and considering stronger message
377 * digests and ciphers instead.
378 *
Paul Bakker90995b52013-06-24 19:20:35 +0200379 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200380//#define MBEDTLS_AES_ALT
Markku-Juhani O. Saarinen0fb47fe2017-12-01 15:41:38 +0000381//#define MBEDTLS_ARIA_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200382//#define MBEDTLS_CAMELLIA_ALT
Steven Cooreman222e2ff2017-04-04 11:37:15 +0200383//#define MBEDTLS_CCM_ALT
Daniel King34b822c2016-05-15 17:28:08 -0300384//#define MBEDTLS_CHACHA20_ALT
Manuel Pégourié-Gonnarde533b222018-06-04 12:23:19 +0200385//#define MBEDTLS_CHACHAPOLY_ALT
Steven Cooreman63342772017-04-04 11:47:16 +0200386//#define MBEDTLS_CMAC_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200387//#define MBEDTLS_DES_ALT
nirekh01d569ecf2018-01-09 16:43:21 +0000388//#define MBEDTLS_DHM_ALT
Hanno Becker616d1ca2018-01-24 10:25:05 +0000389//#define MBEDTLS_ECJPAKE_ALT
Jaeden Amero15263302017-09-21 12:53:48 +0100390//#define MBEDTLS_GCM_ALT
Ron Eldor466a57f2018-05-03 16:54:28 +0300391//#define MBEDTLS_NIST_KW_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200392//#define MBEDTLS_MD5_ALT
Daniel Kingadc32c02016-05-16 18:25:45 -0300393//#define MBEDTLS_POLY1305_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200394//#define MBEDTLS_RIPEMD160_ALT
Hanno Becker88683b22018-01-04 18:26:54 +0000395//#define MBEDTLS_RSA_ALT
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200396//#define MBEDTLS_SHA1_ALT
397//#define MBEDTLS_SHA256_ALT
398//#define MBEDTLS_SHA512_ALT
Markku-Juhani O. Saarinen0fb47fe2017-12-01 15:41:38 +0000399
Janos Follathb0697532016-08-18 12:38:46 +0100400/*
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800401 * When replacing the elliptic curve module, please consider, that it is
Janos Follathb0697532016-08-18 12:38:46 +0100402 * implemented with two .c files:
403 * - ecp.c
404 * - ecp_curves.c
Janos Follathee782bc2016-11-07 15:41:26 +0000405 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
406 * macros as described above. The only difference is that you have to make sure
407 * that you provide functionality for both .c files.
Janos Follathb0697532016-08-18 12:38:46 +0100408 */
409//#define MBEDTLS_ECP_ALT
Paul Bakker90995b52013-06-24 19:20:35 +0200410
411/**
TRodziewicz75628d52021-06-18 12:56:27 +0200412 * \def MBEDTLS_SHA256_PROCESS_ALT
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200413 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200414 * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100415 * alternate core implementation of symmetric crypto or hash function. Keep in
416 * mind that function prototypes should remain the same.
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200417 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200418 * This replaces only one function. The header file from Mbed TLS is still
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200419 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200420 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200421 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200422 * no longer provide the mbedtls_sha1_process() function, but it will still provide
423 * the other function (using your mbedtls_sha1_process() function) and the definition
424 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200425 * with this definition.
426 *
Tobias Nießen1e8ca122021-05-10 19:53:15 +0200427 * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
Hanno Beckera5723f42017-06-26 12:46:19 +0100428 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
429 * tables.
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200430 *
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200431 * Uncomment a macro to enable alternate implementation of the corresponding
432 * function.
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100433 *
TRodziewicz10e8cf52021-05-31 17:58:57 +0200434 * \warning MD5, DES and SHA-1 are considered weak and their use
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100435 * constitutes a security risk. If possible, we recommend avoiding
436 * dependencies on them, and considering stronger message digests
437 * and ciphers instead.
438 *
Janos Follath1231d212019-01-07 15:01:32 +0000439 * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
440 * enabled, then the deterministic ECDH signature functions pass the
441 * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
442 * alternative implementations should use the RNG only for generating
443 * the ephemeral key and nothing else. If this is not possible, then
444 * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
TRodziewiczc1c479f2021-05-06 00:53:22 +0200445 * implementation should be provided for mbedtls_ecdsa_sign_det_ext().
Janos Follath1231d212019-01-07 15:01:32 +0000446 *
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200447 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200448//#define MBEDTLS_MD5_PROCESS_ALT
449//#define MBEDTLS_RIPEMD160_PROCESS_ALT
450//#define MBEDTLS_SHA1_PROCESS_ALT
451//#define MBEDTLS_SHA256_PROCESS_ALT
452//#define MBEDTLS_SHA512_PROCESS_ALT
Manuel Pégourié-Gonnard70a50102015-05-12 15:02:45 +0200453//#define MBEDTLS_DES_SETKEY_ALT
454//#define MBEDTLS_DES_CRYPT_ECB_ALT
455//#define MBEDTLS_DES3_CRYPT_ECB_ALT
Manuel Pégourié-Gonnard31993f22015-05-12 15:41:08 +0200456//#define MBEDTLS_AES_SETKEY_ENC_ALT
457//#define MBEDTLS_AES_SETKEY_DEC_ALT
458//#define MBEDTLS_AES_ENCRYPT_ALT
459//#define MBEDTLS_AES_DECRYPT_ALT
Ron Eldora84c1cb2017-10-10 19:04:27 +0300460//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
Ron Eldor3226d362017-10-12 14:17:48 +0300461//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
Ron Eldor314adb62017-10-10 18:28:25 +0300462//#define MBEDTLS_ECDSA_VERIFY_ALT
463//#define MBEDTLS_ECDSA_SIGN_ALT
464//#define MBEDTLS_ECDSA_GENKEY_ALT
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200465
466/**
Janos Follathc44ab972016-11-18 16:38:23 +0000467 * \def MBEDTLS_ECP_INTERNAL_ALT
468 *
469 * Expose a part of the internal interface of the Elliptic Curve Point module.
Janos Follathb0697532016-08-18 12:38:46 +0100470 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200471 * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
Janos Follath372697b2016-10-28 16:53:11 +0100472 * alternative core implementation of elliptic curve arithmetic. Keep in mind
473 * that function prototypes should remain the same.
Janos Follathb0697532016-08-18 12:38:46 +0100474 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200475 * This partially replaces one function. The header file from Mbed TLS is still
Janos Follathb0697532016-08-18 12:38:46 +0100476 * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
477 * is still present and it is used for group structures not supported by the
478 * alternative.
479 *
Steven Cooreman97b49842021-01-08 16:32:20 +0100480 * The original implementation can in addition be removed by setting the
Steven Cooreman6226a122021-01-21 13:58:31 +0100481 * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
Steven Cooreman97b49842021-01-08 16:32:20 +0100482 * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
483 * able to fallback to curves not supported by the alternative implementation.
484 *
Janos Follathc44ab972016-11-18 16:38:23 +0000485 * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
486 * and implementing the following functions:
487 * unsigned char mbedtls_internal_ecp_grp_capable(
488 * const mbedtls_ecp_group *grp )
489 * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500490 * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
Janos Follathc44ab972016-11-18 16:38:23 +0000491 * The mbedtls_internal_ecp_grp_capable function should return 1 if the
492 * replacement functions implement arithmetic for the given group and 0
493 * otherwise.
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500494 * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
Janos Follathc44ab972016-11-18 16:38:23 +0000495 * called before and after each point operation and provide an opportunity to
496 * implement optimized set up and tear down instructions.
Janos Follathb0697532016-08-18 12:38:46 +0100497 *
Steven Cooreman6226a122021-01-21 13:58:31 +0100498 * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200499 * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
Steven Cooreman6226a122021-01-21 13:58:31 +0100500 * function, but will use your mbedtls_internal_ecp_double_jac() if the group
501 * for the operation is supported by your implementation (i.e. your
502 * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200503 * group is not supported by your implementation, then the original Mbed TLS
Steven Cooreman6226a122021-01-21 13:58:31 +0100504 * implementation of ecp_double_jac() is used instead, unless this fallback
505 * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
506 * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
507 *
508 * The function prototypes and the definition of mbedtls_ecp_group and
509 * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
510 * implementation of mbedtls_internal_ecp__function_name__ must be compatible
511 * with their definitions.
Janos Follathb0697532016-08-18 12:38:46 +0100512 *
513 * Uncomment a macro to enable alternate implementation of the corresponding
514 * function.
515 */
516/* Required for all the functions in this section */
Janos Follathc44ab972016-11-18 16:38:23 +0000517//#define MBEDTLS_ECP_INTERNAL_ALT
Steven Cooreman97b49842021-01-08 16:32:20 +0100518/* Turn off software fallback for curves not supported in hardware */
519//#define MBEDTLS_ECP_NO_FALLBACK
Janos Follathb0697532016-08-18 12:38:46 +0100520/* Support for Weierstrass curves with Jacobi representation */
521//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
522//#define MBEDTLS_ECP_ADD_MIXED_ALT
523//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
524//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
525//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
526/* Support for curves with Montgomery arithmetic */
527//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
528//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
529//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
530
531/**
Manuel Pégourié-Gonnard8ba88f02015-06-22 12:14:20 +0200532 * \def MBEDTLS_ENTROPY_HARDWARE_ALT
Manuel Pégourié-Gonnard3f77dfb2015-06-19 10:06:21 +0200533 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200534 * Uncomment this macro to let Mbed TLS use your own implementation of a
Manuel Pégourié-Gonnard3f77dfb2015-06-19 10:06:21 +0200535 * hardware entropy collector.
536 *
537 * Your function must be called \c mbedtls_hardware_poll(), have the same
Chris Jones3848e312021-03-11 16:17:59 +0000538 * prototype as declared in library/entropy_poll.h, and accept NULL as first
539 * argument.
Manuel Pégourié-Gonnard3f77dfb2015-06-19 10:06:21 +0200540 *
541 * Uncomment to use your own hardware entropy collector.
542 */
543//#define MBEDTLS_ENTROPY_HARDWARE_ALT
544
545/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200546 * \def MBEDTLS_AES_ROM_TABLES
Paul Bakker15566e42011-04-24 21:19:15 +0000547 *
Hanno Becker177d3cf2017-06-07 15:52:48 +0100548 * Use precomputed AES tables stored in ROM.
Paul Bakker15566e42011-04-24 21:19:15 +0000549 *
Hanno Becker177d3cf2017-06-07 15:52:48 +0100550 * Uncomment this macro to use precomputed AES tables stored in ROM.
551 * Comment this macro to generate AES tables in RAM at runtime.
552 *
Hanno Becker4c1dc3c2018-03-27 16:52:03 +0100553 * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
554 * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
Hanno Becker6a92ce62018-03-28 11:42:05 +0100555 * initialization time before the first AES operation can be performed.
556 * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
557 * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
558 * performance if ROM access is slower than RAM access.
Hanno Becker177d3cf2017-06-07 15:52:48 +0100559 *
560 * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
Paul Bakker15566e42011-04-24 21:19:15 +0000561 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200562//#define MBEDTLS_AES_ROM_TABLES
Paul Bakker15566e42011-04-24 21:19:15 +0000563
564/**
Hanno Becker177d3cf2017-06-07 15:52:48 +0100565 * \def MBEDTLS_AES_FEWER_TABLES
Jussi Kivilinna2fd1bb82015-11-12 16:38:31 +0200566 *
Hanno Becker177d3cf2017-06-07 15:52:48 +0100567 * Use less ROM/RAM for AES tables.
Jussi Kivilinna2fd1bb82015-11-12 16:38:31 +0200568 *
Hanno Becker177d3cf2017-06-07 15:52:48 +0100569 * Uncommenting this macro omits 75% of the AES tables from
570 * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
571 * by computing their values on the fly during operations
572 * (the tables are entry-wise rotations of one another).
573 *
574 * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
Hanno Becker08a5c182017-06-19 16:33:58 +0100575 * by ~6kb but at the cost of more arithmetic operations during
Hanno Becker177d3cf2017-06-07 15:52:48 +0100576 * runtime. Specifically, one has to compare 4 accesses within
577 * different tables to 4 accesses with additional arithmetic
578 * operations within the same table. The performance gain/loss
579 * depends on the system and memory details.
580 *
581 * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
Jussi Kivilinna2fd1bb82015-11-12 16:38:31 +0200582 */
Hanno Becker177d3cf2017-06-07 15:52:48 +0100583//#define MBEDTLS_AES_FEWER_TABLES
Jussi Kivilinna2fd1bb82015-11-12 16:38:31 +0200584
585/**
Arto Kinnunen732ca322023-04-14 14:26:10 +0800586 * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
587 *
588 * Use only 128-bit keys in AES operations to save ROM.
589 *
Yanray Wangd2ae4322023-05-10 10:45:38 +0800590 * Uncomment this macro to remove support for AES operations that use 192-
Arto Kinnunen732ca322023-04-14 14:26:10 +0800591 * or 256-bit keys.
592 *
Yanray Wangd2ae4322023-05-10 10:45:38 +0800593 * Uncommenting this macro reduces the size of AES code by ~300 bytes
594 * on v8-M/Thumb2.
Arto Kinnunen732ca322023-04-14 14:26:10 +0800595 *
Arto Kinnunen732ca322023-04-14 14:26:10 +0800596 * Module: library/aes.c
597 *
598 * Requires: MBEDTLS_AES_C
Arto Kinnunen732ca322023-04-14 14:26:10 +0800599 */
600//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
601
Gilles Peskinea8861e02023-09-05 20:20:51 +0200602/*
603 * Disable plain C implementation for AES.
604 *
605 * When the plain C implementation is enabled, and an implementation using a
606 * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime
607 * detection will be used to select between them.
608 *
609 * If only one implementation is present, runtime detection will not be used.
610 * This configuration will crash at runtime if running on a CPU without the
611 * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C
612 * and/or MBEDTLS_AESNI_C is enabled & present in the build.
613 */
614//#define MBEDTLS_AES_USE_HARDWARE_ONLY
615
Arto Kinnunen732ca322023-04-14 14:26:10 +0800616/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200617 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
Manuel Pégourié-Gonnard62edcc82015-04-03 16:28:19 +0200618 *
619 * Use less ROM for the Camellia implementation (saves about 768 bytes).
620 *
621 * Uncomment this macro to use less memory for Camellia.
622 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200623//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
Manuel Pégourié-Gonnard62edcc82015-04-03 16:28:19 +0200624
625/**
Gilles Peskine9a7d4c22021-09-23 18:07:36 +0200626 * \def MBEDTLS_CHECK_RETURN_WARNING
627 *
628 * If this macro is defined, emit a compile-time warning if application code
629 * calls a function without checking its return value, but the return value
630 * should generally be checked in portable applications.
631 *
632 * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
633 * implemented. Otherwise this option has no effect.
634 *
635 * Uncomment to get warnings on using fallible functions without checking
636 * their return value.
637 *
638 * \note This feature is a work in progress.
639 * Warnings will be added to more functions in the future.
640 *
641 * \note A few functions are considered critical, and ignoring the return
642 * value of these functions will trigger a warning even if this
643 * macro is not defined. To completely disable return value check
644 * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
645 */
646//#define MBEDTLS_CHECK_RETURN_WARNING
647
648/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200649 * \def MBEDTLS_CIPHER_MODE_CBC
Manuel Pégourié-Gonnardf7dc3782013-09-13 14:10:44 +0200650 *
651 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
652 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200653#define MBEDTLS_CIPHER_MODE_CBC
Manuel Pégourié-Gonnardf7dc3782013-09-13 14:10:44 +0200654
655/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200656 * \def MBEDTLS_CIPHER_MODE_CFB
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000657 *
658 * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
659 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200660#define MBEDTLS_CIPHER_MODE_CFB
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000661
662/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200663 * \def MBEDTLS_CIPHER_MODE_CTR
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000664 *
665 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
666 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200667#define MBEDTLS_CIPHER_MODE_CTR
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000668
669/**
Jaeden Ameroff2f4932018-06-14 11:38:50 +0100670 * \def MBEDTLS_CIPHER_MODE_OFB
671 *
672 * Enable Output Feedback mode (OFB) for symmetric ciphers.
673 */
674#define MBEDTLS_CIPHER_MODE_OFB
675
676/**
677 * \def MBEDTLS_CIPHER_MODE_XTS
678 *
679 * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
680 */
681#define MBEDTLS_CIPHER_MODE_XTS
682
683/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200684 * \def MBEDTLS_CIPHER_NULL_CIPHER
Paul Bakkerfab5c822012-02-06 16:45:10 +0000685 *
686 * Enable NULL cipher.
687 * Warning: Only do so when you know what you are doing. This allows for
688 * encryption or channels without any security!
689 *
Ronald Croncee42702021-04-26 11:34:44 +0200690 * To enable the following ciphersuites:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200691 * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
692 * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
693 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
694 * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
695 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
696 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
697 * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
698 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
699 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
700 * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
701 * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
702 * MBEDTLS_TLS_RSA_WITH_NULL_SHA
703 * MBEDTLS_TLS_RSA_WITH_NULL_MD5
704 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
705 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
706 * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
707 * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
708 * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
709 * MBEDTLS_TLS_PSK_WITH_NULL_SHA
Paul Bakkerfab5c822012-02-06 16:45:10 +0000710 *
711 * Uncomment this macro to enable the NULL cipher and ciphersuites
Paul Bakkerfab5c822012-02-06 16:45:10 +0000712 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200713//#define MBEDTLS_CIPHER_NULL_CIPHER
Paul Bakkerfab5c822012-02-06 16:45:10 +0000714
715/**
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100716 * \def MBEDTLS_CIPHER_PADDING_PKCS7
Paul Bakker48e93c82013-08-14 12:21:18 +0200717 *
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100718 * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
719 * specific padding modes in the cipher layer with cipher modes that support
720 * padding (e.g. CBC)
Paul Bakker48e93c82013-08-14 12:21:18 +0200721 *
722 * If you disable all padding modes, only full blocks can be used with CBC.
723 *
724 * Enable padding modes in the cipher layer.
725 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200726#define MBEDTLS_CIPHER_PADDING_PKCS7
727#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
728#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
729#define MBEDTLS_CIPHER_PADDING_ZEROS
Paul Bakker48e93c82013-08-14 12:21:18 +0200730
Gilles Peskine1540e5b2019-10-03 14:21:14 +0200731/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
732 *
733 * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
Yanray Wang55ef22c2023-06-15 09:57:06 +0800734 * Without this, CTR_DRBG uses a 256-bit key
735 * unless \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
Gilles Peskine1540e5b2019-10-03 14:21:14 +0200736 */
737//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
738
Paul Bakker48e93c82013-08-14 12:21:18 +0200739/**
Gilles Peskinea8861e02023-09-05 20:20:51 +0200740 * Enable the verified implementations of ECDH primitives from Project Everest
741 * (currently only Curve25519). This feature changes the layout of ECDH
742 * contexts and therefore is a compatibility break for applications that access
743 * fields of a mbedtls_ecdh_context structure directly. See also
744 * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
Dave Rodgman9eb2abd2023-11-08 11:36:00 +0000745 *
746 * The Everest code is provided under the Apache 2.0 license only; therefore enabling this
747 * option is not compatible with taking the library under the GPL v2.0-or-later license.
Gilles Peskinea8861e02023-09-05 20:20:51 +0200748 */
749//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
750
751/**
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100752 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
Paul Bakker5dc6b5f2013-06-29 23:26:34 +0200753 *
Manuel Pégourié-Gonnard76da60c2016-01-04 13:51:01 +0100754 * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
755 * module. By default all supported curves are enabled.
Paul Bakker5dc6b5f2013-06-29 23:26:34 +0200756 *
757 * Comment macros to disable the curve and functions for it
758 */
Gilles Peskine799e5762018-09-14 17:34:00 +0200759/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200760#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
761#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
762#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
763#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
764#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
765#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
766#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
767#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
768#define MBEDTLS_ECP_DP_BP256R1_ENABLED
769#define MBEDTLS_ECP_DP_BP384R1_ENABLED
770#define MBEDTLS_ECP_DP_BP512R1_ENABLED
Gilles Peskine799e5762018-09-14 17:34:00 +0200771/* Montgomery curves (supporting ECP) */
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200772#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000773#define MBEDTLS_ECP_DP_CURVE448_ENABLED
Paul Bakker5dc6b5f2013-06-29 23:26:34 +0200774
775/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200776 * \def MBEDTLS_ECP_NIST_OPTIM
Manuel Pégourié-Gonnardc04c5302013-10-23 16:11:52 +0200777 *
778 * Enable specific 'modulo p' routines for each NIST prime.
779 * Depending on the prime and architecture, makes operations 4 to 8 times
780 * faster on the corresponding curve.
781 *
782 * Comment this macro to disable NIST curves optimisation.
783 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200784#define MBEDTLS_ECP_NIST_OPTIM
Manuel Pégourié-Gonnardc04c5302013-10-23 16:11:52 +0200785
786/**
Manuel Pégourié-Gonnard4b9c51e2017-04-20 15:50:26 +0200787 * \def MBEDTLS_ECP_RESTARTABLE
Manuel Pégourié-Gonnardc3a3bc72017-03-22 11:17:51 +0100788 *
789 * Enable "non-blocking" ECC operations that can return early and be resumed.
790 *
Manuel Pégourié-Gonnardf0bbd7e2018-10-15 13:22:41 +0200791 * This allows various functions to pause by returning
792 * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
793 * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
794 * order to further progress and eventually complete their operation. This is
795 * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
796 * number of ECC operations a function may perform before pausing; see
797 * mbedtls_ecp_set_max_ops() for more information.
Manuel Pégourié-Gonnardc3a3bc72017-03-22 11:17:51 +0100798 *
Manuel Pégourié-Gonnard8b7b96b2017-08-23 10:02:51 +0200799 * This is useful in non-threaded environments if you want to avoid blocking
Manuel Pégourié-Gonnardf0bbd7e2018-10-15 13:22:41 +0200800 * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
Manuel Pégourié-Gonnardc3a3bc72017-03-22 11:17:51 +0100801 *
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +0100802 * This option:
803 * - Adds xxx_restartable() variants of existing operations in the
804 * following modules, with corresponding restart context types:
Manuel Pégourié-Gonnardb2812cc2022-12-09 09:53:55 +0100805 * - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
806 * linear combination (muladd);
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +0100807 * - ECDSA: signature generation & verification;
808 * - PK: signature generation & verification;
809 * - X509: certificate chain verification.
810 * - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
811 * - Changes the behaviour of TLS 1.2 clients (not servers) when using the
812 * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
813 * computations restartable:
Tom Cosgrove5c8505f2023-03-07 11:39:52 +0000814 * - ECDH operations from the key exchange, only for Short Weierstrass
Manuel Pégourié-Gonnardb2812cc2022-12-09 09:53:55 +0100815 * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled.
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +0100816 * - verification of the server's key exchange signature;
817 * - verification of the server's certificate chain;
Manuel Pégourié-Gonnardb2812cc2022-12-09 09:53:55 +0100818 * - generation of the client's signature if client authentication is used,
819 * with an ECC key/certificate.
