| /** |
| * \file config.h |
| * |
| * \brief Configuration options (set of defines) |
| * |
| * This set of compile-time options may be used to enable |
| * or disable features selectively, and reduce the global |
| * memory footprint. |
| */ |
| /* |
| * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved |
| * SPDX-License-Identifier: Apache-2.0 |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| * not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| * |
| * This file is part of mbed TLS (https://tls.mbed.org) |
| */ |
| |
| #ifndef MBEDTLS_USER_CONFIG_HEADER |
| #define MBEDTLS_USER_CONFIG_HEADER |
| |
| /** |
| * \def MBEDTLS_HAVE_TIME_DATE |
| * |
| * System has time.h, time(), and an implementation for |
| * mbedtls_platform_gmtime_r() (see below). |
| * The time needs to be correct (not necessarily very accurate, but at least |
| * the date should be correct). This is used to verify the validity period of |
| * X.509 certificates. |
| * |
| * Comment if your system does not have a correct clock. |
| * |
| * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that |
| * behaves similarly to the gmtime_r() function from the C standard. Refer to |
| * the documentation for mbedtls_platform_gmtime_r() for more information. |
| * |
| * \note It is possible to configure an implementation for |
| * mbedtls_platform_gmtime_r() at compile-time by using the macro |
| * MBEDTLS_PLATFORM_GMTIME_R_ALT. |
| */ |
| #undef MBEDTLS_HAVE_TIME_DATE |
| |
| /** |
| * \def MBEDTLS_PLATFORM_EXIT_ALT |
| * |
| * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the |
| * function in the platform abstraction layer. |
| * |
| * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will |
| * provide a function "mbedtls_platform_set_printf()" that allows you to set an |
| * alternative printf function pointer. |
| * |
| * All these define require MBEDTLS_PLATFORM_C to be defined! |
| * |
| * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; |
| * it will be enabled automatically by check_config.h |
| * |
| * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as |
| * MBEDTLS_PLATFORM_XXX_MACRO! |
| * |
| * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME |
| * |
| * Uncomment a macro to enable alternate implementation of specific base |
| * platform function |
| */ |
| //#define MBEDTLS_PLATFORM_EXIT_ALT |
| #define MBEDTLS_PLATFORM_TIME_ALT |
| //#define MBEDTLS_PLATFORM_FPRINTF_ALT |
| //#define MBEDTLS_PLATFORM_PRINTF_ALT |
| //#define MBEDTLS_PLATFORM_SNPRINTF_ALT |
| //#define MBEDTLS_PLATFORM_NV_SEED_ALT |
| //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT |
| |
| /** |
| * \def MBEDTLS_ENTROPY_HARDWARE_ALT |
| * |
| * Uncomment this macro to let mbed TLS use your own implementation of a |
| * hardware entropy collector. |
| * |
| * Your function must be called \c mbedtls_hardware_poll(), have the same |
| * prototype as declared in entropy_poll.h, and accept NULL as first argument. |
| * |
| * Uncomment to use your own hardware entropy collector. |
| */ |
| #define MBEDTLS_ENTROPY_HARDWARE_ALT |
| /** |
| * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED |
| * |
| * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve |
| * module. By default all supported curves are enabled. |
| * |
| * Comment macros to disable the curve and functions for it |
| */ |
| #undef MBEDTLS_ECP_DP_SECP192R1_ENABLED |
| #undef MBEDTLS_ECP_DP_SECP224R1_ENABLED |
| //#define MBEDTLS_ECP_DP_SECP256R1_ENABLED |
| #undef MBEDTLS_ECP_DP_SECP384R1_ENABLED |
| #undef MBEDTLS_ECP_DP_SECP521R1_ENABLED |
| #undef MBEDTLS_ECP_DP_SECP192K1_ENABLED |
| #undef MBEDTLS_ECP_DP_SECP224K1_ENABLED |
| #undef MBEDTLS_ECP_DP_SECP256K1_ENABLED |
| #undef MBEDTLS_ECP_DP_BP256R1_ENABLED |
| #undef MBEDTLS_ECP_DP_BP384R1_ENABLED |
| #undef MBEDTLS_ECP_DP_BP512R1_ENABLED |
| //#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED |
| #undef MBEDTLS_ECP_DP_CURVE448_ENABLED |
| |
| /** |
| * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
| * |
| * Enable the PSK based ciphersuite modes in SSL / TLS. |
| * |
| * This enables the following ciphersuites (if other requisites are |
