Google Git
Sign in
pigweed / third_party / github / project-chip / connectedhomeip / fad4f23f1b5174bfb6165b54a767f3114f7708e4 / . / third_party / infineon / psoc6 / psoc6_sdk / configs / mbedtls_user_config.h
blob: 45a1fd8fd09430f35e096174ccb6139f83b6017e [file] [log] [blame]
/**
* \file config.h
*
* \brief Configuration options (set of defines)
*
* This set of compile-time options may be used to enable
* or disable features selectively, and reduce the global
* memory footprint.
*/
/*
* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_USER_CONFIG_HEADER
#define MBEDTLS_USER_CONFIG_HEADER
/**
* \def MBEDTLS_HAVE_TIME_DATE
*
* System has time.h, time(), and an implementation for
* mbedtls_platform_gmtime_r() (see below).
* The time needs to be correct (not necessarily very accurate, but at least
* the date should be correct). This is used to verify the validity period of
* X.509 certificates.
*
* Comment if your system does not have a correct clock.
*
* \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
* behaves similarly to the gmtime_r() function from the C standard. Refer to
* the documentation for mbedtls_platform_gmtime_r() for more information.
*
* \note It is possible to configure an implementation for
* mbedtls_platform_gmtime_r() at compile-time by using the macro
* MBEDTLS_PLATFORM_GMTIME_R_ALT.
*/
#undef MBEDTLS_HAVE_TIME_DATE
/**
* \def MBEDTLS_PLATFORM_EXIT_ALT
*
* MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
* function in the platform abstraction layer.
*
* Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
* All these define require MBEDTLS_PLATFORM_C to be defined!
*
* \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
* it will be enabled automatically by check_config.h
*
* \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
* MBEDTLS_PLATFORM_XXX_MACRO!
*
* Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
*
* Uncomment a macro to enable alternate implementation of specific base
* platform function
*/
//#define MBEDTLS_PLATFORM_EXIT_ALT
#define MBEDTLS_PLATFORM_TIME_ALT
//#define MBEDTLS_PLATFORM_FPRINTF_ALT
//#define MBEDTLS_PLATFORM_PRINTF_ALT
//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
//#define MBEDTLS_PLATFORM_NV_SEED_ALT
//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
* hardware entropy collector.
*
* Your function must be called \c mbedtls_hardware_poll(), have the same
* prototype as declared in entropy_poll.h, and accept NULL as first argument.
*
* Uncomment to use your own hardware entropy collector.
*/
#define MBEDTLS_ENTROPY_HARDWARE_ALT
/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
* module. By default all supported curves are enabled.
*
* Comment macros to disable the curve and functions for it
*/
#undef MBEDTLS_ECP_DP_SECP192R1_ENABLED
#undef MBEDTLS_ECP_DP_SECP224R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#undef MBEDTLS_ECP_DP_SECP384R1_ENABLED
#undef MBEDTLS_ECP_DP_SECP521R1_ENABLED
#undef MBEDTLS_ECP_DP_SECP192K1_ENABLED
#undef MBEDTLS_ECP_DP_SECP224K1_ENABLED
#undef MBEDTLS_ECP_DP_SECP256K1_ENABLED
#undef MBEDTLS_ECP_DP_BP256R1_ENABLED
#undef MBEDTLS_ECP_DP_BP384R1_ENABLED
#undef MBEDTLS_ECP_DP_BP512R1_ENABLED
//#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED
#undef MBEDTLS_ECP_DP_CURVE448_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
*
* Enable the PSK based ciphersuite modes in SSL / TLS.
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
/**
* \def MBEDTLS_PK_PARSE_EC_EXTENDED
*
* Enhance support for reading EC keys using variants of SEC1 not allowed by
* RFC 5915 and RFC 5480.
*
* Currently this means parsing the SpecifiedECDomain choice of EC
* parameters (only known groups are supported, not arbitrary domains, to
* avoid validation issues).
*
* Disable if you only need to support RFC 5915 + 5480 key formats.
*/
#undef MBEDTLS_PK_PARSE_EC_EXTENDED
#undef MBEDTLS_FS_IO
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
*
* Do not use built-in platform entropy functions.
* This is useful if your platform does not support
* standards like the /dev/urandom or Windows CryptoAPI.
*
* Uncomment this macro to disable the built-in platform entropy functions.
*/
#define MBEDTLS_NO_PLATFORM_ENTROPY
/**
* \def MBEDTLS_ENTROPY_FORCE_SHA256
*
* Force the entropy accumulator to use a SHA-256 accumulator instead of the
* default SHA-512 based one (if both are available).
