mbed TLS v2.1.2
config.h
Go to the documentation of this file.
1 
24 /*
25  * This set of compile-time options may be used to enable
26  * or disable features selectively, and reduce the global
27  * memory footprint.
28  */
29 #ifndef MBEDTLS_CONFIG_H
30 #define MBEDTLS_CONFIG_H
31 
32 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
33 #define _CRT_SECURE_NO_DEPRECATE 1
34 #endif
35 
57 #define MBEDTLS_HAVE_ASM
58 
66 //#define MBEDTLS_HAVE_SSE2
67 
77 #define MBEDTLS_HAVE_TIME
78 
89 #define MBEDTLS_HAVE_TIME_DATE
90 
113 //#define MBEDTLS_PLATFORM_MEMORY
114 
132 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
133 
155 //#define MBEDTLS_PLATFORM_EXIT_ALT
156 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
157 //#define MBEDTLS_PLATFORM_PRINTF_ALT
158 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
159 
173 #define MBEDTLS_DEPRECATED_WARNING
174 
185 //#define MBEDTLS_DEPRECATED_REMOVED
186 
187 /* \} name SECTION: System support */
188 
208 //#define MBEDTLS_TIMING_ALT
209 
229 //#define MBEDTLS_AES_ALT
230 //#define MBEDTLS_ARC4_ALT
231 //#define MBEDTLS_BLOWFISH_ALT
232 //#define MBEDTLS_CAMELLIA_ALT
233 //#define MBEDTLS_DES_ALT
234 //#define MBEDTLS_XTEA_ALT
235 //#define MBEDTLS_MD2_ALT
236 //#define MBEDTLS_MD4_ALT
237 //#define MBEDTLS_MD5_ALT
238 //#define MBEDTLS_RIPEMD160_ALT
239 //#define MBEDTLS_SHA1_ALT
240 //#define MBEDTLS_SHA256_ALT
241 //#define MBEDTLS_SHA512_ALT
242 
266 //#define MBEDTLS_MD2_PROCESS_ALT
267 //#define MBEDTLS_MD4_PROCESS_ALT
268 //#define MBEDTLS_MD5_PROCESS_ALT
269 //#define MBEDTLS_RIPEMD160_PROCESS_ALT
270 //#define MBEDTLS_SHA1_PROCESS_ALT
271 //#define MBEDTLS_SHA256_PROCESS_ALT
272 //#define MBEDTLS_SHA512_PROCESS_ALT
273 //#define MBEDTLS_DES_SETKEY_ALT
274 //#define MBEDTLS_DES_CRYPT_ECB_ALT
275 //#define MBEDTLS_DES3_CRYPT_ECB_ALT
276 //#define MBEDTLS_AES_SETKEY_ENC_ALT
277 //#define MBEDTLS_AES_SETKEY_DEC_ALT
278 //#define MBEDTLS_AES_ENCRYPT_ALT
279 //#define MBEDTLS_AES_DECRYPT_ALT
280 
292 //#define MBEDTLS_ENTROPY_HARDWARE_ALT
293 
301 //#define MBEDTLS_AES_ROM_TABLES
302 
310 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY
311 
317 #define MBEDTLS_CIPHER_MODE_CBC
318 
324 #define MBEDTLS_CIPHER_MODE_CFB
325 
331 #define MBEDTLS_CIPHER_MODE_CTR
332 
364 //#define MBEDTLS_CIPHER_NULL_CIPHER
365 
376 #define MBEDTLS_CIPHER_PADDING_PKCS7
377 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
378 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
379 #define MBEDTLS_CIPHER_PADDING_ZEROS
380 
394 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
395 
407 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
408 
417 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
418 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
419 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
420 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
421 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
422 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
423 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
424 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
425 #define MBEDTLS_ECP_DP_BP256R1_ENABLED
426 #define MBEDTLS_ECP_DP_BP384R1_ENABLED
427 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
428 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
429 
439 #define MBEDTLS_ECP_NIST_OPTIM
440 
453 #define MBEDTLS_ECDSA_DETERMINISTIC
454 
475 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
476 
499 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
500 
519 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
520 
544 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
545 
572 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
573 
598 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
599 
623 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
624 
647 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
648 
671 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
672 
695 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
696 
709 #define MBEDTLS_PK_PARSE_EC_EXTENDED
710 
724 #define MBEDTLS_ERROR_STRERROR_DUMMY
725 
733 #define MBEDTLS_GENPRIME
734 
740 #define MBEDTLS_FS_IO
