NCBI C++ ToolKit
mbedtls_config.h
Go to the documentation of this file.

Go to the SVN repository for this file.

1 /**
2  * \file mbedtls_config.h
3  *
4  * \brief Configuration options (set of defines)
5  *
6  * This set of compile-time options may be used to enable
7  * or disable features selectively, and reduce the global
8  * memory footprint.
9  */
10 /*
11  * Copyright The Mbed TLS Contributors
12  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
13  */
14 
15 #include <ncbiconf.h>
16 
17 /**
18  * This is an optional version symbol that enables compatibility handling of
19  * config files.
20  *
21  * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
22  * introduced the config format we want to be compatible with.
23  */
24 //#define MBEDTLS_CONFIG_VERSION 0x03000000
25 
26 /**
27  * \name SECTION: System support
28  *
29  * This section sets system specific settings.
30  * \{
31  */
32 
33 /**
34  * \def MBEDTLS_HAVE_ASM
35  *
36  * The compiler has support for asm().
37  *
38  * Requires support for asm() in compiler.
39  *
40  * Used in:
41  * library/aesni.h
42  * library/aria.c
43  * library/bn_mul.h
44  * library/constant_time.c
45  * library/padlock.h
46  *
47  * Required by:
48  * MBEDTLS_AESCE_C
49  * MBEDTLS_AESNI_C (on some platforms)
50  * MBEDTLS_PADLOCK_C
51  *
52  * Comment to disable the use of assembly code.
53  */
54 #define MBEDTLS_HAVE_ASM
55 
56 /**
57  * \def MBEDTLS_NO_UDBL_DIVISION
58  *
59  * The platform lacks support for double-width integer division (64-bit
60  * division on a 32-bit platform, 128-bit division on a 64-bit platform).
61  *
62  * Used in:
63  * include/mbedtls/bignum.h
64  * library/bignum.c
65  *
66  * The bignum code uses double-width division to speed up some operations.
67  * Double-width division is often implemented in software that needs to
68  * be linked with the program. The presence of a double-width integer
69  * type is usually detected automatically through preprocessor macros,
70  * but the automatic detection cannot know whether the code needs to
71  * and can be linked with an implementation of division for that type.
72  * By default division is assumed to be usable if the type is present.
73  * Uncomment this option to prevent the use of double-width division.
74  *
75  * Note that division for the native integer type is always required.
76  * Furthermore, a 64-bit type is always required even on a 32-bit
77  * platform, but it need not support multiplication or division. In some
78  * cases it is also desirable to disable some double-width operations. For
79  * example, if double-width division is implemented in software, disabling
80  * it can reduce code size in some embedded targets.
81  */
82 //#define MBEDTLS_NO_UDBL_DIVISION
83 
84 /**
85  * \def MBEDTLS_NO_64BIT_MULTIPLICATION
86  *
87  * The platform lacks support for 32x32 -> 64-bit multiplication.
88  *
89  * Used in:
90  * library/poly1305.c
91  *
92  * Some parts of the library may use multiplication of two unsigned 32-bit
93  * operands with a 64-bit result in order to speed up computations. On some
94  * platforms, this is not available in hardware and has to be implemented in
95  * software, usually in a library provided by the toolchain.
96  *
97  * Sometimes it is not desirable to have to link to that library. This option
98  * removes the dependency of that library on platforms that lack a hardware
99  * 64-bit multiplier by embedding a software implementation in Mbed TLS.
100  *
101  * Note that depending on the compiler, this may decrease performance compared
102  * to using the library function provided by the toolchain.
103  */
104 //#define MBEDTLS_NO_64BIT_MULTIPLICATION
105 
106 /**
107  * \def MBEDTLS_HAVE_SSE2
108  *
109  * CPU supports SSE2 instruction set.
110  *
111  * Uncomment if the CPU supports SSE2 (IA-32 specific).
112  */
113 #if defined(__SSE2__) || (defined(_M_IX86_FP) && _M_IX86_FP >= 2)
114 # define MBEDTLS_HAVE_SSE2
115 #endif
116 
117 /**
118  * \def MBEDTLS_HAVE_TIME
119  *
120  * System has time.h and time().
121  * The time does not need to be correct, only time differences are used,
122  * by contrast with MBEDTLS_HAVE_TIME_DATE
123  *
124  * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
125  * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
126  * MBEDTLS_PLATFORM_STD_TIME.
127  *
128  * Comment if your system does not support time functions.
129  *
130  * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
131  * interface - timing.c will include time.h on suitable platforms
132  * regardless of the setting of MBEDTLS_HAVE_TIME, unless
133  * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
134  */
135 #define MBEDTLS_HAVE_TIME
136 
137 /**
138  * \def MBEDTLS_HAVE_TIME_DATE
139  *
140  * System has time.h, time(), and an implementation for
141  * mbedtls_platform_gmtime_r() (see below).
142  * The time needs to be correct (not necessarily very accurate, but at least
143  * the date should be correct). This is used to verify the validity period of
144  * X.509 certificates.
145  *
146  * Comment if your system does not have a correct clock.
147  *
148  * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
149  * behaves similarly to the gmtime_r() function from the C standard. Refer to
150  * the documentation for mbedtls_platform_gmtime_r() for more information.
151  *
152  * \note It is possible to configure an implementation for
153  * mbedtls_platform_gmtime_r() at compile-time by using the macro
154  * MBEDTLS_PLATFORM_GMTIME_R_ALT.
155  */
156 #define MBEDTLS_HAVE_TIME_DATE
157 
158 /**
159  * \def MBEDTLS_PLATFORM_MEMORY
160  *
161  * Enable the memory allocation layer.
162  *
163  * By default Mbed TLS uses the system-provided calloc() and free().
164  * This allows different allocators (self-implemented or provided) to be
165  * provided to the platform abstraction layer.
166  *
167  * Enabling #MBEDTLS_PLATFORM_MEMORY without the
168  * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
169  * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
170  * free() function pointer at runtime.
171  *
172  * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
173  * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
174  * alternate function at compile time.
175  *
176  * An overview of how the value of mbedtls_calloc is determined:
177  *
178  * - if !MBEDTLS_PLATFORM_MEMORY
179  * - mbedtls_calloc = calloc
180  * - if MBEDTLS_PLATFORM_MEMORY
181  * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
182  * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
183  * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
184  * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
185  * - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
186  * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
187  * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
188  * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
189  * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
190  * - if MBEDTLS_PLATFORM_STD_CALLOC is present:
191  * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
192  * - if !MBEDTLS_PLATFORM_STD_CALLOC:
193  * - MBEDTLS_PLATFORM_STD_CALLOC = calloc
194  *
195  * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
196  * - if !MBEDTLS_PLATFORM_STD_CALLOC
197  * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
198  *
199  * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
200  *
201  * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
202  * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
203  * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
204  * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
205  * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
206  * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
207  *
208  * Requires: MBEDTLS_PLATFORM_C
209  *
210  * Enable this layer to allow use of alternative memory allocators.
211  */
212 //#define MBEDTLS_PLATFORM_MEMORY
213 
214 /**
215  * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
216  *
217  * Do not assign standard functions in the platform layer (e.g. calloc() to
218  * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
219  *
220  * This makes sure there are no linking errors on platforms that do not support
221  * these functions. You will HAVE to provide alternatives, either at runtime
222  * via the platform_set_xxx() functions or at compile time by setting
223  * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
224  * MBEDTLS_PLATFORM_XXX_MACRO.
225  *
226  * Requires: MBEDTLS_PLATFORM_C
227  *
228  * Uncomment to prevent default assignment of standard functions in the
229  * platform layer.
230  */
231 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
232 
233 /**
234  * \def MBEDTLS_PLATFORM_EXIT_ALT
235  *
236  * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
237  * function in the platform abstraction layer.
238  *
239  * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
240  * provide a function "mbedtls_platform_set_printf()" that allows you to set an
241  * alternative printf function pointer.
