mbedtls-slave-prot-prod - mbed TLS Build

Users » williequesada » Code » mbedtls-slave-prot-prod

mbed TLS Build

include/mbedtls/config.h@1:1a219dea6cb5, 2019-06-04 (annotated)

Committer:: williequesada
Date:: Tue Jun 04 16:03:38 2019 +0000
Revision:: 1:1a219dea6cb5
Parent:: 0:cdf462088d13

compartir a Pablo

Who changed what in which revision?

User	Revision	Line number	New contents of line
markrad	0:cdf462088d13	1	/**
markrad	0:cdf462088d13	2	* \file config.h
markrad	0:cdf462088d13	3	*
markrad	0:cdf462088d13	4	* \brief Configuration options (set of defines)
markrad	0:cdf462088d13	5	*
markrad	0:cdf462088d13	6	* This set of compile-time options may be used to enable
markrad	0:cdf462088d13	7	* or disable features selectively, and reduce the global
markrad	0:cdf462088d13	8	* memory footprint.
markrad	0:cdf462088d13	9	*
markrad	0:cdf462088d13	10	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
markrad	0:cdf462088d13	11	* SPDX-License-Identifier: Apache-2.0
markrad	0:cdf462088d13	12	*
markrad	0:cdf462088d13	13	* Licensed under the Apache License, Version 2.0 (the "License"); you may
markrad	0:cdf462088d13	14	* not use this file except in compliance with the License.
markrad	0:cdf462088d13	15	* You may obtain a copy of the License at
markrad	0:cdf462088d13	16	*
markrad	0:cdf462088d13	17	* http://www.apache.org/licenses/LICENSE-2.0
markrad	0:cdf462088d13	18	*
markrad	0:cdf462088d13	19	* Unless required by applicable law or agreed to in writing, software
markrad	0:cdf462088d13	20	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
markrad	0:cdf462088d13	21	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
markrad	0:cdf462088d13	22	* See the License for the specific language governing permissions and
markrad	0:cdf462088d13	23	* limitations under the License.
markrad	0:cdf462088d13	24	*
markrad	0:cdf462088d13	25	* This file is part of mbed TLS (https://tls.mbed.org)
markrad	0:cdf462088d13	26	*/
markrad	0:cdf462088d13	27
markrad	0:cdf462088d13	28	#ifndef MBEDTLS_CONFIG_H
markrad	0:cdf462088d13	29	#define MBEDTLS_CONFIG_H
markrad	0:cdf462088d13	30
markrad	0:cdf462088d13	31	#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
markrad	0:cdf462088d13	32	#define _CRT_SECURE_NO_DEPRECATE 1
markrad	0:cdf462088d13	33	#endif
markrad	0:cdf462088d13	34
markrad	0:cdf462088d13	35	/**
markrad	0:cdf462088d13	36	* \name SECTION: System support
markrad	0:cdf462088d13	37	*
markrad	0:cdf462088d13	38	* This section sets system specific settings.
markrad	0:cdf462088d13	39	* \{
markrad	0:cdf462088d13	40	*/
markrad	0:cdf462088d13	41
markrad	0:cdf462088d13	42	/**
markrad	0:cdf462088d13	43	* \def MBEDTLS_HAVE_ASM
markrad	0:cdf462088d13	44	*
markrad	0:cdf462088d13	45	* The compiler has support for asm().
markrad	0:cdf462088d13	46	*
markrad	0:cdf462088d13	47	* Requires support for asm() in compiler.
markrad	0:cdf462088d13	48	*
markrad	0:cdf462088d13	49	* Used in:
markrad	0:cdf462088d13	50	* library/timing.c
markrad	0:cdf462088d13	51	* library/padlock.c
markrad	0:cdf462088d13	52	* include/mbedtls/bn_mul.h
markrad	0:cdf462088d13	53	*
markrad	0:cdf462088d13	54	* Comment to disable the use of assembly code.
markrad	0:cdf462088d13	55	*/
markrad	0:cdf462088d13	56	#define MBEDTLS_HAVE_ASM
markrad	0:cdf462088d13	57
markrad	0:cdf462088d13	58	/**
markrad	0:cdf462088d13	59	* \def MBEDTLS_HAVE_SSE2
markrad	0:cdf462088d13	60	*
markrad	0:cdf462088d13	61	* CPU supports SSE2 instruction set.
markrad	0:cdf462088d13	62	*
markrad	0:cdf462088d13	63	* Uncomment if the CPU supports SSE2 (IA-32 specific).
markrad	0:cdf462088d13	64	*/
markrad	0:cdf462088d13	65	//#define MBEDTLS_HAVE_SSE2
markrad	0:cdf462088d13	66
markrad	0:cdf462088d13	67	/**
markrad	0:cdf462088d13	68	* \def MBEDTLS_HAVE_TIME
markrad	0:cdf462088d13	69	*
markrad	0:cdf462088d13	70	* System has time.h and time().
markrad	0:cdf462088d13	71	* The time does not need to be correct, only time differences are used,
markrad	0:cdf462088d13	72	* by contrast with MBEDTLS_HAVE_TIME_DATE
markrad	0:cdf462088d13	73	*
markrad	0:cdf462088d13	74	* Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
markrad	0:cdf462088d13	75	* MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
markrad	0:cdf462088d13	76	* MBEDTLS_PLATFORM_STD_TIME.
markrad	0:cdf462088d13	77	*
markrad	0:cdf462088d13	78	* Comment if your system does not support time functions
markrad	0:cdf462088d13	79	*/
markrad	0:cdf462088d13	80	#define MBEDTLS_HAVE_TIME
markrad	0:cdf462088d13	81
markrad	0:cdf462088d13	82	/**
markrad	0:cdf462088d13	83	* \def MBEDTLS_HAVE_TIME_DATE
markrad	0:cdf462088d13	84	*
markrad	0:cdf462088d13	85	* System has time.h and time(), gmtime() and the clock is correct.
markrad	0:cdf462088d13	86	* The time needs to be correct (not necesarily very accurate, but at least
markrad	0:cdf462088d13	87	* the date should be correct). This is used to verify the validity period of
markrad	0:cdf462088d13	88	* X.509 certificates.
markrad	0:cdf462088d13	89	*
markrad	0:cdf462088d13	90	* Comment if your system does not have a correct clock.
markrad	0:cdf462088d13	91	*/
markrad	0:cdf462088d13	92	#define MBEDTLS_HAVE_TIME_DATE
markrad	0:cdf462088d13	93
markrad	0:cdf462088d13	94	/**
markrad	0:cdf462088d13	95	* \def MBEDTLS_PLATFORM_MEMORY
markrad	0:cdf462088d13	96	*
markrad	0:cdf462088d13	97	* Enable the memory allocation layer.
markrad	0:cdf462088d13	98	*
markrad	0:cdf462088d13	99	* By default mbed TLS uses the system-provided calloc() and free().
markrad	0:cdf462088d13	100	* This allows different allocators (self-implemented or provided) to be
markrad	0:cdf462088d13	101	* provided to the platform abstraction layer.
markrad	0:cdf462088d13	102	*
markrad	0:cdf462088d13	103	* Enabling MBEDTLS_PLATFORM_MEMORY without the
markrad	0:cdf462088d13	104	* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
markrad	0:cdf462088d13	105	* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
markrad	0:cdf462088d13	106	* free() function pointer at runtime.
markrad	0:cdf462088d13	107	*
markrad	0:cdf462088d13	108	* Enabling MBEDTLS_PLATFORM_MEMORY and specifying
markrad	0:cdf462088d13	109	* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
markrad	0:cdf462088d13	110	* alternate function at compile time.
markrad	0:cdf462088d13	111	*
markrad	0:cdf462088d13	112	* Requires: MBEDTLS_PLATFORM_C
markrad	0:cdf462088d13	113	*
markrad	0:cdf462088d13	114	* Enable this layer to allow use of alternative memory allocators.
markrad	0:cdf462088d13	115	*/
markrad	0:cdf462088d13	116	//#define MBEDTLS_PLATFORM_MEMORY
markrad	0:cdf462088d13	117
markrad	0:cdf462088d13	118	/**
markrad	0:cdf462088d13	119	* \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
markrad	0:cdf462088d13	120	*
markrad	0:cdf462088d13	121	* Do not assign standard functions in the platform layer (e.g. calloc() to
markrad	0:cdf462088d13	122	* MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
markrad	0:cdf462088d13	123	*
markrad	0:cdf462088d13	124	* This makes sure there are no linking errors on platforms that do not support
markrad	0:cdf462088d13	125	* these functions. You will HAVE to provide alternatives, either at runtime
markrad	0:cdf462088d13	126	* via the platform_set_xxx() functions or at compile time by setting
markrad	0:cdf462088d13	127	* the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
markrad	0:cdf462088d13	128	* MBEDTLS_PLATFORM_XXX_MACRO.
markrad	0:cdf462088d13	129	*
markrad	0:cdf462088d13	130	* Requires: MBEDTLS_PLATFORM_C
markrad	0:cdf462088d13	131	*
markrad	0:cdf462088d13	132	* Uncomment to prevent default assignment of standard functions in the
markrad	0:cdf462088d13	133	* platform layer.
markrad	0:cdf462088d13	134	*/
markrad	0:cdf462088d13	135	//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
markrad	0:cdf462088d13	136
markrad	0:cdf462088d13	137	/**
markrad	0:cdf462088d13	138	* \def MBEDTLS_PLATFORM_EXIT_ALT
markrad	0:cdf462088d13	139	*
markrad	0:cdf462088d13	140	* MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
markrad	0:cdf462088d13	141	* function in the platform abstraction layer.
markrad	0:cdf462088d13	142	*
markrad	0:cdf462088d13	143	* Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
markrad	0:cdf462088d13	144	* provide a function "mbedtls_platform_set_printf()" that allows you to set an
markrad	0:cdf462088d13	145	* alternative printf function pointer.
markrad	0:cdf462088d13	146	*
markrad	0:cdf462088d13	147	* All these define require MBEDTLS_PLATFORM_C to be defined!
markrad	0:cdf462088d13	148	*
markrad	0:cdf462088d13	149	* \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
markrad	0:cdf462088d13	150	* it will be enabled automatically by check_config.h
markrad	0:cdf462088d13	151	*
markrad	0:cdf462088d13	152	* \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
markrad	0:cdf462088d13	153	* MBEDTLS_PLATFORM_XXX_MACRO!
markrad	0:cdf462088d13	154	*
markrad	0:cdf462088d13	155	* Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
markrad	0:cdf462088d13	156	*
markrad	0:cdf462088d13	157	* Uncomment a macro to enable alternate implementation of specific base
markrad	0:cdf462088d13	158	* platform function
markrad	0:cdf462088d13	159	*/
markrad	0:cdf462088d13	160	//#define MBEDTLS_PLATFORM_EXIT_ALT
markrad	0:cdf462088d13	161	//#define MBEDTLS_PLATFORM_TIME_ALT
markrad	0:cdf462088d13	162	//#define MBEDTLS_PLATFORM_FPRINTF_ALT
markrad	0:cdf462088d13	163	//#define MBEDTLS_PLATFORM_PRINTF_ALT
markrad	0:cdf462088d13	164	//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
markrad	0:cdf462088d13	165	//#define MBEDTLS_PLATFORM_NV_SEED_ALT
markrad	0:cdf462088d13	166
markrad	0:cdf462088d13	167	/**
markrad	0:cdf462088d13	168	* \def MBEDTLS_DEPRECATED_WARNING
markrad	0:cdf462088d13	169	*
markrad	0:cdf462088d13	170	* Mark deprecated functions so that they generate a warning if used.
markrad	0:cdf462088d13	171	* Functions deprecated in one version will usually be removed in the next
markrad	0:cdf462088d13	172	* version. You can enable this to help you prepare the transition to a new
markrad	0:cdf462088d13	173	* major version by making sure your code is not using these functions.
markrad	0:cdf462088d13	174	*
markrad	0:cdf462088d13	175	* This only works with GCC and Clang. With other compilers, you may want to
markrad	0:cdf462088d13	176	* use MBEDTLS_DEPRECATED_REMOVED
markrad	0:cdf462088d13	177	*
markrad	0:cdf462088d13	178	* Uncomment to get warnings on using deprecated functions.
markrad	0:cdf462088d13	179	*/
markrad	0:cdf462088d13	180	//#define MBEDTLS_DEPRECATED_WARNING
markrad	0:cdf462088d13	181
markrad	0:cdf462088d13	182	/**
markrad	0:cdf462088d13	183	* \def MBEDTLS_DEPRECATED_REMOVED
markrad	0:cdf462088d13	184	*
markrad	0:cdf462088d13	185	* Remove deprecated functions so that they generate an error if used.
markrad	0:cdf462088d13	186	* Functions deprecated in one version will usually be removed in the next
markrad	0:cdf462088d13	187	* version. You can enable this to help you prepare the transition to a new
markrad	0:cdf462088d13	188	* major version by making sure your code is not using these functions.
markrad	0:cdf462088d13	189	*
markrad	0:cdf462088d13	190	* Uncomment to get errors on using deprecated functions.
markrad	0:cdf462088d13	191	*/
markrad	0:cdf462088d13	192	//#define MBEDTLS_DEPRECATED_REMOVED
markrad	0:cdf462088d13	193
markrad	0:cdf462088d13	194	/* \} name SECTION: System support */
markrad	0:cdf462088d13	195
markrad	0:cdf462088d13	196	/**
markrad	0:cdf462088d13	197	* \name SECTION: mbed TLS feature support
markrad	0:cdf462088d13	198	*
markrad	0:cdf462088d13	199	* This section sets support for features that are or are not needed
markrad	0:cdf462088d13	200	* within the modules that are enabled.
markrad	0:cdf462088d13	201	* \{
markrad	0:cdf462088d13	202	*/
markrad	0:cdf462088d13	203
markrad	0:cdf462088d13	204	/**
markrad	0:cdf462088d13	205	* \def MBEDTLS_TIMING_ALT
markrad	0:cdf462088d13	206	*
markrad	0:cdf462088d13	207	* Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
markrad	0:cdf462088d13	208	* mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
markrad	0:cdf462088d13	209	*
markrad	0:cdf462088d13	210	* Only works if you have MBEDTLS_TIMING_C enabled.
markrad	0:cdf462088d13	211	*
markrad	0:cdf462088d13	212	* You will need to provide a header "timing_alt.h" and an implementation at
markrad	0:cdf462088d13	213	* compile time.
markrad	0:cdf462088d13	214	*/
markrad	0:cdf462088d13	215	//#define MBEDTLS_TIMING_ALT
markrad	0:cdf462088d13	216
markrad	0:cdf462088d13	217	/**
markrad	0:cdf462088d13	218	* \def MBEDTLS_AES_ALT
markrad	0:cdf462088d13	219	*
markrad	0:cdf462088d13	220	* MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
markrad	0:cdf462088d13	221	* alternate core implementation of a symmetric crypto or hash module (e.g.
markrad	0:cdf462088d13	222	* platform specific assembly optimized implementations). Keep in mind that
markrad	0:cdf462088d13	223	* the function prototypes should remain the same.
markrad	0:cdf462088d13	224	*
markrad	0:cdf462088d13	225	* This replaces the whole module. If you only want to replace one of the
markrad	0:cdf462088d13	226	* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
markrad	0:cdf462088d13	227	*
markrad	0:cdf462088d13	228	* Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
markrad	0:cdf462088d13	229	* provide the "struct mbedtls_aes_context" definition and omit the base function
markrad	0:cdf462088d13	230	* declarations and implementations. "aes_alt.h" will be included from
markrad	0:cdf462088d13	231	* "aes.h" to include the new function definitions.
markrad	0:cdf462088d13	232	*
markrad	0:cdf462088d13	233	* Uncomment a macro to enable alternate implementation of the corresponding
markrad	0:cdf462088d13	234	* module.
markrad	0:cdf462088d13	235	*/
markrad	0:cdf462088d13	236	//#define MBEDTLS_AES_ALT
markrad	0:cdf462088d13	237	//#define MBEDTLS_ARC4_ALT
markrad	0:cdf462088d13	238	//#define MBEDTLS_BLOWFISH_ALT
markrad	0:cdf462088d13	239	//#define MBEDTLS_CAMELLIA_ALT
markrad	0:cdf462088d13	240	//#define MBEDTLS_DES_ALT
markrad	0:cdf462088d13	241	//#define MBEDTLS_XTEA_ALT
markrad	0:cdf462088d13	242	//#define MBEDTLS_MD2_ALT
markrad	0:cdf462088d13	243	//#define MBEDTLS_MD4_ALT
markrad	0:cdf462088d13	244	//#define MBEDTLS_MD5_ALT
markrad	0:cdf462088d13	245	//#define MBEDTLS_RIPEMD160_ALT
markrad	0:cdf462088d13	246	//#define MBEDTLS_SHA1_ALT
markrad	0:cdf462088d13	247	//#define MBEDTLS_SHA256_ALT
markrad	0:cdf462088d13	248	//#define MBEDTLS_SHA512_ALT
markrad	0:cdf462088d13	249
markrad	0:cdf462088d13	250	/**
markrad	0:cdf462088d13	251	* \def MBEDTLS_MD2_PROCESS_ALT
markrad	0:cdf462088d13	252	*
markrad	0:cdf462088d13	253	* MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
markrad	0:cdf462088d13	254	* alternate core implementation of symmetric crypto or hash function. Keep in
markrad	0:cdf462088d13	255	* mind that function prototypes should remain the same.
markrad	0:cdf462088d13	256	*
markrad	0:cdf462088d13	257	* This replaces only one function. The header file from mbed TLS is still
markrad	0:cdf462088d13	258	* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
markrad	0:cdf462088d13	259	*
markrad	0:cdf462088d13	260	* Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
markrad	0:cdf462088d13	261	* no longer provide the mbedtls_sha1_process() function, but it will still provide
markrad	0:cdf462088d13	262	* the other function (using your mbedtls_sha1_process() function) and the definition
markrad	0:cdf462088d13	263	* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
markrad	0:cdf462088d13	264	* with this definition.
markrad	0:cdf462088d13	265	*
markrad	0:cdf462088d13	266	* Note: if you use the AES_xxx_ALT macros, then is is recommended to also set
markrad	0:cdf462088d13	267	* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
markrad	0:cdf462088d13	268	* tables.
markrad	0:cdf462088d13	269	*
markrad	0:cdf462088d13	270	* Uncomment a macro to enable alternate implementation of the corresponding
markrad	0:cdf462088d13	271	* function.
markrad	0:cdf462088d13	272	*/
markrad	0:cdf462088d13	273	//#define MBEDTLS_MD2_PROCESS_ALT
markrad	0:cdf462088d13	274	//#define MBEDTLS_MD4_PROCESS_ALT
markrad	0:cdf462088d13	275	//#define MBEDTLS_MD5_PROCESS_ALT
markrad	0:cdf462088d13	276	//#define MBEDTLS_RIPEMD160_PROCESS_ALT
markrad	0:cdf462088d13	277	//#define MBEDTLS_SHA1_PROCESS_ALT
markrad	0:cdf462088d13	278	//#define MBEDTLS_SHA256_PROCESS_ALT
markrad	0:cdf462088d13	279	//#define MBEDTLS_SHA512_PROCESS_ALT
markrad	0:cdf462088d13	280	//#define MBEDTLS_DES_SETKEY_ALT
markrad	0:cdf462088d13	281	//#define MBEDTLS_DES_CRYPT_ECB_ALT
markrad	0:cdf462088d13	282	//#define MBEDTLS_DES3_CRYPT_ECB_ALT
markrad	0:cdf462088d13	283	//#define MBEDTLS_AES_SETKEY_ENC_ALT
markrad	0:cdf462088d13	284	//#define MBEDTLS_AES_SETKEY_DEC_ALT
markrad	0:cdf462088d13	285	//#define MBEDTLS_AES_ENCRYPT_ALT
markrad	0:cdf462088d13	286	//#define MBEDTLS_AES_DECRYPT_ALT
markrad	0:cdf462088d13	287
markrad	0:cdf462088d13	288	/**
markrad	0:cdf462088d13	289	* \def MBEDTLS_TEST_NULL_ENTROPY
markrad	0:cdf462088d13	290	*
markrad	0:cdf462088d13	291	* Enables testing and use of mbed TLS without any configured entropy sources.