| * enabled as well): |
| * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 |
| * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 |
| * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA |
| * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
| * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
| * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 |
| * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 |
| * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA |
| * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
| * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
| * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA |
| * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA |
| */ |
| #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
| |
| /** |
| * \def MBEDTLS_PK_PARSE_EC_EXTENDED |
| * |
| * Enhance support for reading EC keys using variants of SEC1 not allowed by |
| * RFC 5915 and RFC 5480. |
| * |
| * Currently this means parsing the SpecifiedECDomain choice of EC |
| * parameters (only known groups are supported, not arbitrary domains, to |
| * avoid validation issues). |
| * |
| * Disable if you only need to support RFC 5915 + 5480 key formats. |
| */ |
| #undef MBEDTLS_PK_PARSE_EC_EXTENDED |
| |
| #undef MBEDTLS_FS_IO |
| |
| /** |
| * \def MBEDTLS_NO_PLATFORM_ENTROPY |
| * |
| * Do not use built-in platform entropy functions. |
| * This is useful if your platform does not support |
| * standards like the /dev/urandom or Windows CryptoAPI. |
| * |
| * Uncomment this macro to disable the built-in platform entropy functions. |
| */ |
| #define MBEDTLS_NO_PLATFORM_ENTROPY |
| |
| /** |
| * \def MBEDTLS_ENTROPY_FORCE_SHA256 |
| * |
| * Force the entropy accumulator to use a SHA-256 accumulator instead of the |
| * default SHA-512 based one (if both are available). |
| * |
| * Requires: MBEDTLS_SHA256_C |
| * |
| * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option |
| * if you have performance concerns. |
| * |
| * This option is only useful if both MBEDTLS_SHA256_C and |
| * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. |
| */ |
| #define MBEDTLS_ENTROPY_FORCE_SHA256 |
| |
| /** |
| * \def MBEDTLS_SELF_TEST |
| * |
| * Enable the checkup functions (*_self_test). |
| */ |
| #undef MBEDTLS_SELF_TEST |
| |
| /** |
| * \def MBEDTLS_SSL_FALLBACK_SCSV |
| * |
| * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). |
| * |
| * For servers, it is recommended to always enable this, unless you support |
| * only one version of TLS, or know for sure that none of your clients |
| * implements a fallback strategy. |
| * |
| * For clients, you only need this if you're using a fallback strategy, which |
| * is not recommended in the first place, unless you absolutely need it to |
| * interoperate with buggy (version-intolerant) servers. |
| * |
| * Comment this macro to disable support for FALLBACK_SCSV |
| */ |
| #undef MBEDTLS_SSL_FALLBACK_SCSV |
| |
| /** |
| * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING |
| * |
| * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. |
| * |
| * This is a countermeasure to the BEAST attack, which also minimizes the risk |
| * of interoperability issues compared to sending 0-length records. |
| * |
| * Comment this macro to disable 1/n-1 record splitting. |
| */ |
| #undef MBEDTLS_SSL_CBC_RECORD_SPLITTING |
| |
| /** |
| * \def MBEDTLS_SSL_RENEGOTIATION |
| * |
| * Enable support for TLS renegotiation. |
| * |
| * The two main uses of renegotiation are (1) refresh keys on long-lived |
| * connections and (2) client authentication after the initial handshake. |
| * If you don't need renegotiation, it's probably better to disable it, since |
| * it has been associated with security issues in the past and is easy to |
| * misuse/misunderstand. |
| * |
| * Comment this to disable support for renegotiation. |
| * |
| * \note Even if this option is disabled, both client and server are aware |
| * of the Renegotiation Indication Extension (RFC 5746) used to |
| * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). |
