Arcola / mbedtls

Fork of mbedtls by Mark Radbourne

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers config.h Source File

config.h

Go to the documentation of this file.
00001 /**
00002  * \file config.h
00003  *
00004  * \brief Configuration options (set of defines)
00005  *
00006  *  This set of compile-time options may be used to enable
00007  *  or disable features selectively, and reduce the global
00008  *  memory footprint.
00009  *
00010  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00011  *  SPDX-License-Identifier: Apache-2.0
00012  *
00013  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00014  *  not use this file except in compliance with the License.
00015  *  You may obtain a copy of the License at
00016  *
00017  *  http://www.apache.org/licenses/LICENSE-2.0
00018  *
00019  *  Unless required by applicable law or agreed to in writing, software
00020  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00021  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00022  *  See the License for the specific language governing permissions and
00023  *  limitations under the License.
00024  *
00025  *  This file is part of mbed TLS (https://tls.mbed.org)
00026  */
00027 
00028 #ifndef MBEDTLS_CONFIG_H
00029 #define MBEDTLS_CONFIG_H
00030 
00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
00032 #define _CRT_SECURE_NO_DEPRECATE 1
00033 #endif
00034 
00035 /**
00036  * \name SECTION: System support
00037  *
00038  * This section sets system specific settings.
00039  * \{
00040  */
00041 
00042 /**
00043  * \def MBEDTLS_HAVE_ASM
00044  *
00045  * The compiler has support for asm().
00046  *
00047  * Requires support for asm() in compiler.
00048  *
00049  * Used in:
00050  *      library/timing.c
00051  *      library/padlock.c
00052  *      include/mbedtls/bn_mul.h
00053  *
00054  * Comment to disable the use of assembly code.
00055  */
00056 #define MBEDTLS_HAVE_ASM
00057 
00058 /**
00059  * \def MBEDTLS_NO_UDBL_DIVISION
00060  *
00061  * The platform lacks support for double-width integer division (64-bit
00062  * division on a 32-bit platform, 128-bit division on a 64-bit platform).
00063  *
00064  * Used in:
00065  *      include/mbedtls/bignum.h
00066  *      library/bignum.c
00067  *
00068  * The bignum code uses double-width division to speed up some operations.
00069  * Double-width division is often implemented in software that needs to
00070  * be linked with the program. The presence of a double-width integer
00071  * type is usually detected automatically through preprocessor macros,
00072  * but the automatic detection cannot know whether the code needs to
00073  * and can be linked with an implementation of division for that type.
00074  * By default division is assumed to be usable if the type is present.
00075  * Uncomment this option to prevent the use of double-width division.
00076  *
00077  * Note that division for the native integer type is always required.
00078  * Furthermore, a 64-bit type is always required even on a 32-bit
00079  * platform, but it need not support multiplication or division. In some
00080  * cases it is also desirable to disable some double-width operations. For
00081  * example, if double-width division is implemented in software, disabling
00082  * it can reduce code size in some embedded targets.
00083  */
00084 //#define MBEDTLS_NO_UDBL_DIVISION
00085 
00086 /**
00087  * \def MBEDTLS_HAVE_SSE2
00088  *
00089  * CPU supports SSE2 instruction set.
00090  *
00091  * Uncomment if the CPU supports SSE2 (IA-32 specific).
00092  */
00093 //#define MBEDTLS_HAVE_SSE2
00094 
00095 /**
00096  * \def MBEDTLS_HAVE_TIME
00097  *
00098  * System has time.h and time().
00099  * The time does not need to be correct, only time differences are used,
00100  * by contrast with MBEDTLS_HAVE_TIME_DATE
00101  *
00102  * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
00103  * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
00104  * MBEDTLS_PLATFORM_STD_TIME.
00105  *
00106  * Comment if your system does not support time functions
00107  */
00108 #define MBEDTLS_HAVE_TIME
00109 
00110 /**
00111  * \def MBEDTLS_HAVE_TIME_DATE
00112  *
00113  * System has time.h and time(), gmtime() and the clock is correct.
00114  * The time needs to be correct (not necesarily very accurate, but at least
00115  * the date should be correct). This is used to verify the validity period of
00116  * X.509 certificates.
00117  *
00118  * Comment if your system does not have a correct clock.
00119  */
00120 #define MBEDTLS_HAVE_TIME_DATE
00121 
00122 /**
00123  * \def MBEDTLS_PLATFORM_MEMORY
00124  *
00125  * Enable the memory allocation layer.
00126  *
00127  * By default mbed TLS uses the system-provided calloc() and free().
00128  * This allows different allocators (self-implemented or provided) to be
00129  * provided to the platform abstraction layer.
00130  *
00131  * Enabling MBEDTLS_PLATFORM_MEMORY without the
00132  * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
00133  * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
00134  * free() function pointer at runtime.
00135  *
00136  * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
00137  * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
00138  * alternate function at compile time.
00139  *
00140  * Requires: MBEDTLS_PLATFORM_C
00141  *
00142  * Enable this layer to allow use of alternative memory allocators.
00143  */
00144 //#define MBEDTLS_PLATFORM_MEMORY
00145 
00146 /**
00147  * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
00148  *
00149  * Do not assign standard functions in the platform layer (e.g. calloc() to
00150  * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
00151  *
00152  * This makes sure there are no linking errors on platforms that do not support
00153  * these functions. You will HAVE to provide alternatives, either at runtime
00154  * via the platform_set_xxx() functions or at compile time by setting
00155  * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
00156  * MBEDTLS_PLATFORM_XXX_MACRO.
00157  *
00158  * Requires: MBEDTLS_PLATFORM_C
00159  *
00160  * Uncomment to prevent default assignment of standard functions in the
00161  * platform layer.
00162  */
00163 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
00164 
00165 /**
00166  * \def MBEDTLS_PLATFORM_EXIT_ALT
00167  *
00168  * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
00169  * function in the platform abstraction layer.
00170  *
00171  * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
00172  * provide a function "mbedtls_platform_set_printf()" that allows you to set an
00173  * alternative printf function pointer.
00174  *
00175  * All these define require MBEDTLS_PLATFORM_C to be defined!
00176  *
00177  * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
00178  * it will be enabled automatically by check_config.h
00179  *
00180  * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
00181  * MBEDTLS_PLATFORM_XXX_MACRO!
00182  *
00183  * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
00184  *
00185  * Uncomment a macro to enable alternate implementation of specific base
00186  * platform function
00187  */
00188 //#define MBEDTLS_PLATFORM_EXIT_ALT
00189 //#define MBEDTLS_PLATFORM_TIME_ALT
00190 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
00191 //#define MBEDTLS_PLATFORM_PRINTF_ALT
00192 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
00193 //#define MBEDTLS_PLATFORM_NV_SEED_ALT
00194 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
00195 
00196 /**
00197  * \def MBEDTLS_DEPRECATED_WARNING
00198  *
00199  * Mark deprecated functions so that they generate a warning if used.
00200  * Functions deprecated in one version will usually be removed in the next
00201  * version. You can enable this to help you prepare the transition to a new
00202  * major version by making sure your code is not using these functions.
00203  *
00204  * This only works with GCC and Clang. With other compilers, you may want to
00205  * use MBEDTLS_DEPRECATED_REMOVED
00206  *
00207  * Uncomment to get warnings on using deprecated functions.
00208  */
00209 //#define MBEDTLS_DEPRECATED_WARNING
00210 
00211 /**
00212  * \def MBEDTLS_DEPRECATED_REMOVED
00213  *
00214  * Remove deprecated functions so that they generate an error if used.
00215  * Functions deprecated in one version will usually be removed in the next
00216  * version. You can enable this to help you prepare the transition to a new
00217  * major version by making sure your code is not using these functions.
00218  *
00219  * Uncomment to get errors on using deprecated functions.
00220  */
00221 //#define MBEDTLS_DEPRECATED_REMOVED
00222 
00223 /* \} name SECTION: System support */
00224 
00225 /**
00226  * \name SECTION: mbed TLS feature support
00227  *
00228  * This section sets support for features that are or are not needed
00229  * within the modules that are enabled.
00230  * \{
00231  */
00232 
00233 /**
00234  * \def MBEDTLS_TIMING_ALT
00235  *
00236  * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
00237  * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
00238  *
00239  * Only works if you have MBEDTLS_TIMING_C enabled.
00240  *
00241  * You will need to provide a header "timing_alt.h" and an implementation at
00242  * compile time.
00243  */
00244 //#define MBEDTLS_TIMING_ALT
00245 
00246 /**
00247  * \def MBEDTLS_AES_ALT
00248  *
00249  * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
00250  * alternate core implementation of a symmetric crypto, an arithmetic or hash
00251  * module (e.g. platform specific assembly optimized implementations). Keep
00252  * in mind that the function prototypes should remain the same.
00253  *
00254  * This replaces the whole module. If you only want to replace one of the
00255  * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
00256  *
00257  * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
00258  * provide the "struct mbedtls_aes_context" definition and omit the base
00259  * function declarations and implementations. "aes_alt.h" will be included from
00260  * "aes.h" to include the new function definitions.
00261  *
00262  * Uncomment a macro to enable alternate implementation of the corresponding
00263  * module.
00264  */
00265 //#define MBEDTLS_AES_ALT
00266 //#define MBEDTLS_ARC4_ALT
00267 //#define MBEDTLS_BLOWFISH_ALT
00268 //#define MBEDTLS_CAMELLIA_ALT
00269 //#define MBEDTLS_DES_ALT
00270 //#define MBEDTLS_XTEA_ALT
00271 //#define MBEDTLS_MD2_ALT
00272 //#define MBEDTLS_MD4_ALT
00273 //#define MBEDTLS_MD5_ALT
00274 //#define MBEDTLS_RIPEMD160_ALT
00275 //#define MBEDTLS_SHA1_ALT
00276 //#define MBEDTLS_SHA256_ALT
00277 //#define MBEDTLS_SHA512_ALT
00278 /*
00279  * When replacing the elliptic curve module, pleace consider, that it is
00280  * implemented with two .c files:
00281  *      - ecp.c
00282  *      - ecp_curves.c
00283  * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
00284  * macros as described above. The only difference is that you have to make sure
00285  * that you provide functionality for both .c files.