markrad	0:cdf462088d13	292	* This permits use of the library on platforms before an entropy source has
markrad	0:cdf462088d13	293	* been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
markrad	0:cdf462088d13	294	* MBEDTLS_ENTROPY_NV_SEED switches).
markrad	0:cdf462088d13	295	*
markrad	0:cdf462088d13	296	* WARNING! This switch MUST be disabled in production builds, and is suitable
markrad	0:cdf462088d13	297	* only for development.
markrad	0:cdf462088d13	298	* Enabling the switch negates any security provided by the library.
markrad	0:cdf462088d13	299	*
markrad	0:cdf462088d13	300	* Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
markrad	0:cdf462088d13	301	*
markrad	0:cdf462088d13	302	*/
markrad	0:cdf462088d13	303	//#define MBEDTLS_TEST_NULL_ENTROPY
markrad	0:cdf462088d13	304
markrad	0:cdf462088d13	305	/**
markrad	0:cdf462088d13	306	* \def MBEDTLS_ENTROPY_HARDWARE_ALT
markrad	0:cdf462088d13	307	*
markrad	0:cdf462088d13	308	* Uncomment this macro to let mbed TLS use your own implementation of a
markrad	0:cdf462088d13	309	* hardware entropy collector.
markrad	0:cdf462088d13	310	*
markrad	0:cdf462088d13	311	* Your function must be called \c mbedtls_hardware_poll(), have the same
markrad	0:cdf462088d13	312	* prototype as declared in entropy_poll.h, and accept NULL as first argument.
markrad	0:cdf462088d13	313	*
markrad	0:cdf462088d13	314	* Uncomment to use your own hardware entropy collector.
markrad	0:cdf462088d13	315	*/
markrad	0:cdf462088d13	316	//#define MBEDTLS_ENTROPY_HARDWARE_ALT
markrad	0:cdf462088d13	317
markrad	0:cdf462088d13	318	/**
markrad	0:cdf462088d13	319	* \def MBEDTLS_AES_ROM_TABLES
markrad	0:cdf462088d13	320	*
markrad	0:cdf462088d13	321	* Store the AES tables in ROM.
markrad	0:cdf462088d13	322	*
markrad	0:cdf462088d13	323	* Uncomment this macro to store the AES tables in ROM.
markrad	0:cdf462088d13	324	*/
markrad	0:cdf462088d13	325	//#define MBEDTLS_AES_ROM_TABLES
markrad	0:cdf462088d13	326
markrad	0:cdf462088d13	327	/**
markrad	0:cdf462088d13	328	* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
markrad	0:cdf462088d13	329	*
markrad	0:cdf462088d13	330	* Use less ROM for the Camellia implementation (saves about 768 bytes).
markrad	0:cdf462088d13	331	*
markrad	0:cdf462088d13	332	* Uncomment this macro to use less memory for Camellia.
markrad	0:cdf462088d13	333	*/
markrad	0:cdf462088d13	334	//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
markrad	0:cdf462088d13	335
markrad	0:cdf462088d13	336	/**
markrad	0:cdf462088d13	337	* \def MBEDTLS_CIPHER_MODE_CBC
markrad	0:cdf462088d13	338	*
markrad	0:cdf462088d13	339	* Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
markrad	0:cdf462088d13	340	*/
markrad	0:cdf462088d13	341	#define MBEDTLS_CIPHER_MODE_CBC
markrad	0:cdf462088d13	342
markrad	0:cdf462088d13	343	/**
markrad	0:cdf462088d13	344	* \def MBEDTLS_CIPHER_MODE_CFB
markrad	0:cdf462088d13	345	*
markrad	0:cdf462088d13	346	* Enable Cipher Feedback mode (CFB) for symmetric ciphers.
markrad	0:cdf462088d13	347	*/
markrad	0:cdf462088d13	348	#define MBEDTLS_CIPHER_MODE_CFB
markrad	0:cdf462088d13	349
markrad	0:cdf462088d13	350	/**
markrad	0:cdf462088d13	351	* \def MBEDTLS_CIPHER_MODE_CTR
markrad	0:cdf462088d13	352	*
markrad	0:cdf462088d13	353	* Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
markrad	0:cdf462088d13	354	*/
markrad	0:cdf462088d13	355	#define MBEDTLS_CIPHER_MODE_CTR
markrad	0:cdf462088d13	356
markrad	0:cdf462088d13	357	/**
markrad	0:cdf462088d13	358	* \def MBEDTLS_CIPHER_NULL_CIPHER
markrad	0:cdf462088d13	359	*
markrad	0:cdf462088d13	360	* Enable NULL cipher.
markrad	0:cdf462088d13	361	* Warning: Only do so when you know what you are doing. This allows for
markrad	0:cdf462088d13	362	* encryption or channels without any security!
markrad	0:cdf462088d13	363	*
markrad	0:cdf462088d13	364	* Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
markrad	0:cdf462088d13	365	* the following ciphersuites:
markrad	0:cdf462088d13	366	* MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
markrad	0:cdf462088d13	367	* MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
markrad	0:cdf462088d13	368	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
markrad	0:cdf462088d13	369	* MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
markrad	0:cdf462088d13	370	* MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
markrad	0:cdf462088d13	371	* MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
markrad	0:cdf462088d13	372	* MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
markrad	0:cdf462088d13	373	* MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
markrad	0:cdf462088d13	374	* MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
markrad	0:cdf462088d13	375	* MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
markrad	0:cdf462088d13	376	* MBEDTLS_TLS_RSA_WITH_NULL_SHA256
markrad	0:cdf462088d13	377	* MBEDTLS_TLS_RSA_WITH_NULL_SHA
markrad	0:cdf462088d13	378	* MBEDTLS_TLS_RSA_WITH_NULL_MD5
markrad	0:cdf462088d13	379	* MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
markrad	0:cdf462088d13	380	* MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
markrad	0:cdf462088d13	381	* MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
markrad	0:cdf462088d13	382	* MBEDTLS_TLS_PSK_WITH_NULL_SHA384
markrad	0:cdf462088d13	383	* MBEDTLS_TLS_PSK_WITH_NULL_SHA256
markrad	0:cdf462088d13	384	* MBEDTLS_TLS_PSK_WITH_NULL_SHA
markrad	0:cdf462088d13	385	*
markrad	0:cdf462088d13	386	* Uncomment this macro to enable the NULL cipher and ciphersuites
markrad	0:cdf462088d13	387	*/
markrad	0:cdf462088d13	388	//#define MBEDTLS_CIPHER_NULL_CIPHER
markrad	0:cdf462088d13	389
markrad	0:cdf462088d13	390	/**
markrad	0:cdf462088d13	391	* \def MBEDTLS_CIPHER_PADDING_PKCS7
markrad	0:cdf462088d13	392	*
markrad	0:cdf462088d13	393	* MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
markrad	0:cdf462088d13	394	* specific padding modes in the cipher layer with cipher modes that support
markrad	0:cdf462088d13	395	* padding (e.g. CBC)
markrad	0:cdf462088d13	396	*
markrad	0:cdf462088d13	397	* If you disable all padding modes, only full blocks can be used with CBC.
markrad	0:cdf462088d13	398	*
markrad	0:cdf462088d13	399	* Enable padding modes in the cipher layer.
markrad	0:cdf462088d13	400	*/
markrad	0:cdf462088d13	401	#define MBEDTLS_CIPHER_PADDING_PKCS7
markrad	0:cdf462088d13	402	#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
markrad	0:cdf462088d13	403	#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
markrad	0:cdf462088d13	404	#define MBEDTLS_CIPHER_PADDING_ZEROS
markrad	0:cdf462088d13	405
markrad	0:cdf462088d13	406	/**
markrad	0:cdf462088d13	407	* \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
markrad	0:cdf462088d13	408	*
markrad	0:cdf462088d13	409	* Enable weak ciphersuites in SSL / TLS.
markrad	0:cdf462088d13	410	* Warning: Only do so when you know what you are doing. This allows for
markrad	0:cdf462088d13	411	* channels with virtually no security at all!
markrad	0:cdf462088d13	412	*
markrad	0:cdf462088d13	413	* This enables the following ciphersuites:
markrad	0:cdf462088d13	414	* MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
markrad	0:cdf462088d13	415	* MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
markrad	0:cdf462088d13	416	*
markrad	0:cdf462088d13	417	* Uncomment this macro to enable weak ciphersuites
markrad	0:cdf462088d13	418	*/
markrad	0:cdf462088d13	419	//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
markrad	0:cdf462088d13	420
markrad	0:cdf462088d13	421	/**
markrad	0:cdf462088d13	422	* \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
markrad	0:cdf462088d13	423	*
markrad	0:cdf462088d13	424	* Remove RC4 ciphersuites by default in SSL / TLS.
markrad	0:cdf462088d13	425	* This flag removes the ciphersuites based on RC4 from the default list as
markrad	0:cdf462088d13	426	* returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
markrad	0:cdf462088d13	427	* enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
markrad	0:cdf462088d13	428	* explicitly.
markrad	0:cdf462088d13	429	*
markrad	0:cdf462088d13	430	* Uncomment this macro to remove RC4 ciphersuites by default.
markrad	0:cdf462088d13	431	*/
markrad	0:cdf462088d13	432	#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
markrad	0:cdf462088d13	433
markrad	0:cdf462088d13	434	/**
markrad	0:cdf462088d13	435	* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
markrad	0:cdf462088d13	436	*
markrad	0:cdf462088d13	437	* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
markrad	0:cdf462088d13	438	* module. By default all supported curves are enabled.
markrad	0:cdf462088d13	439	*
markrad	0:cdf462088d13	440	* Comment macros to disable the curve and functions for it
markrad	0:cdf462088d13	441	*/
markrad	0:cdf462088d13	442	#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
markrad	0:cdf462088d13	443	#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
markrad	0:cdf462088d13	444	#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
markrad	0:cdf462088d13	445	#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
markrad	0:cdf462088d13	446	#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
markrad	0:cdf462088d13	447	#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
markrad	0:cdf462088d13	448	#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
markrad	0:cdf462088d13	449	#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
markrad	0:cdf462088d13	450	#define MBEDTLS_ECP_DP_BP256R1_ENABLED
markrad	0:cdf462088d13	451	#define MBEDTLS_ECP_DP_BP384R1_ENABLED
markrad	0:cdf462088d13	452	#define MBEDTLS_ECP_DP_BP512R1_ENABLED
markrad	0:cdf462088d13	453	#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
markrad	0:cdf462088d13	454
markrad	0:cdf462088d13	455	/**
markrad	0:cdf462088d13	456	* \def MBEDTLS_ECP_NIST_OPTIM
markrad	0:cdf462088d13	457	*
markrad	0:cdf462088d13	458	* Enable specific 'modulo p' routines for each NIST prime.
markrad	0:cdf462088d13	459	* Depending on the prime and architecture, makes operations 4 to 8 times
markrad	0:cdf462088d13	460	* faster on the corresponding curve.
markrad	0:cdf462088d13	461	*
markrad	0:cdf462088d13	462	* Comment this macro to disable NIST curves optimisation.
markrad	0:cdf462088d13	463	*/
markrad	0:cdf462088d13	464	#define MBEDTLS_ECP_NIST_OPTIM
markrad	0:cdf462088d13	465
markrad	0:cdf462088d13	466	/**
markrad	0:cdf462088d13	467	* \def MBEDTLS_ECDSA_DETERMINISTIC
markrad	0:cdf462088d13	468	*
markrad	0:cdf462088d13	469	* Enable deterministic ECDSA (RFC 6979).
markrad	0:cdf462088d13	470	* Standard ECDSA is "fragile" in the sense that lack of entropy when signing
markrad	0:cdf462088d13	471	* may result in a compromise of the long-term signing key. This is avoided by
markrad	0:cdf462088d13	472	* the deterministic variant.
markrad	0:cdf462088d13	473	*
markrad	0:cdf462088d13	474	* Requires: MBEDTLS_HMAC_DRBG_C
markrad	0:cdf462088d13	475	*
markrad	0:cdf462088d13	476	* Comment this macro to disable deterministic ECDSA.
markrad	0:cdf462088d13	477	*/
markrad	0:cdf462088d13	478	#define MBEDTLS_ECDSA_DETERMINISTIC
markrad	0:cdf462088d13	479
markrad	0:cdf462088d13	480	/**
markrad	0:cdf462088d13	481	* \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
markrad	0:cdf462088d13	482	*
markrad	0:cdf462088d13	483	* Enable the PSK based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	484	*
markrad	0:cdf462088d13	485	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	486	* enabled as well):
markrad	0:cdf462088d13	487	* MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	488	* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	489	* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	490	* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	491	* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	492	* MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	493	* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	494	* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	495	* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	496	* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	497	* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	498	* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
markrad	0:cdf462088d13	499	*/
markrad	0:cdf462088d13	500	#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
markrad	0:cdf462088d13	501
markrad	0:cdf462088d13	502	/**
markrad	0:cdf462088d13	503	* \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
markrad	0:cdf462088d13	504	*
markrad	0:cdf462088d13	505	* Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	506	*
markrad	0:cdf462088d13	507	* Requires: MBEDTLS_DHM_C
markrad	0:cdf462088d13	508	*
markrad	0:cdf462088d13	509	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	510	* enabled as well):
markrad	0:cdf462088d13	511	* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	512	* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	513	* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	514	* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	515	* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	516	* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	517	* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	518	* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	519	* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	520	* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	521	* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	522	* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
markrad	0:cdf462088d13	523	*/
markrad	0:cdf462088d13	524	#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
markrad	0:cdf462088d13	525
markrad	0:cdf462088d13	526	/**
markrad	0:cdf462088d13	527	* \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
markrad	0:cdf462088d13	528	*
markrad	0:cdf462088d13	529	* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	530	*
markrad	0:cdf462088d13	531	* Requires: MBEDTLS_ECDH_C
markrad	0:cdf462088d13	532	*
markrad	0:cdf462088d13	533	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	534	* enabled as well):
markrad	0:cdf462088d13	535	* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	536	* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	537	* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	538	* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	539	* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	540	* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	541	* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	542	* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
markrad	0:cdf462088d13	543	*/
markrad	0:cdf462088d13	544	#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
markrad	0:cdf462088d13	545
markrad	0:cdf462088d13	546	/**
markrad	0:cdf462088d13	547	* \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
markrad	0:cdf462088d13	548	*
markrad	0:cdf462088d13	549	* Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	550	*
markrad	0:cdf462088d13	551	* Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
markrad	0:cdf462088d13	552	* MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	553	*
markrad	0:cdf462088d13	554	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	555	* enabled as well):
markrad	0:cdf462088d13	556	* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	557	* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	558	* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	559	* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	560	* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	561	* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	562	* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	563	* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	564	* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	565	* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	566	* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	567	* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
markrad	0:cdf462088d13	568	*/
markrad	0:cdf462088d13	569	#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
markrad	0:cdf462088d13	570
markrad	0:cdf462088d13	571	/**
markrad	0:cdf462088d13	572	* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
markrad	0:cdf462088d13	573	*
markrad	0:cdf462088d13	574	* Enable the RSA-only based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	575	*
markrad	0:cdf462088d13	576	* Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
markrad	0:cdf462088d13	577	* MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	578	*
markrad	0:cdf462088d13	579	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	580	* enabled as well):
markrad	0:cdf462088d13	581	* MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	582	* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
markrad	0:cdf462088d13	583	* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	584	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	585	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
markrad	0:cdf462088d13	586	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
markrad	0:cdf462088d13	587	* MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	588	* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	589	* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	590	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	591	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	592	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
markrad	0:cdf462088d13	593	* MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	594	* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	595	* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
markrad	0:cdf462088d13	596	*/
markrad	0:cdf462088d13	597	#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
markrad	0:cdf462088d13	598
markrad	0:cdf462088d13	599	/**
markrad	0:cdf462088d13	600	* \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
markrad	0:cdf462088d13	601	*
markrad	0:cdf462088d13	602	* Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	603	*
markrad	0:cdf462088d13	604	* Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
markrad	0:cdf462088d13	605	* MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	606	*
markrad	0:cdf462088d13	607	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	608	* enabled as well):
markrad	0:cdf462088d13	609	* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	610	* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
markrad	0:cdf462088d13	611	* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	612	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	613	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
markrad	0:cdf462088d13	614	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
markrad	0:cdf462088d13	615	* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	616	* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	617	* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	618	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	619	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	620	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
markrad	0:cdf462088d13	621	* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	622	*/
markrad	0:cdf462088d13	623	#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
markrad	0:cdf462088d13	624
markrad	0:cdf462088d13	625	/**
markrad	0:cdf462088d13	626	* \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
markrad	0:cdf462088d13	627	*
markrad	0:cdf462088d13	628	* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	629	*
markrad	0:cdf462088d13	630	* Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
markrad	0:cdf462088d13	631	* MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	632	*
markrad	0:cdf462088d13	633	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	634	* enabled as well):
markrad	0:cdf462088d13	635	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	636	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	637	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	638	* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	639	* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	640	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	641	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	642	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	643	* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	644	* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	645	* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	646	* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	647	*/
markrad	0:cdf462088d13	648	#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
markrad	0:cdf462088d13	649
markrad	0:cdf462088d13	650	/**
markrad	0:cdf462088d13	651	* \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
markrad	0:cdf462088d13	652	*
markrad	0:cdf462088d13	653	* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	654	*
markrad	0:cdf462088d13	655	* Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
markrad	0:cdf462088d13	656	*
markrad	0:cdf462088d13	657	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	658	* enabled as well):
markrad	0:cdf462088d13	659	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	660	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	661	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	662	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	663	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	664	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	665	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	666	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	667	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	668	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	669	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	670	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	671	*/
markrad	0:cdf462088d13	672	#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
markrad	0:cdf462088d13	673
markrad	0:cdf462088d13	674	/**
markrad	0:cdf462088d13	675	* \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
markrad	0:cdf462088d13	676	*
markrad	0:cdf462088d13	677	* Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	678	*
markrad	0:cdf462088d13	679	* Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	680	*
markrad	0:cdf462088d13	681	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	682	* enabled as well):
markrad	0:cdf462088d13	683	* MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	684	* MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	685	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	686	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	687	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	688	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	689	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	690	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	691	* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	692	* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	693	* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	694	* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	695	*/
markrad	0:cdf462088d13	696	#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
markrad	0:cdf462088d13	697
markrad	0:cdf462088d13	698	/**
markrad	0:cdf462088d13	699	* \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
markrad	0:cdf462088d13	700	*
markrad	0:cdf462088d13	701	* Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	702	*
markrad	0:cdf462088d13	703	* Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	704	*
markrad	0:cdf462088d13	705	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	706	* enabled as well):
markrad	0:cdf462088d13	707	* MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	708	* MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	709	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	710	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	711	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	712	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	713	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	714	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	715	* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	716	* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	717	* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	718	* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	719	*/
markrad	0:cdf462088d13	720	#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
markrad	0:cdf462088d13	721
markrad	0:cdf462088d13	722	/**
markrad	0:cdf462088d13	723	* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
markrad	0:cdf462088d13	724	*
markrad	0:cdf462088d13	725	* Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
markrad	0:cdf462088d13	726	*
markrad	0:cdf462088d13	727	* \warning This is currently experimental. EC J-PAKE support is based on the
markrad	0:cdf462088d13	728	* Thread v1.0.0 specification; incompatible changes to the specification
markrad	0:cdf462088d13	729	* might still happen. For this reason, this is disabled by default.