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +0100820 *
821 * \note In the cases above, the usual SSL/TLS functions, such as
822 * mbedtls_ssl_handshake(), can now return
823 * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
Ron Eldor5ed8c1e2018-11-05 14:04:26 +0200824 *
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +0100825 * \note When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled,
826 * restartable operations in PK, X.509 and TLS (see above) are not
827 * using PSA. On the other hand, ECDH computations in TLS are using
Manuel Pégourié-Gonnardb2812cc2022-12-09 09:53:55 +0100828 * PSA, and are not restartable. These are temporary limitations that
829 * should be lifted in the future.
Ron Eldor5ed8c1e2018-11-05 14:04:26 +0200830 *
Ron Eldor19779c42018-11-05 16:58:13 +0200831 * \note This option only works with the default software implementation of
832 * elliptic curve functionality. It is incompatible with
Thomas Daubney537e6432021-06-03 15:46:33 +0100833 * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +0100834 *
Manuel Pégourié-Gonnardad45c4d2022-12-06 13:20:06 +0100835 * Requires: MBEDTLS_ECP_C
836 *
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +0100837 * Uncomment this macro to enable restartable ECC computations.
Manuel Pégourié-Gonnardc3a3bc72017-03-22 11:17:51 +0100838 */
Manuel Pégourié-Gonnardc9e16a92017-08-15 14:30:59 +0200839//#define MBEDTLS_ECP_RESTARTABLE
Manuel Pégourié-Gonnardc3a3bc72017-03-22 11:17:51 +0100840
841/**
Gilles Peskinea8861e02023-09-05 20:20:51 +0200842 * Uncomment to enable using new bignum code in the ECC modules.
843 *
844 * \warning This is currently experimental, incomplete and therefore should not
845 * be used in production.
846 */
847//#define MBEDTLS_ECP_WITH_MPI_UINT
848
849/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200850 * \def MBEDTLS_ECDSA_DETERMINISTIC
Manuel Pégourié-Gonnard461d4162014-01-06 10:16:28 +0100851 *
852 * Enable deterministic ECDSA (RFC 6979).
853 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
854 * may result in a compromise of the long-term signing key. This is avoided by
855 * the deterministic variant.
856 *
John Durkop36a82e52020-10-26 09:39:05 -0700857 * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
Manuel Pégourié-Gonnard5b1a5732014-01-07 16:46:17 +0100858 *
Manuel Pégourié-Gonnard461d4162014-01-06 10:16:28 +0100859 * Comment this macro to disable deterministic ECDSA.
860 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200861#define MBEDTLS_ECDSA_DETERMINISTIC
Manuel Pégourié-Gonnard461d4162014-01-06 10:16:28 +0100862
863/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200864 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200865 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200866 * Enable the PSK based ciphersuite modes in SSL / TLS.
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200867 *
Paul Bakkere07f41d2013-04-19 09:08:57 +0200868 * This enables the following ciphersuites (if other requisites are
869 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200870 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
871 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
872 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
873 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
874 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
875 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
876 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
877 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
878 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
879 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200880 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200881#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200882
883/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200884 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200885 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200886 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200887 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200888 * Requires: MBEDTLS_DHM_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200889 *
890 * This enables the following ciphersuites (if other requisites are
891 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200892 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
893 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
894 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
895 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
896 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
897 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
898 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
899 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
900 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
901 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
Hanno Beckera2f6b722017-09-28 10:33:29 +0100902 *
Hanno Beckerf9734b32017-10-03 12:09:22 +0100903 * \warning Using DHE constitutes a security risk as it
904 * is not possible to validate custom DH parameters.
905 * If possible, it is recommended users should consider
906 * preferring other methods of key exchange.
907 * See dhm.h for more details.
Hanno Beckera2f6b722017-09-28 10:33:29 +0100908 *
Paul Bakkere07f41d2013-04-19 09:08:57 +0200909 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200910#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200911
912/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200913 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
Manuel Pégourié-Gonnard3ce3bbd2013-10-11 16:53:50 +0200914 *
915 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
916 *
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +0200917 * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
Manuel Pégourié-Gonnard3ce3bbd2013-10-11 16:53:50 +0200918 *
919 * This enables the following ciphersuites (if other requisites are
920 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200921 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
922 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
923 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
924 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
925 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
926 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
Manuel Pégourié-Gonnard3ce3bbd2013-10-11 16:53:50 +0200927 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200928#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
Manuel Pégourié-Gonnard3ce3bbd2013-10-11 16:53:50 +0200929
930/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200931 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200932 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200933 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
Manuel Pégourié-Gonnard0fae60b2013-10-14 17:39:48 +0200934 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200935 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
936 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200937 *
938 * This enables the following ciphersuites (if other requisites are
939 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200940 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
941 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
942 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
943 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
944 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
945 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
946 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
947 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
948 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
949 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakkere07f41d2013-04-19 09:08:57 +0200950 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200951#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200952
953/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200954 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200955 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200956 * Enable the RSA-only based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200957 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200958 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
959 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200960 *
961 * This enables the following ciphersuites (if other requisites are
962 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200963 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
964 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
965 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
966 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
967 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
968 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
969 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
970 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
971 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
972 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
973 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
974 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
Paul Bakkere07f41d2013-04-19 09:08:57 +0200975 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200976#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200977
978/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200979 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +0200980 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +0200981 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +0200982 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200983 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
984 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +0200985 *
986 * This enables the following ciphersuites (if other requisites are
987 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200988 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
989 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
990 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
991 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
992 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
993 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
994 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
995 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
996 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
997 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
998 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
999 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
Hanno Beckera2f6b722017-09-28 10:33:29 +01001000 *
Hanno Beckerf9734b32017-10-03 12:09:22 +01001001 * \warning Using DHE constitutes a security risk as it
1002 * is not possible to validate custom DH parameters.
1003 * If possible, it is recommended users should consider
1004 * preferring other methods of key exchange.
1005 * See dhm.h for more details.
Hanno Beckera2f6b722017-09-28 10:33:29 +01001006 *
Paul Bakkere07f41d2013-04-19 09:08:57 +02001007 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001008#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +02001009
1010/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001011 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +02001012 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001013 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
Paul Bakkere07f41d2013-04-19 09:08:57 +02001014 *
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +02001015 * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
1016 * MBEDTLS_RSA_C
1017 * MBEDTLS_PKCS1_V15
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001018 * MBEDTLS_X509_CRT_PARSE_C
Paul Bakkere07f41d2013-04-19 09:08:57 +02001019 *
1020 * This enables the following ciphersuites (if other requisites are
1021 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001022 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1023 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
1024 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1025 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1026 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
1027 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1028 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
1029 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1030 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1031 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakkere07f41d2013-04-19 09:08:57 +02001032 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001033#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Paul Bakkere07f41d2013-04-19 09:08:57 +02001034
1035/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001036 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +02001037 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001038 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +02001039 *
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +02001040 * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
1041 * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
1042 * MBEDTLS_X509_CRT_PARSE_C
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +02001043 *
1044 * This enables the following ciphersuites (if other requisites are
1045 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001046 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1047 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
1048 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1049 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1050 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1051 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1052 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
1053 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1054 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1055 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +02001056 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001057#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +02001058
1059/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001060 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +01001061 *
1062 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
1063 *
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +02001064 * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
1065 * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
1066 * MBEDTLS_X509_CRT_PARSE_C
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +01001067 *
1068 * This enables the following ciphersuites (if other requisites are
1069 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001070 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
1071 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
1072 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
1073 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
1074 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
1075 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
1076 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1077 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1078 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1079 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +01001080 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001081#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +01001082
1083/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001084 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +01001085 *
1086 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
1087 *
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +02001088 * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
1089 * MBEDTLS_RSA_C
1090 * MBEDTLS_X509_CRT_PARSE_C
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +01001091 *
1092 * This enables the following ciphersuites (if other requisites are
1093 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001094 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
1095 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
1096 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
1097 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
1098 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
1099 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
1100 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
1101 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
1102 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
1103 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +01001104 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001105#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +01001106
1107/**
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +02001108 * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1109 *
1110 * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
1111 *
Manuel Pégourié-Gonnard75df9022015-09-16 23:21:01 +02001112 * \warning This is currently experimental. EC J-PAKE support is based on the
1113 * Thread v1.0.0 specification; incompatible changes to the specification
1114 * might still happen. For this reason, this is disabled by default.
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +02001115 *
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +02001116 * Requires: MBEDTLS_ECJPAKE_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_JPAKE)
Manuel Pégourié-Gonnard41bc8b62023-03-14 23:59:24 +01001117 * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver)
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +02001118 * MBEDTLS_ECP_DP_SECP256R1_ENABLED
1119 *
Manuel Pégourié-Gonnard41bc8b62023-03-14 23:59:24 +01001120 * \warning If SHA-256 is provided only by a PSA driver, you must call
Wenxing Hou848bccf2024-06-19 11:04:13 +08001121 * psa_crypto_init() before the first handshake (even if
Manuel Pégourié-Gonnard41bc8b62023-03-14 23:59:24 +01001122 * MBEDTLS_USE_PSA_CRYPTO is disabled).
1123 *
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +02001124 * This enables the following ciphersuites (if other requisites are
1125 * enabled as well):
1126 * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
1127 */
Manuel Pégourié-Gonnardcf828932015-10-20 14:57:00 +02001128//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +02001129
1130/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001131 * \def MBEDTLS_PK_PARSE_EC_EXTENDED
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +01001132 *
1133 * Enhance support for reading EC keys using variants of SEC1 not allowed by
1134 * RFC 5915 and RFC 5480.
1135 *
1136 * Currently this means parsing the SpecifiedECDomain choice of EC
1137 * parameters (only known groups are supported, not arbitrary domains, to
1138 * avoid validation issues).
1139 *
1140 * Disable if you only need to support RFC 5915 + 5480 key formats.
1141 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001142#define MBEDTLS_PK_PARSE_EC_EXTENDED
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +01001143
1144/**
Valerio Settiaddeee42023-06-14 10:46:55 +02001145 * \def MBEDTLS_PK_PARSE_EC_COMPRESSED
1146 *
1147 * Enable the support for parsing public keys of type Short Weierstrass
1148 * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
Valerio Setti3cd4ef72023-06-19 11:35:10 +02001149 * compressed point format. This parsing is done through ECP module's functions.
1150 *
1151 * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h)
1152 * the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and
1153 * MBEDTLS_ECP_DP_SECP224K1.
Valerio Settiaddeee42023-06-14 10:46:55 +02001154 */
1155#define MBEDTLS_PK_PARSE_EC_COMPRESSED
1156
1157/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001158 * \def MBEDTLS_ERROR_STRERROR_DUMMY
Paul Bakker8fe40dc2013-02-02 12:43:08 +01001159 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001160 * Enable a dummy error function to make use of mbedtls_strerror() in
1161 * third party libraries easier when MBEDTLS_ERROR_C is disabled
1162 * (no effect when MBEDTLS_ERROR_C is enabled).
Manuel Pégourié-Gonnarddc16aa72014-06-25 12:55:12 +02001163 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001164 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
1165 * not using mbedtls_strerror() or error_strerror() in your application.
Paul Bakker8fe40dc2013-02-02 12:43:08 +01001166 *
1167 * Disable if you run into name conflicts and want to really remove the
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001168 * mbedtls_strerror()
Paul Bakker8fe40dc2013-02-02 12:43:08 +01001169 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001170#define MBEDTLS_ERROR_STRERROR_DUMMY
Paul Bakker8fe40dc2013-02-02 12:43:08 +01001171
1172/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001173 * \def MBEDTLS_GENPRIME
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001174 *
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02001175 * Enable the prime-number generation code.
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001176 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001177 * Requires: MBEDTLS_BIGNUM_C
Paul Bakker5121ce52009-01-03 21:22:43 +00001178 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001179#define MBEDTLS_GENPRIME
Paul Bakker5121ce52009-01-03 21:22:43 +00001180
Paul Bakkerf3b86c12011-01-27 15:24:17 +00001181/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001182 * \def MBEDTLS_FS_IO
Paul Bakker335db3f2011-04-25 15:28:35 +00001183 *
1184 * Enable functions that use the filesystem.
1185 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001186#define MBEDTLS_FS_IO
Paul Bakker335db3f2011-04-25 15:28:35 +00001187
1188/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001189 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
Paul Bakker43655f42011-12-15 20:11:16 +00001190 *
TRodziewicz15a7b732021-06-16 11:22:53 +02001191 * Do not add default entropy sources in mbedtls_entropy_init().
Paul Bakker43655f42011-12-15 20:11:16 +00001192 *
Shuo Chen95a0d112014-04-04 21:04:40 -07001193 * This is useful to have more control over the added entropy sources in an
Paul Bakker43655f42011-12-15 20:11:16 +00001194 * application.
1195 *
1196 * Uncomment this macro to prevent loading of default entropy functions.
Paul Bakker43655f42011-12-15 20:11:16 +00001197 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001198//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
Paul Bakker43655f42011-12-15 20:11:16 +00001199
1200/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001201 * \def MBEDTLS_NO_PLATFORM_ENTROPY
Paul Bakker6083fd22011-12-03 21:45:14 +00001202 *
1203 * Do not use built-in platform entropy functions.
1204 * This is useful if your platform does not support
1205 * standards like the /dev/urandom or Windows CryptoAPI.
1206 *
1207 * Uncomment this macro to disable the built-in platform entropy functions.
Paul Bakker6083fd22011-12-03 21:45:14 +00001208 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001209//#define MBEDTLS_NO_PLATFORM_ENTROPY
Paul Bakker6083fd22011-12-03 21:45:14 +00001210
1211/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001212 * \def MBEDTLS_ENTROPY_FORCE_SHA256
Paul Bakker2ceda572014-02-06 15:55:25 +01001213 *
1214 * Force the entropy accumulator to use a SHA-256 accumulator instead of the
1215 * default SHA-512 based one (if both are available).
1216 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001217 * Requires: MBEDTLS_SHA256_C
Paul Bakker2ceda572014-02-06 15:55:25 +01001218 *
1219 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
1220 * if you have performance concerns.
1221 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001222 * This option is only useful if both MBEDTLS_SHA256_C and
1223 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
Paul Bakker2ceda572014-02-06 15:55:25 +01001224 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001225//#define MBEDTLS_ENTROPY_FORCE_SHA256
Paul Bakker2ceda572014-02-06 15:55:25 +01001226
1227/**
Paul Bakkercf0a9f92016-06-01 11:25:44 +01001228 * \def MBEDTLS_ENTROPY_NV_SEED
1229 *
1230 * Enable the non-volatile (NV) seed file-based entropy source.
1231 * (Also enables the NV seed read/write functions in the platform layer)
1232 *
1233 * This is crucial (if not required) on systems that do not have a
1234 * cryptographic entropy source (in hardware or kernel) available.
1235 *
1236 * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
1237 *
Paul Bakker71a597a2016-06-07 10:59:03 +01001238 * \note The read/write functions that are used by the entropy source are
1239 * determined in the platform layer, and can be modified at runtime and/or
1240 * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
1241 *
1242 * \note If you use the default implementation functions that read a seedfile
Paul Bakkercf0a9f92016-06-01 11:25:44 +01001243 * with regular fopen(), please make sure you make a seedfile with the
1244 * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
1245 * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
Paul Bakker71a597a2016-06-07 10:59:03 +01001246 * and written to or you will get an entropy source error! The default
1247 * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
1248 * bytes from the file.
1249 *
1250 * \note The entropy collector will write to the seed file before entropy is
1251 * given to an external source, to update it.
Paul Bakkercf0a9f92016-06-01 11:25:44 +01001252 */
1253//#define MBEDTLS_ENTROPY_NV_SEED
1254
Ronald Cron71016a92020-08-28 19:01:50 +02001255/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
Gilles Peskine69d7c8b2019-02-19 14:00:31 +01001256 *
Ronald Cron71016a92020-08-28 19:01:50 +02001257 * Enable key identifiers that encode a key owner identifier.
Gilles Peskine69d7c8b2019-02-19 14:00:31 +01001258 *
Ronald Cron9a2511e2020-09-14 10:02:56 +02001259 * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
1260 * which is currently hard-coded to be int32_t.
Gilles Peskine69d7c8b2019-02-19 14:00:31 +01001261 *
1262 * Note that this option is meant for internal use only and may be removed
Andrzej Kurekcfc920a2022-01-25 06:33:08 -05001263 * without notice.
Gilles Peskine69d7c8b2019-02-19 14:00:31 +01001264 */
Ronald Cron71016a92020-08-28 19:01:50 +02001265//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
Gilles Peskine69d7c8b2019-02-19 14:00:31 +01001266
Paul Bakkercf0a9f92016-06-01 11:25:44 +01001267/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001268 * \def MBEDTLS_MEMORY_DEBUG
Paul Bakker6e339b52013-07-03 13:37:05 +02001269 *
1270 * Enable debugging of buffer allocator memory issues. Automatically prints
1271 * (to stderr) all (fatal) messages on memory allocation issues. Enables
1272 * function for 'debug output' of allocated memory.
1273 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001274 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
Paul Bakker6e339b52013-07-03 13:37:05 +02001275 *
1276 * Uncomment this macro to let the buffer allocator print out error messages.
Paul Bakkera7ea6a52013-10-15 11:55:10 +02001277 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001278//#define MBEDTLS_MEMORY_DEBUG
Paul Bakker6e339b52013-07-03 13:37:05 +02001279
1280/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001281 * \def MBEDTLS_MEMORY_BACKTRACE
Paul Bakker6e339b52013-07-03 13:37:05 +02001282 *
1283 * Include backtrace information with each allocated block.
1284 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001285 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
Tom Cosgrovece7f18c2022-07-28 05:50:56 +01001286 * GLIBC-compatible backtrace() and backtrace_symbols() support
Paul Bakker6e339b52013-07-03 13:37:05 +02001287 *
1288 * Uncomment this macro to include backtrace information
Paul Bakker6e339b52013-07-03 13:37:05 +02001289 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001290//#define MBEDTLS_MEMORY_BACKTRACE
Paul Bakker6e339b52013-07-03 13:37:05 +02001291
1292/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001293 * \def MBEDTLS_PK_RSA_ALT_SUPPORT
Manuel Pégourié-Gonnard348bcb32015-03-31 14:01:33 +02001294 *
1295 * Support external private RSA keys (eg from a HSM) in the PK layer.
1296 *
1297 * Comment this macro to disable support for external private RSA keys.
1298 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001299#define MBEDTLS_PK_RSA_ALT_SUPPORT
Manuel Pégourié-Gonnard348bcb32015-03-31 14:01:33 +02001300
1301/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001302 * \def MBEDTLS_PKCS1_V15
Paul Bakker48377d92013-08-30 12:06:24 +02001303 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001304 * Enable support for PKCS#1 v1.5 encoding.
1305 *
Manuel Pégourié-Gonnard98b91d42022-10-19 10:59:30 +02001306 * Requires: MBEDTLS_RSA_C
Paul Bakker48377d92013-08-30 12:06:24 +02001307 *
Paul Bakker48377d92013-08-30 12:06:24 +02001308 * This enables support for PKCS#1 v1.5 operations.
1309 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001310#define MBEDTLS_PKCS1_V15
Paul Bakker48377d92013-08-30 12:06:24 +02001311
1312/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001313 * \def MBEDTLS_PKCS1_V21
Paul Bakker9dcc3222011-03-08 14:16:06 +00001314 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001315 * Enable support for PKCS#1 v2.1 encoding.
1316 *
Manuel Pégourié-Gonnardfb8d90a2023-03-16 10:47:59 +01001317 * Requires: MBEDTLS_RSA_C
Manuel Pégourié-Gonnard077ba842022-07-27 10:42:31 +02001318 *
Manuel Pégourié-Gonnardfb8d90a2023-03-16 10:47:59 +01001319 * \warning If using a hash that is only provided by PSA drivers, you must
1320 * call psa_crypto_init() before doing any PKCS#1 v2.1 operation.
Manuel Pégourié-Gonnard18a38562022-11-22 11:49:55 +01001321 *
Paul Bakker9dcc3222011-03-08 14:16:06 +00001322 * This enables support for RSAES-OAEP and RSASSA-PSS operations.
1323 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001324#define MBEDTLS_PKCS1_V21
Paul Bakker9dcc3222011-03-08 14:16:06 +00001325
Steven Cooreman6801f082021-02-19 17:21:22 +01001326/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
1327 *
1328 * Enable support for platform built-in keys. If you enable this feature,
1329 * you must implement the function mbedtls_psa_platform_get_builtin_key().
1330 * See the documentation of that function for more information.
1331 *
1332 * Built-in keys are typically derived from a hardware unique key or
1333 * stored in a secure element.
1334 *
1335 * Requires: MBEDTLS_PSA_CRYPTO_C.
1336 *
1337 * \warning This interface is experimental and may change or be removed
1338 * without notice.
1339 */
1340//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
1341
Ronald Cron3768ac12021-01-26 16:58:00 +01001342/** \def MBEDTLS_PSA_CRYPTO_CLIENT
1343 *
1344 * Enable support for PSA crypto client.
1345 *
1346 * \note This option allows to include the code necessary for a PSA
1347 * crypto client when the PSA crypto implementation is not included in
1348 * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
1349 * code to set and get PSA key attributes.
1350 * The development of PSA drivers partially relying on the library to
1351 * fulfill the hardware gaps is another possible usage of this option.
1352 *
1353 * \warning This interface is experimental and may change or be removed
1354 * without notice.
1355 */
1356//#define MBEDTLS_PSA_CRYPTO_CLIENT
1357
Gilles Peskinef08b3f82020-11-13 17:36:48 +01001358/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
1359 *
1360 * Make the PSA Crypto module use an external random generator provided
1361 * by a driver, instead of Mbed TLS's entropy and DRBG modules.
1362 *
Gilles Peskineb663a602020-11-18 15:27:37 +01001363 * \note This random generator must deliver random numbers with cryptographic
1364 * quality and high performance. It must supply unpredictable numbers
1365 * with a uniform distribution. The implementation of this function
1366 * is responsible for ensuring that the random generator is seeded
1367 * with sufficient entropy. If you have a hardware TRNG which is slow
1368 * or delivers non-uniform output, declare it as an entropy source
1369 * with mbedtls_entropy_add_source() instead of enabling this option.
1370 *
Gilles Peskineb0a748e2020-11-30 12:01:54 +01001371 * If you enable this option, you must configure the type
Gilles Peskineb8af2282020-11-13 18:00:34 +01001372 * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
1373 * and define a function called mbedtls_psa_external_get_random()
1374 * with the following prototype:
Gilles Peskinef08b3f82020-11-13 17:36:48 +01001375 * ```
1376 * psa_status_t mbedtls_psa_external_get_random(
1377 * mbedtls_psa_external_random_context_t *context,
1378 * uint8_t *output, size_t output_size, size_t *output_length);
1379 * );
1380 * ```
1381 * The \c context value is initialized to 0 before the first call.
Andrzej Kurek3bedb5b2022-02-17 14:39:00 -05001382 * The function must fill the \c output buffer with \c output_size bytes
1383 * of random data and set \c *output_length to \c output_size.
Gilles Peskinef08b3f82020-11-13 17:36:48 +01001384 *
1385 * Requires: MBEDTLS_PSA_CRYPTO_C
1386 *
1387 * \warning If you enable this option, code that uses the PSA cryptography
1388 * interface will not use any of the entropy sources set up for
1389 * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED
1390 * enables.
1391 *
1392 * \note This option is experimental and may be removed without notice.
1393 */
1394//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
1395
Paul Bakker9dcc3222011-03-08 14:16:06 +00001396/**
Andrzej Kurekc6905232019-02-05 05:23:41 -05001397 * \def MBEDTLS_PSA_CRYPTO_SPM
1398 *
1399 * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
1400 * Partition Manager) integration which separates the code into two parts: a
1401 * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
1402 * Environment).
1403 *
Gilles Peskine7a6836b2023-09-27 15:48:47 +02001404 * If you enable this option, your build environment must include a header
1405 * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS
1406 * header files, or in another directory on the compiler's include search
1407 * path). Alternatively, your platform may customize the header
1408 * `psa/crypto_platform.h`, in which case it can skip or replace the
1409 * inclusion of `"crypto_spe.h"`.
1410 *
Andrzej Kurekc6905232019-02-05 05:23:41 -05001411 * Module: library/psa_crypto.c
1412 * Requires: MBEDTLS_PSA_CRYPTO_C
1413 *
1414 */
1415//#define MBEDTLS_PSA_CRYPTO_SPM
1416
1417/**
Gilles Peskine08b66cd2023-09-20 20:51:47 +02001418 * Uncomment to enable p256-m. This is an alternative implementation of
1419 * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
1420 * Compared to the default implementation:
1421 *
1422 * - p256-m has a much smaller code size and RAM footprint.
1423 * - p256-m is only available via the PSA API. This includes the pk module
1424 * when #MBEDTLS_USE_PSA_CRYPTO is enabled.
1425 * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
1426 * over the core arithmetic, or deterministic derivation of keys.
1427 *
1428 * We recommend enabling this option if your application uses the PSA API
1429 * and the only elliptic curve support it needs is ECDH and ECDSA over
1430 * SECP256R1.
1431 *
1432 * If you enable this option, you do not need to enable any ECC-related
1433 * MBEDTLS_xxx option. You do need to separately request support for the
1434 * cryptographic mechanisms through the PSA API:
1435 * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
1436 * configuration;
1437 * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS;
1438 * - #PSA_WANT_ECC_SECP_R1_256;
1439 * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
1440 * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
1441 * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
1442 * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
1443 * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
Gilles Peskine67cf66b2023-09-20 23:19:46 +02001444 *
Manuel Pégourié-Gonnard140c08e2023-09-28 11:02:37 +02001445 * \note To benefit from the smaller code size of p256-m, make sure that you
1446 * do not enable any ECC-related option not supported by p256-m: this
1447 * would cause the built-in ECC implementation to be built as well, in
1448 * order to provide the required option.
1449 * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
Manuel Pégourié-Gonnarddfa42b32023-09-22 12:33:58 +02001450 * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
1451 * SECP256R1 are disabled as they are not supported by this driver.
1452 * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
1453 * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
Manuel Pégourié-Gonnard140c08e2023-09-28 11:02:37 +02001454 * the built-in ECC implementation, see docs/driver-only-builds.md.
Gilles Peskine08b66cd2023-09-20 20:51:47 +02001455 */
1456//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
1457
1458/**
Jaeden Amero57f4d9e2019-03-15 16:14:19 +00001459 * \def MBEDTLS_PSA_INJECT_ENTROPY
Andrzej Kurekc6905232019-02-05 05:23:41 -05001460 *
Jaeden Amero57f4d9e2019-03-15 16:14:19 +00001461 * Enable support for entropy injection at first boot. This feature is
1462 * required on systems that do not have a built-in entropy source (TRNG).
1463 * This feature is currently not supported on systems that have a built-in
1464 * entropy source.
Andrzej Kurekc6905232019-02-05 05:23:41 -05001465 *
Jaeden Amero57f4d9e2019-03-15 16:14:19 +00001466 * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
Andrzej Kurekc6905232019-02-05 05:23:41 -05001467 *
1468 */
Jaeden Amero57f4d9e2019-03-15 16:14:19 +00001469//#define MBEDTLS_PSA_INJECT_ENTROPY
Andrzej Kurekc6905232019-02-05 05:23:41 -05001470
1471/**
David Horstmann4a48bec2024-03-13 15:42:31 +00001472 * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
David Horstmann513101b2023-11-29 17:24:08 +00001473 *
David Horstmann4a48bec2024-03-13 15:42:31 +00001474 * Assume all buffers passed to PSA functions are owned exclusively by the
1475 * PSA function and are not stored in shared memory.
David Horstmann513101b2023-11-29 17:24:08 +00001476 *
David Horstmann4a48bec2024-03-13 15:42:31 +00001477 * This option may be enabled if all buffers passed to any PSA function reside
1478 * in memory that is accessible only to the PSA function during its execution.
1479 *
1480 * This option MUST be disabled whenever buffer arguments are in memory shared
1481 * with an untrusted party, for example where arguments to PSA calls are passed
David Horstmann513101b2023-11-29 17:24:08 +00001482 * across a trust boundary.
1483 *
David Horstmann4a48bec2024-03-13 15:42:31 +00001484 * \note Enabling this option reduces memory usage and code size.
David Horstmann0d405d82023-12-14 16:14:41 +00001485 *
David Horstmann4a48bec2024-03-13 15:42:31 +00001486 * \note Enabling this option causes overlap of input and output buffers
David Horstmannc09f36d2023-12-20 10:57:43 +00001487 * not to be supported by PSA functions.
David Horstmann513101b2023-11-29 17:24:08 +00001488 */
David Horstmann4a48bec2024-03-13 15:42:31 +00001489//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
David Horstmann513101b2023-11-29 17:24:08 +00001490
1491/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001492 * \def MBEDTLS_RSA_NO_CRT
Paul Bakker0216cc12011-03-26 13:40:23 +00001493 *
Hanno Becker88ec2382017-05-03 13:51:16 +01001494 * Do not use the Chinese Remainder Theorem
1495 * for the RSA private operation.
Paul Bakker0216cc12011-03-26 13:40:23 +00001496 *
1497 * Uncomment this macro to disable the use of CRT in RSA.
1498 *
Paul Bakker0216cc12011-03-26 13:40:23 +00001499 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001500//#define MBEDTLS_RSA_NO_CRT
Paul Bakker15566e42011-04-24 21:19:15 +00001501
1502/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001503 * \def MBEDTLS_SELF_TEST
Paul Bakker15566e42011-04-24 21:19:15 +00001504 *
1505 * Enable the checkup functions (*_self_test).
1506 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001507#define MBEDTLS_SELF_TEST
Paul Bakker5c721f92011-07-27 16:51:09 +00001508
1509/**
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +02001510 * \def MBEDTLS_SHA256_SMALLER
1511 *
1512 * Enable an implementation of SHA-256 that has lower ROM footprint but also
1513 * lower performance.
1514 *
Adam Wolf039080f2019-09-10 09:53:08 -05001515 * The default implementation is meant to be a reasonable compromise between
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +02001516 * performance and size. This version optimizes more aggressively for size at
1517 * the expense of performance. Eg on Cortex-M4 it reduces the size of
1518 * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
1519 * 30%.
1520 *
1521 * Uncomment to enable the smaller implementation of SHA256.
1522 */
1523//#define MBEDTLS_SHA256_SMALLER
1524
1525/**
Manuel Pégourié-Gonnard2306d152019-07-17 12:36:53 +02001526 * \def MBEDTLS_SHA512_SMALLER
1527 *
1528 * Enable an implementation of SHA-512 that has lower ROM footprint but also
1529 * lower performance.
1530 *
1531 * Uncomment to enable the smaller implementation of SHA512.
1532 */
1533//#define MBEDTLS_SHA512_SMALLER
1534
1535/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001536 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
Paul Bakker40865c82013-01-31 17:13:13 +01001537 *
1538 * Enable sending of alert messages in case of encountered errors as per RFC.
Gilles Peskinee820c0a2023-08-03 17:45:20 +02001539 * If you choose not to send the alert messages, Mbed TLS can still communicate
Paul Bakker40865c82013-01-31 17:13:13 +01001540 * with other servers, only debugging of failures is harder.
1541 *
1542 * The advantage of not sending alert messages, is that no information is given
1543 * about reasons for failures thus preventing adversaries of gaining intel.
1544 *
1545 * Enable sending of all alert messages
1546 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001547#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
Paul Bakker40865c82013-01-31 17:13:13 +01001548
1549/**
Gilles Peskined3d02902020-03-04 21:35:27 +01001550 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
1551 *
Hannes Tschofenige2c46e02022-11-23 10:44:11 +01001552 * Enable support for the DTLS Connection ID (CID) extension,
Gilles Peskined3d02902020-03-04 21:35:27 +01001553 * which allows to identify DTLS connections across changes
Hannes Tschofenige2c46e02022-11-23 10:44:11 +01001554 * in the underlying transport. The CID functionality is described
1555 * in RFC 9146.
Gilles Peskined3d02902020-03-04 21:35:27 +01001556 *
1557 * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
Paul Elliott0113cf12022-03-11 20:26:47 +00001558 * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
1559 * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
1560 * more information.
Gilles Peskined3d02902020-03-04 21:35:27 +01001561 *
Gilles Peskined3d02902020-03-04 21:35:27 +01001562 * The maximum lengths of outgoing and incoming CIDs can be configured
1563 * through the options
1564 * - MBEDTLS_SSL_CID_OUT_LEN_MAX
1565 * - MBEDTLS_SSL_CID_IN_LEN_MAX.
1566 *
1567 * Requires: MBEDTLS_SSL_PROTO_DTLS
1568 *
1569 * Uncomment to enable the Connection ID extension.
1570 */
Hannes Tschofenigfd6cca42021-10-12 09:22:33 +02001571#define MBEDTLS_SSL_DTLS_CONNECTION_ID
1572
1573
1574/**
1575 * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
1576 *
1577 * Defines whether RFC 9146 (default) or the legacy version
1578 * (version draft-ietf-tls-dtls-connection-id-05,
1579 * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
1580 * is used.
1581 *
1582 * Set the value to 0 for the standard version, and
1583 * 1 for the legacy draft version.
1584 *
Hannes Tschofenige2c46e02022-11-23 10:44:11 +01001585 * \deprecated Support for the legacy version of the DTLS
1586 * Connection ID feature is deprecated. Please
1587 * switch to the standardized version defined
1588 * in RFC 9146 enabled by utilizing
1589 * MBEDTLS_SSL_DTLS_CONNECTION_ID without use
1590 * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
1591 *
Hannes Tschofenigfd6cca42021-10-12 09:22:33 +02001592 * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
1593 */
1594#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
Gilles Peskined3d02902020-03-04 21:35:27 +01001595
1596/**
Gilles Peskineb74a1c72018-04-24 13:09:22 +02001597 * \def MBEDTLS_SSL_ASYNC_PRIVATE
1598 *
1599 * Enable asynchronous external private key operations in SSL. This allows
1600 * you to configure an SSL connection to call an external cryptographic
1601 * module to perform private key operations instead of performing the
1602 * operation inside the library.
1603 *
Valerio Setti8841d6b2023-01-05 08:40:24 +01001604 * Requires: MBEDTLS_X509_CRT_PARSE_C
Gilles Peskineb74a1c72018-04-24 13:09:22 +02001605 */
Jaeden Amerod9c71da2018-06-15 20:31:26 +01001606//#define MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskineb74a1c72018-04-24 13:09:22 +02001607
1608/**
Gilles Peskined3d02902020-03-04 21:35:27 +01001609 * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
1610 *
1611 * Enable serialization of the TLS context structures, through use of the
1612 * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
1613 *
1614 * This pair of functions allows one side of a connection to serialize the
1615 * context associated with the connection, then free or re-use that context
1616 * while the serialized state is persisted elsewhere, and finally deserialize
1617 * that state to a live context for resuming read/write operations on the
1618 * connection. From a protocol perspective, the state of the connection is
1619 * unaffected, in particular this is entirely transparent to the peer.
1620 *
1621 * Note: this is distinct from TLS session resumption, which is part of the
1622 * protocol and fully visible by the peer. TLS session resumption enables
1623 * establishing new connections associated to a saved session with shorter,
1624 * lighter handshakes, while context serialization is a local optimization in
1625 * handling a single, potentially long-lived connection.
1626 *
1627 * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
1628 * saved after the handshake to allow for more efficient serialization, so if
1629 * you don't need this feature you'll save RAM by disabling it.
1630 *
Przemek Stekiel460192e2022-10-03 08:55:29 +02001631 * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
1632 *
Gilles Peskined3d02902020-03-04 21:35:27 +01001633 * Comment to disable the context serialization APIs.
1634 */
1635#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
1636
1637/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001638 * \def MBEDTLS_SSL_DEBUG_ALL
Paul Bakkerd66f0702013-01-31 16:57:45 +01001639 *
1640 * Enable the debug messages in SSL module for all issues.
1641 * Debug messages have been disabled in some places to prevent timing
1642 * attacks due to (unbalanced) debugging function calls.
1643 *
1644 * If you need all error reporting you should enable this during debugging,
1645 * but remove this for production servers that should log as well.
1646 *
1647 * Uncomment this macro to report all debug messages on errors introducing
1648 * a timing side-channel.
1649 *
Paul Bakkerd66f0702013-01-31 16:57:45 +01001650 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001651//#define MBEDTLS_SSL_DEBUG_ALL
Paul Bakkerd66f0702013-01-31 16:57:45 +01001652
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001653/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01001654 *
1655 * Enable support for Encrypt-then-MAC, RFC 7366.
1656 *
1657 * This allows peers that both support it to use a more robust protection for
1658 * ciphersuites using CBC, providing deep resistance against timing attacks
1659 * on the padding or underlying cipher.
1660 *
1661 * This only affects CBC ciphersuites, and is useless if none is defined.
1662 *
TRodziewicz0f82ec62021-05-12 17:49:18 +02001663 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01001664 *
1665 * Comment this macro to disable support for Encrypt-then-MAC
1666 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001667#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01001668
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001669/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001670 *
Manuel Pégourié-Gonnardbca8aa02020-03-24 12:11:49 +01001671 * Enable support for RFC 7627: Session Hash and Extended Master Secret
1672 * Extension.
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001673 *
Shaun Case8b0ecbc2021-12-20 21:14:10 -08001674 * This was introduced as "the proper fix" to the Triple Handshake family of
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001675 * attacks, but it is recommended to always use it (even if you disable
1676 * renegotiation), since it actually fixes a more fundamental issue in the
1677 * original SSL/TLS design, and has implications beyond Triple Handshake.
1678 *
TRodziewicz0f82ec62021-05-12 17:49:18 +02001679 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard769c6b62014-10-28 14:13:55 +01001680 *
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001681 * Comment this macro to disable support for Extended Master Secret.
1682 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001683#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001684
Paul Bakkerd66f0702013-01-31 16:57:45 +01001685/**
Hanno Beckerbb278f52019-02-05 17:04:00 +00001686 * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1687 *
Hanno Beckerfd7f2982019-02-25 10:13:33 +00001688 * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
Hanno Beckerbb278f52019-02-05 17:04:00 +00001689 * giving access to the peer's certificate after completion of the handshake.
1690 *
1691 * Unless you need mbedtls_ssl_peer_cert() in your application, it is
1692 * recommended to disable this option for reduced RAM usage.
1693 *
1694 * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
1695 * defined, but always returns \c NULL.
1696 *
1697 * \note This option has no influence on the protection against the
1698 * triple handshake attack. Even if it is disabled, Mbed TLS will
1699 * still ensure that certificates do not change during renegotiation,
Shaun Case8b0ecbc2021-12-20 21:14:10 -08001700 * for example by keeping a hash of the peer's certificate.
Hanno Beckerbb278f52019-02-05 17:04:00 +00001701 *
Tom Cosgroveafb2fe12022-06-29 16:36:12 +01001702 * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
Hanno Beckerbb278f52019-02-05 17:04:00 +00001703 *
1704 * Comment this macro to disable storing the peer's certificate
1705 * after the handshake.
1706 */
1707#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1708
1709/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001710 * \def MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001711 *
Hanno Becker0eb8fb82018-10-26 09:53:16 +01001712 * Enable support for TLS renegotiation.
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001713 *
1714 * The two main uses of renegotiation are (1) refresh keys on long-lived
1715 * connections and (2) client authentication after the initial handshake.
1716 * If you don't need renegotiation, it's probably better to disable it, since
1717 * it has been associated with security issues in the past and is easy to
1718 * misuse/misunderstand.
Manuel Pégourié-Gonnard03717042014-11-04 19:52:10 +01001719 *
jnmeurisse83f0a652023-09-16 18:12:18 +02001720 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
1721 *
Manuel Pégourié-Gonnard55f968b2015-03-09 16:23:15 +00001722 * Comment this to disable support for renegotiation.
Hanno Becker6851b102017-10-12 14:57:48 +01001723 *
1724 * \note Even if this option is disabled, both client and server are aware
1725 * of the Renegotiation Indication Extension (RFC 5746) used to
1726 * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
1727 * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
1728 * configuration of this extension).
1729 *
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001730 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001731#define MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001732
1733/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001734 * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakker05decb22013-08-15 13:33:48 +02001735 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001736 * Enable support for RFC 6066 max_fragment_length extension in SSL.
Paul Bakker05decb22013-08-15 13:33:48 +02001737 *
1738 * Comment this macro to disable support for the max_fragment_length extension
1739 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001740#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Paul Bakker05decb22013-08-15 13:33:48 +02001741
1742/**
Jan Bruckner151f6422023-02-10 12:45:19 +01001743 * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
1744 *
Jan Brucknera0589e72023-03-15 11:04:45 +01001745 * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
Jan Bruckner151f6422023-02-10 12:45:19 +01001746 *
Jan Bruckner151f6422023-02-10 12:45:19 +01001747 * Requires: MBEDTLS_SSL_PROTO_TLS1_3
1748 *
1749 * Uncomment this macro to enable support for the record_size_limit extension
1750 */
1751//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
1752
1753/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001754 * \def MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001755 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001756 * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001757 *
Manuel Pégourié-Gonnard72687b72022-09-15 12:23:58 +02001758 * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
Manuel Pégourié-Gonnarda22857b2023-03-23 13:20:44 +01001759 * (MBEDTLS_SHA256_C or MBEDTLS_SHA384_C or
1760 * SHA-256 or SHA-512 provided by a PSA driver)
Manuel Pégourié-Gonnard72687b72022-09-15 12:23:58 +02001761 * With MBEDTLS_USE_PSA_CRYPTO:
Manuel Pégourié-Gonnarda22857b2023-03-23 13:20:44 +01001762 * PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384
Andrzej Kureke02da812022-08-17 17:04:49 -04001763 *
Manuel Pégourié-Gonnarda22857b2023-03-23 13:20:44 +01001764 * \warning If building with MBEDTLS_USE_PSA_CRYPTO, or if the hash(es) used
1765 * are only provided by PSA drivers, you must call psa_crypto_init() before
1766 * doing any TLS operations.
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001767 *
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001768 * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001769 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001770#define MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001771
1772/**
Ronald Cron6f135e12021-12-08 16:57:54 +01001773 * \def MBEDTLS_SSL_PROTO_TLS1_3
Hanno Becker9fc15ea2020-05-04 12:00:47 +01001774 *
Ronald Cron6f135e12021-12-08 16:57:54 +01001775 * Enable support for TLS 1.3.
Hanno Becker9fc15ea2020-05-04 12:00:47 +01001776 *
Gilles Peskineda69eaa2023-09-05 20:54:17 +02001777 * \note See docs/architecture/tls13-support.md for a description of the TLS
Ronald Cron6f135e12021-12-08 16:57:54 +01001778 * 1.3 support that this option enables.
Hanno Becker9fc15ea2020-05-04 12:00:47 +01001779 *
Tom Cosgroveafb2fe12022-06-29 16:36:12 +01001780 * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
Manuel Pégourié-Gonnard3e830982022-05-11 13:27:44 +02001781 * Requires: MBEDTLS_PSA_CRYPTO_C
Ronald Cron6f135e12021-12-08 16:57:54 +01001782 *
Gilles Peskine8c2830a2022-08-04 23:37:51 +02001783 * \note TLS 1.3 uses PSA crypto for cryptographic operations that are
1784 * directly performed by TLS 1.3 code. As a consequence, you must
1785 * call psa_crypto_init() before the first TLS 1.3 handshake.
1786 *
1787 * \note Cryptographic operations performed indirectly via another module
1788 * (X.509, PK) or by code shared with TLS 1.2 (record protection,
1789 * running handshake hash) only use PSA crypto if
1790 * #MBEDTLS_USE_PSA_CRYPTO is enabled.
Tom Cosgroveafb2fe12022-06-29 16:36:12 +01001791 *
Hanno Becker9fc15ea2020-05-04 12:00:47 +01001792 * Uncomment this macro to enable the support for TLS 1.3.
Hanno Becker9fc15ea2020-05-04 12:00:47 +01001793 */
Ronald Cron27eb68d2024-03-15 16:13:37 +01001794#define MBEDTLS_SSL_PROTO_TLS1_3
Hanno Becker9fc15ea2020-05-04 12:00:47 +01001795
1796/**
Ronald Cronab65c522021-11-24 10:47:20 +01001797 * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1798 *
1799 * Enable TLS 1.3 middlebox compatibility mode.
1800 *
1801 * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
1802 * mode to make a TLS 1.3 connection more likely to pass through middle boxes
1803 * expecting TLS 1.2 traffic.
1804 *
1805 * Turning on the compatibility mode comes at the cost of a few added bytes
1806 * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
1807 * that don't use it. Therefore, unless transmission bandwidth is critical and
1808 * you know that middlebox compatibility issues won't occur, it is therefore
1809 * recommended to set this option.
1810 *
1811 * Comment to disable compatibility mode for TLS 1.3. If
Ronald Cron6f135e12021-12-08 16:57:54 +01001812 * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
1813 * effect on the build.
Ronald Cronab65c522021-11-24 10:47:20 +01001814 *
1815 */
Ronald Cron27eb68d2024-03-15 16:13:37 +01001816#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cronab65c522021-11-24 10:47:20 +01001817
1818/**
Ronald Crond8d2ea52022-10-04 15:48:06 +02001819 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1820 *
1821 * Enable TLS 1.3 PSK key exchange mode.
1822 *
1823 * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
1824 * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
1825 * effect on the build.
1826 *
1827 */
1828#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1829
1830/**
1831 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1832 *
1833 * Enable TLS 1.3 ephemeral key exchange mode.
1834 *
Przemek Stekielce05f542023-06-15 16:44:08 +02001835 * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
Manuel Pégourié-Gonnard4fa702a2023-03-29 12:15:24 +02001836 * MBEDTLS_X509_CRT_PARSE_C
1837 * and at least one of:
1838 * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
1839 * MBEDTLS_PKCS1_V21
Ronald Crond8d2ea52022-10-04 15:48:06 +02001840 *
1841 * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
1842 * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
1843 * effect on the build.
1844 *
1845 */
1846#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1847
1848/**
1849 * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1850 *
1851 * Enable TLS 1.3 PSK ephemeral key exchange mode.
1852 *
Przemek Stekielce05f542023-06-15 16:44:08 +02001853 * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
Ronald Crond8d2ea52022-10-04 15:48:06 +02001854 *
1855 * Comment to disable support for the PSK ephemeral key exchange mode in
1856 * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
1857 * have any effect on the build.