741 
753 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
754 
764 //#define MBEDTLS_NO_PLATFORM_ENTROPY
765 
780 //#define MBEDTLS_ENTROPY_FORCE_SHA256
781 
793 //#define MBEDTLS_MEMORY_DEBUG
794 
805 //#define MBEDTLS_MEMORY_BACKTRACE
806 
814 #define MBEDTLS_PK_RSA_ALT_SUPPORT
815 
825 #define MBEDTLS_PKCS1_V15
826 
836 #define MBEDTLS_PKCS1_V21
837 
846 //#define MBEDTLS_RSA_NO_CRT
847 
853 #define MBEDTLS_SELF_TEST
854 
869 //#define MBEDTLS_SHA256_SMALLER
870 
881 //#define MBEDTLS_SSL_AEAD_RANDOM_IV
882 
895 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
896 
911 //#define MBEDTLS_SSL_DEBUG_ALL
912 
929 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC
930 
947 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
948 
964 #define MBEDTLS_SSL_FALLBACK_SCSV
965 
974 //#define MBEDTLS_SSL_HW_RECORD_ACCEL
975 
986 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING
987 
1001 #define MBEDTLS_SSL_RENEGOTIATION
1002 
1011 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
1012 
1021 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
1022 
1030 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1031 
1042 //#define MBEDTLS_SSL_PROTO_SSL3
1043 
1054 #define MBEDTLS_SSL_PROTO_TLS1
1055 
1066 #define MBEDTLS_SSL_PROTO_TLS1_1
1067 
1078 #define MBEDTLS_SSL_PROTO_TLS1_2
1079 
1093 #define MBEDTLS_SSL_PROTO_DTLS
1094 
1102 #define MBEDTLS_SSL_ALPN
1103 
1117 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
1118 
1135 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
1136 
1151 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1152 
1162 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
1163 
1176 #define MBEDTLS_SSL_SESSION_TICKETS
1177 
1187 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
1188 
1196 #define MBEDTLS_SSL_TRUNCATED_HMAC
1197 
1207 //#define MBEDTLS_THREADING_ALT
1208 
1218 #define MBEDTLS_THREADING_PTHREAD
1219 
1231 #define MBEDTLS_VERSION_FEATURES
1232 
1241 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
1242 
1253 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
1254 
1267 #define MBEDTLS_X509_CHECK_KEY_USAGE
1268 
1280 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
1281 
1290 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
1291 
1312 //#define MBEDTLS_ZLIB_SUPPORT
1313 /* \} name SECTION: mbed TLS feature support */
1314 
1334 #define MBEDTLS_AESNI_C
1335 
1409 #define MBEDTLS_AES_C
1410 
1432 #define MBEDTLS_ARC4_C
1433 
1446 #define MBEDTLS_ASN1_PARSE_C
1447 
1460 #define MBEDTLS_ASN1_WRITE_C
1461 
1472 #define MBEDTLS_BASE64_C
1473 
1488 #define MBEDTLS_BIGNUM_C
1489 
1497 #define MBEDTLS_BLOWFISH_C
1498 
1552 #define MBEDTLS_CAMELLIA_C
1553 
1566 #define MBEDTLS_CCM_C
1567 
1578 #define MBEDTLS_CERTS_C
1579 
1590 #define MBEDTLS_CIPHER_C
1591 
1604 #define MBEDTLS_CTR_DRBG_C
1605 
1618 #define MBEDTLS_DEBUG_C
1619 
1644 #define MBEDTLS_DES_C
1645 
1658 #define MBEDTLS_DHM_C
1659 
1674 #define MBEDTLS_ECDH_C
1675 
1689 #define MBEDTLS_ECDSA_C
1690 
1702 #define MBEDTLS_ECP_C
1703 
1716 #define MBEDTLS_ENTROPY_C
1717 
1728 #define MBEDTLS_ERROR_C
1729 
1742 #define MBEDTLS_GCM_C
1743 
1765 #define MBEDTLS_HAVEGE_C
1766 
1779 #define MBEDTLS_HMAC_DRBG_C
1780 
1791 #define MBEDTLS_MD_C
1792 
1803 #define MBEDTLS_MD2_C
1804 
1815 #define MBEDTLS_MD4_C
1816 
1830 #define MBEDTLS_MD5_C
1831 
1846 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
1847 
1857 #define MBEDTLS_NET_C
1858 
1880 #define MBEDTLS_OID_C
1881 
1894 #define MBEDTLS_PADLOCK_C
1895 
1912 #define MBEDTLS_PEM_PARSE_C
1913 
1928 #define MBEDTLS_PEM_WRITE_C
1929 
1944 #define MBEDTLS_PK_C
1945 
1959 #define MBEDTLS_PK_PARSE_C
1960 
1973 #define MBEDTLS_PK_WRITE_C
1974 
1986 #define MBEDTLS_PKCS5_C
1987 
2001 //#define MBEDTLS_PKCS11_C
2002 
2017 #define MBEDTLS_PKCS12_C
2018 
2037 #define MBEDTLS_PLATFORM_C
2038 
2048 #define MBEDTLS_RIPEMD160_C
2049 
2066 #define MBEDTLS_RSA_C
2067 
2082 #define MBEDTLS_SHA1_C
2083 
2099 #define MBEDTLS_SHA256_C
2100 
2114 #define MBEDTLS_SHA512_C
2115 
2126 #define MBEDTLS_SSL_CACHE_C
2127 
2136 #define MBEDTLS_SSL_COOKIE_C
2137 
2148 #define MBEDTLS_SSL_TICKET_C
2149 
2162 #define MBEDTLS_SSL_CLI_C