markrad	0:cdf462088d13	730	*
markrad	0:cdf462088d13	731	* Requires: MBEDTLS_ECJPAKE_C
markrad	0:cdf462088d13	732	* MBEDTLS_SHA256_C
markrad	0:cdf462088d13	733	* MBEDTLS_ECP_DP_SECP256R1_ENABLED
markrad	0:cdf462088d13	734	*
markrad	0:cdf462088d13	735	* This enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	736	* enabled as well):
markrad	0:cdf462088d13	737	* MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
markrad	0:cdf462088d13	738	*/
markrad	0:cdf462088d13	739	//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
markrad	0:cdf462088d13	740
markrad	0:cdf462088d13	741	/**
markrad	0:cdf462088d13	742	* \def MBEDTLS_PK_PARSE_EC_EXTENDED
markrad	0:cdf462088d13	743	*
markrad	0:cdf462088d13	744	* Enhance support for reading EC keys using variants of SEC1 not allowed by
markrad	0:cdf462088d13	745	* RFC 5915 and RFC 5480.
markrad	0:cdf462088d13	746	*
markrad	0:cdf462088d13	747	* Currently this means parsing the SpecifiedECDomain choice of EC
markrad	0:cdf462088d13	748	* parameters (only known groups are supported, not arbitrary domains, to
markrad	0:cdf462088d13	749	* avoid validation issues).
markrad	0:cdf462088d13	750	*
markrad	0:cdf462088d13	751	* Disable if you only need to support RFC 5915 + 5480 key formats.
markrad	0:cdf462088d13	752	*/
markrad	0:cdf462088d13	753	#define MBEDTLS_PK_PARSE_EC_EXTENDED
markrad	0:cdf462088d13	754
markrad	0:cdf462088d13	755	/**
markrad	0:cdf462088d13	756	* \def MBEDTLS_ERROR_STRERROR_DUMMY
markrad	0:cdf462088d13	757	*
markrad	0:cdf462088d13	758	* Enable a dummy error function to make use of mbedtls_strerror() in
markrad	0:cdf462088d13	759	* third party libraries easier when MBEDTLS_ERROR_C is disabled
markrad	0:cdf462088d13	760	* (no effect when MBEDTLS_ERROR_C is enabled).
markrad	0:cdf462088d13	761	*
markrad	0:cdf462088d13	762	* You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
markrad	0:cdf462088d13	763	* not using mbedtls_strerror() or error_strerror() in your application.
markrad	0:cdf462088d13	764	*
markrad	0:cdf462088d13	765	* Disable if you run into name conflicts and want to really remove the
markrad	0:cdf462088d13	766	* mbedtls_strerror()
markrad	0:cdf462088d13	767	*/
markrad	0:cdf462088d13	768	#define MBEDTLS_ERROR_STRERROR_DUMMY
markrad	0:cdf462088d13	769
markrad	0:cdf462088d13	770	/**
markrad	0:cdf462088d13	771	* \def MBEDTLS_GENPRIME
markrad	0:cdf462088d13	772	*
markrad	0:cdf462088d13	773	* Enable the prime-number generation code.
markrad	0:cdf462088d13	774	*
markrad	0:cdf462088d13	775	* Requires: MBEDTLS_BIGNUM_C
markrad	0:cdf462088d13	776	*/
markrad	0:cdf462088d13	777	#define MBEDTLS_GENPRIME
markrad	0:cdf462088d13	778
markrad	0:cdf462088d13	779	/**
markrad	0:cdf462088d13	780	* \def MBEDTLS_FS_IO
markrad	0:cdf462088d13	781	*
markrad	0:cdf462088d13	782	* Enable functions that use the filesystem.
markrad	0:cdf462088d13	783	*/
markrad	0:cdf462088d13	784	//#define MBEDTLS_FS_IO
markrad	0:cdf462088d13	785
markrad	0:cdf462088d13	786	/**
markrad	0:cdf462088d13	787	* \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
markrad	0:cdf462088d13	788	*
markrad	0:cdf462088d13	789	* Do not add default entropy sources. These are the platform specific,
markrad	0:cdf462088d13	790	* mbedtls_timing_hardclock and HAVEGE based poll functions.
markrad	0:cdf462088d13	791	*
markrad	0:cdf462088d13	792	* This is useful to have more control over the added entropy sources in an
markrad	0:cdf462088d13	793	* application.
markrad	0:cdf462088d13	794	*
markrad	0:cdf462088d13	795	* Uncomment this macro to prevent loading of default entropy functions.
markrad	0:cdf462088d13	796	*/
markrad	0:cdf462088d13	797	//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
markrad	0:cdf462088d13	798
markrad	0:cdf462088d13	799	/**
markrad	0:cdf462088d13	800	* \def MBEDTLS_NO_PLATFORM_ENTROPY
markrad	0:cdf462088d13	801	*
markrad	0:cdf462088d13	802	* Do not use built-in platform entropy functions.
markrad	0:cdf462088d13	803	* This is useful if your platform does not support
markrad	0:cdf462088d13	804	* standards like the /dev/urandom or Windows CryptoAPI.
markrad	0:cdf462088d13	805	*
markrad	0:cdf462088d13	806	* Uncomment this macro to disable the built-in platform entropy functions.
markrad	0:cdf462088d13	807	*/
markrad	0:cdf462088d13	808	#define MBEDTLS_NO_PLATFORM_ENTROPY
markrad	0:cdf462088d13	809
markrad	0:cdf462088d13	810	/**
markrad	0:cdf462088d13	811	* \def MBEDTLS_ENTROPY_FORCE_SHA256
markrad	0:cdf462088d13	812	*
markrad	0:cdf462088d13	813	* Force the entropy accumulator to use a SHA-256 accumulator instead of the
markrad	0:cdf462088d13	814	* default SHA-512 based one (if both are available).
markrad	0:cdf462088d13	815	*
markrad	0:cdf462088d13	816	* Requires: MBEDTLS_SHA256_C
markrad	0:cdf462088d13	817	*
markrad	0:cdf462088d13	818	* On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
markrad	0:cdf462088d13	819	* if you have performance concerns.
markrad	0:cdf462088d13	820	*
markrad	0:cdf462088d13	821	* This option is only useful if both MBEDTLS_SHA256_C and
markrad	0:cdf462088d13	822	* MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
markrad	0:cdf462088d13	823	*/
markrad	0:cdf462088d13	824	//#define MBEDTLS_ENTROPY_FORCE_SHA256
markrad	0:cdf462088d13	825
markrad	0:cdf462088d13	826	/**
markrad	0:cdf462088d13	827	* \def MBEDTLS_ENTROPY_NV_SEED
markrad	0:cdf462088d13	828	*
markrad	0:cdf462088d13	829	* Enable the non-volatile (NV) seed file-based entropy source.
markrad	0:cdf462088d13	830	* (Also enables the NV seed read/write functions in the platform layer)
markrad	0:cdf462088d13	831	*
markrad	0:cdf462088d13	832	* This is crucial (if not required) on systems that do not have a
markrad	0:cdf462088d13	833	* cryptographic entropy source (in hardware or kernel) available.
markrad	0:cdf462088d13	834	*
markrad	0:cdf462088d13	835	* Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
markrad	0:cdf462088d13	836	*
markrad	0:cdf462088d13	837	* \note The read/write functions that are used by the entropy source are
markrad	0:cdf462088d13	838	* determined in the platform layer, and can be modified at runtime and/or
markrad	0:cdf462088d13	839	* compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
markrad	0:cdf462088d13	840	*
markrad	0:cdf462088d13	841	* \note If you use the default implementation functions that read a seedfile
markrad	0:cdf462088d13	842	* with regular fopen(), please make sure you make a seedfile with the
markrad	0:cdf462088d13	843	* proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
markrad	0:cdf462088d13	844	* least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
markrad	0:cdf462088d13	845	* and written to or you will get an entropy source error! The default
markrad	0:cdf462088d13	846	* implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
markrad	0:cdf462088d13	847	* bytes from the file.
markrad	0:cdf462088d13	848	*
markrad	0:cdf462088d13	849	* \note The entropy collector will write to the seed file before entropy is
markrad	0:cdf462088d13	850	* given to an external source, to update it.
markrad	0:cdf462088d13	851	*/
markrad	0:cdf462088d13	852	//#define MBEDTLS_ENTROPY_NV_SEED
markrad	0:cdf462088d13	853
markrad	0:cdf462088d13	854	/**
markrad	0:cdf462088d13	855	* \def MBEDTLS_MEMORY_DEBUG
markrad	0:cdf462088d13	856	*
markrad	0:cdf462088d13	857	* Enable debugging of buffer allocator memory issues. Automatically prints
markrad	0:cdf462088d13	858	* (to stderr) all (fatal) messages on memory allocation issues. Enables
markrad	0:cdf462088d13	859	* function for 'debug output' of allocated memory.
markrad	0:cdf462088d13	860	*
markrad	0:cdf462088d13	861	* Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
markrad	0:cdf462088d13	862	*
markrad	0:cdf462088d13	863	* Uncomment this macro to let the buffer allocator print out error messages.
markrad	0:cdf462088d13	864	*/
markrad	0:cdf462088d13	865	//#define MBEDTLS_MEMORY_DEBUG
markrad	0:cdf462088d13	866
markrad	0:cdf462088d13	867	/**
markrad	0:cdf462088d13	868	* \def MBEDTLS_MEMORY_BACKTRACE
markrad	0:cdf462088d13	869	*
markrad	0:cdf462088d13	870	* Include backtrace information with each allocated block.
markrad	0:cdf462088d13	871	*
markrad	0:cdf462088d13	872	* Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
markrad	0:cdf462088d13	873	* GLIBC-compatible backtrace() an backtrace_symbols() support
markrad	0:cdf462088d13	874	*
markrad	0:cdf462088d13	875	* Uncomment this macro to include backtrace information
markrad	0:cdf462088d13	876	*/
markrad	0:cdf462088d13	877	//#define MBEDTLS_MEMORY_BACKTRACE
markrad	0:cdf462088d13	878
markrad	0:cdf462088d13	879	/**
markrad	0:cdf462088d13	880	* \def MBEDTLS_PK_RSA_ALT_SUPPORT
markrad	0:cdf462088d13	881	*
markrad	0:cdf462088d13	882	* Support external private RSA keys (eg from a HSM) in the PK layer.
markrad	0:cdf462088d13	883	*
markrad	0:cdf462088d13	884	* Comment this macro to disable support for external private RSA keys.
markrad	0:cdf462088d13	885	*/
markrad	0:cdf462088d13	886	#define MBEDTLS_PK_RSA_ALT_SUPPORT
markrad	0:cdf462088d13	887
markrad	0:cdf462088d13	888	/**
markrad	0:cdf462088d13	889	* \def MBEDTLS_PKCS1_V15
markrad	0:cdf462088d13	890	*
markrad	0:cdf462088d13	891	* Enable support for PKCS#1 v1.5 encoding.
markrad	0:cdf462088d13	892	*
markrad	0:cdf462088d13	893	* Requires: MBEDTLS_RSA_C
markrad	0:cdf462088d13	894	*
markrad	0:cdf462088d13	895	* This enables support for PKCS#1 v1.5 operations.
markrad	0:cdf462088d13	896	*/
markrad	0:cdf462088d13	897	#define MBEDTLS_PKCS1_V15
markrad	0:cdf462088d13	898
markrad	0:cdf462088d13	899	/**
markrad	0:cdf462088d13	900	* \def MBEDTLS_PKCS1_V21
markrad	0:cdf462088d13	901	*
markrad	0:cdf462088d13	902	* Enable support for PKCS#1 v2.1 encoding.
markrad	0:cdf462088d13	903	*
markrad	0:cdf462088d13	904	* Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
markrad	0:cdf462088d13	905	*
markrad	0:cdf462088d13	906	* This enables support for RSAES-OAEP and RSASSA-PSS operations.
markrad	0:cdf462088d13	907	*/
markrad	0:cdf462088d13	908	#define MBEDTLS_PKCS1_V21
markrad	0:cdf462088d13	909
markrad	0:cdf462088d13	910	/**
markrad	0:cdf462088d13	911	* \def MBEDTLS_RSA_NO_CRT
markrad	0:cdf462088d13	912	*
markrad	0:cdf462088d13	913	* Do not use the Chinese Remainder Theorem for the RSA private operation.
markrad	0:cdf462088d13	914	*
markrad	0:cdf462088d13	915	* Uncomment this macro to disable the use of CRT in RSA.
markrad	0:cdf462088d13	916	*
markrad	0:cdf462088d13	917	*/
markrad	0:cdf462088d13	918	//#define MBEDTLS_RSA_NO_CRT
markrad	0:cdf462088d13	919
markrad	0:cdf462088d13	920	/**
markrad	0:cdf462088d13	921	* \def MBEDTLS_SELF_TEST
markrad	0:cdf462088d13	922	*
markrad	0:cdf462088d13	923	* Enable the checkup functions (*_self_test).
markrad	0:cdf462088d13	924	*/
markrad	0:cdf462088d13	925	#define MBEDTLS_SELF_TEST
markrad	0:cdf462088d13	926
markrad	0:cdf462088d13	927	/**
markrad	0:cdf462088d13	928	* \def MBEDTLS_SHA256_SMALLER
markrad	0:cdf462088d13	929	*
markrad	0:cdf462088d13	930	* Enable an implementation of SHA-256 that has lower ROM footprint but also
markrad	0:cdf462088d13	931	* lower performance.
markrad	0:cdf462088d13	932	*
markrad	0:cdf462088d13	933	* The default implementation is meant to be a reasonnable compromise between
markrad	0:cdf462088d13	934	* performance and size. This version optimizes more aggressively for size at
markrad	0:cdf462088d13	935	* the expense of performance. Eg on Cortex-M4 it reduces the size of
markrad	0:cdf462088d13	936	* mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
markrad	0:cdf462088d13	937	* 30%.
markrad	0:cdf462088d13	938	*
markrad	0:cdf462088d13	939	* Uncomment to enable the smaller implementation of SHA256.
markrad	0:cdf462088d13	940	*/
markrad	0:cdf462088d13	941	//#define MBEDTLS_SHA256_SMALLER
markrad	0:cdf462088d13	942
markrad	0:cdf462088d13	943	/**
markrad	0:cdf462088d13	944	* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
markrad	0:cdf462088d13	945	*
markrad	0:cdf462088d13	946	* Enable sending of alert messages in case of encountered errors as per RFC.
markrad	0:cdf462088d13	947	* If you choose not to send the alert messages, mbed TLS can still communicate
markrad	0:cdf462088d13	948	* with other servers, only debugging of failures is harder.
markrad	0:cdf462088d13	949	*
markrad	0:cdf462088d13	950	* The advantage of not sending alert messages, is that no information is given
markrad	0:cdf462088d13	951	* about reasons for failures thus preventing adversaries of gaining intel.
markrad	0:cdf462088d13	952	*
markrad	0:cdf462088d13	953	* Enable sending of all alert messages
markrad	0:cdf462088d13	954	*/
markrad	0:cdf462088d13	955	#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
markrad	0:cdf462088d13	956
markrad	0:cdf462088d13	957	/**
markrad	0:cdf462088d13	958	* \def MBEDTLS_SSL_DEBUG_ALL
markrad	0:cdf462088d13	959	*
markrad	0:cdf462088d13	960	* Enable the debug messages in SSL module for all issues.
markrad	0:cdf462088d13	961	* Debug messages have been disabled in some places to prevent timing
markrad	0:cdf462088d13	962	* attacks due to (unbalanced) debugging function calls.
markrad	0:cdf462088d13	963	*
markrad	0:cdf462088d13	964	* If you need all error reporting you should enable this during debugging,
markrad	0:cdf462088d13	965	* but remove this for production servers that should log as well.
markrad	0:cdf462088d13	966	*
markrad	0:cdf462088d13	967	* Uncomment this macro to report all debug messages on errors introducing
markrad	0:cdf462088d13	968	* a timing side-channel.
markrad	0:cdf462088d13	969	*
markrad	0:cdf462088d13	970	*/
markrad	0:cdf462088d13	971	//#define MBEDTLS_SSL_DEBUG_ALL
markrad	0:cdf462088d13	972
markrad	0:cdf462088d13	973	/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
markrad	0:cdf462088d13	974	*
markrad	0:cdf462088d13	975	* Enable support for Encrypt-then-MAC, RFC 7366.
markrad	0:cdf462088d13	976	*
markrad	0:cdf462088d13	977	* This allows peers that both support it to use a more robust protection for
markrad	0:cdf462088d13	978	* ciphersuites using CBC, providing deep resistance against timing attacks
markrad	0:cdf462088d13	979	* on the padding or underlying cipher.
markrad	0:cdf462088d13	980	*
markrad	0:cdf462088d13	981	* This only affects CBC ciphersuites, and is useless if none is defined.
markrad	0:cdf462088d13	982	*
markrad	0:cdf462088d13	983	* Requires: MBEDTLS_SSL_PROTO_TLS1 or
markrad	0:cdf462088d13	984	* MBEDTLS_SSL_PROTO_TLS1_1 or
markrad	0:cdf462088d13	985	* MBEDTLS_SSL_PROTO_TLS1_2
markrad	0:cdf462088d13	986	*
markrad	0:cdf462088d13	987	* Comment this macro to disable support for Encrypt-then-MAC
markrad	0:cdf462088d13	988	*/
markrad	0:cdf462088d13	989	#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
markrad	0:cdf462088d13	990
markrad	0:cdf462088d13	991	/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
markrad	0:cdf462088d13	992	*
markrad	0:cdf462088d13	993	* Enable support for Extended Master Secret, aka Session Hash
markrad	0:cdf462088d13	994	* (draft-ietf-tls-session-hash-02).
markrad	0:cdf462088d13	995	*
markrad	0:cdf462088d13	996	* This was introduced as "the proper fix" to the Triple Handshake familiy of
markrad	0:cdf462088d13	997	* attacks, but it is recommended to always use it (even if you disable
markrad	0:cdf462088d13	998	* renegotiation), since it actually fixes a more fundamental issue in the
markrad	0:cdf462088d13	999	* original SSL/TLS design, and has implications beyond Triple Handshake.
markrad	0:cdf462088d13	1000	*
markrad	0:cdf462088d13	1001	* Requires: MBEDTLS_SSL_PROTO_TLS1 or
markrad	0:cdf462088d13	1002	* MBEDTLS_SSL_PROTO_TLS1_1 or
markrad	0:cdf462088d13	1003	* MBEDTLS_SSL_PROTO_TLS1_2
markrad	0:cdf462088d13	1004	*
markrad	0:cdf462088d13	1005	* Comment this macro to disable support for Extended Master Secret.
markrad	0:cdf462088d13	1006	*/
markrad	0:cdf462088d13	1007	#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
markrad	0:cdf462088d13	1008
markrad	0:cdf462088d13	1009	/**
markrad	0:cdf462088d13	1010	* \def MBEDTLS_SSL_FALLBACK_SCSV
markrad	0:cdf462088d13	1011	*
markrad	0:cdf462088d13	1012	* Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
markrad	0:cdf462088d13	1013	*
markrad	0:cdf462088d13	1014	* For servers, it is recommended to always enable this, unless you support
markrad	0:cdf462088d13	1015	* only one version of TLS, or know for sure that none of your clients
markrad	0:cdf462088d13	1016	* implements a fallback strategy.
markrad	0:cdf462088d13	1017	*
markrad	0:cdf462088d13	1018	* For clients, you only need this if you're using a fallback strategy, which
markrad	0:cdf462088d13	1019	* is not recommended in the first place, unless you absolutely need it to
markrad	0:cdf462088d13	1020	* interoperate with buggy (version-intolerant) servers.