1858 *
1859 */
1860#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1861
1862/**
Gilles Peskine449bd832023-01-11 14:50:10 +01001863 * \def MBEDTLS_SSL_EARLY_DATA
1864 *
1865 * Enable support for RFC 8446 TLS 1.3 early data.
1866 *
1867 * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
1868 * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
1869 * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1870 *
1871 * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
1872 * is not enabled, this option does not have any effect on the build.
1873 *
Tom Cosgrovea63775b2023-09-14 13:31:19 +01001874 * \note The maximum amount of early data can be set with
1875 * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
1876 *
Gilles Peskine449bd832023-01-11 14:50:10 +01001877 */
Ronald Cronc2e110f2022-11-22 09:01:46 +01001878//#define MBEDTLS_SSL_EARLY_DATA
Xiaokang Qian54413b12022-10-20 05:57:03 +00001879
1880/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001881 * \def MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001882 *
1883 * Enable support for DTLS (all available versions).
1884 *
TRodziewicz0f82ec62021-05-12 17:49:18 +02001885 * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001886 *
TRodziewicz0f82ec62021-05-12 17:49:18 +02001887 * Requires: MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001888 *
1889 * Comment this macro to disable support for DTLS
1890 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001891#define MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +01001892
1893/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001894 * \def MBEDTLS_SSL_ALPN
Manuel Pégourié-Gonnard7e250d42014-04-04 16:08:41 +02001895 *
Manuel Pégourié-Gonnard6b298e62014-11-20 18:28:50 +01001896 * Enable support for RFC 7301 Application Layer Protocol Negotiation.
Manuel Pégourié-Gonnard7e250d42014-04-04 16:08:41 +02001897 *
Paul Bakker27e36d32014-04-08 12:33:37 +02001898 * Comment this macro to disable support for ALPN.
Manuel Pégourié-Gonnard7e250d42014-04-04 16:08:41 +02001899 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001900#define MBEDTLS_SSL_ALPN
Manuel Pégourié-Gonnard7e250d42014-04-04 16:08:41 +02001901
1902/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001903 * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +02001904 *
1905 * Enable support for the anti-replay mechanism in DTLS.
1906 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001907 * Requires: MBEDTLS_SSL_TLS_C
1908 * MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +02001909 *
Manuel Pégourié-Gonnarda6fcffe2014-10-13 18:15:52 +02001910 * \warning Disabling this is often a security risk!
Manuel Pégourié-Gonnard6729e792015-05-11 09:50:24 +02001911 * See mbedtls_ssl_conf_dtls_anti_replay() for details.
Manuel Pégourié-Gonnarda6fcffe2014-10-13 18:15:52 +02001912 *
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +02001913 * Comment this to disable anti-replay in DTLS.
1914 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001915#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +02001916
1917/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001918 * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
Manuel Pégourié-Gonnard82202f02014-07-23 00:28:58 +02001919 *
1920 * Enable support for HelloVerifyRequest on DTLS servers.
1921 *
1922 * This feature is highly recommended to prevent DTLS servers being used as
1923 * amplifiers in DoS attacks against other hosts. It should always be enabled
1924 * unless you know for sure amplification cannot be a problem in the
1925 * environment in which your server operates.
1926 *
Andrzej Kurek5c65c572022-04-13 14:28:52 -04001927 * \warning Disabling this can be a security risk! (see above)
Manuel Pégourié-Gonnarda6fcffe2014-10-13 18:15:52 +02001928 *
Manuel Pégourié-Gonnarde057d3b2015-05-20 10:59:43 +02001929 * Requires: MBEDTLS_SSL_PROTO_DTLS
Manuel Pégourié-Gonnard82202f02014-07-23 00:28:58 +02001930 *
1931 * Comment this to disable support for HelloVerifyRequest.
1932 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001933#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
Manuel Pégourié-Gonnard82202f02014-07-23 00:28:58 +02001934
1935/**
Johan Pascalb62bb512015-12-03 21:56:45 +01001936 * \def MBEDTLS_SSL_DTLS_SRTP
1937 *
Tobias Nießen1e8ca122021-05-10 19:53:15 +02001938 * Enable support for negotiation of DTLS-SRTP (RFC 5764)
Johan Pascal842d6712020-09-23 13:34:40 +02001939 * through the use_srtp extension.
1940 *
1941 * \note This feature provides the minimum functionality required
1942 * to negotiate the use of DTLS-SRTP and to allow the derivation of
1943 * the associated SRTP packet protection key material.
1944 * In particular, the SRTP packet protection itself, as well as the
1945 * demultiplexing of RTP and DTLS packets at the datagram layer
1946 * (see Section 5 of RFC 5764), are not handled by this feature.
1947 * Instead, after successful completion of a handshake negotiating
1948 * the use of DTLS-SRTP, the extended key exporter API
Hanno Becker2d6e6f82021-05-24 10:58:31 +01001949 * mbedtls_ssl_conf_export_keys_cb() should be used to implement
Johan Pascal842d6712020-09-23 13:34:40 +02001950 * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
1951 * (this is implemented in the SSL example programs).
1952 * The resulting key should then be passed to an SRTP stack.
1953 *
1954 * Setting this option enables the runtime API
1955 * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
1956 * through which the supported DTLS-SRTP protection
1957 * profiles can be configured. You must call this API at
1958 * runtime if you wish to negotiate the use of DTLS-SRTP.
Johan Pascalb62bb512015-12-03 21:56:45 +01001959 *
1960 * Requires: MBEDTLS_SSL_PROTO_DTLS
1961 *
Ron Eldor9cfb5eb2018-12-10 15:30:14 +02001962 * Uncomment this to enable support for use_srtp extension.
Johan Pascalb62bb512015-12-03 21:56:45 +01001963 */
Ron Eldor9cfb5eb2018-12-10 15:30:14 +02001964//#define MBEDTLS_SSL_DTLS_SRTP
Johan Pascalb62bb512015-12-03 21:56:45 +01001965
1966/**
Manuel Pégourié-Gonnard26d227d2015-09-04 10:53:25 +02001967 * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1968 *
1969 * Enable server-side support for clients that reconnect from the same port.
1970 *
1971 * Some clients unexpectedly close the connection and try to reconnect using the
1972 * same source port. This needs special support from the server to handle the
Simon Butcher4f6882a2015-09-11 17:12:46 +01001973 * new connection securely, as described in section 4.2.8 of RFC 6347. This
Manuel Pégourié-Gonnard26d227d2015-09-04 10:53:25 +02001974 * flag enables that support.
1975 *
Manuel Pégourié-Gonnard62c74bb2015-09-08 17:50:29 +02001976 * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
Manuel Pégourié-Gonnard62c74bb2015-09-08 17:50:29 +02001977 *
Manuel Pégourié-Gonnard26d227d2015-09-04 10:53:25 +02001978 * Comment this to disable support for clients reusing the source port.
1979 */
1980#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1981
1982/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001983 * \def MBEDTLS_SSL_SESSION_TICKETS
Paul Bakkera503a632013-08-14 13:48:06 +02001984 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001985 * Enable support for RFC 5077 session tickets in SSL.
Antonin Décimo36e89b52019-01-23 15:24:37 +01001986 * Client-side, provides full support for session tickets (maintenance of a
Manuel Pégourié-Gonnard0c0f11f2015-05-20 09:55:50 +02001987 * session store remains the responsibility of the application, though).
1988 * Server-side, you also need to provide callbacks for writing and parsing
1989 * tickets, including authenticated encryption and key management. Example
1990 * callbacks are provided by MBEDTLS_SSL_TICKET_C.
Paul Bakkera503a632013-08-14 13:48:06 +02001991 *
1992 * Comment this macro to disable support for SSL session tickets
1993 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001994#define MBEDTLS_SSL_SESSION_TICKETS
Paul Bakkera503a632013-08-14 13:48:06 +02001995
1996/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02001997 * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
Paul Bakker0be444a2013-08-27 21:55:01 +02001998 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02001999 * Enable support for RFC 6066 server name indication (SNI) in SSL.
Paul Bakker0be444a2013-08-27 21:55:01 +02002000 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002001 * Requires: MBEDTLS_X509_CRT_PARSE_C
Manuel Pégourié-Gonnardbbbb3cf2015-01-28 16:44:37 +00002002 *
Paul Bakker0be444a2013-08-27 21:55:01 +02002003 * Comment this macro to disable support for server name indication in SSL
2004 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002005#define MBEDTLS_SSL_SERVER_NAME_INDICATION
Paul Bakker0be444a2013-08-27 21:55:01 +02002006
2007/**
Gilles Peskinef03bd812020-03-23 18:13:58 +01002008 * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
2009 *
Andrzej Kurek2a54a6f2021-01-07 08:13:49 -05002010 * When this option is enabled, the SSL buffer will be resized automatically
2011 * based on the negotiated maximum fragment length in each direction.
Andrzej Kurek557289b2020-10-21 15:12:39 +02002012 *
2013 * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Gilles Peskinef03bd812020-03-23 18:13:58 +01002014 */
2015//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
2016
2017/**
Manuel Pégourié-Gonnard6240def2020-07-10 09:35:54 +02002018 * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
2019 *
2020 * Enable testing of the constant-flow nature of some sensitive functions with
2021 * clang's MemorySanitizer. This causes some existing tests to also test
Manuel Pégourié-Gonnarddd00bfc2020-08-24 12:58:36 +02002022 * this non-functional property of the code under test.
Manuel Pégourié-Gonnard6240def2020-07-10 09:35:54 +02002023 *
Manuel Pégourié-Gonnarddd00bfc2020-08-24 12:58:36 +02002024 * This setting requires compiling with clang -fsanitize=memory. The test
2025 * suites can then be run normally.
Manuel Pégourié-Gonnard6240def2020-07-10 09:35:54 +02002026 *
Manuel Pégourié-Gonnard8ff863b2020-07-31 12:59:34 +02002027 * \warning This macro is only used for extended testing; it is not considered
2028 * part of the library's API, so it may change or disappear at any time.
2029 *
Manuel Pégourié-Gonnard390fb4f2020-07-24 11:08:40 +02002030 * Uncomment to enable testing of the constant-flow nature of selected code.
Manuel Pégourié-Gonnard6240def2020-07-10 09:35:54 +02002031 */
2032//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
2033
2034/**
Manuel Pégourié-Gonnard73afa372020-08-19 10:27:38 +02002035 * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
2036 *
2037 * Enable testing of the constant-flow nature of some sensitive functions with
2038 * valgrind's memcheck tool. This causes some existing tests to also test
Manuel Pégourié-Gonnarddd00bfc2020-08-24 12:58:36 +02002039 * this non-functional property of the code under test.
Manuel Pégourié-Gonnard73afa372020-08-19 10:27:38 +02002040 *
2041 * This setting requires valgrind headers for building, and is only useful for
Manuel Pégourié-Gonnarddd00bfc2020-08-24 12:58:36 +02002042 * testing if the tests suites are run with valgrind's memcheck. This can be
2043 * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
2044 * using CMake, this can be done for all test suites with 'make memcheck'.
Manuel Pégourié-Gonnard73afa372020-08-19 10:27:38 +02002045 *
2046 * \warning This macro is only used for extended testing; it is not considered
2047 * part of the library's API, so it may change or disappear at any time.
2048 *
2049 * Uncomment to enable testing of the constant-flow nature of selected code.
2050 */
2051//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
2052
2053/**
Gilles Peskinefea6eaf2019-09-11 13:27:48 +02002054 * \def MBEDTLS_TEST_HOOKS
2055 *
2056 * Enable features for invasive testing such as introspection functions and
2057 * hooks for fault injection. This enables additional unit tests.
2058 *
2059 * Merely enabling this feature should not change the behavior of the product.
2060 * It only adds new code, and new branching points where the default behavior
2061 * is the same as when this feature is disabled.
2062 * However, this feature increases the attack surface: there is an added
2063 * risk of vulnerabilities, and more gadgets that can make exploits easier.
2064 * Therefore this feature must never be enabled in production.
2065 *
2066 * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
2067 * information.
2068 *
2069 * Uncomment to enable invasive tests.
2070 */
2071//#define MBEDTLS_TEST_HOOKS
2072
2073/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002074 * \def MBEDTLS_THREADING_ALT
Paul Bakker2466d932013-09-28 14:40:38 +02002075 *
2076 * Provide your own alternate threading implementation.
2077 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002078 * Requires: MBEDTLS_THREADING_C
Paul Bakker2466d932013-09-28 14:40:38 +02002079 *
2080 * Uncomment this to allow your own alternate threading implementation.
Paul Bakker2466d932013-09-28 14:40:38 +02002081 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002082//#define MBEDTLS_THREADING_ALT
Paul Bakker2466d932013-09-28 14:40:38 +02002083
2084/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002085 * \def MBEDTLS_THREADING_PTHREAD
Paul Bakker2466d932013-09-28 14:40:38 +02002086 *
2087 * Enable the pthread wrapper layer for the threading layer.
2088 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002089 * Requires: MBEDTLS_THREADING_C
Paul Bakker2466d932013-09-28 14:40:38 +02002090 *
2091 * Uncomment this to enable pthread mutexes.
Paul Bakker2466d932013-09-28 14:40:38 +02002092 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002093//#define MBEDTLS_THREADING_PTHREAD
Paul Bakker2466d932013-09-28 14:40:38 +02002094
2095/**
Manuel Pégourié-Gonnardaeefa492018-10-22 12:14:52 +02002096 * \def MBEDTLS_USE_PSA_CRYPTO
2097 *
Manuel Pégourié-Gonnard2ca08c82023-03-24 09:21:46 +01002098 * Make the X.509 and TLS libraries use PSA for cryptographic operations as
2099 * much as possible, and enable new APIs for using keys handled by PSA Crypto.
Manuel Pégourié-Gonnardaeefa492018-10-22 12:14:52 +02002100 *
Jaeden Amero8dd16902019-07-22 16:39:49 +01002101 * \note Development of this option is currently in progress, and parts of Mbed
2102 * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
Andrzej Kurekd65b11d2019-04-16 04:20:24 -04002103 * will still continue to work as usual, so enabling this option should not
2104 * break backwards compatibility.
Manuel Pégourié-Gonnardaeefa492018-10-22 12:14:52 +02002105 *
Manuel Pégourié-Gonnardff43ff62022-04-20 15:32:01 +02002106 * \warning If you enable this option, you need to call `psa_crypto_init()`
valeriocf35d772023-04-20 10:37:53 +02002107 * before calling any function from the SSL/TLS, X.509 or PK modules, except
2108 * for the various mbedtls_xxx_init() functions which can be called at any time.
Hanno Becker51560b62018-11-19 09:46:26 +00002109 *
Manuel Pégourié-Gonnard93b21e72023-03-29 10:30:26 +02002110 * \note An important and desirable effect of this option is that it allows
2111 * PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling
2112 * this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in
Manuel Pégourié-Gonnard9463e782023-03-30 09:37:39 +02002113 * those modules. However, note that even with this option disabled, some code
Manuel Pégourié-Gonnard93b21e72023-03-29 10:30:26 +02002114 * in PK, X.509, TLS or the crypto library might still use PSA drivers, if it
2115 * can determine it's safe to do so; currently that's the case for hashes.
Manuel Pégourié-Gonnard2ca08c82023-03-24 09:21:46 +01002116 *
2117 * \note See docs/use-psa-crypto.md for a complete description this option.
Manuel Pégourié-Gonnardaeefa492018-10-22 12:14:52 +02002118 *
2119 * Requires: MBEDTLS_PSA_CRYPTO_C.
Manuel Pégourié-Gonnard971dea32019-02-01 12:38:40 +01002120 *
Andrzej Kurekd3deb1d2019-04-16 04:14:48 -04002121 * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002122 */
Paul Bakker0f90d7d2014-04-30 11:49:44 +02002123//#define MBEDTLS_USE_PSA_CRYPTO
2124
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002125/**
John Durkop6e33dbe2020-09-17 21:15:13 -07002126 * \def MBEDTLS_PSA_CRYPTO_CONFIG
2127 *
John Durkop185764f2020-10-12 21:32:12 -07002128 * This setting allows support for cryptographic mechanisms through the PSA
2129 * API to be configured separately from support through the mbedtls API.
John Durkop6e33dbe2020-09-17 21:15:13 -07002130 *
Gilles Peskinedb0421b2022-04-13 23:22:49 +02002131 * When this option is disabled, the PSA API exposes the cryptographic
2132 * mechanisms that can be implemented on top of the `mbedtls_xxx` API
2133 * configured with `MBEDTLS_XXX` symbols.
Gilles Peskine750596e2022-03-16 17:03:55 +01002134 *
2135 * When this option is enabled, the PSA API exposes the cryptographic
2136 * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
2137 * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
2138 * automatically enabled if required (i.e. if no PSA driver provides the
2139 * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
2140 * in mbedtls_config.h.
Gilles Peskine58858b72020-11-09 15:26:09 +01002141 *
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01002142 * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
Gilles Peskine0c4db1f2022-04-14 12:44:01 +02002143 * an alternative header to include instead of include/psa/crypto_config.h.
Gilles Peskine58858b72020-11-09 15:26:09 +01002144 *
Gilles Peskine25b4e722023-07-27 15:05:12 +02002145 * \warning This option is experimental, in that the set of `PSA_WANT_XXX`
2146 * symbols is not completely finalized yet, and the configuration
2147 * tooling is not ideally adapted to having two separate configuration
2148 * files.
2149 * Future minor releases of Mbed TLS may make minor changes to those
2150 * symbols, but we will endeavor to provide a transition path.
2151 * Nonetheless, this option is considered mature enough to use in
2152 * production, as long as you accept that you may need to make
2153 * minor changes to psa/crypto_config.h when upgrading Mbed TLS.
John Durkop6e33dbe2020-09-17 21:15:13 -07002154 */
2155//#define MBEDTLS_PSA_CRYPTO_CONFIG
2156
2157/**
Paul Bakker1f2bc622013-08-15 13:45:55 +02002158 * \def MBEDTLS_VERSION_FEATURES
2159 *
2160 * Allow run-time checking of compile-time enabled features. Thus allowing users
2161 * to check at run-time if the library is for instance compiled with threading
Paul Bakker5c721f92011-07-27 16:51:09 +00002162 * support via mbedtls_version_check_feature().
2163 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002164 * Requires: MBEDTLS_VERSION_C
Paul Bakker5c721f92011-07-27 16:51:09 +00002165 *
2166 * Comment this to disable run-time checking and save ROM space
2167 */
2168#define MBEDTLS_VERSION_FEATURES
2169
2170/**
Hanno Becker288dedc2019-03-27 11:00:53 +00002171 * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
2172 *
Jarno Lamsaf49fedc2019-04-01 14:58:30 +03002173 * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
Hanno Becker288dedc2019-03-27 11:00:53 +00002174 * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
2175 * the set of trusted certificates through a callback instead of a linked
2176 * list.
2177 *
2178 * This is useful for example in environments where a large number of trusted
2179 * certificates is present and storing them in a linked list isn't efficient
2180 * enough, or when the set of trusted certificates changes frequently.
2181 *
Jarno Lamsaf49fedc2019-04-01 14:58:30 +03002182 * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
Hanno Becker288dedc2019-03-27 11:00:53 +00002183 * `mbedtls_ssl_conf_ca_cb()` for more information.
2184 *
Valerio Setti8e45cdd2023-01-05 09:32:29 +01002185 * Requires: MBEDTLS_X509_CRT_PARSE_C
2186 *
Hanno Becker288dedc2019-03-27 11:00:53 +00002187 * Uncomment to enable trusted certificate callbacks.
2188 */
2189//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
2190
2191/**
Hanno Becker612a2f12020-10-09 09:19:39 +01002192 * \def MBEDTLS_X509_REMOVE_INFO
Peter Kolbus9a969b62018-12-11 13:55:56 -06002193 *
Chris Jones2c745862020-12-16 11:41:06 +00002194 * Disable mbedtls_x509_*_info() and related APIs.
Peter Kolbus9a969b62018-12-11 13:55:56 -06002195 *
Chris Jones2c745862020-12-16 11:41:06 +00002196 * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
Peter Kolbus9a969b62018-12-11 13:55:56 -06002197 * and other functions/constants only used by these functions, thus reducing
2198 * the code footprint by several KB.
2199 */
Chris Jones2c745862020-12-16 11:41:06 +00002200//#define MBEDTLS_X509_REMOVE_INFO
Peter Kolbus9a969b62018-12-11 13:55:56 -06002201
2202/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002203 * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
Manuel Pégourié-Gonnardd1539b12014-06-06 16:42:37 +02002204 *
2205 * Enable parsing and verification of X.509 certificates, CRLs and CSRS
2206 * signed with RSASSA-PSS (aka PKCS#1 v2.1).
2207 *
Tomi Fontanillesa70b3c22023-07-16 12:06:13 +03002208 * Requires: MBEDTLS_PKCS1_V21
2209 *
Manuel Pégourié-Gonnardd1539b12014-06-06 16:42:37 +02002210 * Comment this macro to disallow using RSASSA-PSS in certificates.
2211 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002212#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
Gilles Peskinee820c0a2023-08-03 17:45:20 +02002213/** \} name SECTION: Mbed TLS feature support */
Paul Bakker0a62cd12011-01-21 11:00:08 +00002214
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002215/**
Gilles Peskinee820c0a2023-08-03 17:45:20 +02002216 * \name SECTION: Mbed TLS modules
Paul Bakker0a62cd12011-01-21 11:00:08 +00002217 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +02002218 * This section enables or disables entire modules in Mbed TLS
Paul Bakker0a62cd12011-01-21 11:00:08 +00002219 * \{
2220 */
Paul Bakker5121ce52009-01-03 21:22:43 +00002221
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002222/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002223 * \def MBEDTLS_AESNI_C
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01002224 *
Gilles Peskine0bfccfa2023-03-16 17:49:44 +01002225 * Enable AES-NI support on x86-64 or x86-32.
2226 *
2227 * \note AESNI is only supported with certain compilers and target options:
Bence Szépkútie05b5422024-03-15 12:18:04 +01002228 * - Visual Studio: supported
Gilles Peskine0bfccfa2023-03-16 17:49:44 +01002229 * - GCC, x86-64, target not explicitly supporting AESNI:
2230 * requires MBEDTLS_HAVE_ASM.
2231 * - GCC, x86-32, target not explicitly supporting AESNI:
2232 * not supported.
2233 * - GCC, x86-64 or x86-32, target supporting AESNI: supported.
2234 * For this assembly-less implementation, you must currently compile
2235 * `library/aesni.c` and `library/aes.c` with machine options to enable
2236 * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
2237 * `clang -maes -mpclmul`.
2238 * - Non-x86 targets: this option is silently ignored.
2239 * - Other compilers: this option is silently ignored.
2240 *
2241 * \note
2242 * Above, "GCC" includes compatible compilers such as Clang.
2243 * The limitations on target support are likely to be relaxed in the future.
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01002244 *
2245 * Module: library/aesni.c
2246 * Caller: library/aes.c
2247 *
Gilles Peskine0bfccfa2023-03-16 17:49:44 +01002248 * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01002249 *
Gilles Peskine0bfccfa2023-03-16 17:49:44 +01002250 * This modules adds support for the AES-NI instructions on x86.