*
* Requires: MBEDTLS_SHA256_C
*
* On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
* if you have performance concerns.
*
* This option is only useful if both MBEDTLS_SHA256_C and
* MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
*/
#define MBEDTLS_ENTROPY_FORCE_SHA256
/**
* \def MBEDTLS_SELF_TEST
*
* Enable the checkup functions (*_self_test).
*/
#undef MBEDTLS_SELF_TEST
/**
* \def MBEDTLS_SSL_FALLBACK_SCSV
*
* Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
*
* For servers, it is recommended to always enable this, unless you support
* only one version of TLS, or know for sure that none of your clients
* implements a fallback strategy.
*
* For clients, you only need this if you're using a fallback strategy, which
* is not recommended in the first place, unless you absolutely need it to
* interoperate with buggy (version-intolerant) servers.
*
* Comment this macro to disable support for FALLBACK_SCSV
*/
#undef MBEDTLS_SSL_FALLBACK_SCSV
/**
* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
*
* Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
*
* This is a countermeasure to the BEAST attack, which also minimizes the risk
* of interoperability issues compared to sending 0-length records.
*
* Comment this macro to disable 1/n-1 record splitting.
*/
#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING
/**
* \def MBEDTLS_SSL_RENEGOTIATION
*
* Enable support for TLS renegotiation.
*
* The two main uses of renegotiation are (1) refresh keys on long-lived
* connections and (2) client authentication after the initial handshake.
* If you don't need renegotiation, it's probably better to disable it, since
* it has been associated with security issues in the past and is easy to
* misuse/misunderstand.
*
* Comment this to disable support for renegotiation.
*
* \note Even if this option is disabled, both client and server are aware
* of the Renegotiation Indication Extension (RFC 5746) used to
* prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
* (See \c mbedtls_ssl_conf_legacy_renegotiation for the
* configuration of this extension).
*
*/
#undef MBEDTLS_SSL_RENEGOTIATION
/**
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
*
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
* SSL Server module (MBEDTLS_SSL_SRV_C).
*
* Uncomment this macro to enable support for SSLv2 Client Hello messages.
*/
//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
/**
* \def MBEDTLS_SSL_PROTO_TLS1
*
* Enable support for TLS 1.0.
*
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* Comment this macro to disable support for TLS 1.0
*/
#undef MBEDTLS_SSL_PROTO_TLS1
/**
* \def MBEDTLS_SSL_PROTO_TLS1_1
*
* Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
*
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
*
* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
*/
#undef MBEDTLS_SSL_PROTO_TLS1_1
/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
*
* Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
* and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
*
* Requires: MBEDTLS_SSL_PROTO_TLS1_1
* or MBEDTLS_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for DTLS
*/
#undef MBEDTLS_SSL_PROTO_DTLS
/**
* \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
*
* Enable support for the anti-replay mechanism in DTLS.
*
* Requires: MBEDTLS_SSL_TLS_C
* MBEDTLS_SSL_PROTO_DTLS
*
* \warning Disabling this is often a security risk!
* See mbedtls_ssl_conf_dtls_anti_replay() for details.
*
* Comment this to disable anti-replay in DTLS.
*/
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
/**
* \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
*
* Enable support for HelloVerifyRequest on DTLS servers.
*
* This feature is highly recommended to prevent DTLS servers being used as
* amplifiers in DoS attacks against other hosts. It should always be enabled
* unless you know for sure amplification cannot be a problem in the
* environment in which your server operates.
*
* \warning Disabling this can ba a security risk! (see above)
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*
* Comment this to disable support for HelloVerifyRequest.
*/
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
/**
* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
*
* Enable server-side support for clients that reconnect from the same port.
*
* Some clients unexpectedly close the connection and try to reconnect using the
* same source port. This needs special support from the server to handle the
* new connection securely, as described in section 4.2.8 of RFC 6347. This
* flag enables that support.
*
* Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
*
* Comment this to disable support for clients reusing the source port.
*/
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
/**
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
*
* Enable support for a limit of records with bad MAC.
*
* See mbedtls_ssl_conf_dtls_badmac_limit().
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT
/**
* \def MBEDTLS_SSL_SESSION_TICKETS
*
* Enable support for RFC 5077 session tickets in SSL.
* Client-side, provides full support for session tickets (maintenance of a
* session store remains the responsibility of the application, though).
* Server-side, you also need to provide callbacks for writing and parsing
* tickets, including authenticated encryption and key management. Example
* callbacks are provided by MBEDTLS_SSL_TICKET_C.
*
* Comment this macro to disable support for SSL session tickets
*/
#undef MBEDTLS_SSL_SESSION_TICKETS
/**
* \def MBEDTLS_SSL_EXPORT_KEYS
*
* Enable support for exporting key block and master secret.
* This is required for certain users of TLS, e.g. EAP-TLS.
*
* Comment this macro to disable support for key export
*/
#undef MBEDTLS_SSL_EXPORT_KEYS
/**
* \def MBEDTLS_SSL_TRUNCATED_HMAC
*
* Enable support for RFC 6066 truncated HMAC in SSL.
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
#undef MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
*
* Enable parsing and verification of X.509 certificates, CRLs and CSRS
* signed with RSASSA-PSS (aka PKCS#1 v2.1).
*
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#undef MBEDTLS_X509_RSASSA_PSS_SUPPORT
/**
* \def MBEDTLS_AESNI_C
*
* Enable AES-NI support on x86-64.
*
* Module: library/aesni.c
* Caller: library/aes.c
*
* Requires: MBEDTLS_HAVE_ASM
*
* This modules adds support for the AES-NI instructions on x86-64
*/
#undef MBEDTLS_AESNI_C
/**
* \def MBEDTLS_NET_C
*
* Enable the TCP and UDP over IPv6/IPv4 networking routines.
*
* \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
* and Windows. For other platforms, you'll want to disable it, and write your
* own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
*
* \note See also our Knowledge Base article about porting to a new
* environment:
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
*
* Module: library/net_sockets.c
*
* This module provides networking routines.
*/
#undef MBEDTLS_NET_C
/**
* \def MBEDTLS_SSL_COOKIE_C
*
* Enable basic implementation of DTLS cookies for hello verification.
*
* Module: library/ssl_cookie.c
* Caller:
*/
#undef MBEDTLS_SSL_COOKIE_C
/**
* \def MBEDTLS_TIMING_C
*
* Enable the semi-portable timing interface.
*
* \note The provided implementation only works on POSIX/Unix (including Linux,
* BSD and OS X) and Windows. On other platforms, you can either disable that
* module and provide your own implementations of the callbacks needed by
* \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
* your own implementation of the whole module by setting
* \c MBEDTLS_TIMING_ALT in the current file.
*
* \note See also our Knowledge Base article about porting to a new
* environment:
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
*
* Module: library/timing.c
* Caller: library/havege.c
*
* This module is used by the HAVEGE random number generator.
*/
#undef MBEDTLS_TIMING_C
/**
* \def MBEDTLS_X509_CRL_PARSE_C
*
* Enable X.509 CRL parsing.
*
* Module: library/x509_crl.c
* Caller: library/x509_crt.c
*
* Requires: MBEDTLS_X509_USE_C
*
* This module is required for X.509 CRL parsing.
*/
//#undef MBEDTLS_X509_CRL_PARSE_C
/**
* \def MBEDTLS_X509_CSR_PARSE_C
*
* Enable X.509 Certificate Signing Request (CSR) parsing.
*
* Module: library/x509_csr.c
* Caller: library/x509_crt_write.c
*
* Requires: MBEDTLS_X509_USE_C
*
* This module is used for reading X.509 certificate request.
*/
//#undef MBEDTLS_X509_CSR_PARSE_C
/**
* \def MBEDTLS_X509_CREATE_C
*
* Enable X.509 core for creating certificates.
*
* Module: library/x509_create.c
*
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
*
* This module is the basis for creating X.509 certificates and CSRs.
*/
//#undef MBEDTLS_X509_CREATE_C
/**
* \def MBEDTLS_X509_CSR_WRITE_C
*
* Enable creating X.509 Certificate Signing Requests (CSR).
*
* Module: library/x509_csr_write.c
*
* Requires: MBEDTLS_X509_CREATE_C
*
* This module is required for X.509 certificate request writing.
*/
//#undef MBEDTLS_X509_CSR_WRITE_C
/**
* \def MBEDTLS_X509_CRT_WRITE_C
*
* Enable creating X.509 certificates.
*
* Module: library/x509_crt_write.c
*
* Requires: MBEDTLS_X509_CREATE_C
*
* This module is required for X.509 certificate creation.
*/
//#undef MBEDTLS_X509_CRT_WRITE_C
/**
* \def MBEDTLS_CERTS_C
*
* Enable the test certificates.
*
* Module: library/certs.c
* Caller:
*
* This module is used for testing (ssl_client/server).
*/
#undef MBEDTLS_CERTS_C
/**
* \def MBEDTLS_ERROR_C
*
* Enable error code to error string conversion.
*
* Module: library/error.c
* Caller:
*
* This module enables mbedtls_strerror().
*/
#undef MBEDTLS_ERROR_C
/**
* \def MBEDTLS_PADLOCK_C
*
* Enable VIA Padlock support on x86.
*
* Module: library/padlock.c
* Caller: library/aes.c
*
* Requires: MBEDTLS_HAVE_ASM
*
* This modules adds support for the VIA PadLock on x86.
*/
#undef MBEDTLS_PADLOCK_C
/**
* \def MBEDTLS_RIPEMD160_C
*
* Enable the RIPEMD-160 hash algorithm.
*
* Module: library/ripemd160.c
* Caller: library/md.c
*
*/
#undef MBEDTLS_RIPEMD160_C
/**
* \def MBEDTLS_PK_RSA_ALT_SUPPORT
*
* Support external private RSA keys (eg from a HSM) in the PK layer.
*
* Comment this macro to disable support for external private RSA keys.
*/
#undef MBEDTLS_PK_RSA_ALT_SUPPORT
/**
* \def MBEDTLS_ARC4_C
*
* Enable the ARCFOUR stream cipher.
*
* Module: library/arc4.c
* Caller: library/cipher.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*
* \warning ARC4 is considered a weak cipher and its use constitutes a
* security risk. If possible, we recommend avoidng dependencies on
* it, and considering stronger ciphers instead.
*
*/
#undef MBEDTLS_ARC4_C
/**
* \def MBEDTLS_XTEA_C
*
* Enable the XTEA block cipher.
*
* Module: library/xtea.c
* Caller:
*/
#undef MBEDTLS_XTEA_C
/**
* \def MBEDTLS_BLOWFISH_C
*
* Enable the Blowfish block cipher.
*
* Module: library/blowfish.c
*/
#undef MBEDTLS_BLOWFISH_C
/**
* \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
*
* Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
*
* Requires: MBEDTLS_DHM_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
*
* \warning Using DHE constitutes a security risk as it
* is not possible to validate custom DH parameters.
* If possible, it is recommended users should consider
* preferring other methods of key exchange.
* See dhm.h for more details.
*
*/
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
*
* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
*
* Requires: MBEDTLS_ECDH_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
*/
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
*
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
*
* Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
* MBEDTLS_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
*/
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
/**
* \def MBEDTLS_PSA_CRYPTO_C
*
* Enable the Platform Security Architecture cryptography API.
*
* \warning The PSA Crypto API is still beta status. While you're welcome to
* experiment using it, incompatible API changes are still possible, and some
* parts may not have reached the same quality as the rest of Mbed TLS yet.
*
* Module: library/psa_crypto.c
*
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
*
*/
#undef MBEDTLS_PSA_CRYPTO_C
/**
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
*
* Enable the Platform Security Architecture persistent key storage.
*
* Module: library/psa_crypto_storage.c
*
* Requires: MBEDTLS_PSA_CRYPTO_C,
* either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
* the PSA ITS interface
*/
#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
/**
* \def MBEDTLS_PSA_ITS_FILE_C
*
* Enable the emulation of the Platform Security Architecture
* Internal Trusted Storage (PSA ITS) over files.
*
* Module: library/psa_its_file.c
*
* Requires: MBEDTLS_FS_IO
*/
#undef MBEDTLS_PSA_ITS_FILE_C
/**
* \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
*
* This option controls the availability of the API mbedtls_ssl_get_peer_cert()
* giving access to the peer's certificate after completion of the handshake.
*
* Unless you need mbedtls_ssl_peer_cert() in your application, it is
* recommended to disable this option for reduced RAM usage.
*
* \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
* defined, but always returns \c NULL.
*
* \note This option has no influence on the protection against the
* triple handshake attack. Even if it is disabled, Mbed TLS will
* still ensure that certificates do not change during renegotiation,
* for exaple by keeping a hash of the peer's certificate.
*
* Comment this macro to disable storing the peer's certificate
* after the handshake.
*/
#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
/**
* \def MBEDTLS_DEPRECATED_REMOVED
*
* Remove deprecated functions and features so that they generate an error if
* used. Functionality deprecated in one version will usually be removed in the
* next version. You can enable this to help you prepare the transition to a
* new major version by making sure your code is not using this functionality.
*
* Uncomment to get errors on using deprecated functions and features.
*/
#define MBEDTLS_DEPRECATED_REMOVED
#endif /* MBEDTLS_USER_CONFIG_HEADER */