2163 
2176 #define MBEDTLS_SSL_SRV_C
2177 
2192 #define MBEDTLS_SSL_TLS_C
2193 
2213 #define MBEDTLS_THREADING_C
2214 
2225 #define MBEDTLS_TIMING_C
2226 
2236 #define MBEDTLS_VERSION_C
2237 
2253 #define MBEDTLS_X509_USE_C
2254 
2269 #define MBEDTLS_X509_CRT_PARSE_C
2270 
2283 #define MBEDTLS_X509_CRL_PARSE_C
2284 
2297 #define MBEDTLS_X509_CSR_PARSE_C
2298 
2310 #define MBEDTLS_X509_CREATE_C
2311 
2323 #define MBEDTLS_X509_CRT_WRITE_C
2324 
2336 #define MBEDTLS_X509_CSR_WRITE_C
2337 
2346 #define MBEDTLS_XTEA_C
2347 
2348 /* \} name SECTION: mbed TLS modules */
2349 
2365 /* MPI / BIGNUM options */
2366 //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
2367 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
2368 
2369 /* CTR_DRBG options */
2370 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
2371 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
2372 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
2373 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
2374 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
2375 
2376 /* HMAC_DRBG options */
2377 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
2378 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
2379 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
2380 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
2381 
2382 /* ECP options */
2383 //#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
2384 //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
2385 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
2386 
2387 /* Entropy options */
2388 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
2389 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
2390 
2391 /* Memory buffer allocator options */
2392 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
2393 
2394 /* Platform options */
2395 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
2396 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
2397 //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
2398 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
2399 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
2400 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
2401 /* Note: your snprintf must correclty zero-terminate the buffer! */
2402 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
2403 
2404 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
2405 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
2406 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
2407 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
2408 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
2409 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
2410 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
2411 /* Note: your snprintf must correclty zero-terminate the buffer! */
2412 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
2413 
2414 /* SSL Cache options */
2415 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
2416 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
2417 
2418 /* SSL options */
2419 //#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
2420 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
2421 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
2422 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
2423 
2436 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2437 
2438 /* X509 options */
2439 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
2440 
2441 /* \} name SECTION: Module configuration options */
2442 
2443 #if defined(TARGET_LIKE_MBED)
2444 #include "mbedtls/target_config.h"
2445 #endif
2446 
2447 /*
2448  * Allow user to override any previous default.
2449  *
2450  * Use two macro names for that, as:
2451  * - with yotta the prefix YOTTA_CFG_ is forced
2452  * - without yotta is looks weird to have a YOTTA prefix.
2453  */
2454 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
2455 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
2456 #elif defined(MBEDTLS_USER_CONFIG_FILE)
2457 #include MBEDTLS_USER_CONFIG_FILE
2458 #endif
2459 
2460 #include "check_config.h"
2461 
2462 #endif /* MBEDTLS_CONFIG_H */
Consistency checks for configuration options.