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01002251 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002252#define MBEDTLS_AESNI_C
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01002253
2254/**
Jerry Yu2fddfd72023-01-10 16:32:03 +08002255 * \def MBEDTLS_AESCE_C
2256 *
Dave Rodgman18838f62023-10-08 12:28:51 +01002257 * Enable AES cryptographic extension support on Armv8.
Jerry Yu2fddfd72023-01-10 16:32:03 +08002258 *
2259 * Module: library/aesce.c
2260 * Caller: library/aes.c
2261 *
Jerry Yuf015a932023-04-25 10:38:03 +08002262 * Requires: MBEDTLS_AES_C
Jerry Yu2fddfd72023-01-10 16:32:03 +08002263 *
Dave Rodgmanf918d422023-03-17 17:52:23 +00002264 * \warning Runtime detection only works on Linux. For non-Linux operating
2265 * system, Armv8-A Cryptographic Extensions must be supported by
2266 * the CPU when this option is enabled.
Jerry Yu2fddfd72023-01-10 16:32:03 +08002267 *
Dave Rodgman48b965d2023-10-09 12:19:44 +01002268 * \note Minimum compiler versions for this feature when targeting aarch64
2269 * are Clang 4.0; armclang 6.6; GCC 6.0; or MSVC 2019 version 16.11.2.
2270 * Minimum compiler versions for this feature when targeting 32-bit
2271 * Arm or Thumb are Clang 11.0; armclang 6.20; or GCC 6.0.
Jerry Yu8bfa24b2023-05-05 14:35:00 +08002272 *
2273 * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
2274 * armclang <= 6.9
Jerry Yu2fddfd72023-01-10 16:32:03 +08002275 *
Dave Rodgman4b8e8dc2023-10-08 21:41:40 +01002276 * This module adds support for the AES Armv8-A Cryptographic Extensions on Armv8 systems.
Jerry Yu2fddfd72023-01-10 16:32:03 +08002277 */
2278#define MBEDTLS_AESCE_C
2279
2280/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002281 * \def MBEDTLS_AES_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002282 *
2283 * Enable the AES block cipher.
2284 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002285 * Module: library/aes.c
Manuel Pégourié-Gonnardfdd43542018-02-28 10:49:02 +01002286 * Caller: library/cipher.c
Paul Bakker96743fc2011-02-12 14:30:57 +00002287 * library/pem.c
Paul Bakker6083fd22011-12-03 21:45:14 +00002288 * library/ctr_drbg.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002289 *
Paul Bakker645ce3a2012-10-31 12:32:41 +00002290 * This module enables the following ciphersuites (if other requisites are
2291 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002292 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
2293 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
2294 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
2295 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
2296 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
2297 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
2298 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
2299 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
2300 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
2301 * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
2302 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
2303 * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
2304 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
2305 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2306 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2307 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
2308 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
2309 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
2310 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
2311 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2312 * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
2313 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2314 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2315 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
2316 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
2317 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2318 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
2319 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
2320 * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2321 * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
2322 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
2323 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
2324 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
2325 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
2326 * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
2327 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
2328 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
2329 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
2330 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
2331 * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
2332 * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
2333 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
2334 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
2335 * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
2336 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
2337 * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
2338 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
2339 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
2340 * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
2341 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
2342 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
2343 * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
2344 * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
2345 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
2346 * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
2347 * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
2348 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
2349 * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
Paul Bakker6deb37e2013-02-19 13:17:08 +01002350 *
Paul Bakkercff68422013-09-15 20:43:33 +02002351 * PEM_PARSE uses AES for decrypting encrypted keys.
Paul Bakker5121ce52009-01-03 21:22:43 +00002352 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002353#define MBEDTLS_AES_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002354
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002355/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002356 * \def MBEDTLS_ASN1_PARSE_C
Paul Bakkerefc30292011-11-10 14:43:23 +00002357 *
2358 * Enable the generic ASN1 parser.
2359 *
2360 * Module: library/asn1.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002361 * Caller: library/x509.c
2362 * library/dhm.c
2363 * library/pkcs12.c
2364 * library/pkcs5.c
2365 * library/pkparse.c
Paul Bakkerefc30292011-11-10 14:43:23 +00002366 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002367#define MBEDTLS_ASN1_PARSE_C
Paul Bakkerefc30292011-11-10 14:43:23 +00002368
2369/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002370 * \def MBEDTLS_ASN1_WRITE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002371 *
2372 * Enable the generic ASN1 writer.
2373 *
2374 * Module: library/asn1write.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002375 * Caller: library/ecdsa.c
2376 * library/pkwrite.c
2377 * library/x509_create.c
2378 * library/x509write_crt.c
Simon Butcher2cb47392016-11-04 12:23:11 +00002379 * library/x509write_csr.c
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002380 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002381#define MBEDTLS_ASN1_WRITE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00002382
2383/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002384 * \def MBEDTLS_BASE64_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002385 *
2386 * Enable the Base64 module.
2387 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002388 * Module: library/base64.c
Paul Bakker5690efc2011-05-26 13:16:06 +00002389 * Caller: library/pem.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002390 *
Paul Bakker5690efc2011-05-26 13:16:06 +00002391 * This module is required for PEM support (required by X.509).
Paul Bakker5121ce52009-01-03 21:22:43 +00002392 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002393#define MBEDTLS_BASE64_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002394
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002395/**
Yanray Wange367e472023-10-31 17:23:04 +08002396 * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2397 *
2398 * Remove decryption operation for AES, ARIA and Camellia block cipher.
2399 *
2400 * \note This feature is incompatible with insecure block cipher,
2401 * MBEDTLS_DES_C, and cipher modes which always require decryption
2402 * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and
Yanray Wang16b00f92023-11-27 15:52:24 +08002403 * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled,
2404 * this feature is incompatible with following supported PSA equivalence,
2405 * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING,
2406 * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES.
Yanray Wange367e472023-10-31 17:23:04 +08002407 *
2408 * Module: library/aes.c
2409 * library/aesce.c
2410 * library/aesni.c
2411 * library/aria.c
2412 * library/camellia.c
2413 * library/cipher.c
2414 */
2415//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2416
2417/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002418 * \def MBEDTLS_BIGNUM_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002419 *
Paul Bakker9a736322012-11-14 12:39:52 +00002420 * Enable the multi-precision integer library.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002421 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002422 * Module: library/bignum.c
Janos Follath3ca07752022-08-09 11:45:47 +01002423 * library/bignum_core.c
Janos Follathd1baedb2022-08-09 13:44:53 +01002424 * library/bignum_mod.c
Gabor Mezeid41f6272022-08-12 15:20:21 +02002425 * library/bignum_mod_raw.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002426 * Caller: library/dhm.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002427 * library/ecp.c
Manuel Pégourié-Gonnardbf319772014-06-25 13:00:17 +02002428 * library/ecdsa.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002429 * library/rsa.c
Chris Jones3848e312021-03-11 16:17:59 +00002430 * library/rsa_alt_helpers.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002431 * library/ssl_tls.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002432 *
Manuel Pégourié-Gonnardbf319772014-06-25 13:00:17 +02002433 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
Paul Bakker5121ce52009-01-03 21:22:43 +00002434 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002435#define MBEDTLS_BIGNUM_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002436
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002437/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002438 * \def MBEDTLS_CAMELLIA_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002439 *
2440 * Enable the Camellia block cipher.
2441 *
Paul Bakker38119b12009-01-10 23:31:23 +00002442 * Module: library/camellia.c
Manuel Pégourié-Gonnardfdd43542018-02-28 10:49:02 +01002443 * Caller: library/cipher.c
Paul Bakker38119b12009-01-10 23:31:23 +00002444 *
Paul Bakker645ce3a2012-10-31 12:32:41 +00002445 * This module enables the following ciphersuites (if other requisites are
2446 * enabled as well):
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002447 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
2448 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
2449 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
2450 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
2451 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
2452 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
2453 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
2454 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
2455 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
2456 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
2457 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
2458 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
2459 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
2460 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2461 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2462 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
2463 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2464 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2465 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
2466 * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2467 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2468 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
2469 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
2470 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2471 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2472 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
2473 * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2474 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2475 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
2476 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
2477 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
2478 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
2479 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
2480 * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
2481 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
2482 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
2483 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
2484 * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
2485 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
2486 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
2487 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
2488 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
Paul Bakker38119b12009-01-10 23:31:23 +00002489 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002490#define MBEDTLS_CAMELLIA_C
Paul Bakker38119b12009-01-10 23:31:23 +00002491
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002492/**
Markku-Juhani O. Saarinen3c0b53b2017-11-30 16:00:34 +00002493 * \def MBEDTLS_ARIA_C
2494 *
Manuel Pégourié-Gonnard525168c2018-02-28 10:47:02 +01002495 * Enable the ARIA block cipher.
Markku-Juhani O. Saarinen3c0b53b2017-11-30 16:00:34 +00002496 *
2497 * Module: library/aria.c
Manuel Pégourié-Gonnard525168c2018-02-28 10:47:02 +01002498 * Caller: library/cipher.c
2499 *
2500 * This module enables the following ciphersuites (if other requisites are
2501 * enabled as well):
2502 *
2503 * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
2504 * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
2505 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
2506 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
2507 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
2508 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
2509 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
2510 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
2511 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
2512 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
2513 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
2514 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
2515 * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
2516 * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
2517 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
2518 * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
2519 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
2520 * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
2521 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
2522 * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
2523 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
2524 * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
2525 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
2526 * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
2527 * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
2528 * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
2529 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
2530 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
2531 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
2532 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
2533 * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
2534 * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
2535 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
2536 * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
2537 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
2538 * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
2539 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
2540 * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
Markku-Juhani O. Saarinen3c0b53b2017-11-30 16:00:34 +00002541 */
TRodziewicz85aff9f2021-04-23 10:47:26 +02002542#define MBEDTLS_ARIA_C
Markku-Juhani O. Saarinen3c0b53b2017-11-30 16:00:34 +00002543
2544/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002545 * \def MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +02002546 *
2547 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
2548 *
2549 * Module: library/ccm.c
2550 *
Przemek Stekielea805b42022-05-02 10:30:03 +02002551 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
2552 * MBEDTLS_ARIA_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +02002553 *
2554 * This module enables the AES-CCM ciphersuites, if other requisites are
2555 * enabled as well.
2556 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002557#define MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +02002558
2559/**
Daniel King34b822c2016-05-15 17:28:08 -03002560 * \def MBEDTLS_CHACHA20_C
2561 *
2562 * Enable the ChaCha20 stream cipher.
2563 *
2564 * Module: library/chacha20.c
2565 */
2566#define MBEDTLS_CHACHA20_C
2567
2568/**
Manuel Pégourié-Gonnarde533b222018-06-04 12:23:19 +02002569 * \def MBEDTLS_CHACHAPOLY_C
2570 *
2571 * Enable the ChaCha20-Poly1305 AEAD algorithm.
2572 *
2573 * Module: library/chachapoly.c
2574 *
2575 * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
2576 */
2577#define MBEDTLS_CHACHAPOLY_C
2578
2579/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002580 * \def MBEDTLS_CIPHER_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002581 *
2582 * Enable the generic cipher layer.
2583 *
Paul Bakker8123e9d2011-01-06 15:37:30 +00002584 * Module: library/cipher.c
Przemek Stekielea805b42022-05-02 10:30:03 +02002585 * Caller: library/ccm.c
2586 * library/cmac.c
2587 * library/gcm.c
2588 * library/nist_kw.c
Przemek Stekielea805b42022-05-02 10:30:03 +02002589 * library/pkcs12.c
2590 * library/pkcs5.c
2591 * library/psa_crypto_aead.c
2592 * library/psa_crypto_mac.c
2593 * library/ssl_ciphersuites.c
2594 * library/ssl_msg.c
Przemek Stekiela09f8352022-05-12 09:34:28 +02002595 * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
Valerio Settid5cab812023-12-28 10:04:51 +01002596 * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled
2597 * (see the documentation of that option for details).
Paul Bakker8123e9d2011-01-06 15:37:30 +00002598 *
2599 * Uncomment to enable generic cipher wrappers.
2600 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002601#define MBEDTLS_CIPHER_C
Paul Bakker8123e9d2011-01-06 15:37:30 +00002602
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002603/**
Robert Cragiedc5c7b92015-12-11 15:49:45 +00002604 * \def MBEDTLS_CMAC_C
2605 *
Simon Butcher327398a2016-10-05 14:09:11 +01002606 * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
2607 * ciphers.
Robert Cragiedc5c7b92015-12-11 15:49:45 +00002608 *
Steven Cooremanc338cef2021-04-26 11:24:44 +02002609 * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
2610 * implementation of the CMAC algorithm is provided by an alternate
2611 * implementation, that alternate implementation may opt to not support
2612 * AES-192 or 3DES as underlying block ciphers for the CMAC operation.
2613 *
Robert Cragiedc5c7b92015-12-11 15:49:45 +00002614 * Module: library/cmac.c
2615 *
Przemek Stekielea805b42022-05-02 10:30:03 +02002616 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
Robert Cragiedc5c7b92015-12-11 15:49:45 +00002617 *
2618 */
TRodziewicz85aff9f2021-04-23 10:47:26 +02002619#define MBEDTLS_CMAC_C
Robert Cragiedc5c7b92015-12-11 15:49:45 +00002620
2621/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002622 * \def MBEDTLS_CTR_DRBG_C
Paul Bakker0e04d0e2011-11-27 14:46:59 +00002623 *
Nir Sonnenscheince266e42018-08-29 10:11:46 +03002624 * Enable the CTR_DRBG AES-based random generator.
2625 * The CTR_DRBG generator uses AES-256 by default.
Gilles Peskine1540e5b2019-10-03 14:21:14 +02002626 * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
Paul Bakker0e04d0e2011-11-27 14:46:59 +00002627 *
Wenxing Hou848bccf2024-06-19 11:04:13 +08002628 * AES support can either be achieved through builtin (MBEDTLS_AES_C) or PSA.
Valerio Setti7ab90722023-11-23 16:29:51 +01002629 * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA
2630 * is used.
2631 *
2632 * \warning When using PSA, the user should call `psa_crypto_init()` before
2633 * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`).
2634 *
Yanray Wang55ef22c2023-06-15 09:57:06 +08002635 * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
2636 *
Gilles Peskine7e279362019-10-03 14:21:39 +02002637 * \note To achieve a 256-bit security strength with CTR_DRBG,
2638 * you must use AES-256 *and* use sufficient entropy.
2639 * See ctr_drbg.h for more details.
Paul Bakker0e04d0e2011-11-27 14:46:59 +00002640 *
2641 * Module: library/ctr_drbg.c
2642 * Caller:
2643 *
Valerio Setti7ab90722023-11-23 16:29:51 +01002644 * Requires: MBEDTLS_AES_C or
2645 * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and
2646 * MBEDTLS_PSA_CRYPTO_C)
Paul Bakker6083fd22011-12-03 21:45:14 +00002647 *
Nir Sonnenschein521e8a92018-09-03 14:10:52 +03002648 * This module provides the CTR_DRBG AES random number generator.
Paul Bakker0e04d0e2011-11-27 14:46:59 +00002649 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002650#define MBEDTLS_CTR_DRBG_C
Paul Bakker0e04d0e2011-11-27 14:46:59 +00002651
2652/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002653 * \def MBEDTLS_DEBUG_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002654 *
2655 * Enable the debug functions.
2656 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002657 * Module: library/debug.c
Ronald Cronde1adee2022-03-07 16:20:30 +01002658 * Caller: library/ssl_msg.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002659 * library/ssl_tls.c
Ronald Cronde1adee2022-03-07 16:20:30 +01002660 * library/ssl_tls12_*.c
2661 * library/ssl_tls13_*.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002662 *
2663 * This module provides debugging functions.
2664 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002665#define MBEDTLS_DEBUG_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002666
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002667/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002668 * \def MBEDTLS_DES_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002669 *
2670 * Enable the DES block cipher.
2671 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002672 * Module: library/des.c
Paul Bakker6deb37e2013-02-19 13:17:08 +01002673 * Caller: library/pem.c
Manuel Pégourié-Gonnardfdd43542018-02-28 10:49:02 +01002674 * library/cipher.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002675 *
Paul Bakkercff68422013-09-15 20:43:33 +02002676 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
Hanno Beckerbbca8c52017-09-25 14:53:51 +01002677 *
Dave Rodgmanc04515b2023-02-02 10:47:58 +00002678 * \warning DES/3DES are considered weak ciphers and their use constitutes a
Hanno Beckerbbca8c52017-09-25 14:53:51 +01002679 * security risk. We recommend considering stronger ciphers instead.
Paul Bakker5121ce52009-01-03 21:22:43 +00002680 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002681#define MBEDTLS_DES_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002682
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002683/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002684 * \def MBEDTLS_DHM_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002685 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02002686 * Enable the Diffie-Hellman-Merkle module.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002687 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002688 * Module: library/dhm.c
Ronald Cronde1adee2022-03-07 16:20:30 +01002689 * Caller: library/ssl_tls.c
2690 * library/ssl*_client.c
2691 * library/ssl*_server.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002692 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02002693 * This module is used by the following key exchanges:
2694 * DHE-RSA, DHE-PSK
Hanno Beckera2f6b722017-09-28 10:33:29 +01002695 *
Hanno Beckerf9734b32017-10-03 12:09:22 +01002696 * \warning Using DHE constitutes a security risk as it
2697 * is not possible to validate custom DH parameters.
2698 * If possible, it is recommended users should consider
2699 * preferring other methods of key exchange.
2700 * See dhm.h for more details.
Hanno Beckera2f6b722017-09-28 10:33:29 +01002701 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002702 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002703#define MBEDTLS_DHM_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002704
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002705/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002706 * \def MBEDTLS_ECDH_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002707 *
2708 * Enable the elliptic curve Diffie-Hellman library.
2709 *
2710 * Module: library/ecdh.c
Ronald Cronde1adee2022-03-07 16:20:30 +01002711 * Caller: library/psa_crypto.c
2712 * library/ssl_tls.c
2713 * library/ssl*_client.c
2714 * library/ssl*_server.c
Paul Bakker41c83d32013-03-20 14:39:14 +01002715 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02002716 * This module is used by the following key exchanges:
2717 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002718 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002719 * Requires: MBEDTLS_ECP_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002720 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002721#define MBEDTLS_ECDH_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002722
2723/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002724 * \def MBEDTLS_ECDSA_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002725 *
2726 * Enable the elliptic curve DSA library.
2727 *
2728 * Module: library/ecdsa.c
2729 * Caller:
2730 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02002731 * This module is used by the following key exchanges:
2732 * ECDHE-ECDSA
2733 *
Gilles Peskine799e5762018-09-14 17:34:00 +02002734 * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
2735 * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
2736 * short Weierstrass curve.
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002737 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002738#define MBEDTLS_ECDSA_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002739
2740/**
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02002741 * \def MBEDTLS_ECJPAKE_C
2742 *
2743 * Enable the elliptic curve J-PAKE library.
2744 *
Tomasz Rodziewicz532ca932021-05-07 11:01:24 +02002745 * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
2746 * It has not been reviewed for compliance with newer standards such as
Tomasz Rodziewicz1fc7c4c2021-05-07 10:13:31 +02002747 * Thread v1.1 or RFC 8236.
Manuel Pégourié-Gonnard75df9022015-09-16 23:21:01 +02002748 *
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02002749 * Module: library/ecjpake.c
2750 * Caller:
2751 *
2752 * This module is used by the following key exchanges:
2753 * ECJPAKE
2754 *
Manuel Pégourié-Gonnard72687b72022-09-15 12:23:58 +02002755 * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
Neil Armstrongecaba1c2022-08-11 10:47:08 +02002756 *
Manuel Pégourié-Gonnard41bc8b62023-03-14 23:59:24 +01002757 * \warning If using a hash that is only provided by PSA drivers, you must
2758 * call psa_crypto_init() before doing any EC J-PAKE operations.
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02002759 */
Tomasz Rodziewiczb1336052021-04-22 15:14:17 +02002760#define MBEDTLS_ECJPAKE_C
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02002761
2762/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002763 * \def MBEDTLS_ECP_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002764 *
2765 * Enable the elliptic curve over GF(p) library.
2766 *
2767 * Module: library/ecp.c
2768 * Caller: library/ecdh.c
2769 * library/ecdsa.c
Manuel Pégourié-Gonnard4d8685b2015-08-05 15:44:42 +02002770 * library/ecjpake.c
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002771 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002772 * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002773 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002774#define MBEDTLS_ECP_C
Paul Bakkerd589a0d2013-03-13 16:30:17 +01002775
2776/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002777 * \def MBEDTLS_ENTROPY_C
Paul Bakker6083fd22011-12-03 21:45:14 +00002778 *
2779 * Enable the platform-specific entropy code.
2780 *
2781 * Module: library/entropy.c
2782 * Caller:
2783 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002784 * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
Paul Bakker6083fd22011-12-03 21:45:14 +00002785 *
2786 * This module provides a generic entropy pool
2787 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002788#define MBEDTLS_ENTROPY_C
Paul Bakker6083fd22011-12-03 21:45:14 +00002789
2790/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002791 * \def MBEDTLS_ERROR_C
Paul Bakker9d781402011-05-09 16:17:09 +00002792 *
2793 * Enable error code to error string conversion.
2794 *
2795 * Module: library/error.c
2796 * Caller:
2797 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002798 * This module enables mbedtls_strerror().
Paul Bakker9d781402011-05-09 16:17:09 +00002799 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002800#define MBEDTLS_ERROR_C
Paul Bakker9d781402011-05-09 16:17:09 +00002801
2802/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002803 * \def MBEDTLS_GCM_C
Paul Bakker89e80c92012-03-20 13:50:09 +00002804 *
Jaeden Amero7accf442019-04-10 18:13:57 +01002805 * Enable the Galois/Counter Mode (GCM).
Paul Bakker89e80c92012-03-20 13:50:09 +00002806 *
2807 * Module: library/gcm.c
2808 *
Przemek Stekielea805b42022-05-02 10:30:03 +02002809 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
2810 * MBEDTLS_ARIA_C
Paul Bakker645ce3a2012-10-31 12:32:41 +00002811 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02002812 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
2813 * requisites are enabled as well.
Paul Bakker89e80c92012-03-20 13:50:09 +00002814 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002815#define MBEDTLS_GCM_C
Paul Bakker89e80c92012-03-20 13:50:09 +00002816
2817/**
Matthias Schulza6ac0f12024-02-09 17:09:42 +01002818 * \def MBEDTLS_GCM_LARGE_TABLE
Matthias Schulz0767fda2024-02-07 10:46:28 +01002819 *
Matthias Schulzf3116342024-02-08 18:35:36 +01002820 * Enable large pre-computed tables for Galois/Counter Mode (GCM).
Matthias Schulz0767fda2024-02-07 10:46:28 +01002821 * Can significantly increase throughput on systems without GCM hardware
2822 * acceleration (e.g., AESNI, AESCE).
2823 *
Matthias Schulz78266782024-02-08 13:54:48 +01002824 * The mbedtls_gcm_context size will increase by 3840 bytes.
2825 * The code size will increase by roughly 344 bytes.