00286  */
00287 //#define MBEDTLS_ECP_ALT
00288 
00289 /**
00290  * \def MBEDTLS_MD2_PROCESS_ALT
00291  *
00292  * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
00293  * alternate core implementation of symmetric crypto or hash function. Keep in
00294  * mind that function prototypes should remain the same.
00295  *
00296  * This replaces only one function. The header file from mbed TLS is still
00297  * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
00298  *
00299  * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
00300  * no longer provide the mbedtls_sha1_process() function, but it will still provide
00301  * the other function (using your mbedtls_sha1_process() function) and the definition
00302  * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
00303  * with this definition.
00304  *
00305  * \note Because of a signature change, the core AES encryption and decryption routines are
00306  *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
00307  *       respectively. When setting up alternative implementations, these functions should
00308  *       be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
00309  *       must stay untouched.
00310  *
00311  * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
00312  *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
00313  *       tables.
00314  *
00315  * Uncomment a macro to enable alternate implementation of the corresponding
00316  * function.
00317  */
00318 //#define MBEDTLS_MD2_PROCESS_ALT
00319 //#define MBEDTLS_MD4_PROCESS_ALT
00320 //#define MBEDTLS_MD5_PROCESS_ALT
00321 //#define MBEDTLS_RIPEMD160_PROCESS_ALT
00322 //#define MBEDTLS_SHA1_PROCESS_ALT
00323 //#define MBEDTLS_SHA256_PROCESS_ALT
00324 //#define MBEDTLS_SHA512_PROCESS_ALT
00325 //#define MBEDTLS_DES_SETKEY_ALT
00326 //#define MBEDTLS_DES_CRYPT_ECB_ALT
00327 //#define MBEDTLS_DES3_CRYPT_ECB_ALT
00328 //#define MBEDTLS_AES_SETKEY_ENC_ALT
00329 //#define MBEDTLS_AES_SETKEY_DEC_ALT
00330 //#define MBEDTLS_AES_ENCRYPT_ALT
00331 //#define MBEDTLS_AES_DECRYPT_ALT
00332 
00333 /**
00334  * \def MBEDTLS_ECP_INTERNAL_ALT
00335  *
00336  * Expose a part of the internal interface of the Elliptic Curve Point module.
00337  *
00338  * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
00339  * alternative core implementation of elliptic curve arithmetic. Keep in mind
00340  * that function prototypes should remain the same.
00341  *
00342  * This partially replaces one function. The header file from mbed TLS is still
00343  * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
00344  * is still present and it is used for group structures not supported by the
00345  * alternative.
00346  *
00347  * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
00348  * and implementing the following functions:
00349  *      unsigned char mbedtls_internal_ecp_grp_capable(
00350  *          const mbedtls_ecp_group *grp )
00351  *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
00352  *      void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
00353  * The mbedtls_internal_ecp_grp_capable function should return 1 if the
00354  * replacement functions implement arithmetic for the given group and 0
00355  * otherwise.
00356  * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
00357  * called before and after each point operation and provide an opportunity to
00358  * implement optimized set up and tear down instructions.
00359  *
00360  * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
00361  * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
00362  * function, but will use your mbedtls_internal_ecp_double_jac if the group is
00363  * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
00364  * receives it as an argument). If the group is not supported then the original
00365  * implementation is used. The other functions and the definition of
00366  * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
00367  * implementation of mbedtls_internal_ecp_double_jac and
00368  * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
00369  *
00370  * Uncomment a macro to enable alternate implementation of the corresponding
00371  * function.
00372  */
00373 /* Required for all the functions in this section */
00374 //#define MBEDTLS_ECP_INTERNAL_ALT
00375 /* Support for Weierstrass curves with Jacobi representation */
00376 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
00377 //#define MBEDTLS_ECP_ADD_MIXED_ALT
00378 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT
00379 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
00380 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
00381 /* Support for curves with Montgomery arithmetic */
00382 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
00383 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
00384 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
00385 
00386 /**
00387  * \def MBEDTLS_TEST_NULL_ENTROPY
00388  *
00389  * Enables testing and use of mbed TLS without any configured entropy sources.
00390  * This permits use of the library on platforms before an entropy source has
00391  * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
00392  * MBEDTLS_ENTROPY_NV_SEED switches).
00393  *
00394  * WARNING! This switch MUST be disabled in production builds, and is suitable
00395  * only for development.
00396  * Enabling the switch negates any security provided by the library.
00397  *
00398  * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
00399  *
00400  */
00401 //#define MBEDTLS_TEST_NULL_ENTROPY
00402 
00403 /**
00404  * \def MBEDTLS_ENTROPY_HARDWARE_ALT
00405  *
00406  * Uncomment this macro to let mbed TLS use your own implementation of a
00407  * hardware entropy collector.
00408  *
00409  * Your function must be called \c mbedtls_hardware_poll(), have the same
00410  * prototype as declared in entropy_poll.h, and accept NULL as first argument.
00411  *
00412  * Uncomment to use your own hardware entropy collector.
00413  */
00414 //#define MBEDTLS_ENTROPY_HARDWARE_ALT
00415 
00416 /**
00417  * \def MBEDTLS_AES_ROM_TABLES
00418  *
00419  * Store the AES tables in ROM.
00420  *
00421  * Uncomment this macro to store the AES tables in ROM.
00422  */
00423 //#define MBEDTLS_AES_ROM_TABLES
00424 
00425 /**
00426  * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
00427  *
00428  * Use less ROM for the Camellia implementation (saves about 768 bytes).
00429  *
00430  * Uncomment this macro to use less memory for Camellia.
00431  */
00432 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY
00433 
00434 /**
00435  * \def MBEDTLS_CIPHER_MODE_CBC
00436  *
00437  * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
00438  */
00439 #define MBEDTLS_CIPHER_MODE_CBC
00440 
00441 /**
00442  * \def MBEDTLS_CIPHER_MODE_CFB
00443  *
00444  * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
00445  */
00446 #define MBEDTLS_CIPHER_MODE_CFB
00447 
00448 /**
00449  * \def MBEDTLS_CIPHER_MODE_CTR
00450  *
00451  * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
00452  */
00453 #define MBEDTLS_CIPHER_MODE_CTR
00454 
00455 /**
00456  * \def MBEDTLS_CIPHER_NULL_CIPHER
00457  *
00458  * Enable NULL cipher.
00459  * Warning: Only do so when you know what you are doing. This allows for
00460  * encryption or channels without any security!
00461  *
00462  * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
00463  * the following ciphersuites:
00464  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
00465  *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
00466  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
00467  *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
00468  *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
00469  *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
00470  *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
00471  *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
00472  *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
00473  *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
00474  *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
00475  *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
00476  *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
00477  *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
00478  *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
00479  *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
00480  *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
00481  *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
00482  *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
00483  *
00484  * Uncomment this macro to enable the NULL cipher and ciphersuites
00485  */
00486 //#define MBEDTLS_CIPHER_NULL_CIPHER
00487 
00488 /**
00489  * \def MBEDTLS_CIPHER_PADDING_PKCS7
00490  *
00491  * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
00492  * specific padding modes in the cipher layer with cipher modes that support
00493  * padding (e.g. CBC)
00494  *
00495  * If you disable all padding modes, only full blocks can be used with CBC.
00496  *
00497  * Enable padding modes in the cipher layer.
00498  */
00499 #define MBEDTLS_CIPHER_PADDING_PKCS7
00500 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
00501 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
00502 #define MBEDTLS_CIPHER_PADDING_ZEROS
00503 
00504 /**
00505  * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
00506  *
00507  * Enable weak ciphersuites in SSL / TLS.
00508  * Warning: Only do so when you know what you are doing. This allows for
00509  * channels with virtually no security at all!
00510  *
00511  * This enables the following ciphersuites:
00512  *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
00513  *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
00514  *
00515  * Uncomment this macro to enable weak ciphersuites
00516  */
00517 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
00518 
00519 /**
00520  * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
00521  *
00522  * Remove RC4 ciphersuites by default in SSL / TLS.
00523  * This flag removes the ciphersuites based on RC4 from the default list as
00524  * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
00525  * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
00526  * explicitly.
00527  *
00528  * Uncomment this macro to remove RC4 ciphersuites by default.
00529  */
00530 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
00531 
00532 /**
00533  * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
00534  *
00535  * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
00536  * module.  By default all supported curves are enabled.
00537  *
00538  * Comment macros to disable the curve and functions for it
00539  */
00540 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
00541 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
00542 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
00543 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
00544 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
00545 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
00546 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
00547 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
00548 #define MBEDTLS_ECP_DP_BP256R1_ENABLED
00549 #define MBEDTLS_ECP_DP_BP384R1_ENABLED
00550 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
00551 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
00552 
00553 /**
00554  * \def MBEDTLS_ECP_NIST_OPTIM
00555  *
00556  * Enable specific 'modulo p' routines for each NIST prime.
00557  * Depending on the prime and architecture, makes operations 4 to 8 times
00558  * faster on the corresponding curve.
00559  *
00560  * Comment this macro to disable NIST curves optimisation.
00561  */
00562 #define MBEDTLS_ECP_NIST_OPTIM
00563 
00564 /**
00565  * \def MBEDTLS_ECDSA_DETERMINISTIC
00566  *
00567  * Enable deterministic ECDSA (RFC 6979).
00568  * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
00569  * may result in a compromise of the long-term signing key. This is avoided by
00570  * the deterministic variant.
00571  *
00572  * Requires: MBEDTLS_HMAC_DRBG_C
00573  *
00574  * Comment this macro to disable deterministic ECDSA.
00575  */
00576 #define MBEDTLS_ECDSA_DETERMINISTIC
00577 
00578 /**
00579  * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
00580  *
00581  * Enable the PSK based ciphersuite modes in SSL / TLS.