242  *
243  * All these define require MBEDTLS_PLATFORM_C to be defined!
244  *
245  * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
246  * it will be enabled automatically by check_config.h
247  *
248  * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
249  * MBEDTLS_PLATFORM_XXX_MACRO!
250  *
251  * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
252  *
253  * Uncomment a macro to enable alternate implementation of specific base
254  * platform function
255  */
256 //#define MBEDTLS_PLATFORM_SETBUF_ALT
257 //#define MBEDTLS_PLATFORM_EXIT_ALT
258 //#define MBEDTLS_PLATFORM_TIME_ALT
259 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
260 //#define MBEDTLS_PLATFORM_PRINTF_ALT
261 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
262 //#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
263 //#define MBEDTLS_PLATFORM_NV_SEED_ALT
264 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
265 //#define MBEDTLS_PLATFORM_MS_TIME_ALT
266 
267 /**
268  * Uncomment the macro to let Mbed TLS use your alternate implementation of
269  * mbedtls_platform_gmtime_r(). This replaces the default implementation in
270  * platform_util.c.
271  *
272  * gmtime() is not a thread-safe function as defined in the C standard. The
273  * library will try to use safer implementations of this function, such as
274  * gmtime_r() when available. However, if Mbed TLS cannot identify the target
275  * system, the implementation of mbedtls_platform_gmtime_r() will default to
276  * using the standard gmtime(). In this case, calls from the library to
277  * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
278  * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
279  * library are also guarded with this mutex to avoid race conditions. However,
280  * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
281  * unconditionally use the implementation for mbedtls_platform_gmtime_r()
282  * supplied at compile time.
283  */
284 //#define MBEDTLS_PLATFORM_GMTIME_R_ALT
285 
286 /**
287  * Uncomment the macro to let Mbed TLS use your alternate implementation of
288  * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces
289  * the default implementation in platform_util.c.
290  *
291  * By default, the library uses a system function such as memset_s()
292  * (optional feature of C11), explicit_bzero() (BSD and compatible), or
293  * SecureZeroMemory (Windows). If no such function is detected, the library
294  * falls back to a plain C implementation. Compilers are technically
295  * permitted to optimize this implementation out, meaning that the memory is
296  * not actually wiped. The library tries to prevent that, but the C language
297  * makes it impossible to guarantee that the memory will always be wiped.
298  *
299  * If your platform provides a guaranteed method to wipe memory which
300  * `platform_util.c` does not detect, define this macro to the name of
301  * a function that takes two arguments, a `void *` pointer and a length,
302  * and wipes that many bytes starting at the specified address. For example,
303  * if your platform has explicit_bzero() but `platform_util.c` does not
304  * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be
305  * `explicit_bzero` to use that function as mbedtls_platform_zeroize().
306  */
307 //#define MBEDTLS_PLATFORM_ZEROIZE_ALT
308 
309 /**
310  * \def MBEDTLS_DEPRECATED_WARNING
311  *
312  * Mark deprecated functions and features so that they generate a warning if
313  * used. Functionality deprecated in one version will usually be removed in the
314  * next version. You can enable this to help you prepare the transition to a
315  * new major version by making sure your code is not using this functionality.
316  *
317  * This only works with GCC and Clang. With other compilers, you may want to
318  * use MBEDTLS_DEPRECATED_REMOVED
319  *
320  * Uncomment to get warnings on using deprecated functions and features.
321  */
322 #if defined(NCBI_COMPILER_GCC) || defined(NCBI_COMPILER_ICC) \
323  || defined(NCBI_COMPILER_ANY_CLANG)
324 # define MBEDTLS_DEPRECATED_WARNING
325 #endif
326 
327 /**
328  * \def MBEDTLS_DEPRECATED_REMOVED
329  *
330  * Remove deprecated functions and features so that they generate an error if
331  * used. Functionality deprecated in one version will usually be removed in the
332  * next version. You can enable this to help you prepare the transition to a
333  * new major version by making sure your code is not using this functionality.
334  *
335  * Uncomment to get errors on using deprecated functions and features.
336  */
337 //#define MBEDTLS_DEPRECATED_REMOVED
338 
339 /** \} name SECTION: System support */
340 
341 /**
342  * \name SECTION: Mbed TLS feature support
343  *
344  * This section sets support for features that are or are not needed
345  * within the modules that are enabled.
346  * \{
347  */
348 
349 /**
350  * \def MBEDTLS_TIMING_ALT
351  *
352  * Uncomment to provide your own alternate implementation for
353  * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
354  *
355  * Only works if you have MBEDTLS_TIMING_C enabled.
356  *
357  * You will need to provide a header "timing_alt.h" and an implementation at
358  * compile time.
359  */
360 //#define MBEDTLS_TIMING_ALT
361 
362 /**
363  * \def MBEDTLS_AES_ALT
364  *
365  * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
366  * alternate core implementation of a symmetric crypto, an arithmetic or hash
367  * module (e.g. platform specific assembly optimized implementations). Keep
368  * in mind that the function prototypes should remain the same.
369  *
370  * This replaces the whole module. If you only want to replace one of the
371  * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
372  *
373  * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
374  * provide the "struct mbedtls_aes_context" definition and omit the base
375  * function declarations and implementations. "aes_alt.h" will be included from
376  * "aes.h" to include the new function definitions.
377  *
378  * Uncomment a macro to enable alternate implementation of the corresponding
379  * module.
380  *
381  * \warning MD5, DES and SHA-1 are considered weak and their
382  * use constitutes a security risk. If possible, we recommend
383  * avoiding dependencies on them, and considering stronger message
384  * digests and ciphers instead.
385  *
386  */
387 //#define MBEDTLS_AES_ALT
388 //#define MBEDTLS_ARIA_ALT
389 //#define MBEDTLS_CAMELLIA_ALT
390 //#define MBEDTLS_CCM_ALT
391 //#define MBEDTLS_CHACHA20_ALT
392 //#define MBEDTLS_CHACHAPOLY_ALT
393 //#define MBEDTLS_CMAC_ALT
394 //#define MBEDTLS_DES_ALT
395 //#define MBEDTLS_DHM_ALT
396 //#define MBEDTLS_ECJPAKE_ALT
397 //#define MBEDTLS_GCM_ALT
398 //#define MBEDTLS_NIST_KW_ALT
399 //#define MBEDTLS_MD5_ALT
400 //#define MBEDTLS_POLY1305_ALT
401 //#define MBEDTLS_RIPEMD160_ALT
402 //#define MBEDTLS_RSA_ALT
403 //#define MBEDTLS_SHA1_ALT
404 //#define MBEDTLS_SHA256_ALT
405 //#define MBEDTLS_SHA512_ALT
406 
407 /*
408  * When replacing the elliptic curve module, please consider, that it is
409  * implemented with two .c files:
410  * - ecp.c
411  * - ecp_curves.c
412  * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
413  * macros as described above. The only difference is that you have to make sure
414  * that you provide functionality for both .c files.
415  */
416 //#define MBEDTLS_ECP_ALT
417 
418 /**
419  * \def MBEDTLS_SHA256_PROCESS_ALT
420  *
421  * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
422  * alternate core implementation of symmetric crypto or hash function. Keep in
423  * mind that function prototypes should remain the same.
424  *
425  * This replaces only one function. The header file from Mbed TLS is still
426  * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
427  *
428  * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
429  * no longer provide the mbedtls_sha1_process() function, but it will still provide
430  * the other function (using your mbedtls_sha1_process() function) and the definition
431  * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
432  * with this definition.
433  *
434  * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
435  * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
436  * tables.
437  *
438  * Uncomment a macro to enable alternate implementation of the corresponding
439  * function.
440  *
441  * \warning MD5, DES and SHA-1 are considered weak and their use
442  * constitutes a security risk. If possible, we recommend avoiding
443  * dependencies on them, and considering stronger message digests
444  * and ciphers instead.