2826 *
Matthias Schulz0767fda2024-02-07 10:46:28 +01002827 * Module: library/gcm.c
2828 *
2829 * Requires: MBEDTLS_GCM_C
Matthias Schulz0767fda2024-02-07 10:46:28 +01002830 */
Matthias Schulza6ac0f12024-02-09 17:09:42 +01002831//#define MBEDTLS_GCM_LARGE_TABLE
Matthias Schulz0767fda2024-02-07 10:46:28 +01002832
2833/**
Thomas Fossati656864b2016-07-17 08:51:22 +01002834 * \def MBEDTLS_HKDF_C
2835 *
2836 * Enable the HKDF algorithm (RFC 5869).
2837 *
2838 * Module: library/hkdf.c
2839 * Caller:
2840 *
2841 * Requires: MBEDTLS_MD_C
2842 *
2843 * This module adds support for the Hashed Message Authentication Code
2844 * (HMAC)-based key derivation function (HKDF).
2845 */
2846#define MBEDTLS_HKDF_C
2847
2848/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002849 * \def MBEDTLS_HMAC_DRBG_C
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +01002850 *
2851 * Enable the HMAC_DRBG random generator.
2852 *
2853 * Module: library/hmac_drbg.c
2854 * Caller:
2855 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002856 * Requires: MBEDTLS_MD_C
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +01002857 *
Tom Cosgrove1e211442022-05-26 11:51:00 +01002858 * Uncomment to enable the HMAC_DRBG random number generator.
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +01002859 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002860#define MBEDTLS_HMAC_DRBG_C
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +01002861
2862/**
Raef Coles8ff6df52021-07-21 12:42:15 +01002863 * \def MBEDTLS_LMS_C
2864 *
2865 * Enable the LMS stateful-hash asymmetric signature algorithm.
2866 *
2867 * Module: library/lms.c
2868 * Caller:
2869 *
Raef Colesab4f8742022-09-01 12:24:31 +01002870 * Requires: MBEDTLS_PSA_CRYPTO_C
Raef Coles8ff6df52021-07-21 12:42:15 +01002871 *
Raef Colesab4f8742022-09-01 12:24:31 +01002872 * Uncomment to enable the LMS verification algorithm and public key operations.
Raef Coles8ff6df52021-07-21 12:42:15 +01002873 */
2874#define MBEDTLS_LMS_C
2875
2876/**
Raef Colesab4f8742022-09-01 12:24:31 +01002877 * \def MBEDTLS_LMS_PRIVATE
2878 *
2879 * Enable LMS private-key operations and signing code. Functions enabled by this
2880 * option are experimental, and should not be used in production.
2881 *
2882 * Requires: MBEDTLS_LMS_C
2883 *
2884 * Uncomment to enable the LMS signature algorithm and private key operations.
2885 */
Raef Coles5127e852022-10-07 10:35:56 +01002886//#define MBEDTLS_LMS_PRIVATE
Raef Colesab4f8742022-09-01 12:24:31 +01002887
2888/**
Ron Eldor466a57f2018-05-03 16:54:28 +03002889 * \def MBEDTLS_NIST_KW_C
2890 *
2891 * Enable the Key Wrapping mode for 128-bit block ciphers,
2892 * as defined in NIST SP 800-38F. Only KW and KWP modes
2893 * are supported. At the moment, only AES is approved by NIST.
2894 *
2895 * Module: library/nist_kw.c
2896 *
2897 * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
2898 */
TRodziewicz85aff9f2021-04-23 10:47:26 +02002899#define MBEDTLS_NIST_KW_C
Ron Eldor466a57f2018-05-03 16:54:28 +03002900
2901/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002902 * \def MBEDTLS_MD_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002903 *
Manuel Pégourié-Gonnardb9b630d2023-02-16 19:07:31 +01002904 * Enable the generic layer for message digest (hashing) and HMAC.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002905 *
Manuel Pégourié-Gonnard1f7f7172022-07-18 12:04:05 +02002906 * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
2907 * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
Manuel Pégourié-Gonnard161dca62023-03-21 16:22:59 +01002908 * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least
Manuel Pégourié-Gonnard534d64d2023-03-14 17:43:06 +01002909 * one hash.
Simon Butcher2cb47392016-11-04 12:23:11 +00002910 * Module: library/md.c
Przemek Stekiel6aadf0b2022-04-27 14:46:52 +02002911 * Caller: library/constant_time.c
2912 * library/ecdsa.c
2913 * library/ecjpake.c
2914 * library/hkdf.c
2915 * library/hmac_drbg.c
Przemek Stekiel6aadf0b2022-04-27 14:46:52 +02002916 * library/pk.c
2917 * library/pkcs5.c
2918 * library/pkcs12.c
2919 * library/psa_crypto_ecp.c
2920 * library/psa_crypto_rsa.c
2921 * library/rsa.c
2922 * library/ssl_cookie.c
2923 * library/ssl_msg.c
2924 * library/ssl_tls.c
Przemek Stekiel6e712822022-05-06 11:40:20 +02002925 * library/x509.c
Przemek Stekiel6aadf0b2022-04-27 14:46:52 +02002926 * library/x509_crt.c
2927 * library/x509write_crt.c
2928 * library/x509write_csr.c
Paul Bakker17373852011-01-06 14:20:01 +00002929 *
2930 * Uncomment to enable generic message digest wrappers.
2931 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002932#define MBEDTLS_MD_C
Paul Bakker17373852011-01-06 14:20:01 +00002933
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002934/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002935 * \def MBEDTLS_MD5_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002936 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002937 * Enable the MD5 hash algorithm.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002938 *
Simon Butcher2cb47392016-11-04 12:23:11 +00002939 * Module: library/md5.c
2940 * Caller: library/md.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002941 * library/pem.c
Paul Bakker6deb37e2013-02-19 13:17:08 +01002942 * library/ssl_tls.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002943 *
TRodziewicz0f82ec62021-05-12 17:49:18 +02002944 * This module is required for TLS 1.2 depending on the handshake parameters.
2945 * Further, it is used for checking MD5-signed certificates, and for PBKDF1
2946 * when decrypting PEM-encoded encrypted keys.
Hanno Beckerbbca8c52017-09-25 14:53:51 +01002947 *
2948 * \warning MD5 is considered a weak message digest and its use constitutes a
2949 * security risk. If possible, we recommend avoiding dependencies on
2950 * it, and considering stronger message digests instead.
2951 *
Paul Bakker5121ce52009-01-03 21:22:43 +00002952 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002953#define MBEDTLS_MD5_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002954
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002955/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002956 * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002957 *
2958 * Enable the buffer allocator implementation that makes use of a (stack)
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +02002959 * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002960 * calls)
Paul Bakker6e339b52013-07-03 13:37:05 +02002961 *
2962 * Module: library/memory_buffer_alloc.c
2963 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002964 * Requires: MBEDTLS_PLATFORM_C
Gilles Peskinee820c0a2023-08-03 17:45:20 +02002965 * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
Paul Bakker6e339b52013-07-03 13:37:05 +02002966 *
2967 * Enable this module to enable the buffer memory allocator.
Paul Bakker6e339b52013-07-03 13:37:05 +02002968 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002969//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
Paul Bakker6e339b52013-07-03 13:37:05 +02002970
2971/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002972 * \def MBEDTLS_NET_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002973 *
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01002974 * Enable the TCP and UDP over IPv6/IPv4 networking routines.
2975 *
Simon Butcherd567a232016-03-09 20:19:21 +00002976 * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
2977 * and Windows. For other platforms, you'll want to disable it, and write your
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01002978 * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002979 *
Manuel Pégourié-Gonnard02049dc2016-02-22 16:42:51 +00002980 * \note See also our Knowledge Base article about porting to a new
2981 * environment:
Dave Rodgmanb3196842022-10-12 16:47:08 +01002982 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
Manuel Pégourié-Gonnard02049dc2016-02-22 16:42:51 +00002983 *
Andres AG788aa4a2016-09-14 14:32:09 +01002984 * Module: library/net_sockets.c
Paul Bakker5121ce52009-01-03 21:22:43 +00002985 *
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01002986 * This module provides networking routines.
Paul Bakker5121ce52009-01-03 21:22:43 +00002987 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002988#define MBEDTLS_NET_C
Paul Bakker5121ce52009-01-03 21:22:43 +00002989
Paul Bakkerf3b86c12011-01-27 15:24:17 +00002990/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02002991 * \def MBEDTLS_OID_C
Paul Bakkerc70b9822013-04-07 22:00:46 +02002992 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02002993 * Enable the OID database.
Paul Bakkerc70b9822013-04-07 22:00:46 +02002994 *
2995 * Module: library/oid.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02002996 * Caller: library/asn1write.c
2997 * library/pkcs5.c
2998 * library/pkparse.c
2999 * library/pkwrite.c
3000 * library/rsa.c
3001 * library/x509.c
3002 * library/x509_create.c
Simon Butcher2cb47392016-11-04 12:23:11 +00003003 * library/x509_crl.c
3004 * library/x509_crt.c
3005 * library/x509_csr.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02003006 * library/x509write_crt.c
Simon Butcher2cb47392016-11-04 12:23:11 +00003007 * library/x509write_csr.c
Paul Bakkerc70b9822013-04-07 22:00:46 +02003008 *
3009 * This modules translates between OIDs and internal values.
3010 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003011#define MBEDTLS_OID_C
Paul Bakkerc70b9822013-04-07 22:00:46 +02003012
3013/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003014 * \def MBEDTLS_PADLOCK_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003015 *
3016 * Enable VIA Padlock support on x86.
3017 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003018 * Module: library/padlock.c
3019 * Caller: library/aes.c
3020 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003021 * Requires: MBEDTLS_HAVE_ASM
Manuel Pégourié-Gonnard92ac76f2013-12-16 17:12:53 +01003022 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003023 * This modules adds support for the VIA PadLock on x86.
3024 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003025#define MBEDTLS_PADLOCK_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003026
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003027/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003028 * \def MBEDTLS_PEM_PARSE_C
Paul Bakker96743fc2011-02-12 14:30:57 +00003029 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02003030 * Enable PEM decoding / parsing.
Paul Bakker96743fc2011-02-12 14:30:57 +00003031 *
3032 * Module: library/pem.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02003033 * Caller: library/dhm.c
Paul Bakkercff68422013-09-15 20:43:33 +02003034 * library/pkparse.c
Simon Butcher2cb47392016-11-04 12:23:11 +00003035 * library/x509_crl.c
3036 * library/x509_crt.c
3037 * library/x509_csr.c
Paul Bakker96743fc2011-02-12 14:30:57 +00003038 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003039 * Requires: MBEDTLS_BASE64_C
Manuel Pégourié-Gonnard1c2008f2023-03-16 10:20:29 +01003040 * optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below)
3041 *
3042 * \warning When parsing password-protected files, if MD5 is provided only by
3043 * a PSA driver, you must call psa_crypto_init() before the first file.
Paul Bakker5690efc2011-05-26 13:16:06 +00003044 *
Paul Bakkercff68422013-09-15 20:43:33 +02003045 * This modules adds support for decoding / parsing PEM files.
Paul Bakker96743fc2011-02-12 14:30:57 +00003046 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003047#define MBEDTLS_PEM_PARSE_C
Paul Bakkercff68422013-09-15 20:43:33 +02003048
3049/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003050 * \def MBEDTLS_PEM_WRITE_C
Paul Bakkercff68422013-09-15 20:43:33 +02003051 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02003052 * Enable PEM encoding / writing.
Paul Bakkercff68422013-09-15 20:43:33 +02003053 *
3054 * Module: library/pem.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02003055 * Caller: library/pkwrite.c
3056 * library/x509write_crt.c
Simon Butcher2cb47392016-11-04 12:23:11 +00003057 * library/x509write_csr.c
Paul Bakkercff68422013-09-15 20:43:33 +02003058 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003059 * Requires: MBEDTLS_BASE64_C
Paul Bakkercff68422013-09-15 20:43:33 +02003060 *
3061 * This modules adds support for encoding / writing PEM files.
3062 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003063#define MBEDTLS_PEM_WRITE_C
Paul Bakker96743fc2011-02-12 14:30:57 +00003064
3065/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003066 * \def MBEDTLS_PK_C
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02003067 *
Shaun Case8b0ecbc2021-12-20 21:14:10 -08003068 * Enable the generic public (asymmetric) key layer.
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02003069 *
3070 * Module: library/pk.c
Ronald Cronde1adee2022-03-07 16:20:30 +01003071 * Caller: library/psa_crypto_rsa.c
3072 * library/ssl_tls.c
3073 * library/ssl*_client.c
3074 * library/ssl*_server.c
3075 * library/x509.c
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02003076 *
Przemek Stekiel6aadf0b2022-04-27 14:46:52 +02003077 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
Manuel Pégourié-Gonnard1a483832013-09-20 12:29:15 +02003078 *
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02003079 * Uncomment to enable generic public key wrappers.
3080 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003081#define MBEDTLS_PK_C
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +02003082
3083/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003084 * \def MBEDTLS_PK_PARSE_C
Paul Bakker4606c732013-09-15 17:04:23 +02003085 *
Shaun Case8b0ecbc2021-12-20 21:14:10 -08003086 * Enable the generic public (asymmetric) key parser.
Paul Bakker4606c732013-09-15 17:04:23 +02003087 *
3088 * Module: library/pkparse.c
Simon Butcher2cb47392016-11-04 12:23:11 +00003089 * Caller: library/x509_crt.c
3090 * library/x509_csr.c
Paul Bakker4606c732013-09-15 17:04:23 +02003091 *
Yanray Wang072a0682023-12-05 10:53:04 +08003092 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
Paul Bakker4606c732013-09-15 17:04:23 +02003093 *
3094 * Uncomment to enable generic public key parse functions.
3095 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003096#define MBEDTLS_PK_PARSE_C
Paul Bakker4606c732013-09-15 17:04:23 +02003097
3098/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003099 * \def MBEDTLS_PK_WRITE_C
Paul Bakker4606c732013-09-15 17:04:23 +02003100 *
Shaun Case8b0ecbc2021-12-20 21:14:10 -08003101 * Enable the generic public (asymmetric) key writer.
Paul Bakker4606c732013-09-15 17:04:23 +02003102 *
3103 * Module: library/pkwrite.c
3104 * Caller: library/x509write.c
3105 *
Yanray Wanga8f8eb12023-12-05 11:00:33 +08003106 * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
Paul Bakker4606c732013-09-15 17:04:23 +02003107 *
3108 * Uncomment to enable generic public key write functions.
3109 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003110#define MBEDTLS_PK_WRITE_C
Paul Bakker4606c732013-09-15 17:04:23 +02003111
3112/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003113 * \def MBEDTLS_PKCS5_C
Paul Bakkerb0c19a42013-06-24 19:26:38 +02003114 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02003115 * Enable PKCS#5 functions.
Paul Bakkerb0c19a42013-06-24 19:26:38 +02003116 *
3117 * Module: library/pkcs5.c
3118 *
Manuel Pégourié-Gonnard161dca62023-03-21 16:22:59 +01003119 * Auto-enables: MBEDTLS_MD_C
Manuel Pégourié-Gonnard72687b72022-09-15 12:23:58 +02003120 *
Manuel Pégourié-Gonnard49e67f82023-03-16 11:39:20 +01003121 * \warning If using a hash that is only provided by PSA drivers, you must
3122 * call psa_crypto_init() before doing any PKCS5 operations.
Manuel Pégourié-Gonnard18a38562022-11-22 11:49:55 +01003123 *
Paul Bakkerb0c19a42013-06-24 19:26:38 +02003124 * This module adds support for the PKCS#5 functions.
3125 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003126#define MBEDTLS_PKCS5_C
Paul Bakkerb0c19a42013-06-24 19:26:38 +02003127
3128/**
Nayna Jainc9deb182020-11-16 19:03:12 +00003129 * \def MBEDTLS_PKCS7_C
3130 *
Dave Rodgman3fe2abf2023-03-10 17:05:54 +00003131 * Enable PKCS #7 core for using PKCS #7-formatted signatures.
Nayna Jainc9deb182020-11-16 19:03:12 +00003132 * RFC Link - https://tools.ietf.org/html/rfc2315
3133 *
3134 * Module: library/pkcs7.c
3135 *
3136 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
Nick Child89e82e12022-11-09 10:36:10 -06003137 * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
3138 * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
Nayna Jainc9deb182020-11-16 19:03:12 +00003139 *
Dave Rodgmanefbc5f72023-03-13 12:15:49 +00003140 * This module is required for the PKCS #7 parsing modules.
Nayna Jainc9deb182020-11-16 19:03:12 +00003141 */
Dave Rodgman7c33b0c2023-03-10 15:07:15 +00003142#define MBEDTLS_PKCS7_C
Nayna Jainc9deb182020-11-16 19:03:12 +00003143
3144/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003145 * \def MBEDTLS_PKCS12_C
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02003146 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02003147 * Enable PKCS#12 PBE functions.
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02003148 * Adds algorithms for parsing PKCS#8 encrypted private keys
3149 *
3150 * Module: library/pkcs12.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02003151 * Caller: library/pkparse.c
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02003152 *
Valerio Settie98ad592023-12-28 10:42:12 +01003153 * Requires: MBEDTLS_ASN1_PARSE_C and either MBEDTLS_MD_C or
3154 * MBEDTLS_PSA_CRYPTO_C.
Andrzej Kurek7bd12c52022-08-24 10:47:10 -04003155 *
Manuel Pégourié-Gonnardbe97afe2023-03-16 10:00:54 +01003156 * \warning If using a hash that is only provided by PSA drivers, you must
3157 * call psa_crypto_init() before doing any PKCS12 operations.
Manuel Pégourié-Gonnard18a38562022-11-22 11:49:55 +01003158 *
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02003159 * This module enables PKCS#12 functions.
3160 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003161#define MBEDTLS_PKCS12_C
Paul Bakkerf1f21fe2013-06-24 19:17:19 +02003162
3163/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003164 * \def MBEDTLS_PLATFORM_C
Paul Bakker747a83a2014-02-01 22:50:07 +01003165 *
3166 * Enable the platform abstraction layer that allows you to re-assign
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +02003167 * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
Paul Bakker747a83a2014-02-01 22:50:07 +01003168 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003169 * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
3170 * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
Rich Evans16f8cd82015-02-06 16:14:34 +00003171 * above to be specified at runtime or compile time respectively.
Paul Bakker747a83a2014-02-01 22:50:07 +01003172 *
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +02003173 * \note This abstraction layer must be enabled on Windows (including MSYS2)
Jan Bruckner9ff6f8c2022-08-22 16:05:58 +02003174 * as other modules rely on it for a fixed snprintf implementation.
Manuel Pégourié-Gonnard6c0c8e02015-06-22 10:23:34 +02003175 *
Paul Bakker747a83a2014-02-01 22:50:07 +01003176 * Module: library/platform.c
3177 * Caller: Most other .c files
3178 *
3179 * This module enables abstraction of common (libc) functions.
3180 */
Manuel Pégourié-Gonnardb9ef1182015-05-26 16:15:20 +02003181#define MBEDTLS_PLATFORM_C
Paul Bakker747a83a2014-02-01 22:50:07 +01003182
3183/**
Daniel Kingadc32c02016-05-16 18:25:45 -03003184 * \def MBEDTLS_POLY1305_C
3185 *
3186 * Enable the Poly1305 MAC algorithm.
3187 *
3188 * Module: library/poly1305.c
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +02003189 * Caller: library/chachapoly.c
Daniel Kingadc32c02016-05-16 18:25:45 -03003190 */
3191#define MBEDTLS_POLY1305_C
3192
3193/**
Jaeden Amero484ee332018-10-25 17:38:05 +01003194 * \def MBEDTLS_PSA_CRYPTO_C
3195 *
3196 * Enable the Platform Security Architecture cryptography API.
3197 *
Gilles Peskinee59236f2018-01-27 23:32:46 +01003198 * Module: library/psa_crypto.c
Jaeden Amero484ee332018-10-25 17:38:05 +01003199 *
Valerio Setti7ab90722023-11-23 16:29:51 +01003200 * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
Gilles Peskine82e57d12020-11-13 21:31:17 +01003201 * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
Valerio Settid5cab812023-12-28 10:04:51 +01003202 * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
3203 * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher
3204 * is enabled in PSA (unless it's fully accelerated, see
3205 * docs/driver-only-builds.md about that).
Jaeden Amero484ee332018-10-25 17:38:05 +01003206 */
Manuel Pégourié-Gonnardde7636e2019-02-01 12:33:29 +01003207#define MBEDTLS_PSA_CRYPTO_C
Jaeden Amero484ee332018-10-25 17:38:05 +01003208
3209/**
Gilles Peskinea8ade162019-06-26 11:24:49 +02003210 * \def MBEDTLS_PSA_CRYPTO_SE_C
3211 *
Gilles Peskine98473c42022-06-20 18:46:22 +02003212 * Enable dynamic secure element support in the Platform Security Architecture
Gilles Peskinea8ade162019-06-26 11:24:49 +02003213 * cryptography API.
3214 *
Ronald Crone6e6b752023-01-16 16:56:51 +01003215 * \deprecated This feature is deprecated. Please switch to the PSA driver
3216 * interface.
Gilles Peskined0e66b02019-07-24 13:52:51 +02003217 *
Ryan Everett32a64582024-03-05 18:16:18 +00003218 * \warning This feature is not thread-safe, and should not be used in a
3219 * multi-threaded environment.
3220 *
Gilles Peskinea8ade162019-06-26 11:24:49 +02003221 * Module: library/psa_crypto_se.c
3222 *
3223 * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
3224 *
3225 */
Gilles Peskined0e66b02019-07-24 13:52:51 +02003226//#define MBEDTLS_PSA_CRYPTO_SE_C
Gilles Peskinea8ade162019-06-26 11:24:49 +02003227
3228/**
Andrzej Kurekc6905232019-02-05 05:23:41 -05003229 * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
3230 *
3231 * Enable the Platform Security Architecture persistent key storage.
3232 *
Darryl Greendb2b8db2018-06-15 13:06:04 +01003233 * Module: library/psa_crypto_storage.c
Andrzej Kurekc6905232019-02-05 05:23:41 -05003234 *
Jaeden Amero57f4d9e2019-03-15 16:14:19 +00003235 * Requires: MBEDTLS_PSA_CRYPTO_C,
3236 * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
3237 * the PSA ITS interface
Andrzej Kurekc6905232019-02-05 05:23:41 -05003238 */
Darryl Greendb2b8db2018-06-15 13:06:04 +01003239#define MBEDTLS_PSA_CRYPTO_STORAGE_C
Andrzej Kurekc6905232019-02-05 05:23:41 -05003240
3241/**
Jaeden Amero57f4d9e2019-03-15 16:14:19 +00003242 * \def MBEDTLS_PSA_ITS_FILE_C
Andrzej Kurekc6905232019-02-05 05:23:41 -05003243 *
Jaeden Amero57f4d9e2019-03-15 16:14:19 +00003244 * Enable the emulation of the Platform Security Architecture
3245 * Internal Trusted Storage (PSA ITS) over files.