00582  *
00583  * This enables the following ciphersuites (if other requisites are
00584  * enabled as well):
00585  *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
00586  *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
00587  *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
00588  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
00589  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
00590  *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
00591  *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
00592  *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
00593  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
00594  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
00595  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
00596  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
00597  */
00598 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
00599 
00600 /**
00601  * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
00602  *
00603  * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
00604  *
00605  * Requires: MBEDTLS_DHM_C
00606  *
00607  * This enables the following ciphersuites (if other requisites are
00608  * enabled as well):
00609  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
00610  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
00611  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
00612  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
00613  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
00614  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
00615  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
00616  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
00617  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
00618  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
00619  *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
00620  *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
00621  */
00622 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
00623 
00624 /**
00625  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
00626  *
00627  * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
00628  *
00629  * Requires: MBEDTLS_ECDH_C
00630  *
00631  * This enables the following ciphersuites (if other requisites are
00632  * enabled as well):
00633  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
00634  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
00635  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
00636  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
00637  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
00638  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
00639  *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
00640  *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
00641  */
00642 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
00643 
00644 /**
00645  * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
00646  *
00647  * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
00648  *
00649  * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
00650  *           MBEDTLS_X509_CRT_PARSE_C
00651  *
00652  * This enables the following ciphersuites (if other requisites are
00653  * enabled as well):
00654  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
00655  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
00656  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
00657  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
00658  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
00659  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
00660  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
00661  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
00662  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
00663  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
00664  *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
00665  *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
00666  */
00667 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
00668 
00669 /**
00670  * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
00671  *
00672  * Enable the RSA-only based ciphersuite modes in SSL / TLS.
00673  *
00674  * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
00675  *           MBEDTLS_X509_CRT_PARSE_C
00676  *
00677  * This enables the following ciphersuites (if other requisites are
00678  * enabled as well):
00679  *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
00680  *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
00681  *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
00682  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
00683  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
00684  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
00685  *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
00686  *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
00687  *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
00688  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
00689  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
00690  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
00691  *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
00692  *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
00693  *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
00694  */
00695 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
00696 
00697 /**
00698  * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
00699  *
00700  * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
00701  *
00702  * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
00703  *           MBEDTLS_X509_CRT_PARSE_C
00704  *
00705  * This enables the following ciphersuites (if other requisites are
00706  * enabled as well):
00707  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
00708  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
00709  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
00710  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
00711  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
00712  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
00713  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
00714  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
00715  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
00716  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
00717  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
00718  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
00719  *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
00720  */
00721 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
00722 
00723 /**
00724  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
00725  *
00726  * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
00727  *
00728  * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
00729  *           MBEDTLS_X509_CRT_PARSE_C
00730  *
00731  * This enables the following ciphersuites (if other requisites are
00732  * enabled as well):
00733  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
00734  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
00735  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
00736  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
00737  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
00738  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
00739  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
00740  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
00741  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
00742  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
00743  *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
00744  *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
00745  */
00746 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
00747 
00748 /**
00749  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
00750  *
00751  * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
00752  *
00753  * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
00754  *
00755  * This enables the following ciphersuites (if other requisites are
00756  * enabled as well):
00757  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
00758  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
00759  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
00760  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
00761  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
00762  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
00763  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
00764  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
00765  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
00766  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
00767  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
00768  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
00769  */
00770 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
00771 
00772 /**
00773  * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
00774  *
00775  * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
00776  *
00777  * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
00778  *
00779  * This enables the following ciphersuites (if other requisites are
00780  * enabled as well):
00781  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
00782  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
00783  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
00784  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
00785  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
00786  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
00787  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
00788  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
00789  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
00790  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
00791  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
00792  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
00793  */
00794 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
00795 
00796 /**
00797  * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
00798  *
00799  * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
00800  *
00801  * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
00802  *
00803  * This enables the following ciphersuites (if other requisites are
00804  * enabled as well):
00805  *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
00806  *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
00807  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
00808  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
00809  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
00810  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
00811  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
00812  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
00813  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
00814  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
00815  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
00816  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
00817  */
00818 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
00819 
00820 /**
00821  * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
00822  *
00823  * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
00824  *
00825  * \warning This is currently experimental. EC J-PAKE support is based on the
00826  * Thread v1.0.0 specification; incompatible changes to the specification
00827  * might still happen. For this reason, this is disabled by default.
00828  *
00829  * Requires: MBEDTLS_ECJPAKE_C
00830  *           MBEDTLS_SHA256_C
00831  *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
00832  *
00833  * This enables the following ciphersuites (if other requisites are
00834  * enabled as well):
00835  *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
00836  */
00837 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
00838 
00839 /**
00840  * \def MBEDTLS_PK_PARSE_EC_EXTENDED
00841  *
00842  * Enhance support for reading EC keys using variants of SEC1 not allowed by
00843  * RFC 5915 and RFC 5480.
00844  *
00845  * Currently this means parsing the SpecifiedECDomain choice of EC
00846  * parameters (only known groups are supported, not arbitrary domains, to
00847  * avoid validation issues).
00848  *
00849  * Disable if you only need to support RFC 5915 + 5480 key formats.
00850  */
00851 #define MBEDTLS_PK_PARSE_EC_EXTENDED
00852 
00853 /**
00854  * \def MBEDTLS_ERROR_STRERROR_DUMMY
00855  *
00856  * Enable a dummy error function to make use of mbedtls_strerror() in
00857  * third party libraries easier when MBEDTLS_ERROR_C is disabled
00858  * (no effect when MBEDTLS_ERROR_C is enabled).
00859  *
00860  * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
00861  * not using mbedtls_strerror() or error_strerror() in your application.
00862  *
00863  * Disable if you run into name conflicts and want to really remove the
00864  * mbedtls_strerror()
00865  */
00866 #define MBEDTLS_ERROR_STRERROR_DUMMY
00867 
00868 /**
00869  * \def MBEDTLS_GENPRIME
00870  *
00871  * Enable the prime-number generation code.
00872  *
00873  * Requires: MBEDTLS_BIGNUM_C
00874  */
00875 #define MBEDTLS_GENPRIME
00876 
00877 /**
00878  * \def MBEDTLS_FS_IO
00879  *
00880  * Enable functions that use the filesystem.
00881  */
00882 //#define MBEDTLS_FS_IO
00883 
00884 /**
00885  * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
00886  *
00887  * Do not add default entropy sources. These are the platform specific,
00888  * mbedtls_timing_hardclock and HAVEGE based poll functions.
00889  *
00890  * This is useful to have more control over the added entropy sources in an
00891  * application.
00892  *
00893  * Uncomment this macro to prevent loading of default entropy functions.
00894  */
00895 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
00896 
00897 /**
00898  * \def MBEDTLS_NO_PLATFORM_ENTROPY
00899  *
00900  * Do not use built-in platform entropy functions.
00901  * This is useful if your platform does not support
00902  * standards like the /dev/urandom or Windows CryptoAPI.
00903  *
00904  * Uncomment this macro to disable the built-in platform entropy functions.
00905  */
00906 #define MBEDTLS_NO_PLATFORM_ENTROPY
00907 
00908 /**
00909  * \def MBEDTLS_ENTROPY_FORCE_SHA256
00910  *
00911  * Force the entropy accumulator to use a SHA-256 accumulator instead of the
00912  * default SHA-512 based one (if both are available).
00913  *
00914  * Requires: MBEDTLS_SHA256_C
00915  *
00916  * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
00917  * if you have performance concerns.
00918  *
00919  * This option is only useful if both MBEDTLS_SHA256_C and
00920  * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
00921  */
00922 //#define MBEDTLS_ENTROPY_FORCE_SHA256
00923 
00924 /**
00925  * \def MBEDTLS_ENTROPY_NV_SEED
00926  *
00927  * Enable the non-volatile (NV) seed file-based entropy source.
00928  * (Also enables the NV seed read/write functions in the platform layer)
00929  *
00930  * This is crucial (if not required) on systems that do not have a
00931  * cryptographic entropy source (in hardware or kernel) available.
00932  *
00933  * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
00934  *
00935  * \note The read/write functions that are used by the entropy source are
00936  *       determined in the platform layer, and can be modified at runtime and/or
00937  *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
00938  *
00939  * \note If you use the default implementation functions that read a seedfile
00940  *       with regular fopen(), please make sure you make a seedfile with the
00941  *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
00942  *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
00943  *       and written to or you will get an entropy source error! The default
00944  *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
00945  *       bytes from the file.
00946  *
00947  * \note The entropy collector will write to the seed file before entropy is
00948  *       given to an external source, to update it.
00949  */
00950 //#define MBEDTLS_ENTROPY_NV_SEED
00951 
00952 /**
00953  * \def MBEDTLS_MEMORY_DEBUG
00954  *
00955  * Enable debugging of buffer allocator memory issues. Automatically prints
00956  * (to stderr) all (fatal) messages on memory allocation issues. Enables
00957  * function for 'debug output' of allocated memory.
00958  *
00959  * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
00960  *
00961  * Uncomment this macro to let the buffer allocator print out error messages.
00962  */
00963 //#define MBEDTLS_MEMORY_DEBUG
00964 
00965 /**
00966  * \def MBEDTLS_MEMORY_BACKTRACE
00967  *
00968  * Include backtrace information with each allocated block.
00969  *
00970  * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
00971  *           GLIBC-compatible backtrace() an backtrace_symbols() support
00972  *
00973  * Uncomment this macro to include backtrace information
00974  */
00975 //#define MBEDTLS_MEMORY_BACKTRACE
00976 
00977 /**
00978  * \def MBEDTLS_PK_RSA_ALT_SUPPORT
00979  *
00980  * Support external private RSA keys (eg from a HSM) in the PK layer.
00981  *
00982  * Comment this macro to disable support for external private RSA keys.
00983  */
00984 #define MBEDTLS_PK_RSA_ALT_SUPPORT
00985 
00986 /**
00987  * \def MBEDTLS_PKCS1_V15
00988  *
00989  * Enable support for PKCS#1 v1.5 encoding.
00990  *
00991  * Requires: MBEDTLS_RSA_C
00992  *
00993  * This enables support for PKCS#1 v1.5 operations.
00994  */
00995 #define MBEDTLS_PKCS1_V15
00996 
00997 /**
00998  * \def MBEDTLS_PKCS1_V21
00999  *
01000  * Enable support for PKCS#1 v2.1 encoding.
01001  *
01002  * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
01003  *
01004  * This enables support for RSAES-OAEP and RSASSA-PSS operations.
01005  */
01006 #define MBEDTLS_PKCS1_V21
01007 
01008 /**
01009  * \def MBEDTLS_RSA_NO_CRT
01010  *
01011  * Do not use the Chinese Remainder Theorem for the RSA private operation.
01012  *
01013  * Uncomment this macro to disable the use of CRT in RSA.