445  *
446  * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
447  * enabled, then the deterministic ECDH signature functions pass the
448  * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
449  * alternative implementations should use the RNG only for generating
450  * the ephemeral key and nothing else. If this is not possible, then
451  * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
452  * implementation should be provided for mbedtls_ecdsa_sign_det_ext().
453  *
454  */
455 //#define MBEDTLS_MD5_PROCESS_ALT
456 //#define MBEDTLS_RIPEMD160_PROCESS_ALT
457 //#define MBEDTLS_SHA1_PROCESS_ALT
458 //#define MBEDTLS_SHA256_PROCESS_ALT
459 //#define MBEDTLS_SHA512_PROCESS_ALT
460 //#define MBEDTLS_DES_SETKEY_ALT
461 //#define MBEDTLS_DES_CRYPT_ECB_ALT
462 //#define MBEDTLS_DES3_CRYPT_ECB_ALT
463 //#define MBEDTLS_AES_SETKEY_ENC_ALT
464 //#define MBEDTLS_AES_SETKEY_DEC_ALT
465 //#define MBEDTLS_AES_ENCRYPT_ALT
466 //#define MBEDTLS_AES_DECRYPT_ALT
467 //#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
468 //#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
469 //#define MBEDTLS_ECDSA_VERIFY_ALT
470 //#define MBEDTLS_ECDSA_SIGN_ALT
471 //#define MBEDTLS_ECDSA_GENKEY_ALT
472 
473 /**
474  * \def MBEDTLS_ECP_INTERNAL_ALT
475  *
476  * Expose a part of the internal interface of the Elliptic Curve Point module.
477  *
478  * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
479  * alternative core implementation of elliptic curve arithmetic. Keep in mind
480  * that function prototypes should remain the same.
481  *
482  * This partially replaces one function. The header file from Mbed TLS is still
483  * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
484  * is still present and it is used for group structures not supported by the
485  * alternative.
486  *
487  * The original implementation can in addition be removed by setting the
488  * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
489  * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
490  * able to fallback to curves not supported by the alternative implementation.
491  *
492  * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
493  * and implementing the following functions:
494  * unsigned char mbedtls_internal_ecp_grp_capable(
495  * const mbedtls_ecp_group *grp )
496  * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
497  * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
498  * The mbedtls_internal_ecp_grp_capable function should return 1 if the
499  * replacement functions implement arithmetic for the given group and 0
500  * otherwise.
501  * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
502  * called before and after each point operation and provide an opportunity to
503  * implement optimized set up and tear down instructions.
504  *
505  * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
506  * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
507  * function, but will use your mbedtls_internal_ecp_double_jac() if the group
508  * for the operation is supported by your implementation (i.e. your
509  * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
510  * group is not supported by your implementation, then the original Mbed TLS
511  * implementation of ecp_double_jac() is used instead, unless this fallback
512  * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
513  * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
514  *
515  * The function prototypes and the definition of mbedtls_ecp_group and
516  * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
517  * implementation of mbedtls_internal_ecp__function_name__ must be compatible
518  * with their definitions.
519  *
520  * Uncomment a macro to enable alternate implementation of the corresponding
521  * function.
522  */
523 /* Required for all the functions in this section */
524 //#define MBEDTLS_ECP_INTERNAL_ALT
525 /* Turn off software fallback for curves not supported in hardware */
526 //#define MBEDTLS_ECP_NO_FALLBACK
527 /* Support for Weierstrass curves with Jacobi representation */
528 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
529 //#define MBEDTLS_ECP_ADD_MIXED_ALT
530 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT
531 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
532 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
533 /* Support for curves with Montgomery arithmetic */
534 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
535 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
536 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
537 
538 /**
539  * \def MBEDTLS_ENTROPY_HARDWARE_ALT
540  *
541  * Uncomment this macro to let Mbed TLS use your own implementation of a
542  * hardware entropy collector.
543  *
544  * Your function must be called \c mbedtls_hardware_poll(), have the same
545  * prototype as declared in library/entropy_poll.h, and accept NULL as first
546  * argument.
547  *
548  * Uncomment to use your own hardware entropy collector.
549  */
550 //#define MBEDTLS_ENTROPY_HARDWARE_ALT
551 
552 /**
553  * \def MBEDTLS_AES_ROM_TABLES
554  *
555  * Use precomputed AES tables stored in ROM.
556  *
557  * Uncomment this macro to use precomputed AES tables stored in ROM.
558  * Comment this macro to generate AES tables in RAM at runtime.
559  *
560  * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
561  * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
562  * initialization time before the first AES operation can be performed.
563  * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
564  * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
565  * performance if ROM access is slower than RAM access.
566  *
567  * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
568  */
569 //#define MBEDTLS_AES_ROM_TABLES
570 
571 /**
572  * \def MBEDTLS_AES_FEWER_TABLES
573  *
574  * Use less ROM/RAM for AES tables.
575  *
576  * Uncommenting this macro omits 75% of the AES tables from
577  * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
578  * by computing their values on the fly during operations
579  * (the tables are entry-wise rotations of one another).
580  *
581  * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
582  * by ~6kb but at the cost of more arithmetic operations during
583  * runtime. Specifically, one has to compare 4 accesses within
584  * different tables to 4 accesses with additional arithmetic
585  * operations within the same table. The performance gain/loss
586  * depends on the system and memory details.
587  *
588  * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
589  */
590 //#define MBEDTLS_AES_FEWER_TABLES
591 
592 /**
593  * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
594  *
595  * Use only 128-bit keys in AES operations to save ROM.
596  *
597  * Uncomment this macro to remove support for AES operations that use 192-
598  * or 256-bit keys.
599  *
600  * Uncommenting this macro reduces the size of AES code by ~300 bytes
601  * on v8-M/Thumb2.
602  *
603  * Module: library/aes.c
604  *
605  * Requires: MBEDTLS_AES_C
606  */
607 //#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
608 
609 /*
610  * Disable plain C implementation for AES.
611  *
612  * When the plain C implementation is enabled, and an implementation using a
613  * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime
614  * detection will be used to select between them.
615  *
616  * If only one implementation is present, runtime detection will not be used.
617  * This configuration will crash at runtime if running on a CPU without the
618  * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C
619  * and/or MBEDTLS_AESNI_C is enabled & present in the build.
620  */
621 //#define MBEDTLS_AES_USE_HARDWARE_ONLY
622 
623 /**
624  * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
625  *
626  * Use less ROM for the Camellia implementation (saves about 768 bytes).
627  *
628  * Uncomment this macro to use less memory for Camellia.
629  */
630 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY
631 
632 /**
633  * \def MBEDTLS_CHECK_RETURN_WARNING
634  *
635  * If this macro is defined, emit a compile-time warning if application code
636  * calls a function without checking its return value, but the return value
637  * should generally be checked in portable applications.
638  *
639  * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
640  * implemented. Otherwise this option has no effect.
641  *
642  * Uncomment to get warnings on using fallible functions without checking
643  * their return value.
644  *
645  * \note This feature is a work in progress.
646  * Warnings will be added to more functions in the future.
647  *
648  * \note A few functions are considered critical, and ignoring the return
649  * value of these functions will trigger a warning even if this
650  * macro is not defined. To completely disable return value check
651  * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
652  */
653 //#define MBEDTLS_CHECK_RETURN_WARNING
654 
655 /**
656  * \def MBEDTLS_CIPHER_MODE_CBC
657  *
658  * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
659  */
660 #define MBEDTLS_CIPHER_MODE_CBC
661 
662 /**
663  * \def MBEDTLS_CIPHER_MODE_CFB
664  *
665  * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
666  */
667 #define MBEDTLS_CIPHER_MODE_CFB
668 
669 /**
670  * \def MBEDTLS_CIPHER_MODE_CTR
671  *
672  * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
673  */
674 #define MBEDTLS_CIPHER_MODE_CTR
675 
676 /**
677  * \def MBEDTLS_CIPHER_MODE_OFB
678  *
679  * Enable Output Feedback mode (OFB) for symmetric ciphers.