| * (See \c mbedtls_ssl_conf_legacy_renegotiation for the |
| * configuration of this extension). |
| * |
| */ |
| #undef MBEDTLS_SSL_RENEGOTIATION |
| |
| /** |
| * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO |
| * |
| * Enable support for receiving and parsing SSLv2 Client Hello messages for the |
| * SSL Server module (MBEDTLS_SSL_SRV_C). |
| * |
| * Uncomment this macro to enable support for SSLv2 Client Hello messages. |
| */ |
| //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO |
| |
| /** |
| * \def MBEDTLS_SSL_PROTO_TLS1 |
| * |
| * Enable support for TLS 1.0. |
| * |
| * Requires: MBEDTLS_MD5_C |
| * MBEDTLS_SHA1_C |
| * |
| * Comment this macro to disable support for TLS 1.0 |
| */ |
| #undef MBEDTLS_SSL_PROTO_TLS1 |
| |
| /** |
| * \def MBEDTLS_SSL_PROTO_TLS1_1 |
| * |
| * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). |
| * |
| * Requires: MBEDTLS_MD5_C |
| * MBEDTLS_SHA1_C |
| * |
| * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 |
| */ |
| #undef MBEDTLS_SSL_PROTO_TLS1_1 |
| |
| /** |
| * \def MBEDTLS_SSL_PROTO_DTLS |
| * |
| * Enable support for DTLS (all available versions). |
| * |
| * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, |
| * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. |
| * |
| * Requires: MBEDTLS_SSL_PROTO_TLS1_1 |
| * or MBEDTLS_SSL_PROTO_TLS1_2 |
| * |
| * Comment this macro to disable support for DTLS |
| */ |
| #undef MBEDTLS_SSL_PROTO_DTLS |
| |
| /** |
| * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY |
| * |
| * Enable support for the anti-replay mechanism in DTLS. |
| * |
| * Requires: MBEDTLS_SSL_TLS_C |
| * MBEDTLS_SSL_PROTO_DTLS |
| * |
| * \warning Disabling this is often a security risk! |
| * See mbedtls_ssl_conf_dtls_anti_replay() for details. |
| * |
| * Comment this to disable anti-replay in DTLS. |
| */ |
| #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY |
| |
| /** |
| * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY |
| * |
| * Enable support for HelloVerifyRequest on DTLS servers. |
| * |
| * This feature is highly recommended to prevent DTLS servers being used as |
| * amplifiers in DoS attacks against other hosts. It should always be enabled |
| * unless you know for sure amplification cannot be a problem in the |
| * environment in which your server operates. |
| * |
| * \warning Disabling this can ba a security risk! (see above) |
| * |
| * Requires: MBEDTLS_SSL_PROTO_DTLS |
| * |
| * Comment this to disable support for HelloVerifyRequest. |
| */ |
| #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY |
| |
| /** |
| * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE |
| * |
| * Enable server-side support for clients that reconnect from the same port. |
| * |
| * Some clients unexpectedly close the connection and try to reconnect using the |
| * same source port. This needs special support from the server to handle the |
| * new connection securely, as described in section 4.2.8 of RFC 6347. This |
| * flag enables that support. |
| * |
| * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY |
| * |
| * Comment this to disable support for clients reusing the source port. |
| */ |
| #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE |
| |
| /** |
| * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT |
| * |
| * Enable support for a limit of records with bad MAC. |
| * |
| * See mbedtls_ssl_conf_dtls_badmac_limit(). |
| * |
| * Requires: MBEDTLS_SSL_PROTO_DTLS |
| */ |
| #undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT |
| |
| /** |
| * \def MBEDTLS_SSL_SESSION_TICKETS |
| * |
| * Enable support for RFC 5077 session tickets in SSL. |
| * Client-side, provides full support for session tickets (maintenance of a |
| * session store remains the responsibility of the application, though). |
| * Server-side, you also need to provide callbacks for writing and parsing |
| * tickets, including authenticated encryption and key management. Example |
| * callbacks are provided by MBEDTLS_SSL_TICKET_C. |
| * |
| * Comment this macro to disable support for SSL session tickets |
| */ |
| #undef MBEDTLS_SSL_SESSION_TICKETS |
| |
| /** |