Andrzej Kurekc6905232019-02-05 05:23:41 -05003246 *
Gilles Peskine6194dc22018-11-16 22:24:15 +01003247 * Module: library/psa_its_file.c
Andrzej Kurekc6905232019-02-05 05:23:41 -05003248 *
Jaeden Amero57f4d9e2019-03-15 16:14:19 +00003249 * Requires: MBEDTLS_FS_IO
Andrzej Kurekc6905232019-02-05 05:23:41 -05003250 */
Gilles Peskine6194dc22018-11-16 22:24:15 +01003251#define MBEDTLS_PSA_ITS_FILE_C
Andrzej Kurekc6905232019-02-05 05:23:41 -05003252
3253/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003254 * \def MBEDTLS_RIPEMD160_C
Manuel Pégourié-Gonnardcab4a882014-01-17 12:42:35 +01003255 *
3256 * Enable the RIPEMD-160 hash algorithm.
3257 *
Simon Butcher2cb47392016-11-04 12:23:11 +00003258 * Module: library/ripemd160.c
3259 * Caller: library/md.c
Manuel Pégourié-Gonnardcab4a882014-01-17 12:42:35 +01003260 *
3261 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003262#define MBEDTLS_RIPEMD160_C
Manuel Pégourié-Gonnardcab4a882014-01-17 12:42:35 +01003263
3264/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003265 * \def MBEDTLS_RSA_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003266 *
3267 * Enable the RSA public-key cryptosystem.
3268 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003269 * Module: library/rsa.c
Chris Jones3848e312021-03-11 16:17:59 +00003270 * library/rsa_alt_helpers.c
Ronald Cronde1adee2022-03-07 16:20:30 +01003271 * Caller: library/pk.c
3272 * library/psa_crypto.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003273 * library/ssl_tls.c
Ronald Cronde1adee2022-03-07 16:20:30 +01003274 * library/ssl*_client.c
3275 * library/ssl*_server.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003276 *
Manuel Pégourié-Gonnard9d703732013-10-25 18:01:50 +02003277 * This module is used by the following key exchanges:
3278 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
Paul Bakker5690efc2011-05-26 13:16:06 +00003279 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003280 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003281 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003282#define MBEDTLS_RSA_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003283
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003284/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003285 * \def MBEDTLS_SHA1_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003286 *
3287 * Enable the SHA1 cryptographic hash algorithm.
3288 *
Simon Butcher2cb47392016-11-04 12:23:11 +00003289 * Module: library/sha1.c
3290 * Caller: library/md.c
Ronald Cronde1adee2022-03-07 16:20:30 +01003291 * library/psa_crypto_hash.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003292 *
TRodziewicz0f82ec62021-05-12 17:49:18 +02003293 * This module is required for TLS 1.2 depending on the handshake parameters,
3294 * and for SHA1-signed certificates.
Hanno Beckerbbca8c52017-09-25 14:53:51 +01003295 *
3296 * \warning SHA-1 is considered a weak message digest and its use constitutes
3297 * a security risk. If possible, we recommend avoiding dependencies
3298 * on it, and considering stronger message digests instead.
3299 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003300 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003301#define MBEDTLS_SHA1_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003302
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003303/**
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003304 * \def MBEDTLS_SHA224_C
3305 *
3306 * Enable the SHA-224 cryptographic hash algorithm.
3307 *
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003308 * Module: library/sha256.c
3309 * Caller: library/md.c
3310 * library/ssl_cookie.c
3311 *
3312 * This module adds support for SHA-224.
3313 */
3314#define MBEDTLS_SHA224_C
3315
3316/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003317 * \def MBEDTLS_SHA256_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003318 *
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003319 * Enable the SHA-256 cryptographic hash algorithm.
3320 *
Simon Butcher2cb47392016-11-04 12:23:11 +00003321 * Module: library/sha256.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02003322 * Caller: library/entropy.c
Simon Butcher2cb47392016-11-04 12:23:11 +00003323 * library/md.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02003324 * library/ssl_tls.c
Ronald Cronde1adee2022-03-07 16:20:30 +01003325 * library/ssl*_client.c
3326 * library/ssl*_server.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003327 *
Mateusz Starzyke3c48b42021-04-19 16:46:28 +02003328 * This module adds support for SHA-256.
Paul Bakker769075d2012-11-24 11:26:46 +01003329 * This module is required for the SSL/TLS 1.2 PRF function.
Paul Bakker5121ce52009-01-03 21:22:43 +00003330 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003331#define MBEDTLS_SHA256_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003332
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003333/**
Dave Rodgman5b89c552023-10-10 14:59:02 +01003334 * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003335 *
Gilles Peskine9b3278b2022-06-09 19:09:38 +02003336 * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
3337 * with the ARMv8 cryptographic extensions if they are available at runtime.
3338 * If not, the library will fall back to the C implementation.
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003339 *
Dave Rodgman5b89c552023-10-10 14:59:02 +01003340 * \note If MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT is defined when building
Dave Rodgmanf097bef2023-10-10 14:56:35 +01003341 * for a non-Armv8-A build it will be silently ignored.
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003342 *
Jerry Yu8bfa24b2023-05-05 14:35:00 +08003343 * \note Minimum compiler versions for this feature are Clang 4.0,
3344 * armclang 6.6 or GCC 6.0.
3345 *
3346 * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
3347 * armclang <= 6.9
3348 *
Dave Rodgman94a634d2023-10-10 12:59:29 +01003349 * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
3350 * That name is deprecated, but may still be used as an alternative form for this
3351 * option.
3352 *
Dave Rodgman5b89c552023-10-10 14:59:02 +01003353 * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT cannot be defined at the
3354 * same time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003355 *
3356 * Requires: MBEDTLS_SHA256_C.
3357 *
3358 * Module: library/sha256.c
3359 *
Dave Rodgmanf097bef2023-10-10 14:56:35 +01003360 * Uncomment to have the library check for the Armv8-A SHA-256 crypto extensions
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003361 * and use them if available.
3362 */
Dave Rodgman5b89c552023-10-10 14:59:02 +01003363//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
Dave Rodgman94a634d2023-10-10 12:59:29 +01003364
Dave Rodgmand85277c2023-10-13 09:22:54 +01003365/**
3366 * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
3367 *
Dave Rodgman5b89c552023-10-10 14:59:02 +01003368 * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
Dave Rodgman94a634d2023-10-10 12:59:29 +01003369 * This name is now deprecated, but may still be used as an alternative form for
3370 * this option.
3371 */
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003372//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
3373
3374/**
Dave Rodgman5b89c552023-10-10 14:59:02 +01003375 * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003376 *
Gilles Peskine9b3278b2022-06-09 19:09:38 +02003377 * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
3378 * with the ARMv8 cryptographic extensions, which must be available at runtime
3379 * or else an illegal instruction fault will occur.
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003380 *
3381 * \note This allows builds with a smaller code size than with
Dave Rodgman5b89c552023-10-10 14:59:02 +01003382 * MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003383 *
Jerry Yu8bfa24b2023-05-05 14:35:00 +08003384 * \note Minimum compiler versions for this feature are Clang 4.0,
3385 * armclang 6.6 or GCC 6.0.
3386 *
3387 * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
3388 * armclang <= 6.9
3389 *
Dave Rodgman94a634d2023-10-10 12:59:29 +01003390 * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
Dave Rodgman7821df32023-10-13 09:38:44 +01003391 * That name is deprecated, but may still be used as an alternative form for this
Dave Rodgman94a634d2023-10-10 12:59:29 +01003392 * option.
3393 *
Dave Rodgman5b89c552023-10-10 14:59:02 +01003394 * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY cannot be defined at the same
3395 * time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003396 *
3397 * Requires: MBEDTLS_SHA256_C.
3398 *
3399 * Module: library/sha256.c
3400 *
Dave Rodgmanf097bef2023-10-10 14:56:35 +01003401 * Uncomment to have the library use the Armv8-A SHA-256 crypto extensions
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003402 * unconditionally.
3403 */
Dave Rodgman5b89c552023-10-10 14:59:02 +01003404//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
Dave Rodgman94a634d2023-10-10 12:59:29 +01003405
Dave Rodgmand85277c2023-10-13 09:22:54 +01003406/**
3407 * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
3408 *
Dave Rodgman5b89c552023-10-10 14:59:02 +01003409 * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
Dave Rodgman94a634d2023-10-10 12:59:29 +01003410 * This name is now deprecated, but may still be used as an alternative form for
3411 * this option.
3412 */
Tom Cosgrovef3ebd902022-02-20 22:25:31 +00003413//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
3414
3415/**
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003416 * \def MBEDTLS_SHA384_C
Mateusz Starzyke3c48b42021-04-19 16:46:28 +02003417 *
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003418 * Enable the SHA-384 cryptographic hash algorithm.
Mateusz Starzyke3c48b42021-04-19 16:46:28 +02003419 *
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003420 * Module: library/sha512.c
3421 * Caller: library/md.c
Ronald Cronde1adee2022-03-07 16:20:30 +01003422 * library/psa_crypto_hash.c
3423 * library/ssl_tls.c
3424 * library/ssl*_client.c
3425 * library/ssl*_server.c
Mateusz Starzyke3c48b42021-04-19 16:46:28 +02003426 *
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003427 * Comment to disable SHA-384
Mateusz Starzyke3c48b42021-04-19 16:46:28 +02003428 */
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003429#define MBEDTLS_SHA384_C
Mateusz Starzyke3c48b42021-04-19 16:46:28 +02003430
3431/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003432 * \def MBEDTLS_SHA512_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003433 *
Mateusz Starzyk3352a532021-04-06 14:28:22 +02003434 * Enable SHA-512 cryptographic hash algorithms.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003435 *
Simon Butcher2cb47392016-11-04 12:23:11 +00003436 * Module: library/sha512.c
Manuel Pégourié-Gonnardfe286462013-09-20 14:10:14 +02003437 * Caller: library/entropy.c
Simon Butcher2cb47392016-11-04 12:23:11 +00003438 * library/md.c
Mateusz Starzyk6326a8d2021-05-10 13:51:53 +02003439 * library/ssl_tls.c
3440 * library/ssl_cookie.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003441 *
Mateusz Starzyk3352a532021-04-06 14:28:22 +02003442 * This module adds support for SHA-512.
Paul Bakker5121ce52009-01-03 21:22:43 +00003443 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003444#define MBEDTLS_SHA512_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003445
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003446/**
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +02003447 * \def MBEDTLS_SHA3_C
3448 *
3449 * Enable the SHA3 cryptographic hash algorithm.
3450 *
3451 * Module: library/sha3.c
3452 *
3453 * This module adds support for SHA3.
3454 */
3455#define MBEDTLS_SHA3_C
3456
3457/**
Tom Cosgrove87fbfb52022-03-15 10:51:52 +00003458 * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
3459 *
Gilles Peskine9b3278b2022-06-09 19:09:38 +02003460 * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
3461 * with the ARMv8 cryptographic extensions if they are available at runtime.
3462 * If not, the library will fall back to the C implementation.
Tom Cosgrove87fbfb52022-03-15 10:51:52 +00003463 *
3464 * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
3465 * for a non-Aarch64 build it will be silently ignored.
3466 *
Jerry Yu8bfa24b2023-05-05 14:35:00 +08003467 * \note Minimum compiler versions for this feature are Clang 7.0,
3468 * armclang 6.9 or GCC 8.0.
3469 *
3470 * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for
3471 * armclang 6.9
Tom Cosgrove87fbfb52022-03-15 10:51:52 +00003472 *
3473 * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
3474 * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY.
3475 *
3476 * Requires: MBEDTLS_SHA512_C.
3477 *
3478 * Module: library/sha512.c
3479 *
3480 * Uncomment to have the library check for the A64 SHA-512 crypto extensions
3481 * and use them if available.
3482 */
3483//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
3484
3485/**
3486 * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
3487 *
Gilles Peskine9b3278b2022-06-09 19:09:38 +02003488 * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
3489 * with the ARMv8 cryptographic extensions, which must be available at runtime
3490 * or else an illegal instruction fault will occur.
Tom Cosgrove87fbfb52022-03-15 10:51:52 +00003491 *
3492 * \note This allows builds with a smaller code size than with
3493 * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
3494 *
Jerry Yu8bfa24b2023-05-05 14:35:00 +08003495 * \note Minimum compiler versions for this feature are Clang 7.0,
3496 * armclang 6.9 or GCC 8.0.
3497 *
3498 * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for
3499 * armclang 6.9
Tom Cosgrove87fbfb52022-03-15 10:51:52 +00003500 *
3501 * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same
3502 * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT.
3503 *
3504 * Requires: MBEDTLS_SHA512_C.
3505 *
3506 * Module: library/sha512.c
3507 *
3508 * Uncomment to have the library use the A64 SHA-512 crypto extensions
3509 * unconditionally.
3510 */
3511//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
3512
3513/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003514 * \def MBEDTLS_SSL_CACHE_C
Paul Bakker0a597072012-09-25 21:55:46 +00003515 *
3516 * Enable simple SSL cache implementation.
3517 *
3518 * Module: library/ssl_cache.c
3519 * Caller:
3520 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003521 * Requires: MBEDTLS_SSL_CACHE_C
Paul Bakker0a597072012-09-25 21:55:46 +00003522 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003523#define MBEDTLS_SSL_CACHE_C
Paul Bakker0a597072012-09-25 21:55:46 +00003524
3525/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003526 * \def MBEDTLS_SSL_COOKIE_C
Manuel Pégourié-Gonnarda64acd42014-07-23 18:30:45 +02003527 *
3528 * Enable basic implementation of DTLS cookies for hello verification.
3529 *
3530 * Module: library/ssl_cookie.c
3531 * Caller:
Manuel Pégourié-Gonnarda64acd42014-07-23 18:30:45 +02003532 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003533#define MBEDTLS_SSL_COOKIE_C
Manuel Pégourié-Gonnarda64acd42014-07-23 18:30:45 +02003534
3535/**
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +02003536 * \def MBEDTLS_SSL_TICKET_C
3537 *
3538 * Enable an implementation of TLS server-side callbacks for session tickets.
3539 *
3540 * Module: library/ssl_ticket.c
3541 * Caller:
Manuel Pégourié-Gonnard0c0f11f2015-05-20 09:55:50 +02003542 *
Przemek Stekiel52a428b2022-10-10 08:47:13 +02003543 * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) &&
3544 * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +02003545 */
3546#define MBEDTLS_SSL_TICKET_C
3547
3548/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003549 * \def MBEDTLS_SSL_CLI_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003550 *
3551 * Enable the SSL/TLS client code.
3552 *
Ronald Cronde1adee2022-03-07 16:20:30 +01003553 * Module: library/ssl*_client.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003554 * Caller:
3555 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003556 * Requires: MBEDTLS_SSL_TLS_C
Paul Bakker5690efc2011-05-26 13:16:06 +00003557 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003558 * This module is required for SSL/TLS client support.
3559 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003560#define MBEDTLS_SSL_CLI_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003561
Paul Bakker9a736322012-11-14 12:39:52 +00003562/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003563 * \def MBEDTLS_SSL_SRV_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003564 *
3565 * Enable the SSL/TLS server code.
3566 *
Ronald Cronde1adee2022-03-07 16:20:30 +01003567 * Module: library/ssl*_server.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003568 * Caller:
3569 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003570 * Requires: MBEDTLS_SSL_TLS_C
Paul Bakker5690efc2011-05-26 13:16:06 +00003571 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003572 * This module is required for SSL/TLS server support.
3573 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003574#define MBEDTLS_SSL_SRV_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003575
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003576/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003577 * \def MBEDTLS_SSL_TLS_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003578 *
Paul Bakkere29ab062011-05-18 13:26:54 +00003579 * Enable the generic SSL/TLS code.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003580 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003581 * Module: library/ssl_tls.c
Ronald Cronde1adee2022-03-07 16:20:30 +01003582 * Caller: library/ssl*_client.c
3583 * library/ssl*_server.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003584 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003585 * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
3586 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
Paul Bakker5690efc2011-05-26 13:16:06 +00003587 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003588 * This module is required for SSL/TLS.
3589 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003590#define MBEDTLS_SSL_TLS_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003591
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003592/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003593 * \def MBEDTLS_THREADING_C
Paul Bakker2466d932013-09-28 14:40:38 +02003594 *
3595 * Enable the threading abstraction layer.
Gilles Peskinee820c0a2023-08-03 17:45:20 +02003596 * By default Mbed TLS assumes it is used in a non-threaded environment or that
Paul Bakker2466d932013-09-28 14:40:38 +02003597 * contexts are not shared between threads. If you do intend to use contexts
3598 * between threads, you will need to enable this layer to prevent race
Manuel Pégourié-Gonnard02049dc2016-02-22 16:42:51 +00003599 * conditions. See also our Knowledge Base article about threading:
Dave Rodgmanb3196842022-10-12 16:47:08 +01003600 * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
Paul Bakker2466d932013-09-28 14:40:38 +02003601 *
3602 * Module: library/threading.c
3603 *
3604 * This allows different threading implementations (self-implemented or
3605 * provided).
3606 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003607 * You will have to enable either MBEDTLS_THREADING_ALT or
3608 * MBEDTLS_THREADING_PTHREAD.
Paul Bakker2466d932013-09-28 14:40:38 +02003609 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +02003610 * Enable this layer to allow use of mutexes within Mbed TLS
Paul Bakker2466d932013-09-28 14:40:38 +02003611 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003612//#define MBEDTLS_THREADING_C
Paul Bakker2466d932013-09-28 14:40:38 +02003613
3614/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003615 * \def MBEDTLS_TIMING_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003616 *
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01003617 * Enable the semi-portable timing interface.
3618 *
Simon Butcherd567a232016-03-09 20:19:21 +00003619 * \note The provided implementation only works on POSIX/Unix (including Linux,
3620 * BSD and OS X) and Windows. On other platforms, you can either disable that
Manuel Pégourié-Gonnard325ce092016-02-22 10:33:34 +01003621 * module and provide your own implementations of the callbacks needed by
3622 * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
3623 * your own implementation of the whole module by setting
3624 * \c MBEDTLS_TIMING_ALT in the current file.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003625 *
Andrzej Kurek57353692022-04-07 08:08:21 -04003626 * \note The timing module will include time.h on suitable platforms
3627 * regardless of the setting of MBEDTLS_HAVE_TIME, unless
3628 * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
3629 *
Manuel Pégourié-Gonnard02049dc2016-02-22 16:42:51 +00003630 * \note See also our Knowledge Base article about porting to a new
3631 * environment:
Dave Rodgmanb3196842022-10-12 16:47:08 +01003632 * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
Manuel Pégourié-Gonnard02049dc2016-02-22 16:42:51 +00003633 *
Paul Bakker5121ce52009-01-03 21:22:43 +00003634 * Module: library/timing.c
Paul Bakkerecd54fb2013-07-03 14:48:29 +02003635 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003636#define MBEDTLS_TIMING_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003637
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003638/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003639 * \def MBEDTLS_VERSION_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003640 *
3641 * Enable run-time version information.
3642 *
Paul Bakker0a62cd12011-01-21 11:00:08 +00003643 * Module: library/version.c
3644 *
3645 * This module provides run-time version information.
3646 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003647#define MBEDTLS_VERSION_C
Paul Bakker0a62cd12011-01-21 11:00:08 +00003648
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003649/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003650 * \def MBEDTLS_X509_USE_C
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003651 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02003652 * Enable X.509 core for using certificates.
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003653 *
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003654 * Module: library/x509.c
Simon Butcher2cb47392016-11-04 12:23:11 +00003655 * Caller: library/x509_crl.c
3656 * library/x509_crt.c
3657 * library/x509_csr.c
Paul Bakker5121ce52009-01-03 21:22:43 +00003658 *
Przemek Stekiel10836a02022-08-19 08:45:34 +02003659 * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
Przemek Stekiel278b6672022-08-03 09:50:38 +02003660 * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
3661 *
Manuel Pégourié-Gonnard72687b72022-09-15 12:23:58 +02003662 * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
3663 * psa_crypto_init() before doing any X.509 operation.
Paul Bakker5690efc2011-05-26 13:16:06 +00003664 *
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003665 * This module is required for the X.509 parsing modules.
Paul Bakker5121ce52009-01-03 21:22:43 +00003666 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003667#define MBEDTLS_X509_USE_C
Paul Bakker5121ce52009-01-03 21:22:43 +00003668
Paul Bakkerf3b86c12011-01-27 15:24:17 +00003669/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003670 * \def MBEDTLS_X509_CRT_PARSE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00003671 *
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003672 * Enable X.509 certificate parsing.
Paul Bakkerbdb912d2012-02-13 23:11:30 +00003673 *
Simon Butcher2cb47392016-11-04 12:23:11 +00003674 * Module: library/x509_crt.c
Ronald Cronde1adee2022-03-07 16:20:30 +01003675 * Caller: library/ssl_tls.c
3676 * library/ssl*_client.c
3677 * library/ssl*_server.c
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003678 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003679 * Requires: MBEDTLS_X509_USE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003680 *
3681 * This module is required for X.509 certificate parsing.
3682 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003683#define MBEDTLS_X509_CRT_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003684
3685/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003686 * \def MBEDTLS_X509_CRL_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003687 *
3688 * Enable X.509 CRL parsing.
3689 *
Simon Butcher2cb47392016-11-04 12:23:11 +00003690 * Module: library/x509_crl.c
3691 * Caller: library/x509_crt.c
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003692 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003693 * Requires: MBEDTLS_X509_USE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003694 *
3695 * This module is required for X.509 CRL parsing.
3696 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003697#define MBEDTLS_X509_CRL_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003698
3699/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003700 * \def MBEDTLS_X509_CSR_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003701 *
3702 * Enable X.509 Certificate Signing Request (CSR) parsing.
3703 *
Simon Butcher2cb47392016-11-04 12:23:11 +00003704 * Module: library/x509_csr.c
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003705 * Caller: library/x509_crt_write.c
3706 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003707 * Requires: MBEDTLS_X509_USE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003708 *
3709 * This module is used for reading X.509 certificate request.
3710 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003711#define MBEDTLS_X509_CSR_PARSE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003712
3713/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003714 * \def MBEDTLS_X509_CREATE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003715 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02003716 * Enable X.509 core for creating certificates.
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003717 *
3718 * Module: library/x509_create.c
Paul Bakkerbdb912d2012-02-13 23:11:30 +00003719 *
Przemek Stekiel10836a02022-08-19 08:45:34 +02003720 * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
Przemek Stekiel278b6672022-08-03 09:50:38 +02003721 * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
3722 *
Manuel Pégourié-Gonnard72687b72022-09-15 12:23:58 +02003723 * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
3724 * psa_crypto_init() before doing any X.509 create operation.
Paul Bakkerbdb912d2012-02-13 23:11:30 +00003725 *
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003726 * This module is the basis for creating X.509 certificates and CSRs.
3727 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003728#define MBEDTLS_X509_CREATE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003729
3730/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003731 * \def MBEDTLS_X509_CRT_WRITE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003732 *
3733 * Enable creating X.509 certificates.
3734 *
3735 * Module: library/x509_crt_write.c
3736 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003737 * Requires: MBEDTLS_X509_CREATE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003738 *
3739 * This module is required for X.509 certificate creation.
3740 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003741#define MBEDTLS_X509_CRT_WRITE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003742
3743/**
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003744 * \def MBEDTLS_X509_CSR_WRITE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003745 *
Manuel Pégourié-Gonnard09fff7e2013-09-20 13:45:36 +02003746 * Enable creating X.509 Certificate Signing Requests (CSR).