680  */
681 #define MBEDTLS_CIPHER_MODE_OFB
682 
683 /**
684  * \def MBEDTLS_CIPHER_MODE_XTS
685  *
686  * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
687  */
688 #define MBEDTLS_CIPHER_MODE_XTS
689 
690 /**
691  * \def MBEDTLS_CIPHER_NULL_CIPHER
692  *
693  * Enable NULL cipher.
694  * Warning: Only do so when you know what you are doing. This allows for
695  * encryption or channels without any security!
696  *
697  * To enable the following ciphersuites:
698  * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
699  * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
700  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
701  * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
702  * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
703  * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
704  * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
705  * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
706  * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
707  * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
708  * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
709  * MBEDTLS_TLS_RSA_WITH_NULL_SHA
710  * MBEDTLS_TLS_RSA_WITH_NULL_MD5
711  * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
712  * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
713  * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
714  * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
715  * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
716  * MBEDTLS_TLS_PSK_WITH_NULL_SHA
717  *
718  * Uncomment this macro to enable the NULL cipher and ciphersuites
719  */
720 //#define MBEDTLS_CIPHER_NULL_CIPHER
721 
722 /**
723  * \def MBEDTLS_CIPHER_PADDING_PKCS7
724  *
725  * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
726  * specific padding modes in the cipher layer with cipher modes that support
727  * padding (e.g. CBC)
728  *
729  * If you disable all padding modes, only full blocks can be used with CBC.
730  *
731  * Enable padding modes in the cipher layer.
732  */
733 #define MBEDTLS_CIPHER_PADDING_PKCS7
734 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
735 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
736 #define MBEDTLS_CIPHER_PADDING_ZEROS
737 
738 /** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
739  *
740  * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
741  * Without this, CTR_DRBG uses a 256-bit key
742  * unless \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
743  */
744 //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
745 
746 /**
747  * Enable the verified implementations of ECDH primitives from Project Everest
748  * (currently only Curve25519). This feature changes the layout of ECDH
749  * contexts and therefore is a compatibility break for applications that access
750  * fields of a mbedtls_ecdh_context structure directly. See also
751  * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
752  *
753  * The Everest code is provided under the Apache 2.0 license only; therefore enabling this
754  * option is not compatible with taking the library under the GPL v2.0-or-later license.
755  */
756 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
757 
758 /**
759  * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
760  *
761  * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
762  * module. By default all supported curves are enabled.
763  *
764  * Comment macros to disable the curve and functions for it
765  */
766 /* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
767 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
768 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
769 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
770 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
771 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
772 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
773 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
774 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
775 #define MBEDTLS_ECP_DP_BP256R1_ENABLED
776 #define MBEDTLS_ECP_DP_BP384R1_ENABLED
777 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
778 /* Montgomery curves (supporting ECP) */
779 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
780 #define MBEDTLS_ECP_DP_CURVE448_ENABLED
781 
782 /**
783  * \def MBEDTLS_ECP_NIST_OPTIM
784  *
785  * Enable specific 'modulo p' routines for each NIST prime.
786  * Depending on the prime and architecture, makes operations 4 to 8 times
787  * faster on the corresponding curve.
788  *
789  * Comment this macro to disable NIST curves optimisation.
790  */
791 #define MBEDTLS_ECP_NIST_OPTIM
792 
793 /**
794  * \def MBEDTLS_ECP_RESTARTABLE
795  *
796  * Enable "non-blocking" ECC operations that can return early and be resumed.
797  *
798  * This allows various functions to pause by returning
799  * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
800  * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
801  * order to further progress and eventually complete their operation. This is
802  * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
803  * number of ECC operations a function may perform before pausing; see
804  * mbedtls_ecp_set_max_ops() for more information.
805  *
806  * This is useful in non-threaded environments if you want to avoid blocking
807  * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
808  *
809  * This option:
810  * - Adds xxx_restartable() variants of existing operations in the
811  * following modules, with corresponding restart context types:
812  * - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
813  * linear combination (muladd);
814  * - ECDSA: signature generation & verification;
815  * - PK: signature generation & verification;
816  * - X509: certificate chain verification.
817  * - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
818  * - Changes the behaviour of TLS 1.2 clients (not servers) when using the
819  * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
820  * computations restartable:
821  * - ECDH operations from the key exchange, only for Short Weierstrass
822  * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled.
823  * - verification of the server's key exchange signature;
824  * - verification of the server's certificate chain;
825  * - generation of the client's signature if client authentication is used,
826  * with an ECC key/certificate.
827  *
828  * \note In the cases above, the usual SSL/TLS functions, such as
829  * mbedtls_ssl_handshake(), can now return
830  * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
831  *
832  * \note When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled,
833  * restartable operations in PK, X.509 and TLS (see above) are not
834  * using PSA. On the other hand, ECDH computations in TLS are using
835  * PSA, and are not restartable. These are temporary limitations that
836  * should be lifted in the future.
837  *
838  * \note This option only works with the default software implementation of
839  * elliptic curve functionality. It is incompatible with
840  * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
841  *
842  * Requires: MBEDTLS_ECP_C
843  *
844  * Uncomment this macro to enable restartable ECC computations.
845  */
846 //#define MBEDTLS_ECP_RESTARTABLE
847 
848 /**
849  * Uncomment to enable using new bignum code in the ECC modules.
850  *
851  * \warning This is currently experimental, incomplete and therefore should not
852  * be used in production.
853  */
854 //#define MBEDTLS_ECP_WITH_MPI_UINT
855 
856 /**
857  * \def MBEDTLS_ECDSA_DETERMINISTIC
858  *
859  * Enable deterministic ECDSA (RFC 6979).
860  * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
861  * may result in a compromise of the long-term signing key. This is avoided by
862  * the deterministic variant.
863  *
864  * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
865  *
866  * Comment this macro to disable deterministic ECDSA.
867  */
868 #define MBEDTLS_ECDSA_DETERMINISTIC
869 
870 /**
871  * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
872  *
873  * Enable the PSK based ciphersuite modes in SSL / TLS.
874  *
875  * This enables the following ciphersuites (if other requisites are
876  * enabled as well):
877  * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
878  * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
879  * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
880  * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
881  * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
882  * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
883  * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
884  * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
885  * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
886  * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
887  */
888 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
889 
890 /**
891  * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
892  *
893  * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
894  *
895  * Requires: MBEDTLS_DHM_C
896  *
897  * This enables the following ciphersuites (if other requisites are
898  * enabled as well):
899  * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
900  * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
901  * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
902  * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
903  * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
904  * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
905  * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
906  * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
907  * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
908  * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
909  *
910  * \warning Using DHE constitutes a security risk as it
911  * is not possible to validate custom DH parameters.
912  * If possible, it is recommended users should consider
913  * preferring other methods of key exchange.
914  * See dhm.h for more details.
915  *
916  */
917 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
918 
919 /**
920  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
921  *
922  * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
923  *
924  * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
925  *
926  * This enables the following ciphersuites (if other requisites are
927  * enabled as well):
928  * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
929  * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
930  * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
931  * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
932  * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
933  * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
934  */
935 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
936 
937 /**
938  * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
939  *
940  * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
941  *
942  * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
943  * MBEDTLS_X509_CRT_PARSE_C
944  *
945  * This enables the following ciphersuites (if other requisites are
946  * enabled as well):
947  * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
948  * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
949  * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
950  * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
951  * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
952  * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
953  * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
954  * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
955  * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
956  * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
957  */
958 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
959 
960 /**
961  * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
962  *
963  * Enable the RSA-only based ciphersuite modes in SSL / TLS.