markrad	0:cdf462088d13	1021	*
markrad	0:cdf462088d13	1022	* Comment this macro to disable support for FALLBACK_SCSV
markrad	0:cdf462088d13	1023	*/
markrad	0:cdf462088d13	1024	#define MBEDTLS_SSL_FALLBACK_SCSV
markrad	0:cdf462088d13	1025
markrad	0:cdf462088d13	1026	/**
markrad	0:cdf462088d13	1027	* \def MBEDTLS_SSL_HW_RECORD_ACCEL
markrad	0:cdf462088d13	1028	*
markrad	0:cdf462088d13	1029	* Enable hooking functions in SSL module for hardware acceleration of
markrad	0:cdf462088d13	1030	* individual records.
markrad	0:cdf462088d13	1031	*
markrad	0:cdf462088d13	1032	* Uncomment this macro to enable hooking functions.
markrad	0:cdf462088d13	1033	*/
markrad	0:cdf462088d13	1034	//#define MBEDTLS_SSL_HW_RECORD_ACCEL
markrad	0:cdf462088d13	1035
markrad	0:cdf462088d13	1036	/**
markrad	0:cdf462088d13	1037	* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
markrad	0:cdf462088d13	1038	*
markrad	0:cdf462088d13	1039	* Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
markrad	0:cdf462088d13	1040	*
markrad	0:cdf462088d13	1041	* This is a countermeasure to the BEAST attack, which also minimizes the risk
markrad	0:cdf462088d13	1042	* of interoperability issues compared to sending 0-length records.
markrad	0:cdf462088d13	1043	*
markrad	0:cdf462088d13	1044	* Comment this macro to disable 1/n-1 record splitting.
markrad	0:cdf462088d13	1045	*/
markrad	0:cdf462088d13	1046	#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
markrad	0:cdf462088d13	1047
markrad	0:cdf462088d13	1048	/**
markrad	0:cdf462088d13	1049	* \def MBEDTLS_SSL_RENEGOTIATION
markrad	0:cdf462088d13	1050	*
markrad	0:cdf462088d13	1051	* Disable support for TLS renegotiation.
markrad	0:cdf462088d13	1052	*
markrad	0:cdf462088d13	1053	* The two main uses of renegotiation are (1) refresh keys on long-lived
markrad	0:cdf462088d13	1054	* connections and (2) client authentication after the initial handshake.
markrad	0:cdf462088d13	1055	* If you don't need renegotiation, it's probably better to disable it, since
markrad	0:cdf462088d13	1056	* it has been associated with security issues in the past and is easy to
markrad	0:cdf462088d13	1057	* misuse/misunderstand.
markrad	0:cdf462088d13	1058	*
markrad	0:cdf462088d13	1059	* Comment this to disable support for renegotiation.
markrad	0:cdf462088d13	1060	*/
markrad	0:cdf462088d13	1061	#define MBEDTLS_SSL_RENEGOTIATION
markrad	0:cdf462088d13	1062
markrad	0:cdf462088d13	1063	/**
markrad	0:cdf462088d13	1064	* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
markrad	0:cdf462088d13	1065	*
markrad	0:cdf462088d13	1066	* Enable support for receiving and parsing SSLv2 Client Hello messages for the
markrad	0:cdf462088d13	1067	* SSL Server module (MBEDTLS_SSL_SRV_C).
markrad	0:cdf462088d13	1068	*
markrad	0:cdf462088d13	1069	* Uncomment this macro to enable support for SSLv2 Client Hello messages.
markrad	0:cdf462088d13	1070	*/
markrad	0:cdf462088d13	1071	//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
markrad	0:cdf462088d13	1072
markrad	0:cdf462088d13	1073	/**
markrad	0:cdf462088d13	1074	* \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
markrad	0:cdf462088d13	1075	*
markrad	0:cdf462088d13	1076	* Pick the ciphersuite according to the client's preferences rather than ours
markrad	0:cdf462088d13	1077	* in the SSL Server module (MBEDTLS_SSL_SRV_C).
markrad	0:cdf462088d13	1078	*
markrad	0:cdf462088d13	1079	* Uncomment this macro to respect client's ciphersuite order
markrad	0:cdf462088d13	1080	*/
markrad	0:cdf462088d13	1081	//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
markrad	0:cdf462088d13	1082
markrad	0:cdf462088d13	1083	/**
markrad	0:cdf462088d13	1084	* \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
markrad	0:cdf462088d13	1085	*
markrad	0:cdf462088d13	1086	* Enable support for RFC 6066 max_fragment_length extension in SSL.
markrad	0:cdf462088d13	1087	*
markrad	0:cdf462088d13	1088	* Comment this macro to disable support for the max_fragment_length extension
markrad	0:cdf462088d13	1089	*/
markrad	0:cdf462088d13	1090	#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
markrad	0:cdf462088d13	1091
markrad	0:cdf462088d13	1092	/**
markrad	0:cdf462088d13	1093	* \def MBEDTLS_SSL_PROTO_SSL3
markrad	0:cdf462088d13	1094	*
markrad	0:cdf462088d13	1095	* Enable support for SSL 3.0.
markrad	0:cdf462088d13	1096	*
markrad	0:cdf462088d13	1097	* Requires: MBEDTLS_MD5_C
markrad	0:cdf462088d13	1098	* MBEDTLS_SHA1_C
markrad	0:cdf462088d13	1099	*
markrad	0:cdf462088d13	1100	* Comment this macro to disable support for SSL 3.0
markrad	0:cdf462088d13	1101	*/
markrad	0:cdf462088d13	1102	//#define MBEDTLS_SSL_PROTO_SSL3
markrad	0:cdf462088d13	1103
markrad	0:cdf462088d13	1104	/**
markrad	0:cdf462088d13	1105	* \def MBEDTLS_SSL_PROTO_TLS1
markrad	0:cdf462088d13	1106	*
markrad	0:cdf462088d13	1107	* Enable support for TLS 1.0.
markrad	0:cdf462088d13	1108	*
markrad	0:cdf462088d13	1109	* Requires: MBEDTLS_MD5_C
markrad	0:cdf462088d13	1110	* MBEDTLS_SHA1_C
markrad	0:cdf462088d13	1111	*
markrad	0:cdf462088d13	1112	* Comment this macro to disable support for TLS 1.0
markrad	0:cdf462088d13	1113	*/
markrad	0:cdf462088d13	1114	#define MBEDTLS_SSL_PROTO_TLS1
markrad	0:cdf462088d13	1115
markrad	0:cdf462088d13	1116	/**
markrad	0:cdf462088d13	1117	* \def MBEDTLS_SSL_PROTO_TLS1_1
markrad	0:cdf462088d13	1118	*
markrad	0:cdf462088d13	1119	* Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
markrad	0:cdf462088d13	1120	*
markrad	0:cdf462088d13	1121	* Requires: MBEDTLS_MD5_C
markrad	0:cdf462088d13	1122	* MBEDTLS_SHA1_C
markrad	0:cdf462088d13	1123	*
markrad	0:cdf462088d13	1124	* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
markrad	0:cdf462088d13	1125	*/
markrad	0:cdf462088d13	1126	#define MBEDTLS_SSL_PROTO_TLS1_1
markrad	0:cdf462088d13	1127
markrad	0:cdf462088d13	1128	/**
markrad	0:cdf462088d13	1129	* \def MBEDTLS_SSL_PROTO_TLS1_2
markrad	0:cdf462088d13	1130	*
markrad	0:cdf462088d13	1131	* Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
markrad	0:cdf462088d13	1132	*
markrad	0:cdf462088d13	1133	* Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
markrad	0:cdf462088d13	1134	* (Depends on ciphersuites)
markrad	0:cdf462088d13	1135	*
markrad	0:cdf462088d13	1136	* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
markrad	0:cdf462088d13	1137	*/
markrad	0:cdf462088d13	1138	#define MBEDTLS_SSL_PROTO_TLS1_2
markrad	0:cdf462088d13	1139
markrad	0:cdf462088d13	1140	/**
markrad	0:cdf462088d13	1141	* \def MBEDTLS_SSL_PROTO_DTLS
markrad	0:cdf462088d13	1142	*
markrad	0:cdf462088d13	1143	* Enable support for DTLS (all available versions).
markrad	0:cdf462088d13	1144	*
markrad	0:cdf462088d13	1145	* Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
markrad	0:cdf462088d13	1146	* and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
markrad	0:cdf462088d13	1147	*
markrad	0:cdf462088d13	1148	* Requires: MBEDTLS_SSL_PROTO_TLS1_1
markrad	0:cdf462088d13	1149	* or MBEDTLS_SSL_PROTO_TLS1_2
markrad	0:cdf462088d13	1150	*
markrad	0:cdf462088d13	1151	* Comment this macro to disable support for DTLS
markrad	0:cdf462088d13	1152	*/
markrad	0:cdf462088d13	1153	#define MBEDTLS_SSL_PROTO_DTLS
markrad	0:cdf462088d13	1154
markrad	0:cdf462088d13	1155	/**
markrad	0:cdf462088d13	1156	* \def MBEDTLS_SSL_ALPN
markrad	0:cdf462088d13	1157	*
markrad	0:cdf462088d13	1158	* Enable support for RFC 7301 Application Layer Protocol Negotiation.
markrad	0:cdf462088d13	1159	*
markrad	0:cdf462088d13	1160	* Comment this macro to disable support for ALPN.
markrad	0:cdf462088d13	1161	*/
markrad	0:cdf462088d13	1162	#define MBEDTLS_SSL_ALPN
markrad	0:cdf462088d13	1163
markrad	0:cdf462088d13	1164	/**
markrad	0:cdf462088d13	1165	* \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
markrad	0:cdf462088d13	1166	*
markrad	0:cdf462088d13	1167	* Enable support for the anti-replay mechanism in DTLS.
markrad	0:cdf462088d13	1168	*
markrad	0:cdf462088d13	1169	* Requires: MBEDTLS_SSL_TLS_C
markrad	0:cdf462088d13	1170	* MBEDTLS_SSL_PROTO_DTLS
markrad	0:cdf462088d13	1171	*
markrad	0:cdf462088d13	1172	* \warning Disabling this is often a security risk!
markrad	0:cdf462088d13	1173	* See mbedtls_ssl_conf_dtls_anti_replay() for details.
markrad	0:cdf462088d13	1174	*
markrad	0:cdf462088d13	1175	* Comment this to disable anti-replay in DTLS.
markrad	0:cdf462088d13	1176	*/
markrad	0:cdf462088d13	1177	#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
markrad	0:cdf462088d13	1178
markrad	0:cdf462088d13	1179	/**
markrad	0:cdf462088d13	1180	* \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
markrad	0:cdf462088d13	1181	*
markrad	0:cdf462088d13	1182	* Enable support for HelloVerifyRequest on DTLS servers.
markrad	0:cdf462088d13	1183	*
markrad	0:cdf462088d13	1184	* This feature is highly recommended to prevent DTLS servers being used as
markrad	0:cdf462088d13	1185	* amplifiers in DoS attacks against other hosts. It should always be enabled
markrad	0:cdf462088d13	1186	* unless you know for sure amplification cannot be a problem in the
markrad	0:cdf462088d13	1187	* environment in which your server operates.
markrad	0:cdf462088d13	1188	*
markrad	0:cdf462088d13	1189	* \warning Disabling this can ba a security risk! (see above)
markrad	0:cdf462088d13	1190	*
markrad	0:cdf462088d13	1191	* Requires: MBEDTLS_SSL_PROTO_DTLS
markrad	0:cdf462088d13	1192	*
markrad	0:cdf462088d13	1193	* Comment this to disable support for HelloVerifyRequest.
markrad	0:cdf462088d13	1194	*/
markrad	0:cdf462088d13	1195	#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
markrad	0:cdf462088d13	1196
markrad	0:cdf462088d13	1197	/**
markrad	0:cdf462088d13	1198	* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
markrad	0:cdf462088d13	1199	*
markrad	0:cdf462088d13	1200	* Enable server-side support for clients that reconnect from the same port.
markrad	0:cdf462088d13	1201	*
markrad	0:cdf462088d13	1202	* Some clients unexpectedly close the connection and try to reconnect using the
markrad	0:cdf462088d13	1203	* same source port. This needs special support from the server to handle the
markrad	0:cdf462088d13	1204	* new connection securely, as described in section 4.2.8 of RFC 6347. This
markrad	0:cdf462088d13	1205	* flag enables that support.
markrad	0:cdf462088d13	1206	*
markrad	0:cdf462088d13	1207	* Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
markrad	0:cdf462088d13	1208	*
markrad	0:cdf462088d13	1209	* Comment this to disable support for clients reusing the source port.
markrad	0:cdf462088d13	1210	*/
markrad	0:cdf462088d13	1211	#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
markrad	0:cdf462088d13	1212
markrad	0:cdf462088d13	1213	/**
markrad	0:cdf462088d13	1214	* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
markrad	0:cdf462088d13	1215	*
markrad	0:cdf462088d13	1216	* Enable support for a limit of records with bad MAC.
markrad	0:cdf462088d13	1217	*
markrad	0:cdf462088d13	1218	* See mbedtls_ssl_conf_dtls_badmac_limit().
markrad	0:cdf462088d13	1219	*
markrad	0:cdf462088d13	1220	* Requires: MBEDTLS_SSL_PROTO_DTLS
markrad	0:cdf462088d13	1221	*/
markrad	0:cdf462088d13	1222	#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
markrad	0:cdf462088d13	1223
markrad	0:cdf462088d13	1224	/**
markrad	0:cdf462088d13	1225	* \def MBEDTLS_SSL_SESSION_TICKETS
markrad	0:cdf462088d13	1226	*
markrad	0:cdf462088d13	1227	* Enable support for RFC 5077 session tickets in SSL.
markrad	0:cdf462088d13	1228	* Client-side, provides full support for session tickets (maintainance of a
markrad	0:cdf462088d13	1229	* session store remains the responsibility of the application, though).
markrad	0:cdf462088d13	1230	* Server-side, you also need to provide callbacks for writing and parsing
markrad	0:cdf462088d13	1231	* tickets, including authenticated encryption and key management. Example
markrad	0:cdf462088d13	1232	* callbacks are provided by MBEDTLS_SSL_TICKET_C.
markrad	0:cdf462088d13	1233	*
markrad	0:cdf462088d13	1234	* Comment this macro to disable support for SSL session tickets
markrad	0:cdf462088d13	1235	*/
markrad	0:cdf462088d13	1236	#define MBEDTLS_SSL_SESSION_TICKETS
markrad	0:cdf462088d13	1237
markrad	0:cdf462088d13	1238	/**
markrad	0:cdf462088d13	1239	* \def MBEDTLS_SSL_EXPORT_KEYS
markrad	0:cdf462088d13	1240	*
markrad	0:cdf462088d13	1241	* Enable support for exporting key block and master secret.
markrad	0:cdf462088d13	1242	* This is required for certain users of TLS, e.g. EAP-TLS.
markrad	0:cdf462088d13	1243	*
markrad	0:cdf462088d13	1244	* Comment this macro to disable support for key export
markrad	0:cdf462088d13	1245	*/
markrad	0:cdf462088d13	1246	#define MBEDTLS_SSL_EXPORT_KEYS
markrad	0:cdf462088d13	1247
markrad	0:cdf462088d13	1248	/**
markrad	0:cdf462088d13	1249	* \def MBEDTLS_SSL_SERVER_NAME_INDICATION
markrad	0:cdf462088d13	1250	*
markrad	0:cdf462088d13	1251	* Enable support for RFC 6066 server name indication (SNI) in SSL.
markrad	0:cdf462088d13	1252	*
markrad	0:cdf462088d13	1253	* Requires: MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	1254	*
markrad	0:cdf462088d13	1255	* Comment this macro to disable support for server name indication in SSL
markrad	0:cdf462088d13	1256	*/
markrad	0:cdf462088d13	1257	#define MBEDTLS_SSL_SERVER_NAME_INDICATION
markrad	0:cdf462088d13	1258
markrad	0:cdf462088d13	1259	/**
markrad	0:cdf462088d13	1260	* \def MBEDTLS_SSL_TRUNCATED_HMAC
markrad	0:cdf462088d13	1261	*
markrad	0:cdf462088d13	1262	* Enable support for RFC 6066 truncated HMAC in SSL.
markrad	0:cdf462088d13	1263	*
markrad	0:cdf462088d13	1264	* Comment this macro to disable support for truncated HMAC in SSL
markrad	0:cdf462088d13	1265	*/
markrad	0:cdf462088d13	1266	#define MBEDTLS_SSL_TRUNCATED_HMAC
markrad	0:cdf462088d13	1267
markrad	0:cdf462088d13	1268	/**
markrad	0:cdf462088d13	1269	* \def MBEDTLS_THREADING_ALT
markrad	0:cdf462088d13	1270	*
markrad	0:cdf462088d13	1271	* Provide your own alternate threading implementation.
markrad	0:cdf462088d13	1272	*
markrad	0:cdf462088d13	1273	* Requires: MBEDTLS_THREADING_C
markrad	0:cdf462088d13	1274	*
markrad	0:cdf462088d13	1275	* Uncomment this to allow your own alternate threading implementation.
markrad	0:cdf462088d13	1276	*/
markrad	0:cdf462088d13	1277	//#define MBEDTLS_THREADING_ALT
markrad	0:cdf462088d13	1278
markrad	0:cdf462088d13	1279	/**
markrad	0:cdf462088d13	1280	* \def MBEDTLS_THREADING_PTHREAD
markrad	0:cdf462088d13	1281	*
markrad	0:cdf462088d13	1282	* Enable the pthread wrapper layer for the threading layer.
markrad	0:cdf462088d13	1283	*
markrad	0:cdf462088d13	1284	* Requires: MBEDTLS_THREADING_C
markrad	0:cdf462088d13	1285	*
markrad	0:cdf462088d13	1286	* Uncomment this to enable pthread mutexes.
markrad	0:cdf462088d13	1287	*/
markrad	0:cdf462088d13	1288	//#define MBEDTLS_THREADING_PTHREAD
markrad	0:cdf462088d13	1289
markrad	0:cdf462088d13	1290	/**
markrad	0:cdf462088d13	1291	* \def MBEDTLS_VERSION_FEATURES
markrad	0:cdf462088d13	1292	*
markrad	0:cdf462088d13	1293	* Allow run-time checking of compile-time enabled features. Thus allowing users
markrad	0:cdf462088d13	1294	* to check at run-time if the library is for instance compiled with threading
markrad	0:cdf462088d13	1295	* support via mbedtls_version_check_feature().
markrad	0:cdf462088d13	1296	*
markrad	0:cdf462088d13	1297	* Requires: MBEDTLS_VERSION_C
markrad	0:cdf462088d13	1298	*
markrad	0:cdf462088d13	1299	* Comment this to disable run-time checking and save ROM space
markrad	0:cdf462088d13	1300	*/
markrad	0:cdf462088d13	1301	#define MBEDTLS_VERSION_FEATURES
markrad	0:cdf462088d13	1302
markrad	0:cdf462088d13	1303	/**
markrad	0:cdf462088d13	1304	* \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
markrad	0:cdf462088d13	1305	*
markrad	0:cdf462088d13	1306	* If set, the X509 parser will not break-off when parsing an X509 certificate
markrad	0:cdf462088d13	1307	* and encountering an extension in a v1 or v2 certificate.
markrad	0:cdf462088d13	1308	*
markrad	0:cdf462088d13	1309	* Uncomment to prevent an error.
markrad	0:cdf462088d13	1310	*/
markrad	0:cdf462088d13	1311	//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
markrad	0:cdf462088d13	1312
markrad	0:cdf462088d13	1313	/**
markrad	0:cdf462088d13	1314	* \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
markrad	0:cdf462088d13	1315	*
markrad	0:cdf462088d13	1316	* If set, the X509 parser will not break-off when parsing an X509 certificate
markrad	0:cdf462088d13	1317	* and encountering an unknown critical extension.