01014  *
01015  */
01016 //#define MBEDTLS_RSA_NO_CRT
01017 
01018 /**
01019  * \def MBEDTLS_SELF_TEST
01020  *
01021  * Enable the checkup functions (*_self_test).
01022  */
01023 #define MBEDTLS_SELF_TEST
01024 
01025 /**
01026  * \def MBEDTLS_SHA256_SMALLER
01027  *
01028  * Enable an implementation of SHA-256 that has lower ROM footprint but also
01029  * lower performance.
01030  *
01031  * The default implementation is meant to be a reasonnable compromise between
01032  * performance and size. This version optimizes more aggressively for size at
01033  * the expense of performance. Eg on Cortex-M4 it reduces the size of
01034  * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
01035  * 30%.
01036  *
01037  * Uncomment to enable the smaller implementation of SHA256.
01038  */
01039 //#define MBEDTLS_SHA256_SMALLER
01040 
01041 /**
01042  * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
01043  *
01044  * Enable sending of alert messages in case of encountered errors as per RFC.
01045  * If you choose not to send the alert messages, mbed TLS can still communicate
01046  * with other servers, only debugging of failures is harder.
01047  *
01048  * The advantage of not sending alert messages, is that no information is given
01049  * about reasons for failures thus preventing adversaries of gaining intel.
01050  *
01051  * Enable sending of all alert messages
01052  */
01053 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
01054 
01055 /**
01056  * \def MBEDTLS_SSL_DEBUG_ALL
01057  *
01058  * Enable the debug messages in SSL module for all issues.
01059  * Debug messages have been disabled in some places to prevent timing
01060  * attacks due to (unbalanced) debugging function calls.
01061  *
01062  * If you need all error reporting you should enable this during debugging,
01063  * but remove this for production servers that should log as well.
01064  *
01065  * Uncomment this macro to report all debug messages on errors introducing
01066  * a timing side-channel.
01067  *
01068  */
01069 //#define MBEDTLS_SSL_DEBUG_ALL
01070 
01071 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
01072  *
01073  * Enable support for Encrypt-then-MAC, RFC 7366.
01074  *
01075  * This allows peers that both support it to use a more robust protection for
01076  * ciphersuites using CBC, providing deep resistance against timing attacks
01077  * on the padding or underlying cipher.
01078  *
01079  * This only affects CBC ciphersuites, and is useless if none is defined.
01080  *
01081  * Requires: MBEDTLS_SSL_PROTO_TLS1    or
01082  *           MBEDTLS_SSL_PROTO_TLS1_1  or
01083  *           MBEDTLS_SSL_PROTO_TLS1_2
01084  *
01085  * Comment this macro to disable support for Encrypt-then-MAC
01086  */
01087 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC
01088 
01089 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
01090  *
01091  * Enable support for Extended Master Secret, aka Session Hash
01092  * (draft-ietf-tls-session-hash-02).
01093  *
01094  * This was introduced as "the proper fix" to the Triple Handshake familiy of
01095  * attacks, but it is recommended to always use it (even if you disable
01096  * renegotiation), since it actually fixes a more fundamental issue in the
01097  * original SSL/TLS design, and has implications beyond Triple Handshake.
01098  *
01099  * Requires: MBEDTLS_SSL_PROTO_TLS1    or
01100  *           MBEDTLS_SSL_PROTO_TLS1_1  or
01101  *           MBEDTLS_SSL_PROTO_TLS1_2
01102  *
01103  * Comment this macro to disable support for Extended Master Secret.
01104  */
01105 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
01106 
01107 /**
01108  * \def MBEDTLS_SSL_FALLBACK_SCSV
01109  *
01110  * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
01111  *
01112  * For servers, it is recommended to always enable this, unless you support
01113  * only one version of TLS, or know for sure that none of your clients
01114  * implements a fallback strategy.
01115  *
01116  * For clients, you only need this if you're using a fallback strategy, which
01117  * is not recommended in the first place, unless you absolutely need it to
01118  * interoperate with buggy (version-intolerant) servers.
01119  *
01120  * Comment this macro to disable support for FALLBACK_SCSV
01121  */
01122 #define MBEDTLS_SSL_FALLBACK_SCSV
01123 
01124 /**
01125  * \def MBEDTLS_SSL_HW_RECORD_ACCEL
01126  *
01127  * Enable hooking functions in SSL module for hardware acceleration of
01128  * individual records.
01129  *
01130  * Uncomment this macro to enable hooking functions.
01131  */
01132 //#define MBEDTLS_SSL_HW_RECORD_ACCEL
01133 
01134 /**
01135  * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
01136  *
01137  * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
01138  *
01139  * This is a countermeasure to the BEAST attack, which also minimizes the risk
01140  * of interoperability issues compared to sending 0-length records.
01141  *
01142  * Comment this macro to disable 1/n-1 record splitting.
01143  */
01144 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING
01145 
01146 /**
01147  * \def MBEDTLS_SSL_RENEGOTIATION
01148  *
01149  * Disable support for TLS renegotiation.
01150  *
01151  * The two main uses of renegotiation are (1) refresh keys on long-lived
01152  * connections and (2) client authentication after the initial handshake.
01153  * If you don't need renegotiation, it's probably better to disable it, since
01154  * it has been associated with security issues in the past and is easy to
01155  * misuse/misunderstand.
01156  *
01157  * Comment this to disable support for renegotiation.
01158  */
01159 #define MBEDTLS_SSL_RENEGOTIATION
01160 
01161 /**
01162  * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
01163  *
01164  * Enable support for receiving and parsing SSLv2 Client Hello messages for the
01165  * SSL Server module (MBEDTLS_SSL_SRV_C).
01166  *
01167  * Uncomment this macro to enable support for SSLv2 Client Hello messages.
01168  */
01169 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
01170 
01171 /**
01172  * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
01173  *
01174  * Pick the ciphersuite according to the client's preferences rather than ours
01175  * in the SSL Server module (MBEDTLS_SSL_SRV_C).
01176  *
01177  * Uncomment this macro to respect client's ciphersuite order
01178  */
01179 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
01180 
01181 /**
01182  * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
01183  *
01184  * Enable support for RFC 6066 max_fragment_length extension in SSL.
01185  *
01186  * Comment this macro to disable support for the max_fragment_length extension
01187  */
01188 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
01189 
01190 /**
01191  * \def MBEDTLS_SSL_PROTO_SSL3
01192  *
01193  * Enable support for SSL 3.0.
01194  *
01195  * Requires: MBEDTLS_MD5_C
01196  *           MBEDTLS_SHA1_C
01197  *
01198  * Comment this macro to disable support for SSL 3.0
01199  */
01200 //#define MBEDTLS_SSL_PROTO_SSL3
01201 
01202 /**
01203  * \def MBEDTLS_SSL_PROTO_TLS1
01204  *
01205  * Enable support for TLS 1.0.
01206  *
01207  * Requires: MBEDTLS_MD5_C
01208  *           MBEDTLS_SHA1_C
01209  *
01210  * Comment this macro to disable support for TLS 1.0
01211  */
01212 #define MBEDTLS_SSL_PROTO_TLS1
01213 
01214 /**
01215  * \def MBEDTLS_SSL_PROTO_TLS1_1
01216  *
01217  * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
01218  *
01219  * Requires: MBEDTLS_MD5_C
01220  *           MBEDTLS_SHA1_C
01221  *
01222  * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
01223  */
01224 #define MBEDTLS_SSL_PROTO_TLS1_1
01225 
01226 /**
01227  * \def MBEDTLS_SSL_PROTO_TLS1_2
01228  *
01229  * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
01230  *
01231  * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
01232  *           (Depends on ciphersuites)
01233  *
01234  * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
01235  */
01236 #define MBEDTLS_SSL_PROTO_TLS1_2
01237 
01238 /**
01239  * \def MBEDTLS_SSL_PROTO_DTLS
01240  *
01241  * Enable support for DTLS (all available versions).
01242  *
01243  * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
01244  * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
01245  *
01246  * Requires: MBEDTLS_SSL_PROTO_TLS1_1
01247  *        or MBEDTLS_SSL_PROTO_TLS1_2
01248  *
01249  * Comment this macro to disable support for DTLS
01250  */
01251 #define MBEDTLS_SSL_PROTO_DTLS
01252 
01253 /**
01254  * \def MBEDTLS_SSL_ALPN
01255  *
01256  * Enable support for RFC 7301 Application Layer Protocol Negotiation.
01257  *
01258  * Comment this macro to disable support for ALPN.
01259  */
01260 #define MBEDTLS_SSL_ALPN
01261 
01262 /**
01263  * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
01264  *
01265  * Enable support for the anti-replay mechanism in DTLS.
01266  *
01267  * Requires: MBEDTLS_SSL_TLS_C
01268  *           MBEDTLS_SSL_PROTO_DTLS
01269  *
01270  * \warning Disabling this is often a security risk!
01271  * See mbedtls_ssl_conf_dtls_anti_replay() for details.
01272  *
01273  * Comment this to disable anti-replay in DTLS.
01274  */
01275 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
01276 
01277 /**
01278  * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
01279  *
01280  * Enable support for HelloVerifyRequest on DTLS servers.
01281  *
01282  * This feature is highly recommended to prevent DTLS servers being used as
01283  * amplifiers in DoS attacks against other hosts. It should always be enabled
01284  * unless you know for sure amplification cannot be a problem in the
01285  * environment in which your server operates.
01286  *
01287  * \warning Disabling this can ba a security risk! (see above)
01288  *
01289  * Requires: MBEDTLS_SSL_PROTO_DTLS
01290  *
01291  * Comment this to disable support for HelloVerifyRequest.
01292  */
01293 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
01294 
01295 /**
01296  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
01297  *
01298  * Enable server-side support for clients that reconnect from the same port.
01299  *
01300  * Some clients unexpectedly close the connection and try to reconnect using the
01301  * same source port. This needs special support from the server to handle the
01302  * new connection securely, as described in section 4.2.8 of RFC 6347. This
01303  * flag enables that support.
01304  *
01305  * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
01306  *
01307  * Comment this to disable support for clients reusing the source port.
01308  */
01309 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
01310 
01311 /**
01312  * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
01313  *
01314  * Enable support for a limit of records with bad MAC.