964  *
965  * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
966  * MBEDTLS_X509_CRT_PARSE_C
967  *
968  * This enables the following ciphersuites (if other requisites are
969  * enabled as well):
970  * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
971  * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
972  * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
973  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
974  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
975  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
976  * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
977  * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
978  * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
979  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
980  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
981  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
982  */
983 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
984 
985 /**
986  * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
987  *
988  * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
989  *
990  * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
991  * MBEDTLS_X509_CRT_PARSE_C
992  *
993  * This enables the following ciphersuites (if other requisites are
994  * enabled as well):
995  * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
996  * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
997  * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
998  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
999  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
1000  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1001  * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1002  * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1003  * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1004  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1005  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1006  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1007  *
1008  * \warning Using DHE constitutes a security risk as it
1009  * is not possible to validate custom DH parameters.
1010  * If possible, it is recommended users should consider
1011  * preferring other methods of key exchange.
1012  * See dhm.h for more details.
1013  *
1014  */
1015 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1016 
1017 /**
1018  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1019  *
1020  * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
1021  *
1022  * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
1023  * MBEDTLS_RSA_C
1024  * MBEDTLS_PKCS1_V15
1025  * MBEDTLS_X509_CRT_PARSE_C
1026  *
1027  * This enables the following ciphersuites (if other requisites are
1028  * enabled as well):
1029  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1030  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
1031  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1032  * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1033  * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
1034  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1035  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
1036  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1037  * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1038  * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1039  */
1040 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1041 
1042 /**
1043  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
1044  *
1045  * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
1046  *
1047  * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
1048  * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
1049  * MBEDTLS_X509_CRT_PARSE_C
1050  *
1051  * This enables the following ciphersuites (if other requisites are
1052  * enabled as well):
1053  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1054  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
1055  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1056  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1057  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1058  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1059  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
1060  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1061  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1062  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1063  */
1064 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
1065 
1066 /**
1067  * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
1068  *
1069  * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
1070  *
1071  * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
1072  * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
1073  * MBEDTLS_X509_CRT_PARSE_C
1074  *
1075  * This enables the following ciphersuites (if other requisites are
1076  * enabled as well):
1077  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
1078  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
1079  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
1080  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
1081  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
1082  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
1083  * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1084  * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1085  * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1086  * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1087  */
1088 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
1089 
1090 /**
1091  * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1092  *
1093  * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
1094  *
1095  * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH)
1096  * MBEDTLS_RSA_C
1097  * MBEDTLS_X509_CRT_PARSE_C
1098  *
1099  * This enables the following ciphersuites (if other requisites are
1100  * enabled as well):
1101  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
1102  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
1103  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
1104  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
1105  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
1106  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
1107  * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
1108  * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
1109  * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
1110  * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
1111  */
1112 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1113 
1114 /**
1115  * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1116  *
1117  * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
1118  *
1119  * \warning This is currently experimental. EC J-PAKE support is based on the
1120  * Thread v1.0.0 specification; incompatible changes to the specification
1121  * might still happen. For this reason, this is disabled by default.
1122  *
1123  * Requires: MBEDTLS_ECJPAKE_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_JPAKE)
1124  * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver)
1125  * MBEDTLS_ECP_DP_SECP256R1_ENABLED
1126  *
1127  * \warning If SHA-256 is provided only by a PSA driver, you must call
1128  * psa_crypto_init() before the first hanshake (even if
1129  * MBEDTLS_USE_PSA_CRYPTO is disabled).
1130  *
1131  * This enables the following ciphersuites (if other requisites are
1132  * enabled as well):
1133  * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
1134  */
1135 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1136 
1137 /**
1138  * \def MBEDTLS_PK_PARSE_EC_EXTENDED
1139  *
1140  * Enhance support for reading EC keys using variants of SEC1 not allowed by
1141  * RFC 5915 and RFC 5480.
1142  *
1143  * Currently this means parsing the SpecifiedECDomain choice of EC
1144  * parameters (only known groups are supported, not arbitrary domains, to
1145  * avoid validation issues).
1146  *
1147  * Disable if you only need to support RFC 5915 + 5480 key formats.
1148  */
1149 #define MBEDTLS_PK_PARSE_EC_EXTENDED
1150 
1151 /**
1152  * \def MBEDTLS_PK_PARSE_EC_COMPRESSED
1153  *
1154  * Enable the support for parsing public keys of type Short Weierstrass
1155  * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
1156  * compressed point format. This parsing is done through ECP module's functions.
1157  *
1158  * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h)
1159  * the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and
1160  * MBEDTLS_ECP_DP_SECP224K1.
1161  */
1162 #define MBEDTLS_PK_PARSE_EC_COMPRESSED
1163 
1164 /**
1165  * \def MBEDTLS_ERROR_STRERROR_DUMMY
1166  *
1167  * Enable a dummy error function to make use of mbedtls_strerror() in
1168  * third party libraries easier when MBEDTLS_ERROR_C is disabled
1169  * (no effect when MBEDTLS_ERROR_C is enabled).
1170  *
1171  * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
1172  * not using mbedtls_strerror() or error_strerror() in your application.
1173  *
1174  * Disable if you run into name conflicts and want to really remove the
1175  * mbedtls_strerror()
1176  */
1177 #define MBEDTLS_ERROR_STRERROR_DUMMY
1178 
1179 /**
1180  * \def MBEDTLS_GENPRIME
1181  *
1182  * Enable the prime-number generation code.
1183  *
1184  * Requires: MBEDTLS_BIGNUM_C
1185  */
1186 #define MBEDTLS_GENPRIME
1187 
1188 /**
1189  * \def MBEDTLS_FS_IO
1190  *
1191  * Enable functions that use the filesystem.
1192  */
1193 #define MBEDTLS_FS_IO
1194 
1195 /**
1196  * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
1197  *
1198  * Do not add default entropy sources in mbedtls_entropy_init().
1199  *
1200  * This is useful to have more control over the added entropy sources in an
1201  * application.
1202  *
1203  * Uncomment this macro to prevent loading of default entropy functions.
1204  */
1205 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
1206 
1207 /**
1208  * \def MBEDTLS_NO_PLATFORM_ENTROPY
1209  *
1210  * Do not use built-in platform entropy functions.
1211  * This is useful if your platform does not support
1212  * standards like the /dev/urandom or Windows CryptoAPI.
1213  *
1214  * Uncomment this macro to disable the built-in platform entropy functions.
1215  */
1216 //#define MBEDTLS_NO_PLATFORM_ENTROPY
1217 
1218 /**
1219  * \def MBEDTLS_ENTROPY_FORCE_SHA256
1220  *
1221  * Force the entropy accumulator to use a SHA-256 accumulator instead of the
1222  * default SHA-512 based one (if both are available).
1223  *
1224  * Requires: MBEDTLS_SHA256_C
1225  *
1226  * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
1227  * if you have performance concerns.
1228  *
1229  * This option is only useful if both MBEDTLS_SHA256_C and
1230  * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
1231  */
1232 //#define MBEDTLS_ENTROPY_FORCE_SHA256
1233 
1234 /**
1235  * \def MBEDTLS_ENTROPY_NV_SEED
1236  *
1237  * Enable the non-volatile (NV) seed file-based entropy source.
1238  * (Also enables the NV seed read/write functions in the platform layer)
1239  *
1240  * This is crucial (if not required) on systems that do not have a
1241  * cryptographic entropy source (in hardware or kernel) available.
1242  *
1243  * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
1244  *
1245  * \note The read/write functions that are used by the entropy source are
1246  * determined in the platform layer, and can be modified at runtime and/or
1247  * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
1248  *
1249  * \note If you use the default implementation functions that read a seedfile
1250  * with regular fopen(), please make sure you make a seedfile with the
1251  * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
1252  * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
1253  * and written to or you will get an entropy source error! The default
1254  * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
1255  * bytes from the file.
1256  *
1257  * \note The entropy collector will write to the seed file before entropy is
1258  * given to an external source, to update it.
1259  */
1260 //#define MBEDTLS_ENTROPY_NV_SEED
1261 
1262 /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
1263  *
1264  * Enable key identifiers that encode a key owner identifier.
1265  *
1266  * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
1267  * which is currently hard-coded to be int32_t.