| * \def MBEDTLS_SSL_EXPORT_KEYS |
| * |
| * Enable support for exporting key block and master secret. |
| * This is required for certain users of TLS, e.g. EAP-TLS. |
| * |
| * Comment this macro to disable support for key export |
| */ |
| #undef MBEDTLS_SSL_EXPORT_KEYS |
| |
| /** |
| * \def MBEDTLS_SSL_TRUNCATED_HMAC |
| * |
| * Enable support for RFC 6066 truncated HMAC in SSL. |
| * |
| * Comment this macro to disable support for truncated HMAC in SSL |
| */ |
| #undef MBEDTLS_SSL_TRUNCATED_HMAC |
| |
| /** |
| * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT |
| * |
| * Enable parsing and verification of X.509 certificates, CRLs and CSRS |
| * signed with RSASSA-PSS (aka PKCS#1 v2.1). |
| * |
| * Comment this macro to disallow using RSASSA-PSS in certificates. |
| */ |
| #undef MBEDTLS_X509_RSASSA_PSS_SUPPORT |
| |
| /** |
| * \def MBEDTLS_AESNI_C |
| * |
| * Enable AES-NI support on x86-64. |
| * |
| * Module: library/aesni.c |
| * Caller: library/aes.c |
| * |
| * Requires: MBEDTLS_HAVE_ASM |
| * |
| * This modules adds support for the AES-NI instructions on x86-64 |
| */ |
| #undef MBEDTLS_AESNI_C |
| |
| /** |
| * \def MBEDTLS_NET_C |
| * |
| * Enable the TCP and UDP over IPv6/IPv4 networking routines. |
| * |
| * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) |
| * and Windows. For other platforms, you'll want to disable it, and write your |
| * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). |
| * |
| * \note See also our Knowledge Base article about porting to a new |
| * environment: |
| * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS |
| * |
| * Module: library/net_sockets.c |
| * |
| * This module provides networking routines. |
| */ |
| #undef MBEDTLS_NET_C |
| |
| /** |
| * \def MBEDTLS_SSL_COOKIE_C |
| * |
| * Enable basic implementation of DTLS cookies for hello verification. |
| * |
| * Module: library/ssl_cookie.c |
| * Caller: |
| */ |
| #undef MBEDTLS_SSL_COOKIE_C |
| |
| /** |
| * \def MBEDTLS_TIMING_C |
| * |
| * Enable the semi-portable timing interface. |
| * |
| * \note The provided implementation only works on POSIX/Unix (including Linux, |
| * BSD and OS X) and Windows. On other platforms, you can either disable that |
| * module and provide your own implementations of the callbacks needed by |
| * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide |
| * your own implementation of the whole module by setting |
| * \c MBEDTLS_TIMING_ALT in the current file. |
| * |
| * \note See also our Knowledge Base article about porting to a new |
| * environment: |
| * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS |
| * |
| * Module: library/timing.c |
| * Caller: library/havege.c |
| * |
| * This module is used by the HAVEGE random number generator. |
| */ |
| #undef MBEDTLS_TIMING_C |
| |
| /** |
| * \def MBEDTLS_X509_CRL_PARSE_C |
| * |
| * Enable X.509 CRL parsing. |
| * |
| * Module: library/x509_crl.c |
| * Caller: library/x509_crt.c |
| * |
| * Requires: MBEDTLS_X509_USE_C |
| * |
| * This module is required for X.509 CRL parsing. |
| */ |
| //#undef MBEDTLS_X509_CRL_PARSE_C |
| |
| /** |
| * \def MBEDTLS_X509_CSR_PARSE_C |
| * |
| * Enable X.509 Certificate Signing Request (CSR) parsing. |
| * |
| * Module: library/x509_csr.c |
| * Caller: library/x509_crt_write.c |
| * |
| * Requires: MBEDTLS_X509_USE_C |
| * |
| * This module is used for reading X.509 certificate request. |
| */ |
| //#undef MBEDTLS_X509_CSR_PARSE_C |
| |
| /** |
| * \def MBEDTLS_X509_CREATE_C |
| * |
| * Enable X.509 core for creating certificates. |
| * |
| * Module: library/x509_create.c |
| * |
| * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C |
| * |
| * This module is the basis for creating X.509 certificates and CSRs. |
| */ |
| //#undef MBEDTLS_X509_CREATE_C |
| |
| /** |
| * \def MBEDTLS_X509_CSR_WRITE_C |
| * |
| * Enable creating X.509 Certificate Signing Requests (CSR). |
| * |
| * Module: library/x509_csr_write.c |
| * |
| * Requires: MBEDTLS_X509_CREATE_C |
| * |
| * This module is required for X.509 certificate request writing. |
| */ |
| //#undef MBEDTLS_X509_CSR_WRITE_C |
| |
| /** |