01315  *
01316  * See mbedtls_ssl_conf_dtls_badmac_limit().
01317  *
01318  * Requires: MBEDTLS_SSL_PROTO_DTLS
01319  */
01320 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
01321 
01322 /**
01323  * \def MBEDTLS_SSL_SESSION_TICKETS
01324  *
01325  * Enable support for RFC 5077 session tickets in SSL.
01326  * Client-side, provides full support for session tickets (maintainance of a
01327  * session store remains the responsibility of the application, though).
01328  * Server-side, you also need to provide callbacks for writing and parsing
01329  * tickets, including authenticated encryption and key management. Example
01330  * callbacks are provided by MBEDTLS_SSL_TICKET_C.
01331  *
01332  * Comment this macro to disable support for SSL session tickets
01333  */
01334 #define MBEDTLS_SSL_SESSION_TICKETS
01335 
01336 /**
01337  * \def MBEDTLS_SSL_EXPORT_KEYS
01338  *
01339  * Enable support for exporting key block and master secret.
01340  * This is required for certain users of TLS, e.g. EAP-TLS.
01341  *
01342  * Comment this macro to disable support for key export
01343  */
01344 #define MBEDTLS_SSL_EXPORT_KEYS
01345 
01346 /**
01347  * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
01348  *
01349  * Enable support for RFC 6066 server name indication (SNI) in SSL.
01350  *
01351  * Requires: MBEDTLS_X509_CRT_PARSE_C
01352  *
01353  * Comment this macro to disable support for server name indication in SSL
01354  */
01355 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
01356 
01357 /**
01358  * \def MBEDTLS_SSL_TRUNCATED_HMAC
01359  *
01360  * Enable support for RFC 6066 truncated HMAC in SSL.
01361  *
01362  * Comment this macro to disable support for truncated HMAC in SSL
01363  */
01364 #define MBEDTLS_SSL_TRUNCATED_HMAC
01365 
01366 /**
01367  * \def MBEDTLS_THREADING_ALT
01368  *
01369  * Provide your own alternate threading implementation.
01370  *
01371  * Requires: MBEDTLS_THREADING_C
01372  *
01373  * Uncomment this to allow your own alternate threading implementation.
01374  */
01375 //#define MBEDTLS_THREADING_ALT
01376 
01377 /**
01378  * \def MBEDTLS_THREADING_PTHREAD
01379  *
01380  * Enable the pthread wrapper layer for the threading layer.
01381  *
01382  * Requires: MBEDTLS_THREADING_C
01383  *
01384  * Uncomment this to enable pthread mutexes.
01385  */
01386 //#define MBEDTLS_THREADING_PTHREAD
01387 
01388 /**
01389  * \def MBEDTLS_VERSION_FEATURES
01390  *
01391  * Allow run-time checking of compile-time enabled features. Thus allowing users
01392  * to check at run-time if the library is for instance compiled with threading
01393  * support via mbedtls_version_check_feature().
01394  *
01395  * Requires: MBEDTLS_VERSION_C
01396  *
01397  * Comment this to disable run-time checking and save ROM space
01398  */
01399 #define MBEDTLS_VERSION_FEATURES
01400 
01401 /**
01402  * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
01403  *
01404  * If set, the X509 parser will not break-off when parsing an X509 certificate
01405  * and encountering an extension in a v1 or v2 certificate.
01406  *
01407  * Uncomment to prevent an error.
01408  */
01409 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
01410 
01411 /**
01412  * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
01413  *
01414  * If set, the X509 parser will not break-off when parsing an X509 certificate
01415  * and encountering an unknown critical extension.
01416  *
01417  * \warning Depending on your PKI use, enabling this can be a security risk!
01418  *
01419  * Uncomment to prevent an error.
01420  */
01421 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
01422 
01423 /**
01424  * \def MBEDTLS_X509_CHECK_KEY_USAGE
01425  *
01426  * Enable verification of the keyUsage extension (CA and leaf certificates).
01427  *
01428  * Disabling this avoids problems with mis-issued and/or misused
01429  * (intermediate) CA and leaf certificates.
01430  *
01431  * \warning Depending on your PKI use, disabling this can be a security risk!
01432  *
01433  * Comment to skip keyUsage checking for both CA and leaf certificates.
01434  */
01435 #define MBEDTLS_X509_CHECK_KEY_USAGE
01436 
01437 /**
01438  * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
01439  *
01440  * Enable verification of the extendedKeyUsage extension (leaf certificates).
01441  *
01442  * Disabling this avoids problems with mis-issued and/or misused certificates.
01443  *
01444  * \warning Depending on your PKI use, disabling this can be a security risk!
01445  *
01446  * Comment to skip extendedKeyUsage checking for certificates.
01447  */
01448 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
01449 
01450 /**
01451  * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
01452  *
01453  * Enable parsing and verification of X.509 certificates, CRLs and CSRS
01454  * signed with RSASSA-PSS (aka PKCS#1 v2.1).
01455  *
01456  * Comment this macro to disallow using RSASSA-PSS in certificates.
01457  */
01458 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
01459 
01460 /**
01461  * \def MBEDTLS_ZLIB_SUPPORT
01462  *
01463  * If set, the SSL/TLS module uses ZLIB to support compression and
01464  * decompression of packet data.
01465  *
01466  * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
01467  * CRIME attack. Before enabling this option, you should examine with care if
01468  * CRIME or similar exploits may be a applicable to your use case.
01469  *
01470  * \note Currently compression can't be used with DTLS.
01471  *
01472  * Used in: library/ssl_tls.c
01473  *          library/ssl_cli.c
01474  *          library/ssl_srv.c
01475  *
01476  * This feature requires zlib library and headers to be present.
01477  *
01478  * Uncomment to enable use of ZLIB
01479  */
01480 //#define MBEDTLS_ZLIB_SUPPORT
01481 /* \} name SECTION: mbed TLS feature support */
01482 
01483 /**
01484  * \name SECTION: mbed TLS modules
01485  *
01486  * This section enables or disables entire modules in mbed TLS
01487  * \{
01488  */
01489 
01490 /**
01491  * \def MBEDTLS_AESNI_C
01492  *
01493  * Enable AES-NI support on x86-64.
01494  *
01495  * Module:  library/aesni.c
01496  * Caller:  library/aes.c
01497  *
01498  * Requires: MBEDTLS_HAVE_ASM
01499  *
01500  * This modules adds support for the AES-NI instructions on x86-64
01501  */
01502 #define MBEDTLS_AESNI_C
01503 
01504 /**
01505  * \def MBEDTLS_AES_C
01506  *
01507  * Enable the AES block cipher.
01508  *
01509  * Module:  library/aes.c
01510  * Caller:  library/ssl_tls.c
01511  *          library/pem.c
01512  *          library/ctr_drbg.c
01513  *
01514  * This module enables the following ciphersuites (if other requisites are
01515  * enabled as well):
01516  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
01517  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
01518  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
01519  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
01520  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
01521  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
01522  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
01523  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
01524  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
01525  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
01526  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
01527  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
01528  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
01529  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
01530  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
01531  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
01532  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
01533  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
01534  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
01535  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
01536  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
01537  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
01538  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
01539  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
01540  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
01541  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
01542  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
01543  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
01544  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
01545  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
01546  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
01547  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
01548  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
01549  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
01550  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
01551  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
01552  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
01553  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
01554  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
01555  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
01556  *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
01557  *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
01558  *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
01559  *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
01560  *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
01561  *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
01562  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
01563  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
01564  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
01565  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
01566  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
01567  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
01568  *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
01569  *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
01570  *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
01571  *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
01572  *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
01573  *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
01574  *
01575  * PEM_PARSE uses AES for decrypting encrypted keys.
01576  */
01577 #define MBEDTLS_AES_C
01578 
01579 /**
01580  * \def MBEDTLS_ARC4_C
01581  *
01582  * Enable the ARCFOUR stream cipher.
01583  *
01584  * Module:  library/arc4.c
01585  * Caller:  library/ssl_tls.c
01586  *
01587  * This module enables the following ciphersuites (if other requisites are
01588  * enabled as well):
01589  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
01590  *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
01591  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
01592  *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
01593  *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
01594  *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
01595  *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
01596  *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
01597  *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
01598  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
01599  */
01600 #define MBEDTLS_ARC4_C
01601 
01602 /**
01603  * \def MBEDTLS_ASN1_PARSE_C
01604  *
01605  * Enable the generic ASN1 parser.
01606  *
01607  * Module:  library/asn1.c
01608  * Caller:  library/x509.c
01609  *          library/dhm.c
01610  *          library/pkcs12.c
01611  *          library/pkcs5.c
01612  *          library/pkparse.c
01613  */
01614 #define MBEDTLS_ASN1_PARSE_C
01615 
01616 /**
01617  * \def MBEDTLS_ASN1_WRITE_C
01618  *
01619  * Enable the generic ASN1 writer.
01620  *
01621  * Module:  library/asn1write.c
01622  * Caller:  library/ecdsa.c
01623  *          library/pkwrite.c
01624  *          library/x509_create.c
01625  *          library/x509write_crt.c
01626  *          library/x509write_csr.c
01627  */
01628 #define MBEDTLS_ASN1_WRITE_C
01629 
01630 /**
01631  * \def MBEDTLS_BASE64_C
01632  *
01633  * Enable the Base64 module.
01634  *
01635  * Module:  library/base64.c
01636  * Caller:  library/pem.c
01637  *
01638  * This module is required for PEM support (required by X.509).
01639  */
01640 #define MBEDTLS_BASE64_C
01641 
01642 /**
01643  * \def MBEDTLS_BIGNUM_C
01644  *
01645  * Enable the multi-precision integer library.
01646  *
01647  * Module:  library/bignum.c
01648  * Caller:  library/dhm.c
01649  *          library/ecp.c
01650  *          library/ecdsa.c
01651  *          library/rsa.c
01652  *          library/ssl_tls.c
01653  *
01654  * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
01655  */
01656 #define MBEDTLS_BIGNUM_C
01657 
01658 /**
01659  * \def MBEDTLS_BLOWFISH_C
01660  *
01661  * Enable the Blowfish block cipher.