1268  *
1269  * Note that this option is meant for internal use only and may be removed
1270  * without notice.
1271  */
1272 //#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
1273 
1274 /**
1275  * \def MBEDTLS_MEMORY_DEBUG
1276  *
1277  * Enable debugging of buffer allocator memory issues. Automatically prints
1278  * (to stderr) all (fatal) messages on memory allocation issues. Enables
1279  * function for 'debug output' of allocated memory.
1280  *
1281  * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
1282  *
1283  * Uncomment this macro to let the buffer allocator print out error messages.
1284  */
1285 //#define MBEDTLS_MEMORY_DEBUG
1286 
1287 /**
1288  * \def MBEDTLS_MEMORY_BACKTRACE
1289  *
1290  * Include backtrace information with each allocated block.
1291  *
1292  * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
1293  * GLIBC-compatible backtrace() and backtrace_symbols() support
1294  *
1295  * Uncomment this macro to include backtrace information
1296  */
1297 //#define MBEDTLS_MEMORY_BACKTRACE
1298 
1299 /**
1300  * \def MBEDTLS_PK_RSA_ALT_SUPPORT
1301  *
1302  * Support external private RSA keys (eg from a HSM) in the PK layer.
1303  *
1304  * Comment this macro to disable support for external private RSA keys.
1305  */
1306 #define MBEDTLS_PK_RSA_ALT_SUPPORT
1307 
1308 /**
1309  * \def MBEDTLS_PKCS1_V15
1310  *
1311  * Enable support for PKCS#1 v1.5 encoding.
1312  *
1313  * Requires: MBEDTLS_RSA_C
1314  *
1315  * This enables support for PKCS#1 v1.5 operations.
1316  */
1317 #define MBEDTLS_PKCS1_V15
1318 
1319 /**
1320  * \def MBEDTLS_PKCS1_V21
1321  *
1322  * Enable support for PKCS#1 v2.1 encoding.
1323  *
1324  * Requires: MBEDTLS_RSA_C
1325  *
1326  * \warning If using a hash that is only provided by PSA drivers, you must
1327  * call psa_crypto_init() before doing any PKCS#1 v2.1 operation.
1328  *
1329  * This enables support for RSAES-OAEP and RSASSA-PSS operations.
1330  */
1331 #define MBEDTLS_PKCS1_V21
1332 
1333 /** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
1334  *
1335  * Enable support for platform built-in keys. If you enable this feature,
1336  * you must implement the function mbedtls_psa_platform_get_builtin_key().
1337  * See the documentation of that function for more information.
1338  *
1339  * Built-in keys are typically derived from a hardware unique key or
1340  * stored in a secure element.
1341  *
1342  * Requires: MBEDTLS_PSA_CRYPTO_C.
1343  *
1344  * \warning This interface is experimental and may change or be removed
1345  * without notice.
1346  */
1347 //#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
1348 
1349 /** \def MBEDTLS_PSA_CRYPTO_CLIENT
1350  *
1351  * Enable support for PSA crypto client.
1352  *
1353  * \note This option allows to include the code necessary for a PSA
1354  * crypto client when the PSA crypto implementation is not included in
1355  * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
1356  * code to set and get PSA key attributes.
1357  * The development of PSA drivers partially relying on the library to
1358  * fulfill the hardware gaps is another possible usage of this option.
1359  *
1360  * \warning This interface is experimental and may change or be removed
1361  * without notice.
1362  */
1363 //#define MBEDTLS_PSA_CRYPTO_CLIENT
1364 
1365 /** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
1366  *
1367  * Make the PSA Crypto module use an external random generator provided
1368  * by a driver, instead of Mbed TLS's entropy and DRBG modules.
1369  *
1370  * \note This random generator must deliver random numbers with cryptographic
1371  * quality and high performance. It must supply unpredictable numbers
1372  * with a uniform distribution. The implementation of this function
1373  * is responsible for ensuring that the random generator is seeded
1374  * with sufficient entropy. If you have a hardware TRNG which is slow
1375  * or delivers non-uniform output, declare it as an entropy source
1376  * with mbedtls_entropy_add_source() instead of enabling this option.
1377  *
1378  * If you enable this option, you must configure the type
1379  * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
1380  * and define a function called mbedtls_psa_external_get_random()
1381  * with the following prototype:
1382  * ```
1383  * psa_status_t mbedtls_psa_external_get_random(
1384  * mbedtls_psa_external_random_context_t *context,
1385  * uint8_t *output, size_t output_size, size_t *output_length);
1386  * );
1387  * ```
1388  * The \c context value is initialized to 0 before the first call.
1389  * The function must fill the \c output buffer with \c output_size bytes
1390  * of random data and set \c *output_length to \c output_size.
1391  *
1392  * Requires: MBEDTLS_PSA_CRYPTO_C
1393  *
1394  * \warning If you enable this option, code that uses the PSA cryptography
1395  * interface will not use any of the entropy sources set up for
1396  * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED
1397  * enables.
1398  *
1399  * \note This option is experimental and may be removed without notice.
1400  */
1401 //#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
1402 
1403 /**
1404  * \def MBEDTLS_PSA_CRYPTO_SPM
1405  *
1406  * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
1407  * Partition Manager) integration which separates the code into two parts: a
1408  * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
1409  * Environment).
1410  *
1411  * If you enable this option, your build environment must include a header
1412  * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS
1413  * header files, or in another directory on the compiler's include search
1414  * path). Alternatively, your platform may customize the header
1415  * `psa/crypto_platform.h`, in which case it can skip or replace the
1416  * inclusion of `"crypto_spe.h"`.
1417  *
1418  * Module: library/psa_crypto.c
1419  * Requires: MBEDTLS_PSA_CRYPTO_C
1420  *
1421  */
1422 //#define MBEDTLS_PSA_CRYPTO_SPM
1423 
1424 /**
1425  * Uncomment to enable p256-m. This is an alternative implementation of
1426  * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
1427  * Compared to the default implementation:
1428  *
1429  * - p256-m has a much smaller code size and RAM footprint.
1430  * - p256-m is only available via the PSA API. This includes the pk module
1431  * when #MBEDTLS_USE_PSA_CRYPTO is enabled.
1432  * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
1433  * over the core arithmetic, or deterministic derivation of keys.
1434  *
1435  * We recommend enabling this option if your application uses the PSA API
1436  * and the only elliptic curve support it needs is ECDH and ECDSA over
1437  * SECP256R1.
1438  *
1439  * If you enable this option, you do not need to enable any ECC-related
1440  * MBEDTLS_xxx option. You do need to separately request support for the
1441  * cryptographic mechanisms through the PSA API:
1442  * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
1443  * configuration;
1444  * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS;
1445  * - #PSA_WANT_ECC_SECP_R1_256;
1446  * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
1447  * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
1448  * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
1449  * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
1450  * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
1451  *
1452  * \note To benefit from the smaller code size of p256-m, make sure that you
1453  * do not enable any ECC-related option not supported by p256-m: this
1454  * would cause the built-in ECC implementation to be built as well, in
1455  * order to provide the required option.
1456  * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
1457  * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
1458  * SECP256R1 are disabled as they are not supported by this driver.
1459  * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
1460  * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
1461  * the built-in ECC implementation, see docs/driver-only-builds.md.
1462  */
1463 //#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
1464 
1465 /**
1466  * \def MBEDTLS_PSA_INJECT_ENTROPY
1467  *
1468  * Enable support for entropy injection at first boot. This feature is
1469  * required on systems that do not have a built-in entropy source (TRNG).
1470  * This feature is currently not supported on systems that have a built-in
1471  * entropy source.
1472  *
1473  * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
1474  *
1475  */
1476 //#define MBEDTLS_PSA_INJECT_ENTROPY
1477 
1478 /**
1479  * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
1480  *
1481  * Assume all buffers passed to PSA functions are owned exclusively by the
1482  * PSA function and are not stored in shared memory.