markrad	0:cdf462088d13	1318	*
markrad	0:cdf462088d13	1319	* \warning Depending on your PKI use, enabling this can be a security risk!
markrad	0:cdf462088d13	1320	*
markrad	0:cdf462088d13	1321	* Uncomment to prevent an error.
markrad	0:cdf462088d13	1322	*/
markrad	0:cdf462088d13	1323	//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
markrad	0:cdf462088d13	1324
markrad	0:cdf462088d13	1325	/**
markrad	0:cdf462088d13	1326	* \def MBEDTLS_X509_CHECK_KEY_USAGE
markrad	0:cdf462088d13	1327	*
markrad	0:cdf462088d13	1328	* Enable verification of the keyUsage extension (CA and leaf certificates).
markrad	0:cdf462088d13	1329	*
markrad	0:cdf462088d13	1330	* Disabling this avoids problems with mis-issued and/or misused
markrad	0:cdf462088d13	1331	* (intermediate) CA and leaf certificates.
markrad	0:cdf462088d13	1332	*
markrad	0:cdf462088d13	1333	* \warning Depending on your PKI use, disabling this can be a security risk!
markrad	0:cdf462088d13	1334	*
markrad	0:cdf462088d13	1335	* Comment to skip keyUsage checking for both CA and leaf certificates.
markrad	0:cdf462088d13	1336	*/
markrad	0:cdf462088d13	1337	#define MBEDTLS_X509_CHECK_KEY_USAGE
markrad	0:cdf462088d13	1338
markrad	0:cdf462088d13	1339	/**
markrad	0:cdf462088d13	1340	* \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
markrad	0:cdf462088d13	1341	*
markrad	0:cdf462088d13	1342	* Enable verification of the extendedKeyUsage extension (leaf certificates).
markrad	0:cdf462088d13	1343	*
markrad	0:cdf462088d13	1344	* Disabling this avoids problems with mis-issued and/or misused certificates.
markrad	0:cdf462088d13	1345	*
markrad	0:cdf462088d13	1346	* \warning Depending on your PKI use, disabling this can be a security risk!
markrad	0:cdf462088d13	1347	*
markrad	0:cdf462088d13	1348	* Comment to skip extendedKeyUsage checking for certificates.
markrad	0:cdf462088d13	1349	*/
markrad	0:cdf462088d13	1350	#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
markrad	0:cdf462088d13	1351
markrad	0:cdf462088d13	1352	/**
markrad	0:cdf462088d13	1353	* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
markrad	0:cdf462088d13	1354	*
markrad	0:cdf462088d13	1355	* Enable parsing and verification of X.509 certificates, CRLs and CSRS
markrad	0:cdf462088d13	1356	* signed with RSASSA-PSS (aka PKCS#1 v2.1).
markrad	0:cdf462088d13	1357	*
markrad	0:cdf462088d13	1358	* Comment this macro to disallow using RSASSA-PSS in certificates.
markrad	0:cdf462088d13	1359	*/
markrad	0:cdf462088d13	1360	#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
markrad	0:cdf462088d13	1361
markrad	0:cdf462088d13	1362	/**
markrad	0:cdf462088d13	1363	* \def MBEDTLS_ZLIB_SUPPORT
markrad	0:cdf462088d13	1364	*
markrad	0:cdf462088d13	1365	* If set, the SSL/TLS module uses ZLIB to support compression and
markrad	0:cdf462088d13	1366	* decompression of packet data.
markrad	0:cdf462088d13	1367	*
markrad	0:cdf462088d13	1368	* \warning TLS-level compression MAY REDUCE SECURITY! See for example the
markrad	0:cdf462088d13	1369	* CRIME attack. Before enabling this option, you should examine with care if
markrad	0:cdf462088d13	1370	* CRIME or similar exploits may be a applicable to your use case.
markrad	0:cdf462088d13	1371	*
markrad	0:cdf462088d13	1372	* \note Currently compression can't be used with DTLS.
markrad	0:cdf462088d13	1373	*
markrad	0:cdf462088d13	1374	* Used in: library/ssl_tls.c
markrad	0:cdf462088d13	1375	* library/ssl_cli.c
markrad	0:cdf462088d13	1376	* library/ssl_srv.c
markrad	0:cdf462088d13	1377	*
markrad	0:cdf462088d13	1378	* This feature requires zlib library and headers to be present.
markrad	0:cdf462088d13	1379	*
markrad	0:cdf462088d13	1380	* Uncomment to enable use of ZLIB
markrad	0:cdf462088d13	1381	*/
markrad	0:cdf462088d13	1382	//#define MBEDTLS_ZLIB_SUPPORT
markrad	0:cdf462088d13	1383	/* \} name SECTION: mbed TLS feature support */
markrad	0:cdf462088d13	1384
markrad	0:cdf462088d13	1385	/**
markrad	0:cdf462088d13	1386	* \name SECTION: mbed TLS modules
markrad	0:cdf462088d13	1387	*
markrad	0:cdf462088d13	1388	* This section enables or disables entire modules in mbed TLS
markrad	0:cdf462088d13	1389	* \{
markrad	0:cdf462088d13	1390	*/
markrad	0:cdf462088d13	1391
markrad	0:cdf462088d13	1392	/**
markrad	0:cdf462088d13	1393	* \def MBEDTLS_AESNI_C
markrad	0:cdf462088d13	1394	*
markrad	0:cdf462088d13	1395	* Enable AES-NI support on x86-64.
markrad	0:cdf462088d13	1396	*
markrad	0:cdf462088d13	1397	* Module: library/aesni.c
markrad	0:cdf462088d13	1398	* Caller: library/aes.c
markrad	0:cdf462088d13	1399	*
markrad	0:cdf462088d13	1400	* Requires: MBEDTLS_HAVE_ASM
markrad	0:cdf462088d13	1401	*
markrad	0:cdf462088d13	1402	* This modules adds support for the AES-NI instructions on x86-64
markrad	0:cdf462088d13	1403	*/
markrad	0:cdf462088d13	1404	#define MBEDTLS_AESNI_C
markrad	0:cdf462088d13	1405
markrad	0:cdf462088d13	1406	/**
markrad	0:cdf462088d13	1407	* \def MBEDTLS_AES_C
markrad	0:cdf462088d13	1408	*
markrad	0:cdf462088d13	1409	* Enable the AES block cipher.
markrad	0:cdf462088d13	1410	*
markrad	0:cdf462088d13	1411	* Module: library/aes.c
markrad	0:cdf462088d13	1412	* Caller: library/ssl_tls.c
markrad	0:cdf462088d13	1413	* library/pem.c
markrad	0:cdf462088d13	1414	* library/ctr_drbg.c
markrad	0:cdf462088d13	1415	*
markrad	0:cdf462088d13	1416	* This module enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	1417	* enabled as well):
markrad	0:cdf462088d13	1418	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1419	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1420	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1421	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1422	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1423	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	1424	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1425	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	1426	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1427	* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1428	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1429	* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1430	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1431	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1432	* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1433	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	1434	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	1435	* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
markrad	0:cdf462088d13	1436	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1437	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1438	* MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1439	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1440	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1441	* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1442	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1443	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1444	* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1445	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1446	* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1447	* MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1448	* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1449	* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	1450	* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	1451	* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1452	* MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1453	* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1454	* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1455	* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1456	* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1457	* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1458	* MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1459	* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
markrad	0:cdf462088d13	1460	* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1461	* MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1462	* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1463	* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1464	* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1465	* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	1466	* MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1467	* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1468	* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1469	* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1470	* MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
markrad	0:cdf462088d13	1471	* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
markrad	0:cdf462088d13	1472	* MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
markrad	0:cdf462088d13	1473	* MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	1474	* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
markrad	0:cdf462088d13	1475	* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
markrad	0:cdf462088d13	1476	*
markrad	0:cdf462088d13	1477	* PEM_PARSE uses AES for decrypting encrypted keys.
markrad	0:cdf462088d13	1478	*/
markrad	0:cdf462088d13	1479	#define MBEDTLS_AES_C
markrad	0:cdf462088d13	1480
markrad	0:cdf462088d13	1481	/**
markrad	0:cdf462088d13	1482	* \def MBEDTLS_ARC4_C
markrad	0:cdf462088d13	1483	*
markrad	0:cdf462088d13	1484	* Enable the ARCFOUR stream cipher.
markrad	0:cdf462088d13	1485	*
markrad	0:cdf462088d13	1486	* Module: library/arc4.c
markrad	0:cdf462088d13	1487	* Caller: library/ssl_tls.c
markrad	0:cdf462088d13	1488	*
markrad	0:cdf462088d13	1489	* This module enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	1490	* enabled as well):
markrad	0:cdf462088d13	1491	* MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1492	* MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1493	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1494	* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1495	* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1496	* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1497	* MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1498	* MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
markrad	0:cdf462088d13	1499	* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1500	* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
markrad	0:cdf462088d13	1501	*/
markrad	0:cdf462088d13	1502	#define MBEDTLS_ARC4_C
markrad	0:cdf462088d13	1503
markrad	0:cdf462088d13	1504	/**
markrad	0:cdf462088d13	1505	* \def MBEDTLS_ASN1_PARSE_C
markrad	0:cdf462088d13	1506	*
markrad	0:cdf462088d13	1507	* Enable the generic ASN1 parser.
markrad	0:cdf462088d13	1508	*
markrad	0:cdf462088d13	1509	* Module: library/asn1.c
markrad	0:cdf462088d13	1510	* Caller: library/x509.c
markrad	0:cdf462088d13	1511	* library/dhm.c
markrad	0:cdf462088d13	1512	* library/pkcs12.c
markrad	0:cdf462088d13	1513	* library/pkcs5.c
markrad	0:cdf462088d13	1514	* library/pkparse.c
markrad	0:cdf462088d13	1515	*/
markrad	0:cdf462088d13	1516	#define MBEDTLS_ASN1_PARSE_C
markrad	0:cdf462088d13	1517
markrad	0:cdf462088d13	1518	/**
markrad	0:cdf462088d13	1519	* \def MBEDTLS_ASN1_WRITE_C
markrad	0:cdf462088d13	1520	*
markrad	0:cdf462088d13	1521	* Enable the generic ASN1 writer.
markrad	0:cdf462088d13	1522	*
markrad	0:cdf462088d13	1523	* Module: library/asn1write.c
markrad	0:cdf462088d13	1524	* Caller: library/ecdsa.c
markrad	0:cdf462088d13	1525	* library/pkwrite.c
markrad	0:cdf462088d13	1526	* library/x509_create.c
markrad	0:cdf462088d13	1527	* library/x509write_crt.c
markrad	0:cdf462088d13	1528	* library/x509write_csr.c
markrad	0:cdf462088d13	1529	*/
markrad	0:cdf462088d13	1530	#define MBEDTLS_ASN1_WRITE_C
markrad	0:cdf462088d13	1531
markrad	0:cdf462088d13	1532	/**
markrad	0:cdf462088d13	1533	* \def MBEDTLS_BASE64_C
markrad	0:cdf462088d13	1534	*
markrad	0:cdf462088d13	1535	* Enable the Base64 module.
markrad	0:cdf462088d13	1536	*
markrad	0:cdf462088d13	1537	* Module: library/base64.c
markrad	0:cdf462088d13	1538	* Caller: library/pem.c
markrad	0:cdf462088d13	1539	*
markrad	0:cdf462088d13	1540	* This module is required for PEM support (required by X.509).
markrad	0:cdf462088d13	1541	*/
markrad	0:cdf462088d13	1542	#define MBEDTLS_BASE64_C
markrad	0:cdf462088d13	1543
markrad	0:cdf462088d13	1544	/**
markrad	0:cdf462088d13	1545	* \def MBEDTLS_BIGNUM_C
markrad	0:cdf462088d13	1546	*
markrad	0:cdf462088d13	1547	* Enable the multi-precision integer library.
markrad	0:cdf462088d13	1548	*
markrad	0:cdf462088d13	1549	* Module: library/bignum.c
markrad	0:cdf462088d13	1550	* Caller: library/dhm.c
markrad	0:cdf462088d13	1551	* library/ecp.c
markrad	0:cdf462088d13	1552	* library/ecdsa.c
markrad	0:cdf462088d13	1553	* library/rsa.c
markrad	0:cdf462088d13	1554	* library/ssl_tls.c
markrad	0:cdf462088d13	1555	*
markrad	0:cdf462088d13	1556	* This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
markrad	0:cdf462088d13	1557	*/
markrad	0:cdf462088d13	1558	#define MBEDTLS_BIGNUM_C
markrad	0:cdf462088d13	1559
markrad	0:cdf462088d13	1560	/**
markrad	0:cdf462088d13	1561	* \def MBEDTLS_BLOWFISH_C
markrad	0:cdf462088d13	1562	*
markrad	0:cdf462088d13	1563	* Enable the Blowfish block cipher.
markrad	0:cdf462088d13	1564	*
markrad	0:cdf462088d13	1565	* Module: library/blowfish.c
markrad	0:cdf462088d13	1566	*/
markrad	0:cdf462088d13	1567	#define MBEDTLS_BLOWFISH_C
markrad	0:cdf462088d13	1568
markrad	0:cdf462088d13	1569	/**
markrad	0:cdf462088d13	1570	* \def MBEDTLS_CAMELLIA_C
markrad	0:cdf462088d13	1571	*
markrad	0:cdf462088d13	1572	* Enable the Camellia block cipher.
markrad	0:cdf462088d13	1573	*
markrad	0:cdf462088d13	1574	* Module: library/camellia.c
markrad	0:cdf462088d13	1575	* Caller: library/ssl_tls.c
markrad	0:cdf462088d13	1576	*
markrad	0:cdf462088d13	1577	* This module enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	1578	* enabled as well):
markrad	0:cdf462088d13	1579	* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1580	* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	1581	* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1582	* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	1583	* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1584	* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1585	* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1586	* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1587	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1588	* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1589	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1590	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	1591	* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	1592	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
markrad	0:cdf462088d13	1593	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
markrad	0:cdf462088d13	1594	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1595	* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1596	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1597	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1598	* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1599	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1600	* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
markrad	0:cdf462088d13	1601	* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1602	* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	1603	* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	1604	* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1605	* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1606	* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1607	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1608	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
markrad	0:cdf462088d13	1609	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
markrad	0:cdf462088d13	1610	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1611	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1612	* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
markrad	0:cdf462088d13	1613	* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1614	* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	1615	* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1616	* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1617	* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
markrad	0:cdf462088d13	1618	* MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
markrad	0:cdf462088d13	1619	* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
markrad	0:cdf462088d13	1620	* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
markrad	0:cdf462088d13	1621	*/
markrad	0:cdf462088d13	1622	#define MBEDTLS_CAMELLIA_C
markrad	0:cdf462088d13	1623
markrad	0:cdf462088d13	1624	/**
markrad	0:cdf462088d13	1625	* \def MBEDTLS_CCM_C
markrad	0:cdf462088d13	1626	*
markrad	0:cdf462088d13	1627	* Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
markrad	0:cdf462088d13	1628	*
markrad	0:cdf462088d13	1629	* Module: library/ccm.c
markrad	0:cdf462088d13	1630	*
markrad	0:cdf462088d13	1631	* Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
markrad	0:cdf462088d13	1632	*
markrad	0:cdf462088d13	1633	* This module enables the AES-CCM ciphersuites, if other requisites are
markrad	0:cdf462088d13	1634	* enabled as well.
markrad	0:cdf462088d13	1635	*/
markrad	0:cdf462088d13	1636	#define MBEDTLS_CCM_C
markrad	0:cdf462088d13	1637
markrad	0:cdf462088d13	1638	/**
markrad	0:cdf462088d13	1639	* \def MBEDTLS_CERTS_C
markrad	0:cdf462088d13	1640	*
markrad	0:cdf462088d13	1641	* Enable the test certificates.
markrad	0:cdf462088d13	1642	*
markrad	0:cdf462088d13	1643	* Module: library/certs.c
markrad	0:cdf462088d13	1644	* Caller:
markrad	0:cdf462088d13	1645	*
markrad	0:cdf462088d13	1646	* This module is used for testing (ssl_client/server).
markrad	0:cdf462088d13	1647	*/
markrad	0:cdf462088d13	1648	#define MBEDTLS_CERTS_C
markrad	0:cdf462088d13	1649
markrad	0:cdf462088d13	1650	/**
markrad	0:cdf462088d13	1651	* \def MBEDTLS_CIPHER_C
markrad	0:cdf462088d13	1652	*
markrad	0:cdf462088d13	1653	* Enable the generic cipher layer.
markrad	0:cdf462088d13	1654	*
markrad	0:cdf462088d13	1655	* Module: library/cipher.c
markrad	0:cdf462088d13	1656	* Caller: library/ssl_tls.c
markrad	0:cdf462088d13	1657	*
markrad	0:cdf462088d13	1658	* Uncomment to enable generic cipher wrappers.
markrad	0:cdf462088d13	1659	*/
markrad	0:cdf462088d13	1660	#define MBEDTLS_CIPHER_C
markrad	0:cdf462088d13	1661
markrad	0:cdf462088d13	1662	/**
markrad	0:cdf462088d13	1663	* \def MBEDTLS_CMAC_C
markrad	0:cdf462088d13	1664	*
markrad	0:cdf462088d13	1665	* Enable the CMAC (Cipher-based Message Authentication Code) mode for block
markrad	0:cdf462088d13	1666	* ciphers.
markrad	0:cdf462088d13	1667	*
markrad	0:cdf462088d13	1668	* Module: library/cmac.c
markrad	0:cdf462088d13	1669	*
markrad	0:cdf462088d13	1670	* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
markrad	0:cdf462088d13	1671	*
markrad	0:cdf462088d13	1672	*/
markrad	0:cdf462088d13	1673	//#define MBEDTLS_CMAC_C
markrad	0:cdf462088d13	1674
markrad	0:cdf462088d13	1675	/**
markrad	0:cdf462088d13	1676	* \def MBEDTLS_CTR_DRBG_C
markrad	0:cdf462088d13	1677	*
markrad	0:cdf462088d13	1678	* Enable the CTR_DRBG AES-256-based random generator.
markrad	0:cdf462088d13	1679	*
markrad	0:cdf462088d13	1680	* Module: library/ctr_drbg.c
markrad	0:cdf462088d13	1681	* Caller:
markrad	0:cdf462088d13	1682	*
markrad	0:cdf462088d13	1683	* Requires: MBEDTLS_AES_C
markrad	0:cdf462088d13	1684	*
markrad	0:cdf462088d13	1685	* This module provides the CTR_DRBG AES-256 random number generator.
markrad	0:cdf462088d13	1686	*/
markrad	0:cdf462088d13	1687	#define MBEDTLS_CTR_DRBG_C
markrad	0:cdf462088d13	1688
markrad	0:cdf462088d13	1689	/**
markrad	0:cdf462088d13	1690	* \def MBEDTLS_DEBUG_C
markrad	0:cdf462088d13	1691	*
markrad	0:cdf462088d13	1692	* Enable the debug functions.
markrad	0:cdf462088d13	1693	*
markrad	0:cdf462088d13	1694	* Module: library/debug.c
markrad	0:cdf462088d13	1695	* Caller: library/ssl_cli.c
markrad	0:cdf462088d13	1696	* library/ssl_srv.c
markrad	0:cdf462088d13	1697	* library/ssl_tls.c
markrad	0:cdf462088d13	1698	*
markrad	0:cdf462088d13	1699	* This module provides debugging functions.
markrad	0:cdf462088d13	1700	*/
markrad	0:cdf462088d13	1701	#define MBEDTLS_DEBUG_C
markrad	0:cdf462088d13	1702
markrad	0:cdf462088d13	1703	/**
markrad	0:cdf462088d13	1704	* \def MBEDTLS_DES_C
markrad	0:cdf462088d13	1705	*
markrad	0:cdf462088d13	1706	* Enable the DES block cipher.