01662  *
01663  * Module:  library/blowfish.c
01664  */
01665 #define MBEDTLS_BLOWFISH_C
01666 
01667 /**
01668  * \def MBEDTLS_CAMELLIA_C
01669  *
01670  * Enable the Camellia block cipher.
01671  *
01672  * Module:  library/camellia.c
01673  * Caller:  library/ssl_tls.c
01674  *
01675  * This module enables the following ciphersuites (if other requisites are
01676  * enabled as well):
01677  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
01678  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
01679  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
01680  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
01681  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
01682  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
01683  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
01684  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
01685  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
01686  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
01687  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
01688  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
01689  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
01690  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
01691  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
01692  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
01693  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
01694  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
01695  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
01696  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
01697  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
01698  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
01699  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
01700  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
01701  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
01702  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
01703  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
01704  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
01705  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
01706  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
01707  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
01708  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
01709  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
01710  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
01711  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
01712  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
01713  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
01714  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
01715  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
01716  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
01717  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
01718  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
01719  */
01720 #define MBEDTLS_CAMELLIA_C
01721 
01722 /**
01723  * \def MBEDTLS_CCM_C
01724  *
01725  * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
01726  *
01727  * Module:  library/ccm.c
01728  *
01729  * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
01730  *
01731  * This module enables the AES-CCM ciphersuites, if other requisites are
01732  * enabled as well.
01733  */
01734 #define MBEDTLS_CCM_C
01735 
01736 /**
01737  * \def MBEDTLS_CERTS_C
01738  *
01739  * Enable the test certificates.
01740  *
01741  * Module:  library/certs.c
01742  * Caller:
01743  *
01744  * This module is used for testing (ssl_client/server).
01745  */
01746 #define MBEDTLS_CERTS_C
01747 
01748 /**
01749  * \def MBEDTLS_CIPHER_C
01750  *
01751  * Enable the generic cipher layer.
01752  *
01753  * Module:  library/cipher.c
01754  * Caller:  library/ssl_tls.c
01755  *
01756  * Uncomment to enable generic cipher wrappers.
01757  */
01758 #define MBEDTLS_CIPHER_C
01759 
01760 /**
01761  * \def MBEDTLS_CMAC_C
01762  *
01763  * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
01764  * ciphers.
01765  *
01766  * Module:  library/cmac.c
01767  *
01768  * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
01769  *
01770  */
01771 //#define MBEDTLS_CMAC_C
01772 
01773 /**
01774  * \def MBEDTLS_CTR_DRBG_C
01775  *
01776  * Enable the CTR_DRBG AES-256-based random generator.
01777  *
01778  * Module:  library/ctr_drbg.c
01779  * Caller:
01780  *
01781  * Requires: MBEDTLS_AES_C
01782  *
01783  * This module provides the CTR_DRBG AES-256 random number generator.
01784  */
01785 #define MBEDTLS_CTR_DRBG_C
01786 
01787 /**
01788  * \def MBEDTLS_DEBUG_C
01789  *
01790  * Enable the debug functions.
01791  *
01792  * Module:  library/debug.c
01793  * Caller:  library/ssl_cli.c
01794  *          library/ssl_srv.c
01795  *          library/ssl_tls.c
01796  *
01797  * This module provides debugging functions.
01798  */
01799 #define MBEDTLS_DEBUG_C
01800 
01801 /**
01802  * \def MBEDTLS_DES_C
01803  *
01804  * Enable the DES block cipher.
01805  *
01806  * Module:  library/des.c
01807  * Caller:  library/pem.c
01808  *          library/ssl_tls.c
01809  *
01810  * This module enables the following ciphersuites (if other requisites are
01811  * enabled as well):
01812  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
01813  *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
01814  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
01815  *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
01816  *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
01817  *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
01818  *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
01819  *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
01820  *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
01821  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
01822  *
01823  * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
01824  */
01825 #define MBEDTLS_DES_C
01826 
01827 /**
01828  * \def MBEDTLS_DHM_C
01829  *
01830  * Enable the Diffie-Hellman-Merkle module.
01831  *
01832  * Module:  library/dhm.c
01833  * Caller:  library/ssl_cli.c
01834  *          library/ssl_srv.c
01835  *
01836  * This module is used by the following key exchanges:
01837  *      DHE-RSA, DHE-PSK
01838  */
01839 #define MBEDTLS_DHM_C
01840 
01841 /**
01842  * \def MBEDTLS_ECDH_C
01843  *
01844  * Enable the elliptic curve Diffie-Hellman library.
01845  *
01846  * Module:  library/ecdh.c
01847  * Caller:  library/ssl_cli.c
01848  *          library/ssl_srv.c
01849  *
01850  * This module is used by the following key exchanges:
01851  *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
01852  *
01853  * Requires: MBEDTLS_ECP_C
01854  */
01855 #define MBEDTLS_ECDH_C
01856 
01857 /**
01858  * \def MBEDTLS_ECDSA_C
01859  *
01860  * Enable the elliptic curve DSA library.
01861  *
01862  * Module:  library/ecdsa.c
01863  * Caller:
01864  *
01865  * This module is used by the following key exchanges:
01866  *      ECDHE-ECDSA
01867  *
01868  * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
01869  */
01870 #define MBEDTLS_ECDSA_C
01871 
01872 /**
01873  * \def MBEDTLS_ECJPAKE_C
01874  *
01875  * Enable the elliptic curve J-PAKE library.
01876  *
01877  * \warning This is currently experimental. EC J-PAKE support is based on the
01878  * Thread v1.0.0 specification; incompatible changes to the specification
01879  * might still happen. For this reason, this is disabled by default.
01880  *
01881  * Module:  library/ecjpake.c
01882  * Caller:
01883  *
01884  * This module is used by the following key exchanges:
01885  *      ECJPAKE
01886  *
01887  * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
01888  */
01889 //#define MBEDTLS_ECJPAKE_C
01890 
01891 /**
01892  * \def MBEDTLS_ECP_C
01893  *
01894  * Enable the elliptic curve over GF(p) library.
01895  *
01896  * Module:  library/ecp.c
01897  * Caller:  library/ecdh.c
01898  *          library/ecdsa.c
01899  *          library/ecjpake.c
01900  *
01901  * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
01902  */
01903 #define MBEDTLS_ECP_C
01904 
01905 /**
01906  * \def MBEDTLS_ENTROPY_C
01907  *
01908  * Enable the platform-specific entropy code.
01909  *
01910  * Module:  library/entropy.c
01911  * Caller:
01912  *
01913  * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
01914  *
01915  * This module provides a generic entropy pool
01916  */
01917 #define MBEDTLS_ENTROPY_C
01918 
01919 /**
01920  * \def MBEDTLS_ERROR_C
01921  *
01922  * Enable error code to error string conversion.
01923  *
01924  * Module:  library/error.c
01925  * Caller:
01926  *
01927  * This module enables mbedtls_strerror().
01928  */
01929 #define MBEDTLS_ERROR_C
01930 
01931 /**
01932  * \def MBEDTLS_GCM_C
01933  *
01934  * Enable the Galois/Counter Mode (GCM) for AES.
01935  *
01936  * Module:  library/gcm.c
01937  *
01938  * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
01939  *
01940  * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
01941  * requisites are enabled as well.
01942  */
01943 #define MBEDTLS_GCM_C
01944 
01945 /**
01946  * \def MBEDTLS_HAVEGE_C
01947  *
01948  * Enable the HAVEGE random generator.
01949  *
01950  * Warning: the HAVEGE random generator is not suitable for virtualized
01951  *          environments
01952  *
01953  * Warning: the HAVEGE random generator is dependent on timing and specific
01954  *          processor traits. It is therefore not advised to use HAVEGE as
01955  *          your applications primary random generator or primary entropy pool
01956  *          input. As a secondary input to your entropy pool, it IS able add
01957  *          the (limited) extra entropy it provides.
01958  *
01959  * Module:  library/havege.c
01960  * Caller:
01961  *
01962  * Requires: MBEDTLS_TIMING_C
01963  *
01964  * Uncomment to enable the HAVEGE random generator.
01965  */
01966 //#define MBEDTLS_HAVEGE_C
01967 
01968 /**
01969  * \def MBEDTLS_HMAC_DRBG_C
01970  *
01971  * Enable the HMAC_DRBG random generator.
01972  *
01973  * Module:  library/hmac_drbg.c
01974  * Caller:
01975  *
01976  * Requires: MBEDTLS_MD_C
01977  *
01978  * Uncomment to enable the HMAC_DRBG random number geerator.
01979  */
01980 #define MBEDTLS_HMAC_DRBG_C
01981 
01982 /**
01983  * \def MBEDTLS_MD_C
01984  *
01985  * Enable the generic message digest layer.
01986  *
01987  * Module:  library/md.c
01988  * Caller:
01989  *
01990  * Uncomment to enable generic message digest wrappers.
01991  */
01992 #define MBEDTLS_MD_C
01993 
01994 /**
01995  * \def MBEDTLS_MD2_C
01996  *
01997  * Enable the MD2 hash algorithm.
01998  *
01999  * Module:  library/md2.c
02000  * Caller:
02001  *
02002  * Uncomment to enable support for (rare) MD2-signed X.509 certs.
02003  */
02004 //#define MBEDTLS_MD2_C
02005 
02006 /**
02007  * \def MBEDTLS_MD4_C
02008  *
02009  * Enable the MD4 hash algorithm.
02010  *
02011  * Module:  library/md4.c
02012  * Caller:
02013  *
02014  * Uncomment to enable support for (rare) MD4-signed X.509 certs.
02015  */
02016 //#define MBEDTLS_MD4_C
02017 
02018 /**
02019  * \def MBEDTLS_MD5_C
02020  *
02021  * Enable the MD5 hash algorithm.
02022  *
02023  * Module:  library/md5.c
02024  * Caller:  library/md.c
02025  *          library/pem.c
02026  *          library/ssl_tls.c
02027  *
02028  * This module is required for SSL/TLS and X.509.
02029  * PEM_PARSE uses MD5 for decrypting encrypted keys.
02030  */
02031 #define MBEDTLS_MD5_C
02032 
02033 /**
02034  * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
02035  *
02036  * Enable the buffer allocator implementation that makes use of a (stack)
02037  * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
02038  * calls)
02039  *
02040  * Module:  library/memory_buffer_alloc.c
02041  *
02042  * Requires: MBEDTLS_PLATFORM_C
02043  *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
02044  *
02045  * Enable this module to enable the buffer memory allocator.