1483  *
1484  * This option may be enabled if all buffers passed to any PSA function reside
1485  * in memory that is accessible only to the PSA function during its execution.
1486  *
1487  * This option MUST be disabled whenever buffer arguments are in memory shared
1488  * with an untrusted party, for example where arguments to PSA calls are passed
1489  * across a trust boundary.
1490  *
1491  * \note Enabling this option reduces memory usage and code size.
1492  *
1493  * \note Enabling this option causes overlap of input and output buffers
1494  * not to be supported by PSA functions.
1495  */
1496 //#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
1497 
1498 /**
1499  * \def MBEDTLS_RSA_NO_CRT
1500  *
1501  * Do not use the Chinese Remainder Theorem
1502  * for the RSA private operation.
1503  *
1504  * Uncomment this macro to disable the use of CRT in RSA.
1505  *
1506  */
1507 //#define MBEDTLS_RSA_NO_CRT
1508 
1509 /**
1510  * \def MBEDTLS_SELF_TEST
1511  *
1512  * Enable the checkup functions (*_self_test).
1513  */
1514 //#define MBEDTLS_SELF_TEST
1515 
1516 /**
1517  * \def MBEDTLS_SHA256_SMALLER
1518  *
1519  * Enable an implementation of SHA-256 that has lower ROM footprint but also
1520  * lower performance.
1521  *
1522  * The default implementation is meant to be a reasonable compromise between
1523  * performance and size. This version optimizes more aggressively for size at
1524  * the expense of performance. Eg on Cortex-M4 it reduces the size of
1525  * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
1526  * 30%.
1527  *
1528  * Uncomment to enable the smaller implementation of SHA256.
1529  */
1530 //#define MBEDTLS_SHA256_SMALLER
1531 
1532 /**
1533  * \def MBEDTLS_SHA512_SMALLER
1534  *
1535  * Enable an implementation of SHA-512 that has lower ROM footprint but also
1536  * lower performance.
1537  *
1538  * Uncomment to enable the smaller implementation of SHA512.
1539  */
1540 //#define MBEDTLS_SHA512_SMALLER
1541 
1542 /**
1543  * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
1544  *
1545  * Enable sending of alert messages in case of encountered errors as per RFC.
1546  * If you choose not to send the alert messages, Mbed TLS can still communicate
1547  * with other servers, only debugging of failures is harder.
1548  *
1549  * The advantage of not sending alert messages, is that no information is given
1550  * about reasons for failures thus preventing adversaries of gaining intel.
1551  *
1552  * Enable sending of all alert messages
1553  */
1554 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
1555 
1556 /**
1557  * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
1558  *
1559  * Enable support for the DTLS Connection ID (CID) extension,
1560  * which allows to identify DTLS connections across changes
1561  * in the underlying transport. The CID functionality is described
1562  * in RFC 9146.
1563  *
1564  * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
1565  * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
1566  * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
1567  * more information.
1568  *
1569  * The maximum lengths of outgoing and incoming CIDs can be configured
1570  * through the options
1571  * - MBEDTLS_SSL_CID_OUT_LEN_MAX
1572  * - MBEDTLS_SSL_CID_IN_LEN_MAX.
1573  *
1574  * Requires: MBEDTLS_SSL_PROTO_DTLS
1575  *
1576  * Uncomment to enable the Connection ID extension.
1577  */
1578 #define MBEDTLS_SSL_DTLS_CONNECTION_ID
1579 
1580 
1581 /**
1582  * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
1583  *
1584  * Defines whether RFC 9146 (default) or the legacy version
1585  * (version draft-ietf-tls-dtls-connection-id-05,
1586  * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
1587  * is used.
1588  *
1589  * Set the value to 0 for the standard version, and
1590  * 1 for the legacy draft version.
1591  *
1592  * \deprecated Support for the legacy version of the DTLS
1593  * Connection ID feature is deprecated. Please
1594  * switch to the standardized version defined
1595  * in RFC 9146 enabled by utilizing
1596  * MBEDTLS_SSL_DTLS_CONNECTION_ID without use
1597  * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
1598  *
1599  * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
1600  */
1601 #define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
1602 
1603 /**
1604  * \def MBEDTLS_SSL_ASYNC_PRIVATE
1605  *
1606  * Enable asynchronous external private key operations in SSL. This allows
1607  * you to configure an SSL connection to call an external cryptographic
1608  * module to perform private key operations instead of performing the
1609  * operation inside the library.
1610  *
1611  * Requires: MBEDTLS_X509_CRT_PARSE_C
1612  */
1613 //#define MBEDTLS_SSL_ASYNC_PRIVATE
1614 
1615 /**
1616  * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
1617  *
1618  * Enable serialization of the TLS context structures, through use of the
1619  * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
1620  *
1621  * This pair of functions allows one side of a connection to serialize the
1622  * context associated with the connection, then free or re-use that context
1623  * while the serialized state is persisted elsewhere, and finally deserialize
1624  * that state to a live context for resuming read/write operations on the
1625  * connection. From a protocol perspective, the state of the connection is
1626  * unaffected, in particular this is entirely transparent to the peer.
1627  *
1628  * Note: this is distinct from TLS session resumption, which is part of the
1629  * protocol and fully visible by the peer. TLS session resumption enables
1630  * establishing new connections associated to a saved session with shorter,
1631  * lighter handshakes, while context serialization is a local optimization in
1632  * handling a single, potentially long-lived connection.
1633  *
1634  * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
1635  * saved after the handshake to allow for more efficient serialization, so if
1636  * you don't need this feature you'll save RAM by disabling it.
1637  *
1638  * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
1639  *
1640  * Comment to disable the context serialization APIs.
1641  */
1642 #define MBEDTLS_SSL_CONTEXT_SERIALIZATION
1643 
1644 /**
1645  * \def MBEDTLS_SSL_DEBUG_ALL
1646  *
1647  * Enable the debug messages in SSL module for all issues.
1648  * Debug messages have been disabled in some places to prevent timing
1649  * attacks due to (unbalanced) debugging function calls.
1650  *
1651  * If you need all error reporting you should enable this during debugging,
1652  * but remove this for production servers that should log as well.
1653  *
1654  * Uncomment this macro to report all debug messages on errors introducing
1655  * a timing side-channel.
1656  *
1657  */
1658 //#define MBEDTLS_SSL_DEBUG_ALL
1659 
1660 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
1661  *
1662  * Enable support for Encrypt-then-MAC, RFC 7366.
1663  *
1664  * This allows peers that both support it to use a more robust protection for
1665  * ciphersuites using CBC, providing deep resistance against timing attacks
1666  * on the padding or underlying cipher.
1667  *
1668  * This only affects CBC ciphersuites, and is useless if none is defined.
1669  *
1670  * Requires: MBEDTLS_SSL_PROTO_TLS1_2
1671  *
1672  * Comment this macro to disable support for Encrypt-then-MAC
1673  */
1674 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC
1675 
1676 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
1677  *
1678  * Enable support for RFC 7627: Session Hash and Extended Master Secret
1679  * Extension.
1680  *
1681  * This was introduced as "the proper fix" to the Triple Handshake family of
1682  * attacks, but it is recommended to always use it (even if you disable
1683  * renegotiation), since it actually fixes a more fundamental issue in the
1684  * original SSL/TLS design, and has implications beyond Triple Handshake.
1685  *
1686  * Requires: MBEDTLS_SSL_PROTO_TLS1_2
1687  *
1688  * Comment this macro to disable support for Extended Master Secret.
1689  */
1690 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
1691 
1692 /**
1693  * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1694  *
1695  * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
1696  * giving access to the peer's certificate after completion of the handshake.
1697  *
1698  * Unless you need mbedtls_ssl_peer_cert() in your application, it is
1699  * recommended to disable this option for reduced RAM usage.
1700  *
1701  * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
1702  * defined, but always returns \c NULL.