| * \def MBEDTLS_X509_CRT_WRITE_C |
| * |
| * Enable creating X.509 certificates. |
| * |
| * Module: library/x509_crt_write.c |
| * |
| * Requires: MBEDTLS_X509_CREATE_C |
| * |
| * This module is required for X.509 certificate creation. |
| */ |
| //#undef MBEDTLS_X509_CRT_WRITE_C |
| |
| /** |
| * \def MBEDTLS_CERTS_C |
| * |
| * Enable the test certificates. |
| * |
| * Module: library/certs.c |
| * Caller: |
| * |
| * This module is used for testing (ssl_client/server). |
| */ |
| #undef MBEDTLS_CERTS_C |
| |
| /** |
| * \def MBEDTLS_ERROR_C |
| * |
| * Enable error code to error string conversion. |
| * |
| * Module: library/error.c |
| * Caller: |
| * |
| * This module enables mbedtls_strerror(). |
| */ |
| #undef MBEDTLS_ERROR_C |
| |
| /** |
| * \def MBEDTLS_PADLOCK_C |
| * |
| * Enable VIA Padlock support on x86. |
| * |
| * Module: library/padlock.c |
| * Caller: library/aes.c |
| * |
| * Requires: MBEDTLS_HAVE_ASM |
| * |
| * This modules adds support for the VIA PadLock on x86. |
| */ |
| #undef MBEDTLS_PADLOCK_C |
| |
| /** |
| * \def MBEDTLS_RIPEMD160_C |
| * |
| * Enable the RIPEMD-160 hash algorithm. |
| * |
| * Module: library/ripemd160.c |
| * Caller: library/md.c |
| * |
| */ |
| #undef MBEDTLS_RIPEMD160_C |
| |
| /** |
| * \def MBEDTLS_PK_RSA_ALT_SUPPORT |
| * |
| * Support external private RSA keys (eg from a HSM) in the PK layer. |
| * |
| * Comment this macro to disable support for external private RSA keys. |
| */ |
| #undef MBEDTLS_PK_RSA_ALT_SUPPORT |
| |
| /** |
| * \def MBEDTLS_ARC4_C |
| * |
| * Enable the ARCFOUR stream cipher. |
| * |
| * Module: library/arc4.c |
| * Caller: library/cipher.c |
| * |
| * This module enables the following ciphersuites (if other requisites are |
| * enabled as well): |
| * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA |
| * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA |
| * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA |
| * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA |
| * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 |
| * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA |
| * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA |
| * |
| * \warning ARC4 is considered a weak cipher and its use constitutes a |
| * security risk. If possible, we recommend avoidng dependencies on |
| * it, and considering stronger ciphers instead. |
| * |
| */ |
| #undef MBEDTLS_ARC4_C |
| |
| /** |
| * \def MBEDTLS_XTEA_C |
| * |
| * Enable the XTEA block cipher. |
| * |
| * Module: library/xtea.c |
| * Caller: |
| */ |
| #undef MBEDTLS_XTEA_C |
| |
| /** |
| * \def MBEDTLS_BLOWFISH_C |
| * |
| * Enable the Blowfish block cipher. |
| * |
| * Module: library/blowfish.c |
| */ |
| #undef MBEDTLS_BLOWFISH_C |
| |
| /** |
| * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
| * |
| * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. |
| * |
| * Requires: MBEDTLS_DHM_C |
| * |
| * This enables the following ciphersuites (if other requisites are |
| * enabled as well): |
| * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
| * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
| * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA |
| * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
| * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
| * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
| * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
| * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA |
| * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
| * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
| * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA |
| * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA |
| * |
| * \warning Using DHE constitutes a security risk as it |
| * is not possible to validate custom DH parameters. |
| * If possible, it is recommended users should consider |
| * preferring other methods of key exchange. |
| * See dhm.h for more details. |
| * |
| */ |
| #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
| |
| /** |
| * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
| * |
| * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. |
| * |
| * Requires: MBEDTLS_ECDH_C |
| * |
| * This enables the following ciphersuites (if other requisites are |
| * enabled as well): |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA |
| * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA |
| */ |
| #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
| |
| /** |
| * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
| * |
| * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. |
| * |
| * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, |
| * MBEDTLS_X509_CRT_PARSE_C |
| * |
| * This enables the following ciphersuites (if other requisites are |
| * enabled as well): |
| * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 |
| * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 |
| * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA |
| * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 |
| * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 |
| * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 |
| * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 |
| * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA |
| * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 |
| * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 |
| * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA |
| * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA |
| */ |
| #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
| |
| /** |
| * \def MBEDTLS_PSA_CRYPTO_C |
| * |
| * Enable the Platform Security Architecture cryptography API. |
| * |
| * \warning The PSA Crypto API is still beta status. While you're welcome to |
| * experiment using it, incompatible API changes are still possible, and some |
| * parts may not have reached the same quality as the rest of Mbed TLS yet. |
| * |
| * Module: library/psa_crypto.c |
| * |
| * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C |
| * |
| */ |
| #undef MBEDTLS_PSA_CRYPTO_C |
| |
| /** |
| * \def MBEDTLS_PSA_CRYPTO_STORAGE_C |
| * |
| * Enable the Platform Security Architecture persistent key storage. |
| * |
| * Module: library/psa_crypto_storage.c |
| * |
| * Requires: MBEDTLS_PSA_CRYPTO_C, |
| * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of |
| * the PSA ITS interface |
| */ |
| #undef MBEDTLS_PSA_CRYPTO_STORAGE_C |
| |
| /** |
| * \def MBEDTLS_PSA_ITS_FILE_C |
| * |
| * Enable the emulation of the Platform Security Architecture |
| * Internal Trusted Storage (PSA ITS) over files. |
| * |
| * Module: library/psa_its_file.c |
| * |
| * Requires: MBEDTLS_FS_IO |
| */ |
| #undef MBEDTLS_PSA_ITS_FILE_C |
| |
| /** |
| * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE |
| * |
| * This option controls the availability of the API mbedtls_ssl_get_peer_cert() |
| * giving access to the peer's certificate after completion of the handshake. |
| * |
| * Unless you need mbedtls_ssl_peer_cert() in your application, it is |
| * recommended to disable this option for reduced RAM usage. |
| * |
| * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still |
| * defined, but always returns \c NULL. |
| * |
| * \note This option has no influence on the protection against the |
| * triple handshake attack. Even if it is disabled, Mbed TLS will |
| * still ensure that certificates do not change during renegotiation, |
| * for exaple by keeping a hash of the peer's certificate. |
| * |
| * Comment this macro to disable storing the peer's certificate |
| * after the handshake. |
| */ |
| #undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE |
| |
| /** |
| * \def MBEDTLS_DEPRECATED_REMOVED |
| * |
| * Remove deprecated functions and features so that they generate an error if |
| * used. Functionality deprecated in one version will usually be removed in the |
| * next version. You can enable this to help you prepare the transition to a |
| * new major version by making sure your code is not using this functionality. |
| * |
| * Uncomment to get errors on using deprecated functions and features. |
| */ |
| #define MBEDTLS_DEPRECATED_REMOVED |
| |
| #endif /* MBEDTLS_USER_CONFIG_HEADER */ |