02046  */
02047 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
02048 
02049 /**
02050  * \def MBEDTLS_NET_C
02051  *
02052  * Enable the TCP and UDP over IPv6/IPv4 networking routines.
02053  *
02054  * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
02055  * and Windows. For other platforms, you'll want to disable it, and write your
02056  * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
02057  *
02058  * \note See also our Knowledge Base article about porting to a new
02059  * environment:
02060  * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
02061  *
02062  * Module:  library/net_sockets.c
02063  *
02064  * This module provides networking routines.
02065  */
02066 //#define MBEDTLS_NET_C
02067 
02068 /**
02069  * \def MBEDTLS_OID_C
02070  *
02071  * Enable the OID database.
02072  *
02073  * Module:  library/oid.c
02074  * Caller:  library/asn1write.c
02075  *          library/pkcs5.c
02076  *          library/pkparse.c
02077  *          library/pkwrite.c
02078  *          library/rsa.c
02079  *          library/x509.c
02080  *          library/x509_create.c
02081  *          library/x509_crl.c
02082  *          library/x509_crt.c
02083  *          library/x509_csr.c
02084  *          library/x509write_crt.c
02085  *          library/x509write_csr.c
02086  *
02087  * This modules translates between OIDs and internal values.
02088  */
02089 #define MBEDTLS_OID_C
02090 
02091 /**
02092  * \def MBEDTLS_PADLOCK_C
02093  *
02094  * Enable VIA Padlock support on x86.
02095  *
02096  * Module:  library/padlock.c
02097  * Caller:  library/aes.c
02098  *
02099  * Requires: MBEDTLS_HAVE_ASM
02100  *
02101  * This modules adds support for the VIA PadLock on x86.
02102  */
02103 #define MBEDTLS_PADLOCK_C
02104 
02105 /**
02106  * \def MBEDTLS_PEM_PARSE_C
02107  *
02108  * Enable PEM decoding / parsing.
02109  *
02110  * Module:  library/pem.c
02111  * Caller:  library/dhm.c
02112  *          library/pkparse.c
02113  *          library/x509_crl.c
02114  *          library/x509_crt.c
02115  *          library/x509_csr.c
02116  *
02117  * Requires: MBEDTLS_BASE64_C
02118  *
02119  * This modules adds support for decoding / parsing PEM files.
02120  */
02121 #define MBEDTLS_PEM_PARSE_C
02122 
02123 /**
02124  * \def MBEDTLS_PEM_WRITE_C
02125  *
02126  * Enable PEM encoding / writing.
02127  *
02128  * Module:  library/pem.c
02129  * Caller:  library/pkwrite.c
02130  *          library/x509write_crt.c
02131  *          library/x509write_csr.c
02132  *
02133  * Requires: MBEDTLS_BASE64_C
02134  *
02135  * This modules adds support for encoding / writing PEM files.
02136  */
02137 #define MBEDTLS_PEM_WRITE_C
02138 
02139 /**
02140  * \def MBEDTLS_PK_C
02141  *
02142  * Enable the generic public (asymetric) key layer.
02143  *
02144  * Module:  library/pk.c
02145  * Caller:  library/ssl_tls.c
02146  *          library/ssl_cli.c
02147  *          library/ssl_srv.c
02148  *
02149  * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
02150  *
02151  * Uncomment to enable generic public key wrappers.
02152  */
02153 #define MBEDTLS_PK_C
02154 
02155 /**
02156  * \def MBEDTLS_PK_PARSE_C
02157  *
02158  * Enable the generic public (asymetric) key parser.
02159  *
02160  * Module:  library/pkparse.c
02161  * Caller:  library/x509_crt.c
02162  *          library/x509_csr.c
02163  *
02164  * Requires: MBEDTLS_PK_C
02165  *
02166  * Uncomment to enable generic public key parse functions.
02167  */
02168 #define MBEDTLS_PK_PARSE_C
02169 
02170 /**
02171  * \def MBEDTLS_PK_WRITE_C
02172  *
02173  * Enable the generic public (asymetric) key writer.
02174  *
02175  * Module:  library/pkwrite.c
02176  * Caller:  library/x509write.c
02177  *
02178  * Requires: MBEDTLS_PK_C
02179  *
02180  * Uncomment to enable generic public key write functions.
02181  */
02182 #define MBEDTLS_PK_WRITE_C
02183 
02184 /**
02185  * \def MBEDTLS_PKCS5_C
02186  *
02187  * Enable PKCS#5 functions.
02188  *
02189  * Module:  library/pkcs5.c
02190  *
02191  * Requires: MBEDTLS_MD_C
02192  *
02193  * This module adds support for the PKCS#5 functions.
02194  */
02195 #define MBEDTLS_PKCS5_C
02196 
02197 /**
02198  * \def MBEDTLS_PKCS11_C
02199  *
02200  * Enable wrapper for PKCS#11 smartcard support.
02201  *
02202  * Module:  library/pkcs11.c
02203  * Caller:  library/pk.c
02204  *
02205  * Requires: MBEDTLS_PK_C
02206  *
02207  * This module enables SSL/TLS PKCS #11 smartcard support.
02208  * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
02209  */
02210 //#define MBEDTLS_PKCS11_C
02211 
02212 /**
02213  * \def MBEDTLS_PKCS12_C
02214  *
02215  * Enable PKCS#12 PBE functions.
02216  * Adds algorithms for parsing PKCS#8 encrypted private keys
02217  *
02218  * Module:  library/pkcs12.c
02219  * Caller:  library/pkparse.c
02220  *
02221  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
02222  * Can use:  MBEDTLS_ARC4_C
02223  *
02224  * This module enables PKCS#12 functions.
02225  */
02226 #define MBEDTLS_PKCS12_C
02227 
02228 /**
02229  * \def MBEDTLS_PLATFORM_C
02230  *
02231  * Enable the platform abstraction layer that allows you to re-assign
02232  * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
02233  *
02234  * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
02235  * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
02236  * above to be specified at runtime or compile time respectively.
02237  *
02238  * \note This abstraction layer must be enabled on Windows (including MSYS2)
02239  * as other module rely on it for a fixed snprintf implementation.
02240  *
02241  * Module:  library/platform.c
02242  * Caller:  Most other .c files
02243  *
02244  * This module enables abstraction of common (libc) functions.
02245  */
02246 #define MBEDTLS_PLATFORM_C
02247 
02248 /**
02249  * \def MBEDTLS_RIPEMD160_C
02250  *
02251  * Enable the RIPEMD-160 hash algorithm.
02252  *
02253  * Module:  library/ripemd160.c
02254  * Caller:  library/md.c
02255  *
02256  */
02257 #define MBEDTLS_RIPEMD160_C
02258 
02259 /**
02260  * \def MBEDTLS_RSA_C
02261  *
02262  * Enable the RSA public-key cryptosystem.
02263  *
02264  * Module:  library/rsa.c
02265  * Caller:  library/ssl_cli.c
02266  *          library/ssl_srv.c
02267  *          library/ssl_tls.c
02268  *          library/x509.c
02269  *
02270  * This module is used by the following key exchanges:
02271  *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
02272  *
02273  * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
02274  */
02275 #define MBEDTLS_RSA_C
02276 
02277 /**
02278  * \def MBEDTLS_SHA1_C
02279  *
02280  * Enable the SHA1 cryptographic hash algorithm.
02281  *
02282  * Module:  library/sha1.c
02283  * Caller:  library/md.c
02284  *          library/ssl_cli.c
02285  *          library/ssl_srv.c
02286  *          library/ssl_tls.c
02287  *          library/x509write_crt.c
02288  *
02289  * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
02290  * depending on the handshake parameters, and for SHA1-signed certificates.
02291  */
02292 #define MBEDTLS_SHA1_C
02293 
02294 /**
02295  * \def MBEDTLS_SHA256_C
02296  *
02297  * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
02298  *
02299  * Module:  library/sha256.c
02300  * Caller:  library/entropy.c
02301  *          library/md.c
02302  *          library/ssl_cli.c
02303  *          library/ssl_srv.c
02304  *          library/ssl_tls.c
02305  *
02306  * This module adds support for SHA-224 and SHA-256.
02307  * This module is required for the SSL/TLS 1.2 PRF function.
02308  */
02309 #define MBEDTLS_SHA256_C
02310 
02311 /**
02312  * \def MBEDTLS_SHA512_C
02313  *
02314  * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
02315  *
02316  * Module:  library/sha512.c
02317  * Caller:  library/entropy.c
02318  *          library/md.c
02319  *          library/ssl_cli.c
02320  *          library/ssl_srv.c
02321  *
02322  * This module adds support for SHA-384 and SHA-512.
02323  */
02324 #define MBEDTLS_SHA512_C
02325 
02326 /**
02327  * \def MBEDTLS_SSL_CACHE_C
02328  *
02329  * Enable simple SSL cache implementation.
02330  *
02331  * Module:  library/ssl_cache.c
02332  * Caller:
02333  *
02334  * Requires: MBEDTLS_SSL_CACHE_C
02335  */
02336 #define MBEDTLS_SSL_CACHE_C
02337 
02338 /**
02339  * \def MBEDTLS_SSL_COOKIE_C
02340  *
02341  * Enable basic implementation of DTLS cookies for hello verification.
02342  *
02343  * Module:  library/ssl_cookie.c
02344  * Caller:
02345  */
02346 #define MBEDTLS_SSL_COOKIE_C
02347 
02348 /**
02349  * \def MBEDTLS_SSL_TICKET_C
02350  *
02351  * Enable an implementation of TLS server-side callbacks for session tickets.
02352  *
02353  * Module:  library/ssl_ticket.c
02354  * Caller:
02355  *
02356  * Requires: MBEDTLS_CIPHER_C
02357  */
02358 #define MBEDTLS_SSL_TICKET_C
02359 
02360 /**
02361  * \def MBEDTLS_SSL_CLI_C
02362  *
02363  * Enable the SSL/TLS client code.
02364  *
02365  * Module:  library/ssl_cli.c
02366  * Caller:
02367  *
02368  * Requires: MBEDTLS_SSL_TLS_C
02369  *
02370  * This module is required for SSL/TLS client support.
02371  */
02372 #define MBEDTLS_SSL_CLI_C
02373 
02374 /**
02375  * \def MBEDTLS_SSL_SRV_C
02376  *
02377  * Enable the SSL/TLS server code.
02378  *
02379  * Module:  library/ssl_srv.c
02380  * Caller:
02381  *
02382  * Requires: MBEDTLS_SSL_TLS_C
02383  *
02384  * This module is required for SSL/TLS server support.
02385  */
02386 #define MBEDTLS_SSL_SRV_C
02387 
02388 /**
02389  * \def MBEDTLS_SSL_TLS_C
02390  *
02391  * Enable the generic SSL/TLS code.
02392  *
02393  * Module:  library/ssl_tls.c
02394  * Caller:  library/ssl_cli.c
02395  *          library/ssl_srv.c
02396  *
02397  * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
02398  *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
02399  *
02400  * This module is required for SSL/TLS.
02401  */
02402 #define MBEDTLS_SSL_TLS_C
02403 
02404 /**
02405  * \def MBEDTLS_THREADING_C
02406  *
02407  * Enable the threading abstraction layer.
02408  * By default mbed TLS assumes it is used in a non-threaded environment or that
02409  * contexts are not shared between threads. If you do intend to use contexts
02410  * between threads, you will need to enable this layer to prevent race
02411  * conditions. See also our Knowledge Base article about threading:
02412  * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
02413  *
02414  * Module:  library/threading.c
02415  *
02416  * This allows different threading implementations (self-implemented or
02417  * provided).
02418  *
02419  * You will have to enable either MBEDTLS_THREADING_ALT or
02420  * MBEDTLS_THREADING_PTHREAD.
02421  *
02422  * Enable this layer to allow use of mutexes within mbed TLS
02423  */
02424 //#define MBEDTLS_THREADING_C
02425 
02426 /**
02427  * \def MBEDTLS_TIMING_C
02428  *
02429  * Enable the semi-portable timing interface.
02430  *
02431  * \note The provided implementation only works on POSIX/Unix (including Linux,
02432  * BSD and OS X) and Windows. On other platforms, you can either disable that
02433  * module and provide your own implementations of the callbacks needed by
02434  * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
02435  * your own implementation of the whole module by setting
02436  * \c MBEDTLS_TIMING_ALT in the current file.
02437  *
02438  * \note See also our Knowledge Base article about porting to a new
02439  * environment:
02440  * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
02441  *
02442  * Module:  library/timing.c
02443  * Caller:  library/havege.c
02444  *
02445  * This module is used by the HAVEGE random number generator.
02446  */
02447 //#define MBEDTLS_TIMING_C
02448 
02449 /**
02450  * \def MBEDTLS_VERSION_C
02451  *
02452  * Enable run-time version information.
02453  *
02454  * Module:  library/version.c
02455  *
02456  * This module provides run-time version information.
02457  */
02458 #define MBEDTLS_VERSION_C
02459 
02460 /**
02461  * \def MBEDTLS_X509_USE_C
02462  *
02463  * Enable X.509 core for using certificates.
02464  *
02465  * Module:  library/x509.c
02466  * Caller:  library/x509_crl.c
02467  *          library/x509_crt.c
02468  *          library/x509_csr.c
02469  *
02470  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
02471  *           MBEDTLS_PK_PARSE_C
02472  *
02473  * This module is required for the X.509 parsing modules.
02474  */
02475 #define MBEDTLS_X509_USE_C
02476 
02477 /**
02478  * \def MBEDTLS_X509_CRT_PARSE_C
02479  *
02480  * Enable X.509 certificate parsing.
02481  *
02482  * Module:  library/x509_crt.c
02483  * Caller:  library/ssl_cli.c
02484  *          library/ssl_srv.c
02485  *          library/ssl_tls.c
02486  *
02487  * Requires: MBEDTLS_X509_USE_C
02488  *
02489  * This module is required for X.509 certificate parsing.
02490  */
02491 #define MBEDTLS_X509_CRT_PARSE_C
02492 
02493 /**
02494  * \def MBEDTLS_X509_CRL_PARSE_C
02495  *
02496  * Enable X.509 CRL parsing.
02497  *
02498  * Module:  library/x509_crl.c
02499  * Caller:  library/x509_crt.c
02500  *
02501  * Requires: MBEDTLS_X509_USE_C
02502  *
02503  * This module is required for X.509 CRL parsing.
02504  */
02505 #define MBEDTLS_X509_CRL_PARSE_C
02506 
02507 /**
02508  * \def MBEDTLS_X509_CSR_PARSE_C
02509  *
02510  * Enable X.509 Certificate Signing Request (CSR) parsing.
02511  *
02512  * Module:  library/x509_csr.c
02513  * Caller:  library/x509_crt_write.c
02514  *
02515  * Requires: MBEDTLS_X509_USE_C
02516  *
02517  * This module is used for reading X.509 certificate request.
02518  */
02519 #define MBEDTLS_X509_CSR_PARSE_C
02520 
02521 /**
02522  * \def MBEDTLS_X509_CREATE_C
02523  *
02524  * Enable X.509 core for creating certificates.
02525  *
02526  * Module:  library/x509_create.c
02527  *
02528  * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
02529  *
02530  * This module is the basis for creating X.509 certificates and CSRs.
02531  */
02532 #define MBEDTLS_X509_CREATE_C
02533 
02534 /**
02535  * \def MBEDTLS_X509_CRT_WRITE_C
02536  *
02537  * Enable creating X.509 certificates.
02538  *
02539  * Module:  library/x509_crt_write.c
02540  *
02541  * Requires: MBEDTLS_X509_CREATE_C
02542  *
02543  * This module is required for X.509 certificate creation.
02544  */
02545 #define MBEDTLS_X509_CRT_WRITE_C
02546 
02547 /**
02548  * \def MBEDTLS_X509_CSR_WRITE_C
02549  *
02550  * Enable creating X.509 Certificate Signing Requests (CSR).
02551  *
02552  * Module:  library/x509_csr_write.c
02553  *
02554  * Requires: MBEDTLS_X509_CREATE_C
02555  *
02556  * This module is required for X.509 certificate request writing.
02557  */
02558 #define MBEDTLS_X509_CSR_WRITE_C
02559 
02560 /**
02561  * \def MBEDTLS_XTEA_C
02562  *
02563  * Enable the XTEA block cipher.
02564  *
02565  * Module:  library/xtea.c
02566  * Caller:
02567  */
02568 #define MBEDTLS_XTEA_C
02569 
02570 /* \} name SECTION: mbed TLS modules */
02571 
02572 /**
02573  * \name SECTION: Module configuration options
02574  *
02575  * This section allows for the setting of module specific sizes and
02576  * configuration options. The default values are already present in the
02577  * relevant header files and should suffice for the regular use cases.
02578  *
02579  * Our advice is to enable options and change their values here
02580  * only if you have a good reason and know the consequences.
02581  *
02582  * Please check the respective header file for documentation on these
02583  * parameters (to prevent duplicate documentation).
02584  * \{
02585  */
02586 
02587 /* MPI / BIGNUM options */
02588 //#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
02589 //#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
02590 
02591 /* CTR_DRBG options */
02592 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
02593 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
02594 //#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
02595 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
02596 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
02597 
02598 /* HMAC_DRBG options */
02599 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
02600 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
02601 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
02602 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
02603 
02604 /* ECP options */
02605 //#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
02606 //#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
02607 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
02608 
02609 /* Entropy options */
02610 //#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
02611 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
02612 //#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
02613 
02614 /* Memory buffer allocator options */
02615 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
02616 
02617 /* Platform options */
02618 //#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
02619 //#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
02620 //#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
02621 //#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
02622 //#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
02623 //#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
02624 //#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
02625 /* Note: your snprintf must correclty zero-terminate the buffer! */
02626 //#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
02627 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
02628 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
02629 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
02630 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
02631 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
02632 
02633 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
02634 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
02635 //#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
02636 //#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
02637 //#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
02638 //#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
02639 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
02640 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
02641 //#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
02642 /* Note: your snprintf must correclty zero-terminate the buffer! */
02643 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
02644 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
02645 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
02646 
02647 /* SSL Cache options */
02648 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
02649 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
02650 
02651 /* SSL options */
02652 //#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
02653 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
02654 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
02655 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
02656 
02657 /**
02658  * Complete list of ciphersuites to use, in order of preference.
02659  *
02660  * \warning No dependency checking is done on that field! This option can only
02661  * be used to restrict the set of available ciphersuites. It is your
02662  * responsibility to make sure the needed modules are active.
02663  *
02664  * Use this to save a few hundred bytes of ROM (default ordering of all
02665  * available ciphersuites) and a few to a few hundred bytes of RAM.
02666  *
02667  * The value below is only an example, not the default.
02668  */
02669 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
02670 
02671 /* X509 options */
02672 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
02673 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
02674 
02675 /**
02676  * Allow SHA-1 in the default TLS configuration for certificate signing.
02677  * Without this build-time option, SHA-1 support must be activated explicitly
02678  * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
02679  * recommended because of it is possible to generte SHA-1 collisions, however
02680  * this may be safe for legacy infrastructure where additional controls apply.
02681  */
02682 // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
02683 
02684 /**
02685  * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
02686  * signature and ciphersuite selection. Without this build-time option, SHA-1
02687  * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
02688  * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
02689  * default. At the time of writing, there is no practical attack on the use
02690  * of SHA-1 in handshake signatures, hence this option is turned on by default
02691  * for compatibility with existing peers.
02692  */
02693 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
02694 
02695 /* \} name SECTION: Customisation configuration options */
02696 
02697 /* Target and application specific configurations */
02698 //#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
02699 
02700 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
02701 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
02702 #endif
02703 
02704 /*
02705  * Allow user to override any previous default.
02706  *
02707  * Use two macro names for that, as:
02708  * - with yotta the prefix YOTTA_CFG_ is forced
02709  * - without yotta is looks weird to have a YOTTA prefix.
02710  */
02711 #if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
02712 #include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
02713 #elif defined(MBEDTLS_USER_CONFIG_FILE)
02714 #include MBEDTLS_USER_CONFIG_FILE
02715 #endif
02716 
02717 #include "check_config.h"
02718 
02719 #endif /* MBEDTLS_CONFIG_H */