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003747 *
3748 * Module: library/x509_csr_write.c
3749 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003750 * Requires: MBEDTLS_X509_CREATE_C
Paul Bakker7c6b2c32013-09-16 13:49:26 +02003751 *
Paul Bakkerbdb912d2012-02-13 23:11:30 +00003752 * This module is required for X.509 certificate request writing.
3753 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003754#define MBEDTLS_X509_CSR_WRITE_C
Paul Bakkerbdb912d2012-02-13 23:11:30 +00003755
Gilles Peskinee820c0a2023-08-03 17:45:20 +02003756/** \} name SECTION: Mbed TLS modules */
Paul Bakker7a7c78f2009-01-04 18:15:48 +00003757
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003758/**
Gilles Peskineba4162a2022-04-11 17:04:38 +02003759 * \name SECTION: General configuration options
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003760 *
Gilles Peskined5793ce2022-04-13 23:05:10 +02003761 * This section contains Mbed TLS build settings that are not associated
3762 * with a particular module.
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003763 *
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003764 * \{
3765 */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003766
Gilles Peskinea02c1242022-03-16 17:03:19 +01003767/**
3768 * \def MBEDTLS_CONFIG_FILE
3769 *
3770 * If defined, this is a header which will be included instead of
3771 * `"mbedtls/mbedtls_config.h"`.
3772 * This header file specifies the compile-time configuration of Mbed TLS.
Gilles Peskineefffd642022-04-26 18:13:01 +02003773 * Unlike other configuration options, this one must be defined on the
3774 * compiler command line: a definition in `mbedtls_config.h` would have
3775 * no effect.
Gilles Peskinea02c1242022-03-16 17:03:19 +01003776 *
Gilles Peskine6457ef92022-04-11 16:42:37 +02003777 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
Gilles Peskinea02c1242022-03-16 17:03:19 +01003778 * non-standard feature of the C language, so this feature is only available
Gilles Peskine6457ef92022-04-11 16:42:37 +02003779 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
Gilles Peskinea02c1242022-03-16 17:03:19 +01003780 *
Gilles Peskine58ffcba2022-04-14 12:44:16 +02003781 * The value of this symbol is typically a path in double quotes, either
3782 * absolute or relative to a directory on the include search path.
Gilles Peskinea02c1242022-03-16 17:03:19 +01003783 */
3784//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
3785
3786/**
3787 * \def MBEDTLS_USER_CONFIG_FILE
3788 *
3789 * If defined, this is a header which will be included after
3790 * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
Gilles Peskinef68f43a2022-04-13 23:22:20 +02003791 * This allows you to modify the default configuration, including the ability
3792 * to undefine options that are enabled by default.
Gilles Peskinea02c1242022-03-16 17:03:19 +01003793 *
Gilles Peskine6457ef92022-04-11 16:42:37 +02003794 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
Gilles Peskinea02c1242022-03-16 17:03:19 +01003795 * non-standard feature of the C language, so this feature is only available
Gilles Peskine6457ef92022-04-11 16:42:37 +02003796 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
Gilles Peskinea02c1242022-03-16 17:03:19 +01003797 *
Gilles Peskine58ffcba2022-04-14 12:44:16 +02003798 * The value of this symbol is typically a path in double quotes, either
3799 * absolute or relative to a directory on the include search path.
Gilles Peskinea02c1242022-03-16 17:03:19 +01003800 */
3801//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
3802
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01003803/**
3804 * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
3805 *
3806 * If defined, this is a header which will be included instead of
3807 * `"psa/crypto_config.h"`.
3808 * This header file specifies which cryptographic mechanisms are available
3809 * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
3810 * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
3811 *
Gilles Peskine6457ef92022-04-11 16:42:37 +02003812 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01003813 * non-standard feature of the C language, so this feature is only available
Gilles Peskine6457ef92022-04-11 16:42:37 +02003814 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01003815 *
Gilles Peskine58ffcba2022-04-14 12:44:16 +02003816 * The value of this symbol is typically a path in double quotes, either
3817 * absolute or relative to a directory on the include search path.
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01003818 */
3819//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
3820
3821/**
3822 * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
3823 *
3824 * If defined, this is a header which will be included after
3825 * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
Gilles Peskinef68f43a2022-04-13 23:22:20 +02003826 * This allows you to modify the default configuration, including the ability
3827 * to undefine options that are enabled by default.
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01003828 *
Gilles Peskine6457ef92022-04-11 16:42:37 +02003829 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01003830 * non-standard feature of the C language, so this feature is only available
Gilles Peskine6457ef92022-04-11 16:42:37 +02003831 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01003832 *
Gilles Peskine58ffcba2022-04-14 12:44:16 +02003833 * The value of this symbol is typically a path in double quotes, either
3834 * absolute or relative to a directory on the include search path.
Gilles Peskinef4c6eb02022-03-16 17:10:48 +01003835 */
3836//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
3837
Gilles Peskineb1176f22023-02-22 22:07:28 +01003838/**
3839 * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
3840 *
3841 * If defined, this is a header which will be included instead of
3842 * `"psa/crypto_platform.h"`. This file should declare the same identifiers
3843 * as the one in Mbed TLS, but with definitions adapted to the platform on
3844 * which the library code will run.
3845 *
3846 * \note The required content of this header can vary from one version of
3847 * Mbed TLS to the next. Integrators who provide an alternative file
3848 * should review the changes in the original file whenever they
3849 * upgrade Mbed TLS.
3850 *
3851 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3852 * non-standard feature of the C language, so this feature is only available
3853 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3854 *
3855 * The value of this symbol is typically a path in double quotes, either
3856 * absolute or relative to a directory on the include search path.
3857 */
3858//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
3859
3860/**
3861 * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE
3862 *
3863 * If defined, this is a header which will be included instead of
3864 * `"psa/crypto_struct.h"`. This file should declare the same identifiers
3865 * as the one in Mbed TLS, but with definitions adapted to the environment
3866 * in which the library code will run. The typical use for this feature
3867 * is to provide alternative type definitions on the client side in
3868 * client-server integrations of PSA crypto, where operation structures
3869 * contain handles instead of cryptographic data.
3870 *
3871 * \note The required content of this header can vary from one version of
3872 * Mbed TLS to the next. Integrators who provide an alternative file
3873 * should review the changes in the original file whenever they
3874 * upgrade Mbed TLS.
3875 *
3876 * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3877 * non-standard feature of the C language, so this feature is only available
3878 * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3879 *
3880 * The value of this symbol is typically a path in double quotes, either
3881 * absolute or relative to a directory on the include search path.
3882 */
3883//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
3884
Gilles Peskineba4162a2022-04-11 17:04:38 +02003885/** \} name SECTION: General configuration options */
3886
3887/**
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003888 * \name SECTION: Module configuration options
3889 *
3890 * This section allows for the setting of module specific sizes and
3891 * configuration options. The default values are already present in the
3892 * relevant header files and should suffice for the regular use cases.
3893 *
3894 * Our advice is to enable options and change their values here
3895 * only if you have a good reason and know the consequences.
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003896 * \{
3897 */
Gilles Peskine3f49cc12022-04-13 23:21:16 +02003898/* The Doxygen documentation here is used when a user comments out a
3899 * setting and runs doxygen themselves. On the other hand, when we typeset
3900 * the full documentation including disabled settings, the documentation
3901 * in specific modules' header files is used if present. When editing this
3902 * file, make sure that each option is documented in exactly one place,
3903 * plus optionally a same-line Doxygen comment here if there is a Doxygen
3904 * comment in the specific module. */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003905
Paul Bakker088c5c52014-04-25 11:11:10 +02003906/* MPI / BIGNUM options */
Andrzej Kurek86f30ff2023-02-24 07:44:57 -05003907//#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003908//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003909
Paul Bakker088c5c52014-04-25 11:11:10 +02003910/* CTR_DRBG options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003911//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
3912//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
3913//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
3914//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
3915//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003916
Paul Bakker088c5c52014-04-25 11:11:10 +02003917/* HMAC_DRBG options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003918//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
3919//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
3920//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
3921//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003922
Paul Bakker088c5c52014-04-25 11:11:10 +02003923/* ECP options */
Gilles Peskine5752e592021-06-02 13:27:03 +02003924//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003925//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
Manuel Pégourié-Gonnard0520b602014-01-30 19:43:46 +01003926
Paul Bakker088c5c52014-04-25 11:11:10 +02003927/* Entropy options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003928//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
3929//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
Andres AG7abc9742016-09-23 17:58:49 +01003930//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
Paul Bakkere1b665e2013-12-11 16:02:58 +01003931
Paul Bakker088c5c52014-04-25 11:11:10 +02003932/* Memory buffer allocator options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003933//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003934
Paul Bakker088c5c52014-04-25 11:11:10 +02003935/* Platform options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003936//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
Andrzej Kurek84356a12023-05-06 08:33:56 -04003937
Andrzej Kurek2d981f02023-04-27 09:19:35 -04003938/** \def MBEDTLS_PLATFORM_STD_CALLOC
3939 *
Andrzej Kurekf14a5c32023-07-14 06:15:15 -04003940 * Default allocator to use, can be undefined.
Andrzej Kurekecaf6fb2023-05-04 17:07:57 -04003941 * It must initialize the allocated buffer memory to zeroes.
Andrzej Kurek2d981f02023-04-27 09:19:35 -04003942 * The size of the buffer is the product of the two parameters.
Andrzej Kurekecaf6fb2023-05-04 17:07:57 -04003943 * The calloc function returns either a null pointer or a pointer to the allocated space.
Andrzej Kurek2d981f02023-04-27 09:19:35 -04003944 * If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function.
Andrzej Kurekf14a5c32023-07-14 06:15:15 -04003945 * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
3946 * See the description of #MBEDTLS_PLATFORM_MEMORY for more details.
Andrzej Kurekecaf6fb2023-05-04 17:07:57 -04003947 * The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE.
Andrzej Kurek2d981f02023-04-27 09:19:35 -04003948 */
3949//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
Andrzej Kurek2b3c06e2023-07-03 06:52:37 -04003950
Andrzej Kurek2d981f02023-04-27 09:19:35 -04003951/** \def MBEDTLS_PLATFORM_STD_FREE
3952 *
Andrzej Kurekf14a5c32023-07-14 06:15:15 -04003953 * Default free to use, can be undefined.
Andrzej Kurek2d981f02023-04-27 09:19:35 -04003954 * NULL is a valid parameter, and the function must do nothing.
Andrzej Kurekecaf6fb2023-05-04 17:07:57 -04003955 * A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed.
Andrzej Kurekf14a5c32023-07-14 06:15:15 -04003956 * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
3957 * See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply).
Andrzej Kurek2d981f02023-04-27 09:19:35 -04003958 */
3959//#define MBEDTLS_PLATFORM_STD_FREE free
Gilles Peskine6497b5a2022-06-30 17:01:40 +02003960//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003961//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
Andres Amaya Garcia1e4ec662016-07-20 10:16:25 +01003962//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003963//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
3964//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
Antonin Décimo36e89b52019-01-23 15:24:37 +01003965/* Note: your snprintf must correctly zero-terminate the buffer! */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003966//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
Janos Follath91947442016-03-18 13:49:27 +00003967//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
3968//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
Paul Bakkercf0a9f92016-06-01 11:25:44 +01003969//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3970//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3971//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
Paul Bakker6e339b52013-07-03 13:37:05 +02003972
Andrzej Kurekecaf6fb2023-05-04 17:07:57 -04003973/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003974/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
Andrzej Kurek2d981f02023-04-27 09:19:35 -04003975//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */
3976//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003977//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
Gilles Peskine6497b5a2022-06-30 17:01:40 +02003978//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */
Andres Amaya Garcia1e4ec662016-07-20 10:16:25 +01003979//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3980//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003981//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
3982//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
Antonin Décimo36e89b52019-01-23 15:24:37 +01003983/* Note: your snprintf must correctly zero-terminate the buffer! */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02003984//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
k-stachowiak723f8672018-07-16 14:27:07 +02003985//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
Paul Bakkercf0a9f92016-06-01 11:25:44 +01003986//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3987//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
Jerry Yuf181e542023-02-23 17:16:26 +08003988//#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t /**< Default milliseconds time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled. It must be signed, and at least 64 bits. If it is changed from the default, MBEDTLS_PRINTF_MS_TIME must be updated to match.*/
Jerry Yu10ce5402023-02-21 15:39:02 +08003989//#define MBEDTLS_PRINTF_MS_TIME PRId64 /**< Default fmt for printf. That's avoid compiler warning if mbedtls_ms_time_t is redefined */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02003990
Gilles Peskine3f106f72021-09-23 17:42:39 +02003991/** \def MBEDTLS_CHECK_RETURN
3992 *
3993 * This macro is used at the beginning of the declaration of a function
3994 * to indicate that its return value should be checked. It should
3995 * instruct the compiler to emit a warning or an error if the function
3996 * is called without checking its return value.
3997 *
3998 * There is a default implementation for popular compilers in platform_util.h.
3999 * You can override the default implementation by defining your own here.
4000 *
4001 * If the implementation here is empty, this will effectively disable the
4002 * checking of functions' return values.
4003 */
Gilles Peskinecd79dfc2021-09-30 18:53:36 +02004004//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
Gilles Peskine3f106f72021-09-23 17:42:39 +02004005
Gilles Peskinefcc93d72021-09-30 18:56:17 +02004006/** \def MBEDTLS_IGNORE_RETURN
4007 *
4008 * This macro requires one argument, which should be a C function call.
4009 * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
4010 * warning is suppressed.
4011 */
4012//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
4013
Gilles Peskineed038902020-11-13 21:33:21 +01004014/* PSA options */
Gilles Peskine14c332b2020-11-14 12:26:53 +01004015/**
Gilles Peskineed038902020-11-13 21:33:21 +01004016 * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
4017 * PSA crypto subsystem.
4018 *
4019 * If this option is unset:
4020 * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
Gilles Peskineb0a748e2020-11-30 12:01:54 +01004021 * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
Gilles Peskineed038902020-11-13 21:33:21 +01004022 * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
4023 * on unspecified heuristics.
4024 */
4025//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
4026
Steven Cooreman863470a2021-02-15 14:03:19 +01004027/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
Steven Cooreman1f968fd2021-02-15 14:00:24 +01004028 * Restrict the PSA library to supporting a maximum amount of simultaneously
4029 * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
4030 * volatile key, or a persistent key which is loaded temporarily by the
4031 * library as part of a crypto operation in flight.
4032 *
4033 * If this option is unset, the library will fall back to a default value of
4034 * 32 keys.
4035 */
Steven Cooreman863470a2021-02-15 14:03:19 +01004036//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
Steven Cooreman1f968fd2021-02-15 14:00:24 +01004037
Waleed Elmelegyd7bdbbe2023-07-20 16:26:58 +00004038/* RSA OPTIONS */
Gilles Peskinef9e4caf2023-09-05 21:11:27 +02004039//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
Waleed Elmelegyd7bdbbe2023-07-20 16:26:58 +00004040
Paul Bakker088c5c52014-04-25 11:11:10 +02004041/* SSL Cache options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02004042//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
4043//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02004044
Paul Bakker088c5c52014-04-25 11:11:10 +02004045/* SSL options */
Angus Grattond8213d02016-05-25 20:56:48 +10004046
Angus Grattond8213d02016-05-25 20:56:48 +10004047/** \def MBEDTLS_SSL_IN_CONTENT_LEN
4048 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -05004049 * Maximum length (in bytes) of incoming plaintext fragments.
Angus Grattond8213d02016-05-25 20:56:48 +10004050 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -05004051 * This determines the size of the incoming TLS I/O buffer in such a way
4052 * that it is capable of holding the specified amount of plaintext data,
4053 * regardless of the protection mechanism used.
4054 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -05004055 * \note When using a value less than the default of 16KB on the client, it is
4056 * recommended to use the Maximum Fragment Length (MFL) extension to
4057 * inform the server about this limitation. On the server, there
4058 * is no supported, standardized way of informing the client about
4059 * restriction on the maximum size of incoming messages, and unless
4060 * the limitation has been communicated by other means, it is recommended
4061 * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
4062 * while keeping the default value of 16KB for the incoming buffer.
4063 *
David Horstmann95d516f2021-05-04 18:36:56 +01004064 * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
Angus Grattond8213d02016-05-25 20:56:48 +10004065 */
4066//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
4067
Gilles Peskined3d02902020-03-04 21:35:27 +01004068/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
4069 *
4070 * The maximum length of CIDs used for incoming DTLS messages.
4071 *
4072 */
4073//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
4074
4075/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
4076 *
4077 * The maximum length of CIDs used for outgoing DTLS messages.
4078 *
4079 */
4080//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
4081
TRodziewicze8dd7092021-05-12 14:19:11 +02004082/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
Gilles Peskined3d02902020-03-04 21:35:27 +01004083 *
4084 * This option controls the use of record plaintext padding
TRodziewicz1e660ed2021-05-26 17:08:54 +02004085 * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
Hanno Becker13996922020-05-28 16:15:19 +01004086 *
4087 * The padding will always be chosen so that the length of the
4088 * padded plaintext is a multiple of the value of this option.
4089 *
4090 * Note: A value of \c 1 means that no padding will be used
4091 * for outgoing records.
4092 *
4093 * Note: On systems lacking division instructions,
4094 * a power of two should be preferred.
4095 */
TRodziewicze8dd7092021-05-12 14:19:11 +02004096//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
Hanno Becker13996922020-05-28 16:15:19 +01004097
Angus Grattond8213d02016-05-25 20:56:48 +10004098/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
4099 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -05004100 * Maximum length (in bytes) of outgoing plaintext fragments.
Angus Grattond8213d02016-05-25 20:56:48 +10004101 *
Andrzej Kurekc470b6b2019-01-31 08:20:20 -05004102 * This determines the size of the outgoing TLS I/O buffer in such a way
4103 * that it is capable of holding the specified amount of plaintext data,
4104 * regardless of the protection mechanism used.
4105 *
Angus Grattond8213d02016-05-25 20:56:48 +10004106 * It is possible to save RAM by setting a smaller outward buffer, while keeping
4107 * the default inward 16384 byte buffer to conform to the TLS specification.
4108 *
4109 * The minimum required outward buffer size is determined by the handshake
4110 * protocol's usage. Handshaking will fail if the outward buffer is too small.
4111 * The specific size requirement depends on the configured ciphers and any
4112 * certificate data which is sent during the handshake.
4113 *
David Horstmann95d516f2021-05-04 18:36:56 +01004114 * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
Angus Grattond8213d02016-05-25 20:56:48 +10004115 */
4116//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
4117
Hanno Beckere0b150f2018-08-21 15:51:03 +01004118/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
4119 *
4120 * Maximum number of heap-allocated bytes for the purpose of
4121 * DTLS handshake message reassembly and future message buffering.
4122 *
Yuto Takano7828ca22021-08-10 11:26:15 +01004123 * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
Hanno Becker28007512018-08-28 09:46:44 +01004124 * to account for a reassembled handshake message of maximum size,
4125 * together with its reassembly bitmap.
4126 *
Hanno Becker97a1c132018-08-28 14:42:15 +01004127 * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
Hanno Becker28007512018-08-28 09:46:44 +01004128 * should be sufficient for all practical situations as it allows
4129 * to reassembly a large handshake message (such as a certificate)
4130 * while buffering multiple smaller handshake messages.
4131 *
Hanno Beckere0b150f2018-08-21 15:51:03 +01004132 */
Hanno Becker159a37f2018-08-24 15:07:29 +01004133//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
Hanno Beckere0b150f2018-08-21 15:51:03 +01004134
Ronald Cron1aa6e8d2023-02-23 09:46:54 +01004135//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02004136//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
Paul Bakker9bcf16c2013-06-24 19:31:17 +02004137
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +02004138/**
4139 * Complete list of ciphersuites to use, in order of preference.
4140 *
4141 * \warning No dependency checking is done on that field! This option can only
4142 * be used to restrict the set of available ciphersuites. It is your
4143 * responsibility to make sure the needed modules are active.
4144 *
4145 * Use this to save a few hundred bytes of ROM (default ordering of all
4146 * available ciphersuites) and a few to a few hundred bytes of RAM.
4147 *
4148 * The value below is only an example, not the default.
4149 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02004150//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +02004151
Gilles Peskinea8d7e432022-08-04 23:39:41 +02004152/**
Tom Cosgrovea63775b2023-09-14 13:31:19 +01004153 * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
4154 *
4155 * The default maximum amount of 0-RTT data. See the documentation of
Yanray Wang07517612023-11-07 11:47:36 +08004156 * \c mbedtls_ssl_conf_max_early_data_size() for more information.
Tom Cosgrovea63775b2023-09-14 13:31:19 +01004157 *
4158 * It must be positive and smaller than UINT32_MAX.
4159 *
4160 * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
4161 * have any impact on the build.
Tom Cosgrovea63775b2023-09-14 13:31:19 +01004162 */
4163//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
4164
4165/**
Gilles Peskinea8d7e432022-08-04 23:39:41 +02004166 * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
4167 *
Jerry Yucf913512023-11-14 11:06:52 +08004168 * Maximum allowed ticket age difference in milliseconds tolerated between
Jerry Yu034a8b72023-11-10 12:20:19 +08004169 * server and client. Default value is 6000. This is not used in TLS 1.2.
Gilles Peskinea8d7e432022-08-04 23:39:41 +02004170 *
Jerry Yu034a8b72023-11-10 12:20:19 +08004171 * - The client ticket age is the time difference between the time when the
4172 * client proposes to the server to use the ticket and the time the client
4173 * received the ticket from the server.
4174 * - The server ticket age is the time difference between the time when the
4175 * server receives a proposition from the client to use the ticket and the
4176 * time when the ticket was created by the server.
4177 *
Jerry Yucf913512023-11-14 11:06:52 +08004178 * The ages might be different due to the client and server clocks not running
4179 * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts
4180 * per million (360 to 72 milliseconds per hour). Default tolerance window is
4181 * 6s, thus in the worst case clients and servers must sync up their system time
4182 * every 6000/360/2~=8 hours.
Gilles Peskinea8d7e432022-08-04 23:39:41 +02004183 *
Jerry Yu04fceb72023-11-15 09:52:46 +08004184 * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.
Gilles Peskinea8d7e432022-08-04 23:39:41 +02004185 */
Gilles Peskined65ea422023-09-05 21:07:32 +02004186//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
Gilles Peskinea8d7e432022-08-04 23:39:41 +02004187
4188/**
4189 * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
4190 *
4191 * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
4192 *
4193 * This must be less than 256.
4194 */
Gilles Peskined65ea422023-09-05 21:07:32 +02004195//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
Gilles Peskinea8d7e432022-08-04 23:39:41 +02004196
4197/**
4198 * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
4199 *
4200 * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
4201 * after handshake completion. This is not used in TLS 1.2 and relevant only if
4202 * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
4203 *
4204 */
Gilles Peskined65ea422023-09-05 21:07:32 +02004205//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
Gilles Peskinea8d7e432022-08-04 23:39:41 +02004206
Manuel Pégourié-Gonnardfd6c85c2014-11-20 16:34:20 +01004207/* X509 options */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02004208//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
Andres AGf9113192016-09-02 14:06:04 +01004209//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
Manuel Pégourié-Gonnardfd6c85c2014-11-20 16:34:20 +01004210
Gilles Peskine611179c2022-04-13 23:04:48 +02004211/** \} name SECTION: Module configuration options */