markrad	0:cdf462088d13	1707	*
markrad	0:cdf462088d13	1708	* Module: library/des.c
markrad	0:cdf462088d13	1709	* Caller: library/pem.c
markrad	0:cdf462088d13	1710	* library/ssl_tls.c
markrad	0:cdf462088d13	1711	*
markrad	0:cdf462088d13	1712	* This module enables the following ciphersuites (if other requisites are
markrad	0:cdf462088d13	1713	* enabled as well):
markrad	0:cdf462088d13	1714	* MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1715	* MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1716	* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1717	* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1718	* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1719	* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1720	* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1721	* MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1722	* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1723	* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
markrad	0:cdf462088d13	1724	*
markrad	0:cdf462088d13	1725	* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
markrad	0:cdf462088d13	1726	*/
markrad	0:cdf462088d13	1727	#define MBEDTLS_DES_C
markrad	0:cdf462088d13	1728
markrad	0:cdf462088d13	1729	/**
markrad	0:cdf462088d13	1730	* \def MBEDTLS_DHM_C
markrad	0:cdf462088d13	1731	*
markrad	0:cdf462088d13	1732	* Enable the Diffie-Hellman-Merkle module.
markrad	0:cdf462088d13	1733	*
markrad	0:cdf462088d13	1734	* Module: library/dhm.c
markrad	0:cdf462088d13	1735	* Caller: library/ssl_cli.c
markrad	0:cdf462088d13	1736	* library/ssl_srv.c
markrad	0:cdf462088d13	1737	*
markrad	0:cdf462088d13	1738	* This module is used by the following key exchanges:
markrad	0:cdf462088d13	1739	* DHE-RSA, DHE-PSK
markrad	0:cdf462088d13	1740	*/
markrad	0:cdf462088d13	1741	#define MBEDTLS_DHM_C
markrad	0:cdf462088d13	1742
markrad	0:cdf462088d13	1743	/**
markrad	0:cdf462088d13	1744	* \def MBEDTLS_ECDH_C
markrad	0:cdf462088d13	1745	*
markrad	0:cdf462088d13	1746	* Enable the elliptic curve Diffie-Hellman library.
markrad	0:cdf462088d13	1747	*
markrad	0:cdf462088d13	1748	* Module: library/ecdh.c
markrad	0:cdf462088d13	1749	* Caller: library/ssl_cli.c
markrad	0:cdf462088d13	1750	* library/ssl_srv.c
markrad	0:cdf462088d13	1751	*
markrad	0:cdf462088d13	1752	* This module is used by the following key exchanges:
markrad	0:cdf462088d13	1753	* ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
markrad	0:cdf462088d13	1754	*
markrad	0:cdf462088d13	1755	* Requires: MBEDTLS_ECP_C
markrad	0:cdf462088d13	1756	*/
markrad	0:cdf462088d13	1757	#define MBEDTLS_ECDH_C
markrad	0:cdf462088d13	1758
markrad	0:cdf462088d13	1759	/**
markrad	0:cdf462088d13	1760	* \def MBEDTLS_ECDSA_C
markrad	0:cdf462088d13	1761	*
markrad	0:cdf462088d13	1762	* Enable the elliptic curve DSA library.
markrad	0:cdf462088d13	1763	*
markrad	0:cdf462088d13	1764	* Module: library/ecdsa.c
markrad	0:cdf462088d13	1765	* Caller:
markrad	0:cdf462088d13	1766	*
markrad	0:cdf462088d13	1767	* This module is used by the following key exchanges:
markrad	0:cdf462088d13	1768	* ECDHE-ECDSA
markrad	0:cdf462088d13	1769	*
markrad	0:cdf462088d13	1770	* Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
markrad	0:cdf462088d13	1771	*/
markrad	0:cdf462088d13	1772	#define MBEDTLS_ECDSA_C
markrad	0:cdf462088d13	1773
markrad	0:cdf462088d13	1774	/**
markrad	0:cdf462088d13	1775	* \def MBEDTLS_ECJPAKE_C
markrad	0:cdf462088d13	1776	*
markrad	0:cdf462088d13	1777	* Enable the elliptic curve J-PAKE library.
markrad	0:cdf462088d13	1778	*
markrad	0:cdf462088d13	1779	* \warning This is currently experimental. EC J-PAKE support is based on the
markrad	0:cdf462088d13	1780	* Thread v1.0.0 specification; incompatible changes to the specification
markrad	0:cdf462088d13	1781	* might still happen. For this reason, this is disabled by default.
markrad	0:cdf462088d13	1782	*
markrad	0:cdf462088d13	1783	* Module: library/ecjpake.c
markrad	0:cdf462088d13	1784	* Caller:
markrad	0:cdf462088d13	1785	*
markrad	0:cdf462088d13	1786	* This module is used by the following key exchanges:
markrad	0:cdf462088d13	1787	* ECJPAKE
markrad	0:cdf462088d13	1788	*
markrad	0:cdf462088d13	1789	* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
markrad	0:cdf462088d13	1790	*/
markrad	0:cdf462088d13	1791	//#define MBEDTLS_ECJPAKE_C
markrad	0:cdf462088d13	1792
markrad	0:cdf462088d13	1793	/**
markrad	0:cdf462088d13	1794	* \def MBEDTLS_ECP_C
markrad	0:cdf462088d13	1795	*
markrad	0:cdf462088d13	1796	* Enable the elliptic curve over GF(p) library.
markrad	0:cdf462088d13	1797	*
markrad	0:cdf462088d13	1798	* Module: library/ecp.c
markrad	0:cdf462088d13	1799	* Caller: library/ecdh.c
markrad	0:cdf462088d13	1800	* library/ecdsa.c
markrad	0:cdf462088d13	1801	* library/ecjpake.c
markrad	0:cdf462088d13	1802	*
markrad	0:cdf462088d13	1803	* Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
markrad	0:cdf462088d13	1804	*/
markrad	0:cdf462088d13	1805	#define MBEDTLS_ECP_C
markrad	0:cdf462088d13	1806
markrad	0:cdf462088d13	1807	/**
markrad	0:cdf462088d13	1808	* \def MBEDTLS_ENTROPY_C
markrad	0:cdf462088d13	1809	*
markrad	0:cdf462088d13	1810	* Enable the platform-specific entropy code.
markrad	0:cdf462088d13	1811	*
markrad	0:cdf462088d13	1812	* Module: library/entropy.c
markrad	0:cdf462088d13	1813	* Caller:
markrad	0:cdf462088d13	1814	*
markrad	0:cdf462088d13	1815	* Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
markrad	0:cdf462088d13	1816	*
markrad	0:cdf462088d13	1817	* This module provides a generic entropy pool
markrad	0:cdf462088d13	1818	*/
markrad	0:cdf462088d13	1819	#define MBEDTLS_ENTROPY_C
markrad	0:cdf462088d13	1820
markrad	0:cdf462088d13	1821	/**
markrad	0:cdf462088d13	1822	* \def MBEDTLS_ERROR_C
markrad	0:cdf462088d13	1823	*
markrad	0:cdf462088d13	1824	* Enable error code to error string conversion.
markrad	0:cdf462088d13	1825	*
markrad	0:cdf462088d13	1826	* Module: library/error.c
markrad	0:cdf462088d13	1827	* Caller:
markrad	0:cdf462088d13	1828	*
markrad	0:cdf462088d13	1829	* This module enables mbedtls_strerror().
markrad	0:cdf462088d13	1830	*/
markrad	0:cdf462088d13	1831	#define MBEDTLS_ERROR_C
markrad	0:cdf462088d13	1832
markrad	0:cdf462088d13	1833	/**
markrad	0:cdf462088d13	1834	* \def MBEDTLS_GCM_C
markrad	0:cdf462088d13	1835	*
markrad	0:cdf462088d13	1836	* Enable the Galois/Counter Mode (GCM) for AES.
markrad	0:cdf462088d13	1837	*
markrad	0:cdf462088d13	1838	* Module: library/gcm.c
markrad	0:cdf462088d13	1839	*
markrad	0:cdf462088d13	1840	* Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
markrad	0:cdf462088d13	1841	*
markrad	0:cdf462088d13	1842	* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
markrad	0:cdf462088d13	1843	* requisites are enabled as well.
markrad	0:cdf462088d13	1844	*/
markrad	0:cdf462088d13	1845	#define MBEDTLS_GCM_C
markrad	0:cdf462088d13	1846
markrad	0:cdf462088d13	1847	/**
markrad	0:cdf462088d13	1848	* \def MBEDTLS_HAVEGE_C
markrad	0:cdf462088d13	1849	*
markrad	0:cdf462088d13	1850	* Enable the HAVEGE random generator.
markrad	0:cdf462088d13	1851	*
markrad	0:cdf462088d13	1852	* Warning: the HAVEGE random generator is not suitable for virtualized
markrad	0:cdf462088d13	1853	* environments
markrad	0:cdf462088d13	1854	*
markrad	0:cdf462088d13	1855	* Warning: the HAVEGE random generator is dependent on timing and specific
markrad	0:cdf462088d13	1856	* processor traits. It is therefore not advised to use HAVEGE as
markrad	0:cdf462088d13	1857	* your applications primary random generator or primary entropy pool
markrad	0:cdf462088d13	1858	* input. As a secondary input to your entropy pool, it IS able add
markrad	0:cdf462088d13	1859	* the (limited) extra entropy it provides.
markrad	0:cdf462088d13	1860	*
markrad	0:cdf462088d13	1861	* Module: library/havege.c
markrad	0:cdf462088d13	1862	* Caller:
markrad	0:cdf462088d13	1863	*
markrad	0:cdf462088d13	1864	* Requires: MBEDTLS_TIMING_C
markrad	0:cdf462088d13	1865	*
markrad	0:cdf462088d13	1866	* Uncomment to enable the HAVEGE random generator.
markrad	0:cdf462088d13	1867	*/
markrad	0:cdf462088d13	1868	//#define MBEDTLS_HAVEGE_C
markrad	0:cdf462088d13	1869
markrad	0:cdf462088d13	1870	/**
markrad	0:cdf462088d13	1871	* \def MBEDTLS_HMAC_DRBG_C
markrad	0:cdf462088d13	1872	*
markrad	0:cdf462088d13	1873	* Enable the HMAC_DRBG random generator.
markrad	0:cdf462088d13	1874	*
markrad	0:cdf462088d13	1875	* Module: library/hmac_drbg.c
markrad	0:cdf462088d13	1876	* Caller:
markrad	0:cdf462088d13	1877	*
markrad	0:cdf462088d13	1878	* Requires: MBEDTLS_MD_C
markrad	0:cdf462088d13	1879	*
markrad	0:cdf462088d13	1880	* Uncomment to enable the HMAC_DRBG random number geerator.
markrad	0:cdf462088d13	1881	*/
markrad	0:cdf462088d13	1882	#define MBEDTLS_HMAC_DRBG_C
markrad	0:cdf462088d13	1883
markrad	0:cdf462088d13	1884	/**
markrad	0:cdf462088d13	1885	* \def MBEDTLS_MD_C
markrad	0:cdf462088d13	1886	*
markrad	0:cdf462088d13	1887	* Enable the generic message digest layer.
markrad	0:cdf462088d13	1888	*
markrad	0:cdf462088d13	1889	* Module: library/md.c
markrad	0:cdf462088d13	1890	* Caller:
markrad	0:cdf462088d13	1891	*
markrad	0:cdf462088d13	1892	* Uncomment to enable generic message digest wrappers.
markrad	0:cdf462088d13	1893	*/
markrad	0:cdf462088d13	1894	#define MBEDTLS_MD_C
markrad	0:cdf462088d13	1895
markrad	0:cdf462088d13	1896	/**
markrad	0:cdf462088d13	1897	* \def MBEDTLS_MD2_C
markrad	0:cdf462088d13	1898	*
markrad	0:cdf462088d13	1899	* Enable the MD2 hash algorithm.
markrad	0:cdf462088d13	1900	*
markrad	0:cdf462088d13	1901	* Module: library/md2.c
markrad	0:cdf462088d13	1902	* Caller:
markrad	0:cdf462088d13	1903	*
markrad	0:cdf462088d13	1904	* Uncomment to enable support for (rare) MD2-signed X.509 certs.
markrad	0:cdf462088d13	1905	*/
markrad	0:cdf462088d13	1906	//#define MBEDTLS_MD2_C
markrad	0:cdf462088d13	1907
markrad	0:cdf462088d13	1908	/**
markrad	0:cdf462088d13	1909	* \def MBEDTLS_MD4_C
markrad	0:cdf462088d13	1910	*
markrad	0:cdf462088d13	1911	* Enable the MD4 hash algorithm.
markrad	0:cdf462088d13	1912	*
markrad	0:cdf462088d13	1913	* Module: library/md4.c
markrad	0:cdf462088d13	1914	* Caller:
markrad	0:cdf462088d13	1915	*
markrad	0:cdf462088d13	1916	* Uncomment to enable support for (rare) MD4-signed X.509 certs.
markrad	0:cdf462088d13	1917	*/
markrad	0:cdf462088d13	1918	//#define MBEDTLS_MD4_C
markrad	0:cdf462088d13	1919
markrad	0:cdf462088d13	1920	/**
markrad	0:cdf462088d13	1921	* \def MBEDTLS_MD5_C
markrad	0:cdf462088d13	1922	*
markrad	0:cdf462088d13	1923	* Enable the MD5 hash algorithm.
markrad	0:cdf462088d13	1924	*
markrad	0:cdf462088d13	1925	* Module: library/md5.c
markrad	0:cdf462088d13	1926	* Caller: library/md.c
markrad	0:cdf462088d13	1927	* library/pem.c
markrad	0:cdf462088d13	1928	* library/ssl_tls.c
markrad	0:cdf462088d13	1929	*
markrad	0:cdf462088d13	1930	* This module is required for SSL/TLS and X.509.
markrad	0:cdf462088d13	1931	* PEM_PARSE uses MD5 for decrypting encrypted keys.
markrad	0:cdf462088d13	1932	*/
markrad	0:cdf462088d13	1933	#define MBEDTLS_MD5_C
markrad	0:cdf462088d13	1934
markrad	0:cdf462088d13	1935	/**
markrad	0:cdf462088d13	1936	* \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
markrad	0:cdf462088d13	1937	*
markrad	0:cdf462088d13	1938	* Enable the buffer allocator implementation that makes use of a (stack)
markrad	0:cdf462088d13	1939	* based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
markrad	0:cdf462088d13	1940	* calls)
markrad	0:cdf462088d13	1941	*
markrad	0:cdf462088d13	1942	* Module: library/memory_buffer_alloc.c
markrad	0:cdf462088d13	1943	*
markrad	0:cdf462088d13	1944	* Requires: MBEDTLS_PLATFORM_C
markrad	0:cdf462088d13	1945	* MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
markrad	0:cdf462088d13	1946	*
markrad	0:cdf462088d13	1947	* Enable this module to enable the buffer memory allocator.
markrad	0:cdf462088d13	1948	*/
markrad	0:cdf462088d13	1949	//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
markrad	0:cdf462088d13	1950
markrad	0:cdf462088d13	1951	/**
markrad	0:cdf462088d13	1952	* \def MBEDTLS_NET_C
markrad	0:cdf462088d13	1953	*
markrad	0:cdf462088d13	1954	* Enable the TCP and UDP over IPv6/IPv4 networking routines.
markrad	0:cdf462088d13	1955	*
markrad	0:cdf462088d13	1956	* \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
markrad	0:cdf462088d13	1957	* and Windows. For other platforms, you'll want to disable it, and write your
markrad	0:cdf462088d13	1958	* own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
markrad	0:cdf462088d13	1959	*
markrad	0:cdf462088d13	1960	* \note See also our Knowledge Base article about porting to a new
markrad	0:cdf462088d13	1961	* environment:
markrad	0:cdf462088d13	1962	* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
markrad	0:cdf462088d13	1963	*
markrad	0:cdf462088d13	1964	* Module: library/net_sockets.c
markrad	0:cdf462088d13	1965	*
markrad	0:cdf462088d13	1966	* This module provides networking routines.
markrad	0:cdf462088d13	1967	*/
markrad	0:cdf462088d13	1968	//#define MBEDTLS_NET_C
markrad	0:cdf462088d13	1969
markrad	0:cdf462088d13	1970	/**
markrad	0:cdf462088d13	1971	* \def MBEDTLS_OID_C
markrad	0:cdf462088d13	1972	*
markrad	0:cdf462088d13	1973	* Enable the OID database.
markrad	0:cdf462088d13	1974	*
markrad	0:cdf462088d13	1975	* Module: library/oid.c
markrad	0:cdf462088d13	1976	* Caller: library/asn1write.c
markrad	0:cdf462088d13	1977	* library/pkcs5.c
markrad	0:cdf462088d13	1978	* library/pkparse.c
markrad	0:cdf462088d13	1979	* library/pkwrite.c
markrad	0:cdf462088d13	1980	* library/rsa.c
markrad	0:cdf462088d13	1981	* library/x509.c
markrad	0:cdf462088d13	1982	* library/x509_create.c
markrad	0:cdf462088d13	1983	* library/x509_crl.c
markrad	0:cdf462088d13	1984	* library/x509_crt.c
markrad	0:cdf462088d13	1985	* library/x509_csr.c
markrad	0:cdf462088d13	1986	* library/x509write_crt.c
markrad	0:cdf462088d13	1987	* library/x509write_csr.c
markrad	0:cdf462088d13	1988	*
markrad	0:cdf462088d13	1989	* This modules translates between OIDs and internal values.
markrad	0:cdf462088d13	1990	*/
markrad	0:cdf462088d13	1991	#define MBEDTLS_OID_C
markrad	0:cdf462088d13	1992
markrad	0:cdf462088d13	1993	/**
markrad	0:cdf462088d13	1994	* \def MBEDTLS_PADLOCK_C
markrad	0:cdf462088d13	1995	*
markrad	0:cdf462088d13	1996	* Enable VIA Padlock support on x86.
markrad	0:cdf462088d13	1997	*
markrad	0:cdf462088d13	1998	* Module: library/padlock.c
markrad	0:cdf462088d13	1999	* Caller: library/aes.c
markrad	0:cdf462088d13	2000	*
markrad	0:cdf462088d13	2001	* Requires: MBEDTLS_HAVE_ASM
markrad	0:cdf462088d13	2002	*
markrad	0:cdf462088d13	2003	* This modules adds support for the VIA PadLock on x86.
markrad	0:cdf462088d13	2004	*/
markrad	0:cdf462088d13	2005	#define MBEDTLS_PADLOCK_C
markrad	0:cdf462088d13	2006
markrad	0:cdf462088d13	2007	/**
markrad	0:cdf462088d13	2008	* \def MBEDTLS_PEM_PARSE_C
markrad	0:cdf462088d13	2009	*
markrad	0:cdf462088d13	2010	* Enable PEM decoding / parsing.
markrad	0:cdf462088d13	2011	*
markrad	0:cdf462088d13	2012	* Module: library/pem.c
markrad	0:cdf462088d13	2013	* Caller: library/dhm.c
markrad	0:cdf462088d13	2014	* library/pkparse.c
markrad	0:cdf462088d13	2015	* library/x509_crl.c
markrad	0:cdf462088d13	2016	* library/x509_crt.c
markrad	0:cdf462088d13	2017	* library/x509_csr.c
markrad	0:cdf462088d13	2018	*
markrad	0:cdf462088d13	2019	* Requires: MBEDTLS_BASE64_C
markrad	0:cdf462088d13	2020	*
markrad	0:cdf462088d13	2021	* This modules adds support for decoding / parsing PEM files.
