| Gilles Peskine | edc2379 | 2023-09-04 17:53:11 +0200 | [diff] [blame] | 1 | /** |
| 2 | * \file mbedtls/config_adjust_ssl.h |
| 3 | * \brief Adjust TLS configuration |
| 4 | * |
| Gilles Peskine | e0ec8f5 | 2024-04-26 14:18:10 +0200 | [diff] [blame] | 5 | * This is an internal header. Do not include it directly. |
| 6 | * |
| Wenxing Hou | 848bccf | 2024-06-19 11:04:13 +0800 | [diff] [blame] | 7 | * Automatically enable certain dependencies. Generally, MBEDTLS_xxx |
| Gilles Peskine | edc2379 | 2023-09-04 17:53:11 +0200 | [diff] [blame] | 8 | * configurations need to be explicitly enabled by the user: enabling |
| 9 | * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a |
| 10 | * compilation error. However, we do automatically enable certain options |
| 11 | * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option |
| 12 | * used to identify parts of a module that are used by other module, and we |
| 13 | * don't want to make the symbol MBEDTLS_xxx_B part of the public API. |
| 14 | * Another case is if A didn't depend on B in earlier versions, and we |
| 15 | * want to use B in A but we need to preserve backward compatibility with |
| 16 | * configurations that explicitly activate MBEDTLS_xxx_A but not |
| 17 | * MBEDTLS_xxx_B. |
| 18 | */ |
| 19 | /* |
| 20 | * Copyright The Mbed TLS Contributors |
| Dave Rodgman | 16799db | 2023-11-02 19:47:20 +0000 | [diff] [blame] | 21 | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| Gilles Peskine | edc2379 | 2023-09-04 17:53:11 +0200 | [diff] [blame] | 22 | */ |
| 23 | |
| 24 | #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H |
| 25 | #define MBEDTLS_CONFIG_ADJUST_SSL_H |
| 26 | |
| Gilles Peskine | 66b2742 | 2024-05-16 14:46:09 +0200 | [diff] [blame] | 27 | #if !defined(MBEDTLS_CONFIG_FILES_READ) |
| 28 | #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ |
| 29 | "up to and including runtime errors such as buffer overflows. " \ |
| 30 | "If you're trying to fix a complaint from check_config.h, just remove " \ |
| 31 | "it from your configuration file: since Mbed TLS 3.0, it is included " \ |
| Gilles Peskine | d537799 | 2024-05-29 09:33:04 +0200 | [diff] [blame] | 32 | "automatically at the right point." |
| Gilles Peskine | 66b2742 | 2024-05-16 14:46:09 +0200 | [diff] [blame] | 33 | #endif /* */ |
| 34 | |
| Gilles Peskine | edc2379 | 2023-09-04 17:53:11 +0200 | [diff] [blame] | 35 | /* The following blocks make it easier to disable all of TLS, |
| 36 | * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all |
| 37 | * key exchanges, options and extensions related to them. */ |
| 38 | |
| 39 | #if !defined(MBEDTLS_SSL_TLS_C) |
| 40 | #undef MBEDTLS_SSL_CLI_C |
| 41 | #undef MBEDTLS_SSL_SRV_C |
| 42 | #undef MBEDTLS_SSL_PROTO_TLS1_3 |
| 43 | #undef MBEDTLS_SSL_PROTO_TLS1_2 |
| 44 | #undef MBEDTLS_SSL_PROTO_DTLS |
| 45 | #endif |
| 46 | |
| Ronald Cron | d1100b0 | 2023-11-21 13:02:39 +0100 | [diff] [blame] | 47 | #if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)) |
| 48 | #undef MBEDTLS_SSL_TICKET_C |
| 49 | #endif |
| 50 | |
| Gilles Peskine | edc2379 | 2023-09-04 17:53:11 +0200 | [diff] [blame] | 51 | #if !defined(MBEDTLS_SSL_PROTO_DTLS) |
| 52 | #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY |
| 53 | #undef MBEDTLS_SSL_DTLS_CONNECTION_ID |
| 54 | #undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT |
| 55 | #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY |
| 56 | #undef MBEDTLS_SSL_DTLS_SRTP |
| 57 | #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE |
| 58 | #endif |
| 59 | |
| 60 | #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| 61 | #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC |
| 62 | #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET |
| 63 | #undef MBEDTLS_SSL_RENEGOTIATION |
| 64 | #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
| 65 | #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
| 66 | #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
| 67 | #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| 68 | #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
| 69 | #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
| 70 | #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
| 71 | #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
| 72 | #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
| 73 | #undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
| 74 | #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED |
| 75 | #endif |
| 76 | |
| 77 | #if !defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| 78 | #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED |
| 79 | #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED |
| 80 | #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED |
| 81 | #undef MBEDTLS_SSL_EARLY_DATA |
| Waleed Elmelegy | 09561a7 | 2024-01-10 16:13:53 +0000 | [diff] [blame] | 82 | #undef MBEDTLS_SSL_RECORD_SIZE_LIMIT |
| Gilles Peskine | edc2379 | 2023-09-04 17:53:11 +0200 | [diff] [blame] | 83 | #endif |
| 84 | |
| 85 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
| 86 | (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
| 87 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) |
| 88 | #define MBEDTLS_SSL_TLS1_2_SOME_ECC |
| 89 | #endif |
| 90 | |
| 91 | #endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */ |