config.h 69.5 KB
Newer Older
1 2 3
/**
 * \file config.h
 *
4 5
 * \brief Configuration options (set of defines)
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
6
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker's avatar
Paul Bakker committed
7
 *
8
 *  This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker's avatar
Paul Bakker committed
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
24 25 26 27
 * This set of compile-time options may be used to enable
 * or disable features selectively, and reduce the global
 * memory footprint.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
28 29
#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H
30

31
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
32 33 34
#define _CRT_SECURE_NO_DEPRECATE 1
#endif

35
/**
36 37 38 39 40 41
 * \name SECTION: System support
 *
 * This section sets system specific settings.
 * \{
 */

42
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
43
 * \def MBEDTLS_HAVE_ASM
44
 *
45
 * The compiler has support for asm().
46 47 48 49 50 51
 *
 * Requires support for asm() in compiler.
 *
 * Used in:
 *      library/timing.c
 *      library/padlock.c
52
 *      include/mbedtls/bn_mul.h
53
 *
54
 * Comment to disable the use of assembly code.
55
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
56
#define MBEDTLS_HAVE_ASM
57

58
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
59
 * \def MBEDTLS_HAVE_SSE2
60
 *
Paul Bakker's avatar
Paul Bakker committed
61
 * CPU supports SSE2 instruction set.
62
 *
63 64
 * Uncomment if the CPU supports SSE2 (IA-32 specific).
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
65
//#define MBEDTLS_HAVE_SSE2
66 67

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
68
 * \def MBEDTLS_HAVE_TIME
69
 *
70
 * System has time.h and time() / localtime()  / gettimeofday().
71 72 73
 *
 * Comment if your system does not support time functions
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
74
#define MBEDTLS_HAVE_TIME
75

76
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
77
 * \def MBEDTLS_PLATFORM_MEMORY
78 79 80
 *
 * Enable the memory allocation layer.
 *
81
 * By default mbed TLS uses the system-provided malloc() and free().
82 83 84
 * This allows different allocators (self-implemented or provided) to be
 * provided to the platform abstraction layer.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
85 86 87
 * Enabling MBEDTLS_PLATFORM_MEMORY without the
 * MBEDTLS_PLATFORM_{FREE,MALLOC}_MACROs will provide
 * "mbedtls_platform_set_malloc_free()" allowing you to set an alternative malloc() and
88 89
 * free() function pointer at runtime.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
90 91
 * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
 * MBEDTLS_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the
92
 * alternate function at compile time.
93
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
94
 * Requires: MBEDTLS_PLATFORM_C
95 96 97
 *
 * Enable this layer to allow use of alternative memory allocators.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
98
//#define MBEDTLS_PLATFORM_MEMORY
99

100
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
101
 * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
102 103
 *
 * Do not assign standard functions in the platform layer (e.g. malloc() to
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
104
 * MBEDTLS_PLATFORM_STD_MALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
105 106 107 108
 *
 * This makes sure there are no linking errors on platforms that do not support
 * these functions. You will HAVE to provide alternatives, either at runtime
 * via the platform_set_xxx() functions or at compile time by setting
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
109 110
 * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
 * MBEDTLS_PLATFORM_XXX_MACRO.
111
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
112
 * Requires: MBEDTLS_PLATFORM_C
113 114 115 116
 *
 * Uncomment to prevent default assignment of standard functions in the
 * platform layer.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
117
//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
118

119
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
120
 * \def MBEDTLS_PLATFORM_XXX_ALT
121
 *
122
 * Uncomment a macro to let mbed TLS support the function in the platform
123 124
 * abstraction layer.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
125 126
 * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
 * provide a function "mbedtls_platform_set_printf()" that allows you to set an
127 128
 * alternative printf function pointer.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
129
 * All these define require MBEDTLS_PLATFORM_C to be defined!
130
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
131
 * WARNING: MBEDTLS_PLATFORM_SNPRINTF_ALT is not available on Windows
Rich Evans's avatar
Rich Evans committed
132 133
 * for compatibility reasons.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
134 135
 * WARNING: MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
 * MBEDTLS_PLATFORM_XXX_MACRO!
136
 *
137 138 139
 * Uncomment a macro to enable alternate implementation of specific base
 * platform function
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
140 141 142 143
//#define MBEDTLS_PLATFORM_EXIT_ALT
//#define MBEDTLS_PLATFORM_FPRINTF_ALT
//#define MBEDTLS_PLATFORM_PRINTF_ALT
//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
144 145

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
146
 * \def MBEDTLS_DEPRECATED_WARNING
147 148 149 150 151 152 153
 *
 * Mark deprecated functions so that they generate a warning if used.
 * Functions deprecated in one version will usually be removed in the next
 * version. You can enable this to help you prepare the transition to a new
 * major version by making sure your code is not using these functions.
 *
 * This only works with GCC and Clang. With other compilers, you may want to
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
154
 * use MBEDTLS_DEPRECATED_REMOVED
155 156 157
 *
 * Uncomment to get warnings on using deprecated functions.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
158
//#define MBEDTLS_DEPRECATED_WARNING
159 160

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
161
 * \def MBEDTLS_DEPRECATED_REMOVED
162 163 164 165 166 167 168 169
 *
 * Remove deprecated functions so that they generate an error if used.
 * Functions deprecated in one version will usually be removed in the next
 * version. You can enable this to help you prepare the transition to a new
 * major version by making sure your code is not using these functions.
 *
 * Uncomment to get errors on using deprecated functions.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
170
//#define MBEDTLS_DEPRECATED_REMOVED
171

172
/* \} name SECTION: System support */
173

174
/**
175
 * \name SECTION: mbed TLS feature support
176 177 178 179 180
 *
 * This section sets support for features that are or are not needed
 * within the modules that are enabled.
 * \{
 */
181

182
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
183
 * \def MBEDTLS_TIMING_ALT
184
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
185
 * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
186
 * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
187
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
188
 * Only works if you have MBEDTLS_TIMING_C enabled.
189 190 191 192
 *
 * You will need to provide a header "timing_alt.h" and an implementation at
 * compile time.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
193
//#define MBEDTLS_TIMING_ALT
194

195
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
196
 * \def MBEDTLS__MODULE_NAME__ALT
197
 *
198
 * Uncomment a macro to let mbed TLS use your alternate core implementation of
199 200 201
 * a symmetric crypto or hash module (e.g. platform specific assembly
 * optimized implementations). Keep in mind that the function prototypes
 * should remain the same.
202
 *
203
 * This replaces the whole module. If you only want to replace one of the
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
204
 * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
205
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
206 207
 * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
 * provide the "struct mbedtls_aes_context" definition and omit the base function
208 209 210
 * declarations and implementations. "aes_alt.h" will be included from
 * "aes.h" to include the new function definitions.
 *
211 212
 * Uncomment a macro to enable alternate implementation of the corresponding
 * module.
213
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
214 215 216 217 218 219 220 221 222 223 224 225 226
//#define MBEDTLS_AES_ALT
//#define MBEDTLS_ARC4_ALT
//#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT
//#define MBEDTLS_DES_ALT
//#define MBEDTLS_XTEA_ALT
//#define MBEDTLS_MD2_ALT
//#define MBEDTLS_MD4_ALT
//#define MBEDTLS_MD5_ALT
//#define MBEDTLS_RIPEMD160_ALT
//#define MBEDTLS_SHA1_ALT
//#define MBEDTLS_SHA256_ALT
//#define MBEDTLS_SHA512_ALT
227

228
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
229
 * \def MBEDTLS__FUNCTION_NAME__ALT
230 231
 *
 * Uncomment a macro to let mbed TLS use you alternate core implementation of
232 233
 * symmetric crypto or hash function. Keep in mind that function prototypes
 * should remain the same.
234 235
 *
 * This replaces only one function. The header file from mbed TLS is still
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
236
 * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
237
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
238 239 240 241
 * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
 * no longer provide the mbedtls_sha1_process() function, but it will still provide
 * the other function (using your mbedtls_sha1_process() function) and the definition
 * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
242 243
 * with this definition.
 *
244 245 246 247
 * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set
 * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
 * tables.
 *
248 249 250
 * Uncomment a macro to enable alternate implementation of the corresponding
 * function.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
251 252 253 254 255 256 257
//#define MBEDTLS_MD2_PROCESS_ALT
//#define MBEDTLS_MD4_PROCESS_ALT
//#define MBEDTLS_MD5_PROCESS_ALT
//#define MBEDTLS_RIPEMD160_PROCESS_ALT
//#define MBEDTLS_SHA1_PROCESS_ALT
//#define MBEDTLS_SHA256_PROCESS_ALT
//#define MBEDTLS_SHA512_PROCESS_ALT
258 259 260
//#define MBEDTLS_DES_SETKEY_ALT
//#define MBEDTLS_DES_CRYPT_ECB_ALT
//#define MBEDTLS_DES3_CRYPT_ECB_ALT
261 262 263 264
//#define MBEDTLS_AES_SETKEY_ENC_ALT
//#define MBEDTLS_AES_SETKEY_DEC_ALT
//#define MBEDTLS_AES_ENCRYPT_ALT
//#define MBEDTLS_AES_DECRYPT_ALT
265

266
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
267
 * \def MBEDTLS_AES_ROM_TABLES
268 269 270 271 272
 *
 * Store the AES tables in ROM.
 *
 * Uncomment this macro to store the AES tables in ROM.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
273
//#define MBEDTLS_AES_ROM_TABLES
274

275
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
276
 * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
277 278 279 280 281
 *
 * Use less ROM for the Camellia implementation (saves about 768 bytes).
 *
 * Uncomment this macro to use less memory for Camellia.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
282
//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
283

284
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
285
 * \def MBEDTLS_CIPHER_MODE_CBC
286 287 288
 *
 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
289
#define MBEDTLS_CIPHER_MODE_CBC
290

291
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
292
 * \def MBEDTLS_CIPHER_MODE_CFB
293 294 295
 *
 * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
296
#define MBEDTLS_CIPHER_MODE_CFB
297 298

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
299
 * \def MBEDTLS_CIPHER_MODE_CTR
300 301 302
 *
 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
303
#define MBEDTLS_CIPHER_MODE_CTR
304

305
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
306
 * \def MBEDTLS_CIPHER_NULL_CIPHER
307 308 309 310 311
 *
 * Enable NULL cipher.
 * Warning: Only do so when you know what you are doing. This allows for
 * encryption or channels without any security!
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
312
 * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
313
 * the following ciphersuites:
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
 *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
 *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
 *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
 *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
 *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
 *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
 *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
 *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
 *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
333 334 335
 *
 * Uncomment this macro to enable the NULL cipher and ciphersuites
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
336
//#define MBEDTLS_CIPHER_NULL_CIPHER
337

338
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
339
 * \def MBEDTLS_CIPHER_PADDING_XXX
340 341 342 343 344 345 346 347
 *
 * Uncomment or comment macros to add support for specific padding modes
 * in the cipher layer with cipher modes that support padding (e.g. CBC)
 *
 * If you disable all padding modes, only full blocks can be used with CBC.
 *
 * Enable padding modes in the cipher layer.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
348 349 350 351
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS
352

353
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
354
 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
355
 *
356
 * Enable weak ciphersuites in SSL / TLS.
357
 * Warning: Only do so when you know what you are doing. This allows for
358
 * channels with virtually no security at all!
359 360
 *
 * This enables the following ciphersuites:
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
361 362
 *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
363 364 365
 *
 * Uncomment this macro to enable weak ciphersuites
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
366
//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
367

368
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
369
 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
370 371 372
 *
 * Remove RC4 ciphersuites by default in SSL / TLS.
 * This flag removes the ciphersuites based on RC4 from the default list as
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
373
 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
374
 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
375 376 377 378
 * explicitly.
 *
 * Uncomment this macro to remove RC4 ciphersuites by default.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
379
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
380

381
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
382
 * \def MBEDTLS_ECP_XXXX_ENABLED
383 384
 *
 * Enables specific curves within the Elliptic Curve module.
385
 * By default all supported curves are enabled.
386 387 388
 *
 * Comment macros to disable the curve and functions for it
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//#define MBEDTLS_ECP_DP_M221_ENABLED  // Not implemented yet!
#define MBEDTLS_ECP_DP_M255_ENABLED
//#define MBEDTLS_ECP_DP_M383_ENABLED  // Not implemented yet!
//#define MBEDTLS_ECP_DP_M511_ENABLED  // Not implemented yet!

/**
 * \def MBEDTLS_ECP_NIST_OPTIM
407 408 409 410 411 412 413
 *
 * Enable specific 'modulo p' routines for each NIST prime.
 * Depending on the prime and architecture, makes operations 4 to 8 times
 * faster on the corresponding curve.
 *
 * Comment this macro to disable NIST curves optimisation.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
414
#define MBEDTLS_ECP_NIST_OPTIM
415

416
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
417
 * \def MBEDTLS_ECDSA_DETERMINISTIC
418 419 420 421 422 423
 *
 * Enable deterministic ECDSA (RFC 6979).
 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
 * may result in a compromise of the long-term signing key. This is avoided by
 * the deterministic variant.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
424
 * Requires: MBEDTLS_HMAC_DRBG_C
425
 *
426 427
 * Comment this macro to disable deterministic ECDSA.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
428
#define MBEDTLS_ECDSA_DETERMINISTIC
429

430
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
431
 * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
432
 *
433
 * Enable the PSK based ciphersuite modes in SSL / TLS.
434
 *
435 436
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
437 438 439 440 441 442 443 444 445 446 447 448
 *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
 *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
 *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
449
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
450
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
451

452
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
453
 * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
454
 *
455
 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
456
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
457
 * Requires: MBEDTLS_DHM_C
458 459 460
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
461 462 463 464 465 466 467 468 469 470 471 472
 *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
 *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
 *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
 *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
473
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
474
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
475

476
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
477
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
478 479 480
 *
 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
481
 * Requires: MBEDTLS_ECDH_C
482 483 484
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
485 486 487 488 489 490 491 492
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
493
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
494
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
495

496
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
497
 * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
498
 *
499
 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
500
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
501 502
 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
 *           MBEDTLS_X509_CRT_PARSE_C
503 504 505
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
506 507 508 509 510 511 512 513 514 515 516 517
 *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
 *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
 *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
 *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
518
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
519
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
520 521

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
522
 * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
523
 *
524
 * Enable the RSA-only based ciphersuite modes in SSL / TLS.
525
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
526 527
 * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
 *           MBEDTLS_X509_CRT_PARSE_C
528 529 530
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550
 *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
 *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
 */
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED

/**
 * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
551
 *
552
 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
553
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
554 555
 * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
 *           MBEDTLS_X509_CRT_PARSE_C
556 557 558
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
559 560 561 562 563 564 565 566 567 568 569 570 571
 *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
 *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
 *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
572
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
573
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
574 575

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
576
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
577
 *
578
 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
579
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
580 581
 * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
 *           MBEDTLS_X509_CRT_PARSE_C
582 583 584
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
585 586 587 588 589 590 591 592 593 594 595 596
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
597
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
598
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
599

600
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
601
 * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
602
 *
603
 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
604
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
605
 * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
606 607 608
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
609 610 611 612 613 614 615 616 617 618 619 620
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
621
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
622
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
623

624
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
625
 * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
626 627 628
 *
 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
629
 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
630 631 632
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
633 634 635 636 637 638 639 640 641 642 643 644
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
645
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
646
#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
647 648

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
649
 * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
650 651 652
 *
 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
653
 * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
654 655 656
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
657 658 659 660 661 662 663 664 665 666 667 668
 *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
 *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
 *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
669
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
670
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
671

672
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
673
 * \def MBEDTLS_PK_PARSE_EC_EXTENDED
674 675 676 677 678 679 680 681 682 683
 *
 * Enhance support for reading EC keys using variants of SEC1 not allowed by
 * RFC 5915 and RFC 5480.
 *
 * Currently this means parsing the SpecifiedECDomain choice of EC
 * parameters (only known groups are supported, not arbitrary domains, to
 * avoid validation issues).
 *
 * Disable if you only need to support RFC 5915 + 5480 key formats.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
684
#define MBEDTLS_PK_PARSE_EC_EXTENDED
685

686
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
687
 * \def MBEDTLS_ERROR_STRERROR_DUMMY
688
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
689 690 691
 * Enable a dummy error function to make use of mbedtls_strerror() in
 * third party libraries easier when MBEDTLS_ERROR_C is disabled
 * (no effect when MBEDTLS_ERROR_C is enabled).
692
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
693 694
 * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
 * not using mbedtls_strerror() or error_strerror() in your application.
695 696
 *
 * Disable if you run into name conflicts and want to really remove the
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
697
 * mbedtls_strerror()
698
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
699
#define MBEDTLS_ERROR_STRERROR_DUMMY
700

701
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
702
 * \def MBEDTLS_GENPRIME
703
 *
704
 * Enable the prime-number generation code.
705
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
706
 * Requires: MBEDTLS_BIGNUM_C
707
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
708
#define MBEDTLS_GENPRIME
709

710
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
711
 * \def MBEDTLS_FS_IO
712 713 714
 *
 * Enable functions that use the filesystem.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
715
#define MBEDTLS_FS_IO
716

717
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
718
 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
719 720
 *
 * Do not add default entropy sources. These are the platform specific,
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
721
 * mbedtls_timing_hardclock and HAVEGE based poll functions.
722
 *
723
 * This is useful to have more control over the added entropy sources in an
724 725 726 727
 * application.
 *
 * Uncomment this macro to prevent loading of default entropy functions.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
728
//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
729

730
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
731
 * \def MBEDTLS_NO_PLATFORM_ENTROPY
732 733 734 735 736 737 738
 *
 * Do not use built-in platform entropy functions.
 * This is useful if your platform does not support
 * standards like the /dev/urandom or Windows CryptoAPI.
 *
 * Uncomment this macro to disable the built-in platform entropy functions.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
739
//#define MBEDTLS_NO_PLATFORM_ENTROPY
740

741
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
742
 * \def MBEDTLS_ENTROPY_FORCE_SHA256
743 744 745 746
 *
 * Force the entropy accumulator to use a SHA-256 accumulator instead of the
 * default SHA-512 based one (if both are available).
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
747
 * Requires: MBEDTLS_SHA256_C
748 749 750 751
 *
 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
 * if you have performance concerns.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
752 753
 * This option is only useful if both MBEDTLS_SHA256_C and
 * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
754
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
755
//#define MBEDTLS_ENTROPY_FORCE_SHA256
756

757
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
758
 * \def MBEDTLS_MEMORY_DEBUG
759 760 761 762 763
 *
 * Enable debugging of buffer allocator memory issues. Automatically prints
 * (to stderr) all (fatal) messages on memory allocation issues. Enables
 * function for 'debug output' of allocated memory.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
764
 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
765 766
 *
 * Uncomment this macro to let the buffer allocator print out error messages.
Paul Bakker's avatar
Paul Bakker committed
767
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
768
//#define MBEDTLS_MEMORY_DEBUG
769 770

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
771
 * \def MBEDTLS_MEMORY_BACKTRACE
772 773 774
 *
 * Include backtrace information with each allocated block.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
775
 * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
776 777 778 779
 *           GLIBC-compatible backtrace() an backtrace_symbols() support
 *
 * Uncomment this macro to include backtrace information
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
780
//#define MBEDTLS_MEMORY_BACKTRACE
781

782
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
783
 * \def MBEDTLS_PK_RSA_ALT_SUPPORT
784 785 786 787 788
 *
 * Support external private RSA keys (eg from a HSM) in the PK layer.
 *
 * Comment this macro to disable support for external private RSA keys.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
789
#define MBEDTLS_PK_RSA_ALT_SUPPORT
790

791
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
792
 * \def MBEDTLS_PKCS1_V15
793
 *
794 795
 * Enable support for PKCS#1 v1.5 encoding.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
796
 * Requires: MBEDTLS_RSA_C
797 798 799
 *
 * This enables support for PKCS#1 v1.5 operations.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
800
#define MBEDTLS_PKCS1_V15
801

802
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
803
 * \def MBEDTLS_PKCS1_V21
804
 *
805 806
 * Enable support for PKCS#1 v2.1 encoding.
 *
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
807
 * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
808
 *
809 810
 * This enables support for RSAES-OAEP and RSASSA-PSS operations.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
811
#define MBEDTLS_PKCS1_V21
812

813
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
814
 * \def MBEDTLS_RSA_NO_CRT
815 816 817 818 819 820
 *
 * Do not use the Chinese Remainder Theorem for the RSA private operation.
 *
 * Uncomment this macro to disable the use of CRT in RSA.
 *
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
821
//#define MBEDTLS_RSA_NO_CRT
822 823

/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
824
 * \def MBEDTLS_SELF_TEST
825 826 827
 *
 * Enable the checkup functions (*_self_test).
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
828
#define MBEDTLS_SELF_TEST
829

830
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
831
 * \def MBEDTLS_SSL_AEAD_RANDOM_IV
832 833 834 835 836 837 838 839
 *
 * Generate a random IV rather than using the record sequence number as a
 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
 *
 * Using the sequence number is generally recommended.
 *
 * Uncomment this macro to always use random IVs with AEAD ciphersuites.
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
840
//#define MBEDTLS_SSL_AEAD_RANDOM_IV
841

842
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
843
 * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
844 845
 *
 * Enable sending of alert messages in case of encountered errors as per RFC.
846
 * If you choose not to send the alert messages, mbed TLS can still communicate
847 848 849 850 851 852 853
 * with other servers, only debugging of failures is harder.
 *
 * The advantage of not sending alert messages, is that no information is given
 * about reasons for failures thus preventing adversaries of gaining intel.
 *
 * Enable sending of all alert messages
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
854
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
855

856
/**
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
857
 * \def MBEDTLS_SSL_DEBUG_ALL
858 859 860 861 862 863 864 865 866 867 868 869
 *
 * Enable the debug messages in SSL module for all issues.
 * Debug messages have been disabled in some places to prevent timing
 * attacks due to (unbalanced) debugging function calls.
 *
 * If you need all error reporting you should enable this during debugging,
 * but remove this for production servers that should log as well.
 *
 * Uncomment this macro to report all debug messages on errors introducing
 * a timing side-channel.
 *
 */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
870
//#define MBEDTLS_SSL_DEBUG_ALL
871

Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
872
/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
873 874 875 876 877 878 879 880 881
 *
 * Enable support for Encrypt-then-MAC, RFC 7366.
 *
 * This allows peers that both support it to use a more robust protection for
 * ciphersuites using CBC, providing deep resistance against timing attacks
<