markrad	0:cdf462088d13	2022	*/
markrad	0:cdf462088d13	2023	#define MBEDTLS_PEM_PARSE_C
markrad	0:cdf462088d13	2024
markrad	0:cdf462088d13	2025	/**
markrad	0:cdf462088d13	2026	* \def MBEDTLS_PEM_WRITE_C
markrad	0:cdf462088d13	2027	*
markrad	0:cdf462088d13	2028	* Enable PEM encoding / writing.
markrad	0:cdf462088d13	2029	*
markrad	0:cdf462088d13	2030	* Module: library/pem.c
markrad	0:cdf462088d13	2031	* Caller: library/pkwrite.c
markrad	0:cdf462088d13	2032	* library/x509write_crt.c
markrad	0:cdf462088d13	2033	* library/x509write_csr.c
markrad	0:cdf462088d13	2034	*
markrad	0:cdf462088d13	2035	* Requires: MBEDTLS_BASE64_C
markrad	0:cdf462088d13	2036	*
markrad	0:cdf462088d13	2037	* This modules adds support for encoding / writing PEM files.
markrad	0:cdf462088d13	2038	*/
markrad	0:cdf462088d13	2039	#define MBEDTLS_PEM_WRITE_C
markrad	0:cdf462088d13	2040
markrad	0:cdf462088d13	2041	/**
markrad	0:cdf462088d13	2042	* \def MBEDTLS_PK_C
markrad	0:cdf462088d13	2043	*
markrad	0:cdf462088d13	2044	* Enable the generic public (asymetric) key layer.
markrad	0:cdf462088d13	2045	*
markrad	0:cdf462088d13	2046	* Module: library/pk.c
markrad	0:cdf462088d13	2047	* Caller: library/ssl_tls.c
markrad	0:cdf462088d13	2048	* library/ssl_cli.c
markrad	0:cdf462088d13	2049	* library/ssl_srv.c
markrad	0:cdf462088d13	2050	*
markrad	0:cdf462088d13	2051	* Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
markrad	0:cdf462088d13	2052	*
markrad	0:cdf462088d13	2053	* Uncomment to enable generic public key wrappers.
markrad	0:cdf462088d13	2054	*/
markrad	0:cdf462088d13	2055	#define MBEDTLS_PK_C
markrad	0:cdf462088d13	2056
markrad	0:cdf462088d13	2057	/**
markrad	0:cdf462088d13	2058	* \def MBEDTLS_PK_PARSE_C
markrad	0:cdf462088d13	2059	*
markrad	0:cdf462088d13	2060	* Enable the generic public (asymetric) key parser.
markrad	0:cdf462088d13	2061	*
markrad	0:cdf462088d13	2062	* Module: library/pkparse.c
markrad	0:cdf462088d13	2063	* Caller: library/x509_crt.c
markrad	0:cdf462088d13	2064	* library/x509_csr.c
markrad	0:cdf462088d13	2065	*
markrad	0:cdf462088d13	2066	* Requires: MBEDTLS_PK_C
markrad	0:cdf462088d13	2067	*
markrad	0:cdf462088d13	2068	* Uncomment to enable generic public key parse functions.
markrad	0:cdf462088d13	2069	*/
markrad	0:cdf462088d13	2070	#define MBEDTLS_PK_PARSE_C
markrad	0:cdf462088d13	2071
markrad	0:cdf462088d13	2072	/**
markrad	0:cdf462088d13	2073	* \def MBEDTLS_PK_WRITE_C
markrad	0:cdf462088d13	2074	*
markrad	0:cdf462088d13	2075	* Enable the generic public (asymetric) key writer.
markrad	0:cdf462088d13	2076	*
markrad	0:cdf462088d13	2077	* Module: library/pkwrite.c
markrad	0:cdf462088d13	2078	* Caller: library/x509write.c
markrad	0:cdf462088d13	2079	*
markrad	0:cdf462088d13	2080	* Requires: MBEDTLS_PK_C
markrad	0:cdf462088d13	2081	*
markrad	0:cdf462088d13	2082	* Uncomment to enable generic public key write functions.
markrad	0:cdf462088d13	2083	*/
markrad	0:cdf462088d13	2084	#define MBEDTLS_PK_WRITE_C
markrad	0:cdf462088d13	2085
markrad	0:cdf462088d13	2086	/**
markrad	0:cdf462088d13	2087	* \def MBEDTLS_PKCS5_C
markrad	0:cdf462088d13	2088	*
markrad	0:cdf462088d13	2089	* Enable PKCS#5 functions.
markrad	0:cdf462088d13	2090	*
markrad	0:cdf462088d13	2091	* Module: library/pkcs5.c
markrad	0:cdf462088d13	2092	*
markrad	0:cdf462088d13	2093	* Requires: MBEDTLS_MD_C
markrad	0:cdf462088d13	2094	*
markrad	0:cdf462088d13	2095	* This module adds support for the PKCS#5 functions.
markrad	0:cdf462088d13	2096	*/
markrad	0:cdf462088d13	2097	#define MBEDTLS_PKCS5_C
markrad	0:cdf462088d13	2098
markrad	0:cdf462088d13	2099	/**
markrad	0:cdf462088d13	2100	* \def MBEDTLS_PKCS11_C
markrad	0:cdf462088d13	2101	*
markrad	0:cdf462088d13	2102	* Enable wrapper for PKCS#11 smartcard support.
markrad	0:cdf462088d13	2103	*
markrad	0:cdf462088d13	2104	* Module: library/pkcs11.c
markrad	0:cdf462088d13	2105	* Caller: library/pk.c
markrad	0:cdf462088d13	2106	*
markrad	0:cdf462088d13	2107	* Requires: MBEDTLS_PK_C
markrad	0:cdf462088d13	2108	*
markrad	0:cdf462088d13	2109	* This module enables SSL/TLS PKCS #11 smartcard support.
markrad	0:cdf462088d13	2110	* Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
markrad	0:cdf462088d13	2111	*/
markrad	0:cdf462088d13	2112	//#define MBEDTLS_PKCS11_C
markrad	0:cdf462088d13	2113
markrad	0:cdf462088d13	2114	/**
markrad	0:cdf462088d13	2115	* \def MBEDTLS_PKCS12_C
markrad	0:cdf462088d13	2116	*
markrad	0:cdf462088d13	2117	* Enable PKCS#12 PBE functions.
markrad	0:cdf462088d13	2118	* Adds algorithms for parsing PKCS#8 encrypted private keys
markrad	0:cdf462088d13	2119	*
markrad	0:cdf462088d13	2120	* Module: library/pkcs12.c
markrad	0:cdf462088d13	2121	* Caller: library/pkparse.c
markrad	0:cdf462088d13	2122	*
markrad	0:cdf462088d13	2123	* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
markrad	0:cdf462088d13	2124	* Can use: MBEDTLS_ARC4_C
markrad	0:cdf462088d13	2125	*
markrad	0:cdf462088d13	2126	* This module enables PKCS#12 functions.
markrad	0:cdf462088d13	2127	*/
markrad	0:cdf462088d13	2128	#define MBEDTLS_PKCS12_C
markrad	0:cdf462088d13	2129
markrad	0:cdf462088d13	2130	/**
markrad	0:cdf462088d13	2131	* \def MBEDTLS_PLATFORM_C
markrad	0:cdf462088d13	2132	*
markrad	0:cdf462088d13	2133	* Enable the platform abstraction layer that allows you to re-assign
markrad	0:cdf462088d13	2134	* functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
markrad	0:cdf462088d13	2135	*
markrad	0:cdf462088d13	2136	* Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
markrad	0:cdf462088d13	2137	* or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
markrad	0:cdf462088d13	2138	* above to be specified at runtime or compile time respectively.
markrad	0:cdf462088d13	2139	*
markrad	0:cdf462088d13	2140	* \note This abstraction layer must be enabled on Windows (including MSYS2)
markrad	0:cdf462088d13	2141	* as other module rely on it for a fixed snprintf implementation.
markrad	0:cdf462088d13	2142	*
markrad	0:cdf462088d13	2143	* Module: library/platform.c
markrad	0:cdf462088d13	2144	* Caller: Most other .c files
markrad	0:cdf462088d13	2145	*
markrad	0:cdf462088d13	2146	* This module enables abstraction of common (libc) functions.
markrad	0:cdf462088d13	2147	*/
markrad	0:cdf462088d13	2148	#define MBEDTLS_PLATFORM_C
markrad	0:cdf462088d13	2149
markrad	0:cdf462088d13	2150	/**
markrad	0:cdf462088d13	2151	* \def MBEDTLS_RIPEMD160_C
markrad	0:cdf462088d13	2152	*
markrad	0:cdf462088d13	2153	* Enable the RIPEMD-160 hash algorithm.
markrad	0:cdf462088d13	2154	*
markrad	0:cdf462088d13	2155	* Module: library/ripemd160.c
markrad	0:cdf462088d13	2156	* Caller: library/md.c
markrad	0:cdf462088d13	2157	*
markrad	0:cdf462088d13	2158	*/
markrad	0:cdf462088d13	2159	#define MBEDTLS_RIPEMD160_C
markrad	0:cdf462088d13	2160
markrad	0:cdf462088d13	2161	/**
markrad	0:cdf462088d13	2162	* \def MBEDTLS_RSA_C
markrad	0:cdf462088d13	2163	*
markrad	0:cdf462088d13	2164	* Enable the RSA public-key cryptosystem.
markrad	0:cdf462088d13	2165	*
markrad	0:cdf462088d13	2166	* Module: library/rsa.c
markrad	0:cdf462088d13	2167	* Caller: library/ssl_cli.c
markrad	0:cdf462088d13	2168	* library/ssl_srv.c
markrad	0:cdf462088d13	2169	* library/ssl_tls.c
markrad	0:cdf462088d13	2170	* library/x509.c
markrad	0:cdf462088d13	2171	*
markrad	0:cdf462088d13	2172	* This module is used by the following key exchanges:
markrad	0:cdf462088d13	2173	* RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
markrad	0:cdf462088d13	2174	*
markrad	0:cdf462088d13	2175	* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
markrad	0:cdf462088d13	2176	*/
markrad	0:cdf462088d13	2177	#define MBEDTLS_RSA_C
markrad	0:cdf462088d13	2178
markrad	0:cdf462088d13	2179	/**
markrad	0:cdf462088d13	2180	* \def MBEDTLS_SHA1_C
markrad	0:cdf462088d13	2181	*
markrad	0:cdf462088d13	2182	* Enable the SHA1 cryptographic hash algorithm.
markrad	0:cdf462088d13	2183	*
markrad	0:cdf462088d13	2184	* Module: library/sha1.c
markrad	0:cdf462088d13	2185	* Caller: library/md.c
markrad	0:cdf462088d13	2186	* library/ssl_cli.c
markrad	0:cdf462088d13	2187	* library/ssl_srv.c
markrad	0:cdf462088d13	2188	* library/ssl_tls.c
markrad	0:cdf462088d13	2189	* library/x509write_crt.c
markrad	0:cdf462088d13	2190	*
markrad	0:cdf462088d13	2191	* This module is required for SSL/TLS and SHA1-signed certificates.
markrad	0:cdf462088d13	2192	*/
markrad	0:cdf462088d13	2193	#define MBEDTLS_SHA1_C
markrad	0:cdf462088d13	2194
markrad	0:cdf462088d13	2195	/**
markrad	0:cdf462088d13	2196	* \def MBEDTLS_SHA256_C
markrad	0:cdf462088d13	2197	*
markrad	0:cdf462088d13	2198	* Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
markrad	0:cdf462088d13	2199	*
markrad	0:cdf462088d13	2200	* Module: library/sha256.c
markrad	0:cdf462088d13	2201	* Caller: library/entropy.c
markrad	0:cdf462088d13	2202	* library/md.c
markrad	0:cdf462088d13	2203	* library/ssl_cli.c
markrad	0:cdf462088d13	2204	* library/ssl_srv.c
markrad	0:cdf462088d13	2205	* library/ssl_tls.c
markrad	0:cdf462088d13	2206	*
markrad	0:cdf462088d13	2207	* This module adds support for SHA-224 and SHA-256.
markrad	0:cdf462088d13	2208	* This module is required for the SSL/TLS 1.2 PRF function.
markrad	0:cdf462088d13	2209	*/
markrad	0:cdf462088d13	2210	#define MBEDTLS_SHA256_C
markrad	0:cdf462088d13	2211
markrad	0:cdf462088d13	2212	/**
markrad	0:cdf462088d13	2213	* \def MBEDTLS_SHA512_C
markrad	0:cdf462088d13	2214	*
markrad	0:cdf462088d13	2215	* Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
markrad	0:cdf462088d13	2216	*
markrad	0:cdf462088d13	2217	* Module: library/sha512.c
markrad	0:cdf462088d13	2218	* Caller: library/entropy.c
markrad	0:cdf462088d13	2219	* library/md.c
markrad	0:cdf462088d13	2220	* library/ssl_cli.c
markrad	0:cdf462088d13	2221	* library/ssl_srv.c
markrad	0:cdf462088d13	2222	*
markrad	0:cdf462088d13	2223	* This module adds support for SHA-384 and SHA-512.
markrad	0:cdf462088d13	2224	*/
markrad	0:cdf462088d13	2225	#define MBEDTLS_SHA512_C
markrad	0:cdf462088d13	2226
markrad	0:cdf462088d13	2227	/**
markrad	0:cdf462088d13	2228	* \def MBEDTLS_SSL_CACHE_C
markrad	0:cdf462088d13	2229	*
markrad	0:cdf462088d13	2230	* Enable simple SSL cache implementation.
markrad	0:cdf462088d13	2231	*
markrad	0:cdf462088d13	2232	* Module: library/ssl_cache.c
markrad	0:cdf462088d13	2233	* Caller:
markrad	0:cdf462088d13	2234	*
markrad	0:cdf462088d13	2235	* Requires: MBEDTLS_SSL_CACHE_C
markrad	0:cdf462088d13	2236	*/
markrad	0:cdf462088d13	2237	#define MBEDTLS_SSL_CACHE_C
markrad	0:cdf462088d13	2238
markrad	0:cdf462088d13	2239	/**
markrad	0:cdf462088d13	2240	* \def MBEDTLS_SSL_COOKIE_C
markrad	0:cdf462088d13	2241	*
markrad	0:cdf462088d13	2242	* Enable basic implementation of DTLS cookies for hello verification.
markrad	0:cdf462088d13	2243	*
markrad	0:cdf462088d13	2244	* Module: library/ssl_cookie.c
markrad	0:cdf462088d13	2245	* Caller:
markrad	0:cdf462088d13	2246	*/
markrad	0:cdf462088d13	2247	#define MBEDTLS_SSL_COOKIE_C
markrad	0:cdf462088d13	2248
markrad	0:cdf462088d13	2249	/**
markrad	0:cdf462088d13	2250	* \def MBEDTLS_SSL_TICKET_C
markrad	0:cdf462088d13	2251	*
markrad	0:cdf462088d13	2252	* Enable an implementation of TLS server-side callbacks for session tickets.
markrad	0:cdf462088d13	2253	*
markrad	0:cdf462088d13	2254	* Module: library/ssl_ticket.c
markrad	0:cdf462088d13	2255	* Caller:
markrad	0:cdf462088d13	2256	*
markrad	0:cdf462088d13	2257	* Requires: MBEDTLS_CIPHER_C
markrad	0:cdf462088d13	2258	*/
markrad	0:cdf462088d13	2259	#define MBEDTLS_SSL_TICKET_C
markrad	0:cdf462088d13	2260
markrad	0:cdf462088d13	2261	/**
markrad	0:cdf462088d13	2262	* \def MBEDTLS_SSL_CLI_C
markrad	0:cdf462088d13	2263	*
markrad	0:cdf462088d13	2264	* Enable the SSL/TLS client code.
markrad	0:cdf462088d13	2265	*
markrad	0:cdf462088d13	2266	* Module: library/ssl_cli.c
markrad	0:cdf462088d13	2267	* Caller:
markrad	0:cdf462088d13	2268	*
markrad	0:cdf462088d13	2269	* Requires: MBEDTLS_SSL_TLS_C
markrad	0:cdf462088d13	2270	*
markrad	0:cdf462088d13	2271	* This module is required for SSL/TLS client support.
markrad	0:cdf462088d13	2272	*/
markrad	0:cdf462088d13	2273	#define MBEDTLS_SSL_CLI_C
markrad	0:cdf462088d13	2274
markrad	0:cdf462088d13	2275	/**
markrad	0:cdf462088d13	2276	* \def MBEDTLS_SSL_SRV_C
markrad	0:cdf462088d13	2277	*
markrad	0:cdf462088d13	2278	* Enable the SSL/TLS server code.
markrad	0:cdf462088d13	2279	*
markrad	0:cdf462088d13	2280	* Module: library/ssl_srv.c
markrad	0:cdf462088d13	2281	* Caller:
markrad	0:cdf462088d13	2282	*
markrad	0:cdf462088d13	2283	* Requires: MBEDTLS_SSL_TLS_C
markrad	0:cdf462088d13	2284	*
markrad	0:cdf462088d13	2285	* This module is required for SSL/TLS server support.
markrad	0:cdf462088d13	2286	*/
markrad	0:cdf462088d13	2287	#define MBEDTLS_SSL_SRV_C
markrad	0:cdf462088d13	2288
markrad	0:cdf462088d13	2289	/**
markrad	0:cdf462088d13	2290	* \def MBEDTLS_SSL_TLS_C
markrad	0:cdf462088d13	2291	*
markrad	0:cdf462088d13	2292	* Enable the generic SSL/TLS code.
markrad	0:cdf462088d13	2293	*
markrad	0:cdf462088d13	2294	* Module: library/ssl_tls.c
markrad	0:cdf462088d13	2295	* Caller: library/ssl_cli.c
markrad	0:cdf462088d13	2296	* library/ssl_srv.c
markrad	0:cdf462088d13	2297	*
markrad	0:cdf462088d13	2298	* Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
markrad	0:cdf462088d13	2299	* and at least one of the MBEDTLS_SSL_PROTO_XXX defines
markrad	0:cdf462088d13	2300	*
markrad	0:cdf462088d13	2301	* This module is required for SSL/TLS.
markrad	0:cdf462088d13	2302	*/
markrad	0:cdf462088d13	2303	#define MBEDTLS_SSL_TLS_C
markrad	0:cdf462088d13	2304
markrad	0:cdf462088d13	2305	/**
markrad	0:cdf462088d13	2306	* \def MBEDTLS_THREADING_C
markrad	0:cdf462088d13	2307	*
markrad	0:cdf462088d13	2308	* Enable the threading abstraction layer.
markrad	0:cdf462088d13	2309	* By default mbed TLS assumes it is used in a non-threaded environment or that
markrad	0:cdf462088d13	2310	* contexts are not shared between threads. If you do intend to use contexts
markrad	0:cdf462088d13	2311	* between threads, you will need to enable this layer to prevent race
markrad	0:cdf462088d13	2312	* conditions. See also our Knowledge Base article about threading:
markrad	0:cdf462088d13	2313	* https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
markrad	0:cdf462088d13	2314	*
markrad	0:cdf462088d13	2315	* Module: library/threading.c
markrad	0:cdf462088d13	2316	*
markrad	0:cdf462088d13	2317	* This allows different threading implementations (self-implemented or
markrad	0:cdf462088d13	2318	* provided).
markrad	0:cdf462088d13	2319	*
markrad	0:cdf462088d13	2320	* You will have to enable either MBEDTLS_THREADING_ALT or
markrad	0:cdf462088d13	2321	* MBEDTLS_THREADING_PTHREAD.
markrad	0:cdf462088d13	2322	*
markrad	0:cdf462088d13	2323	* Enable this layer to allow use of mutexes within mbed TLS
markrad	0:cdf462088d13	2324	*/
markrad	0:cdf462088d13	2325	//#define MBEDTLS_THREADING_C
markrad	0:cdf462088d13	2326
markrad	0:cdf462088d13	2327	/**
markrad	0:cdf462088d13	2328	* \def MBEDTLS_TIMING_C
markrad	0:cdf462088d13	2329	*
markrad	0:cdf462088d13	2330	* Enable the semi-portable timing interface.
markrad	0:cdf462088d13	2331	*
markrad	0:cdf462088d13	2332	* \note The provided implementation only works on POSIX/Unix (including Linux,
markrad	0:cdf462088d13	2333	* BSD and OS X) and Windows. On other platforms, you can either disable that
markrad	0:cdf462088d13	2334	* module and provide your own implementations of the callbacks needed by
markrad	0:cdf462088d13	2335	* \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
markrad	0:cdf462088d13	2336	* your own implementation of the whole module by setting
markrad	0:cdf462088d13	2337	* \c MBEDTLS_TIMING_ALT in the current file.
markrad	0:cdf462088d13	2338	*
markrad	0:cdf462088d13	2339	* \note See also our Knowledge Base article about porting to a new
markrad	0:cdf462088d13	2340	* environment:
markrad	0:cdf462088d13	2341	* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
markrad	0:cdf462088d13	2342	*
markrad	0:cdf462088d13	2343	* Module: library/timing.c
markrad	0:cdf462088d13	2344	* Caller: library/havege.c
markrad	0:cdf462088d13	2345	*
markrad	0:cdf462088d13	2346	* This module is used by the HAVEGE random number generator.
markrad	0:cdf462088d13	2347	*/
markrad	0:cdf462088d13	2348	//#define MBEDTLS_TIMING_C
markrad	0:cdf462088d13	2349
markrad	0:cdf462088d13	2350	/**
markrad	0:cdf462088d13	2351	* \def MBEDTLS_VERSION_C
markrad	0:cdf462088d13	2352	*
markrad	0:cdf462088d13	2353	* Enable run-time version information.
markrad	0:cdf462088d13	2354	*
markrad	0:cdf462088d13	2355	* Module: library/version.c
markrad	0:cdf462088d13	2356	*
markrad	0:cdf462088d13	2357	* This module provides run-time version information.
markrad	0:cdf462088d13	2358	*/
markrad	0:cdf462088d13	2359	#define MBEDTLS_VERSION_C
markrad	0:cdf462088d13	2360
markrad	0:cdf462088d13	2361	/**
markrad	0:cdf462088d13	2362	* \def MBEDTLS_X509_USE_C
markrad	0:cdf462088d13	2363	*
markrad	0:cdf462088d13	2364	* Enable X.509 core for using certificates.
markrad	0:cdf462088d13	2365	*
markrad	0:cdf462088d13	2366	* Module: library/x509.c
markrad	0:cdf462088d13	2367	* Caller: library/x509_crl.c
markrad	0:cdf462088d13	2368	* library/x509_crt.c
markrad	0:cdf462088d13	2369	* library/x509_csr.c
markrad	0:cdf462088d13	2370	*
markrad	0:cdf462088d13	2371	* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
markrad	0:cdf462088d13	2372	* MBEDTLS_PK_PARSE_C
markrad	0:cdf462088d13	2373	*
markrad	0:cdf462088d13	2374	* This module is required for the X.509 parsing modules.
markrad	0:cdf462088d13	2375	*/
markrad	0:cdf462088d13	2376	#define MBEDTLS_X509_USE_C
markrad	0:cdf462088d13	2377
markrad	0:cdf462088d13	2378	/**
markrad	0:cdf462088d13	2379	* \def MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	2380	*
markrad	0:cdf462088d13	2381	* Enable X.509 certificate parsing.
markrad	0:cdf462088d13	2382	*
markrad	0:cdf462088d13	2383	* Module: library/x509_crt.c
markrad	0:cdf462088d13	2384	* Caller: library/ssl_cli.c
markrad	0:cdf462088d13	2385	* library/ssl_srv.c
markrad	0:cdf462088d13	2386	* library/ssl_tls.c
markrad	0:cdf462088d13	2387	*
markrad	0:cdf462088d13	2388	* Requires: MBEDTLS_X509_USE_C
markrad	0:cdf462088d13	2389	*
markrad	0:cdf462088d13	2390	* This module is required for X.509 certificate parsing.
markrad	0:cdf462088d13	2391	*/
markrad	0:cdf462088d13	2392	#define MBEDTLS_X509_CRT_PARSE_C
markrad	0:cdf462088d13	2393
markrad	0:cdf462088d13	2394	/**
markrad	0:cdf462088d13	2395	* \def MBEDTLS_X509_CRL_PARSE_C
markrad	0:cdf462088d13	2396	*
markrad	0:cdf462088d13	2397	* Enable X.509 CRL parsing.
markrad	0:cdf462088d13	2398	*
markrad	0:cdf462088d13	2399	* Module: library/x509_crl.c
markrad	0:cdf462088d13	2400	* Caller: library/x509_crt.c
markrad	0:cdf462088d13	2401	*
markrad	0:cdf462088d13	2402	* Requires: MBEDTLS_X509_USE_C
markrad	0:cdf462088d13	2403	*
markrad	0:cdf462088d13	2404	* This module is required for X.509 CRL parsing.
markrad	0:cdf462088d13	2405	*/
markrad	0:cdf462088d13	2406	#define MBEDTLS_X509_CRL_PARSE_C
markrad	0:cdf462088d13	2407
markrad	0:cdf462088d13	2408	/**
markrad	0:cdf462088d13	2409	* \def MBEDTLS_X509_CSR_PARSE_C
markrad	0:cdf462088d13	2410	*
markrad	0:cdf462088d13	2411	* Enable X.509 Certificate Signing Request (CSR) parsing.
markrad	0:cdf462088d13	2412	*
markrad	0:cdf462088d13	2413	* Module: library/x509_csr.c
markrad	0:cdf462088d13	2414	* Caller: library/x509_crt_write.c
markrad	0:cdf462088d13	2415	*
markrad	0:cdf462088d13	2416	* Requires: MBEDTLS_X509_USE_C
markrad	0:cdf462088d13	2417	*
markrad	0:cdf462088d13	2418	* This module is used for reading X.509 certificate request.
markrad	0:cdf462088d13	2419	*/
markrad	0:cdf462088d13	2420	#define MBEDTLS_X509_CSR_PARSE_C
markrad	0:cdf462088d13	2421
markrad	0:cdf462088d13	2422	/**
markrad	0:cdf462088d13	2423	* \def MBEDTLS_X509_CREATE_C
markrad	0:cdf462088d13	2424	*
markrad	0:cdf462088d13	2425	* Enable X.509 core for creating certificates.
markrad	0:cdf462088d13	2426	*
markrad	0:cdf462088d13	2427	* Module: library/x509_create.c
markrad	0:cdf462088d13	2428	*
markrad	0:cdf462088d13	2429	* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
markrad	0:cdf462088d13	2430	*
markrad	0:cdf462088d13	2431	* This module is the basis for creating X.509 certificates and CSRs.
markrad	0:cdf462088d13	2432	*/
markrad	0:cdf462088d13	2433	#define MBEDTLS_X509_CREATE_C
markrad	0:cdf462088d13	2434
markrad	0:cdf462088d13	2435	/**
markrad	0:cdf462088d13	2436	* \def MBEDTLS_X509_CRT_WRITE_C
markrad	0:cdf462088d13	2437	*
markrad	0:cdf462088d13	2438	* Enable creating X.509 certificates.
markrad	0:cdf462088d13	2439	*
markrad	0:cdf462088d13	2440	* Module: library/x509_crt_write.c
markrad	0:cdf462088d13	2441	*
markrad	0:cdf462088d13	2442	* Requires: MBEDTLS_X509_CREATE_C
markrad	0:cdf462088d13	2443	*
markrad	0:cdf462088d13	2444	* This module is required for X.509 certificate creation.
markrad	0:cdf462088d13	2445	*/
markrad	0:cdf462088d13	2446	#define MBEDTLS_X509_CRT_WRITE_C
markrad	0:cdf462088d13	2447
markrad	0:cdf462088d13	2448	/**
markrad	0:cdf462088d13	2449	* \def MBEDTLS_X509_CSR_WRITE_C
markrad	0:cdf462088d13	2450	*
markrad	0:cdf462088d13	2451	* Enable creating X.509 Certificate Signing Requests (CSR).
markrad	0:cdf462088d13	2452	*
markrad	0:cdf462088d13	2453	* Module: library/x509_csr_write.c
markrad	0:cdf462088d13	2454	*
markrad	0:cdf462088d13	2455	* Requires: MBEDTLS_X509_CREATE_C
markrad	0:cdf462088d13	2456	*
markrad	0:cdf462088d13	2457	* This module is required for X.509 certificate request writing.
markrad	0:cdf462088d13	2458	*/
markrad	0:cdf462088d13	2459	#define MBEDTLS_X509_CSR_WRITE_C
markrad	0:cdf462088d13	2460
markrad	0:cdf462088d13	2461	/**
markrad	0:cdf462088d13	2462	* \def MBEDTLS_XTEA_C
markrad	0:cdf462088d13	2463	*
markrad	0:cdf462088d13	2464	* Enable the XTEA block cipher.
markrad	0:cdf462088d13	2465	*
markrad	0:cdf462088d13	2466	* Module: library/xtea.c
markrad	0:cdf462088d13	2467	* Caller:
markrad	0:cdf462088d13	2468	*/
markrad	0:cdf462088d13	2469	#define MBEDTLS_XTEA_C
markrad	0:cdf462088d13	2470
markrad	0:cdf462088d13	2471	/* \} name SECTION: mbed TLS modules */
markrad	0:cdf462088d13	2472
markrad	0:cdf462088d13	2473	/**
markrad	0:cdf462088d13	2474	* \name SECTION: Module configuration options
markrad	0:cdf462088d13	2475	*
markrad	0:cdf462088d13	2476	* This section allows for the setting of module specific sizes and
markrad	0:cdf462088d13	2477	* configuration options. The default values are already present in the
markrad	0:cdf462088d13	2478	* relevant header files and should suffice for the regular use cases.
markrad	0:cdf462088d13	2479	*
markrad	0:cdf462088d13	2480	* Our advice is to enable options and change their values here
markrad	0:cdf462088d13	2481	* only if you have a good reason and know the consequences.
markrad	0:cdf462088d13	2482	*
markrad	0:cdf462088d13	2483	* Please check the respective header file for documentation on these
markrad	0:cdf462088d13	2484	* parameters (to prevent duplicate documentation).
markrad	0:cdf462088d13	2485	* \{
markrad	0:cdf462088d13	2486	*/
markrad	0:cdf462088d13	2487
markrad	0:cdf462088d13	2488	/* MPI / BIGNUM options */
markrad	0:cdf462088d13	2489	//#define MBEDTLS_MPI_WINDOW_SIZE 6 /*< Maximum windows size used. /
markrad	0:cdf462088d13	2490	//#define MBEDTLS_MPI_MAX_SIZE 1024 /*< Maximum number of bytes for usable MPIs. /
markrad	0:cdf462088d13	2491
markrad	0:cdf462088d13	2492	/* CTR_DRBG options */
markrad	0:cdf462088d13	2493	//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /*< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) /
markrad	0:cdf462088d13	2494	//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /*< Interval before reseed is performed by default /
markrad	0:cdf462088d13	2495	//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /*< Maximum number of additional input bytes /
markrad	0:cdf462088d13	2496	//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /*< Maximum number of requested bytes per call /
markrad	0:cdf462088d13	2497	//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /*< Maximum size of (re)seed buffer /
markrad	0:cdf462088d13	2498
markrad	0:cdf462088d13	2499	/* HMAC_DRBG options */
markrad	0:cdf462088d13	2500	//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /*< Interval before reseed is performed by default /
markrad	0:cdf462088d13	2501	//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /*< Maximum number of additional input bytes /
markrad	0:cdf462088d13	2502	//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /*< Maximum number of requested bytes per call /
markrad	0:cdf462088d13	2503	//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /*< Maximum size of (re)seed buffer /
markrad	0:cdf462088d13	2504
markrad	0:cdf462088d13	2505	/* ECP options */
markrad	0:cdf462088d13	2506	//#define MBEDTLS_ECP_MAX_BITS 521 /*< Maximum bit size of groups /
markrad	0:cdf462088d13	2507	//#define MBEDTLS_ECP_WINDOW_SIZE 6 /*< Maximum window size used /
markrad	0:cdf462088d13	2508	//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /*< Enable fixed-point speed-up /
markrad	0:cdf462088d13	2509
markrad	0:cdf462088d13	2510	/* Entropy options */
markrad	0:cdf462088d13	2511	//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /*< Maximum number of sources supported /
markrad	0:cdf462088d13	2512	//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /*< Maximum amount requested from entropy sources /
markrad	0:cdf462088d13	2513	//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /*< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released /
markrad	0:cdf462088d13	2514
markrad	0:cdf462088d13	2515	/* Memory buffer allocator options */
markrad	0:cdf462088d13	2516	//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /*< Align on multiples of this value /
markrad	0:cdf462088d13	2517
markrad	0:cdf462088d13	2518	/* Platform options */
markrad	0:cdf462088d13	2519	//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /*< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. /
markrad	0:cdf462088d13	2520	//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /*< Default allocator to use, can be undefined /
markrad	0:cdf462088d13	2521	//#define MBEDTLS_PLATFORM_STD_FREE free /*< Default free to use, can be undefined /
markrad	0:cdf462088d13	2522	//#define MBEDTLS_PLATFORM_STD_EXIT exit /*< Default exit to use, can be undefined /
markrad	0:cdf462088d13	2523	//#define MBEDTLS_PLATFORM_STD_TIME time /*< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled /
markrad	0:cdf462088d13	2524	//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /*< Default fprintf to use, can be undefined /
markrad	0:cdf462088d13	2525	//#define MBEDTLS_PLATFORM_STD_PRINTF printf /*< Default printf to use, can be undefined /
markrad	0:cdf462088d13	2526	/* Note: your snprintf must correclty zero-terminate the buffer! */
markrad	0:cdf462088d13	2527	//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /*< Default snprintf to use, can be undefined /
markrad	0:cdf462088d13	2528	//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /*< Default exit value to use, can be undefined /
markrad	0:cdf462088d13	2529	//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /*< Default exit value to use, can be undefined /
markrad	0:cdf462088d13	2530	//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /*< Default nv_seed_read function to use, can be undefined /
markrad	0:cdf462088d13	2531	//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /*< Default nv_seed_write function to use, can be undefined /
markrad	0:cdf462088d13	2532	//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /*< Seed file to read/write with default implementation /
markrad	0:cdf462088d13	2533
markrad	0:cdf462088d13	2534	/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
markrad	0:cdf462088d13	2535	/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
markrad	0:cdf462088d13	2536	//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /*< Default allocator macro to use, can be undefined /
markrad	0:cdf462088d13	2537	//#define MBEDTLS_PLATFORM_FREE_MACRO free /*< Default free macro to use, can be undefined /
markrad	0:cdf462088d13	2538	//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /*< Default exit macro to use, can be undefined /
markrad	0:cdf462088d13	2539	//#define MBEDTLS_PLATFORM_TIME_MACRO time /*< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled /
markrad	0:cdf462088d13	2540	//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /*< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled /
markrad	0:cdf462088d13	2541	//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /*< Default fprintf macro to use, can be undefined /
markrad	0:cdf462088d13	2542	//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /*< Default printf macro to use, can be undefined /
markrad	0:cdf462088d13	2543	/* Note: your snprintf must correclty zero-terminate the buffer! */
markrad	0:cdf462088d13	2544	//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /*< Default snprintf macro to use, can be undefined /
markrad	0:cdf462088d13	2545	//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /*< Default nv_seed_read function to use, can be undefined /
markrad	0:cdf462088d13	2546	//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /*< Default nv_seed_write function to use, can be undefined /
markrad	0:cdf462088d13	2547
markrad	0:cdf462088d13	2548	/* SSL Cache options */
markrad	0:cdf462088d13	2549	//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*< 1 day /
markrad	0:cdf462088d13	2550	//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*< Maximum entries in cache /
markrad	0:cdf462088d13	2551
markrad	0:cdf462088d13	2552	/* SSL options */
markrad	0:cdf462088d13	2553	//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /*< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers /
markrad	0:cdf462088d13	2554	//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /*< Lifetime of session tickets (if enabled) /
markrad	0:cdf462088d13	2555	//#define MBEDTLS_PSK_MAX_LEN 32 /*< Max size of TLS pre-shared keys, in bytes (default 256 bits) /
markrad	0:cdf462088d13	2556	//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /*< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued /
markrad	0:cdf462088d13	2557
markrad	0:cdf462088d13	2558	/**
markrad	0:cdf462088d13	2559	* Complete list of ciphersuites to use, in order of preference.
markrad	0:cdf462088d13	2560	*
markrad	0:cdf462088d13	2561	* \warning No dependency checking is done on that field! This option can only
markrad	0:cdf462088d13	2562	* be used to restrict the set of available ciphersuites. It is your
markrad	0:cdf462088d13	2563	* responsibility to make sure the needed modules are active.
markrad	0:cdf462088d13	2564	*
markrad	0:cdf462088d13	2565	* Use this to save a few hundred bytes of ROM (default ordering of all
markrad	0:cdf462088d13	2566	* available ciphersuites) and a few to a few hundred bytes of RAM.
markrad	0:cdf462088d13	2567	*
markrad	0:cdf462088d13	2568	* The value below is only an example, not the default.
markrad	0:cdf462088d13	2569	*/
markrad	0:cdf462088d13	2570	//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
markrad	0:cdf462088d13	2571
markrad	0:cdf462088d13	2572	/* X509 options */
markrad	0:cdf462088d13	2573	//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /*< Maximum number of intermediate CAs in a verification chain. /
markrad	0:cdf462088d13	2574	//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /*< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). /
markrad	0:cdf462088d13	2575
markrad	0:cdf462088d13	2576	/* \} name SECTION: Customisation configuration options */
markrad	0:cdf462088d13	2577
markrad	0:cdf462088d13	2578	/* Target and application specific configurations */
markrad	0:cdf462088d13	2579	//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
markrad	0:cdf462088d13	2580
markrad	0:cdf462088d13	2581	#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
markrad	0:cdf462088d13	2582	#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
markrad	0:cdf462088d13	2583	#endif
markrad	0:cdf462088d13	2584
markrad	0:cdf462088d13	2585	/*
markrad	0:cdf462088d13	2586	* Allow user to override any previous default.
markrad	0:cdf462088d13	2587	*
markrad	0:cdf462088d13	2588	* Use two macro names for that, as:
markrad	0:cdf462088d13	2589	* - with yotta the prefix YOTTA_CFG_ is forced
markrad	0:cdf462088d13	2590	* - without yotta is looks weird to have a YOTTA prefix.
markrad	0:cdf462088d13	2591	*/
markrad	0:cdf462088d13	2592	#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
markrad	0:cdf462088d13	2593	#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
markrad	0:cdf462088d13	2594	#elif defined(MBEDTLS_USER_CONFIG_FILE)
markrad	0:cdf462088d13	2595	#include MBEDTLS_USER_CONFIG_FILE
markrad	0:cdf462088d13	2596	#endif
markrad	0:cdf462088d13	2597
markrad	0:cdf462088d13	2598	#include "check_config.h"
markrad	0:cdf462088d13	2599
markrad	0:cdf462088d13	2600	#endif /* MBEDTLS_CONFIG_H */

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	04 Jun 2019
Imports:	1
Forks:	0
Commits:	2
Dependents:	1
Dependencies:	0
Followers:	2

Developers

Willie Solano

Pablo Andrés Araya Castillo

include/mbedtls/config.h@1:1a219dea6cb5, 2019-06-04 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Developers

Important Information for this Arm website

Access Warning