1703  *
1704  * \note This option has no influence on the protection against the
1705  * triple handshake attack. Even if it is disabled, Mbed TLS will
1706  * still ensure that certificates do not change during renegotiation,
1707  * for example by keeping a hash of the peer's certificate.
1708  *
1709  * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
1710  *
1711  * Comment this macro to disable storing the peer's certificate
1712  * after the handshake.
1713  */
1714 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1715 
1716 /**
1717  * \def MBEDTLS_SSL_RENEGOTIATION
1718  *
1719  * Enable support for TLS renegotiation.
1720  *
1721  * The two main uses of renegotiation are (1) refresh keys on long-lived
1722  * connections and (2) client authentication after the initial handshake.
1723  * If you don't need renegotiation, it's probably better to disable it, since
1724  * it has been associated with security issues in the past and is easy to
1725  * misuse/misunderstand.
1726  *
1727  * Requires: MBEDTLS_SSL_PROTO_TLS1_2
1728  *
1729  * Comment this to disable support for renegotiation.
1730  *
1731  * \note Even if this option is disabled, both client and server are aware
1732  * of the Renegotiation Indication Extension (RFC 5746) used to
1733  * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
1734  * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
1735  * configuration of this extension).
1736  *
1737  */
1738 #define MBEDTLS_SSL_RENEGOTIATION
1739 
1740 /**
1741  * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1742  *
1743  * Enable support for RFC 6066 max_fragment_length extension in SSL.
1744  *
1745  * Comment this macro to disable support for the max_fragment_length extension
1746  */
1747 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1748 
1749 /**
1750  * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
1751  *
1752  * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
1753  *
1754  * Requires: MBEDTLS_SSL_PROTO_TLS1_3
1755  *
1756  * Uncomment this macro to enable support for the record_size_limit extension
1757  */
1758 //#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
1759 
1760 /**
1761  * \def MBEDTLS_SSL_PROTO_TLS1_2
1762  *
1763  * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
1764  *
1765  * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
1766  * (MBEDTLS_SHA256_C or MBEDTLS_SHA384_C or
1767  * SHA-256 or SHA-512 provided by a PSA driver)
1768  * With MBEDTLS_USE_PSA_CRYPTO:
1769  * PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384
1770  *
1771  * \warning If building with MBEDTLS_USE_PSA_CRYPTO, or if the hash(es) used
1772  * are only provided by PSA drivers, you must call psa_crypto_init() before
1773  * doing any TLS operations.
1774  *
1775  * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
1776  */
1777 #define MBEDTLS_SSL_PROTO_TLS1_2
1778 
1779 /**
1780  * \def MBEDTLS_SSL_PROTO_TLS1_3
1781  *
1782  * Enable support for TLS 1.3.
1783  *
1784  * \note See docs/architecture/tls13-support.md for a description of the TLS
1785  * 1.3 support that this option enables.
1786  *
1787  * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1788  * Requires: MBEDTLS_PSA_CRYPTO_C
1789  *
1790  * \note TLS 1.3 uses PSA crypto for cryptographic operations that are
1791  * directly performed by TLS 1.3 code. As a consequence, you must
1792  * call psa_crypto_init() before the first TLS 1.3 handshake.
1793  *
1794  * \note Cryptographic operations performed indirectly via another module
1795  * (X.509, PK) or by code shared with TLS 1.2 (record protection,
1796  * running handshake hash) only use PSA crypto if
1797  * #MBEDTLS_USE_PSA_CRYPTO is enabled.
1798  *
1799  * Uncomment this macro to enable the support for TLS 1.3.
1800  */
1801 #define MBEDTLS_SSL_PROTO_TLS1_3
1802 
1803 /**
1804  * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1805  *
1806  * Enable TLS 1.3 middlebox compatibility mode.
1807  *
1808  * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
1809  * mode to make a TLS 1.3 connection more likely to pass through middle boxes
1810  * expecting TLS 1.2 traffic.
1811  *
1812  * Turning on the compatibility mode comes at the cost of a few added bytes
1813  * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
1814  * that don't use it. Therefore, unless transmission bandwidth is critical and
1815  * you know that middlebox compatibility issues won't occur, it is therefore
1816  * recommended to set this option.
1817  *
1818  * Comment to disable compatibility mode for TLS 1.3. If
1819  * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
1820  * effect on the build.
1821  *
1822  */
1823 #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1824 
1825 /**
1826  * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1827  *
1828  * Enable TLS 1.3 PSK key exchange mode.
1829  *
1830  * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
1831  * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
1832  * effect on the build.
1833  *
1834  */
1835 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1836 
1837 /**
1838  * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1839  *
1840  * Enable TLS 1.3 ephemeral key exchange mode.
1841  *
1842  * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
1843  * MBEDTLS_X509_CRT_PARSE_C
1844  * and at least one of:
1845  * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA)
1846  * MBEDTLS_PKCS1_V21
1847  *
1848  * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
1849  * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
1850  * effect on the build.
1851  *
1852  */
1853 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1854 
1855 /**
1856  * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1857  *
1858  * Enable TLS 1.3 PSK ephemeral key exchange mode.
1859  *
1860  * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
1861  *
1862  * Comment to disable support for the PSK ephemeral key exchange mode in
1863  * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
1864  * have any effect on the build.
1865  *
1866  */
1867 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1868 
1869 /**
1870  * \def MBEDTLS_SSL_EARLY_DATA
1871  *
1872  * Enable support for RFC 8446 TLS 1.3 early data.
1873  *
1874  * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
1875  * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
1876  * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1877  *
1878  * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
1879  * is not enabled, this option does not have any effect on the build.
1880  *
1881  * \note The maximum amount of early data can be set with
1882  * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
1883  *
1884  */
1885 //#define MBEDTLS_SSL_EARLY_DATA
1886 
1887 /**
1888  * \def MBEDTLS_SSL_PROTO_DTLS
1889  *
1890  * Enable support for DTLS (all available versions).
1891  *
1892  * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
1893  *
1894  * Requires: MBEDTLS_SSL_PROTO_TLS1_2
1895  *
1896  * Comment this macro to disable support for DTLS
1897  */
1898 #define MBEDTLS_SSL_PROTO_DTLS
1899 
1900 /**
1901  * \def MBEDTLS_SSL_ALPN
1902  *
1903  * Enable support for RFC 7301 Application Layer Protocol Negotiation.
1904  *
1905  * Comment this macro to disable support for ALPN.
1906  */
1907 #define MBEDTLS_SSL_ALPN
1908 
1909 /**
1910  * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
1911  *
1912  * Enable support for the anti-replay mechanism in DTLS.
1913  *
1914  * Requires: MBEDTLS_SSL_TLS_C
1915  * MBEDTLS_SSL_PROTO_DTLS
1916  *
1917  * \warning Disabling this is often a security risk!
1918  * See mbedtls_ssl_conf_dtls_anti_replay() for details.
1919  *
1920  * Comment this to disable anti-replay in DTLS.
1921  */
1922 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
1923 
1924 /**
1925  * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
1926  *
1927  * Enable support for HelloVerifyRequest on DTLS servers.
1928  *
1929  * This feature is highly recommended to prevent DTLS servers being used as
1930  * amplifiers in DoS attacks against other hosts. It should always be enabled
1931  * unless you know for sure amplification cannot be a problem in the
1932  * environment in which your server operates.
1933  *
1934  * \warning Disabling this can be a security risk! (see above)
1935  *
1936  * Requires: MBEDTLS_SSL_PROTO_DTLS
1937  *
1938  * Comment this to disable support for HelloVerifyRequest.
1939  */
1940 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
1941 
1942 /**
1943  * \def MBEDTLS_SSL_DTLS_SRTP
1944  *
1945  * Enable support for negotiation of DTLS-SRTP (RFC 5764)
1946  * through the use_srtp extension.
1947  *
1948  * \note This feature provides the minimum functionality required
1949  * to negotiate the use of DTLS-SRTP and to allow the derivation of
1950  * the associated SRTP packet protection key material.
1951  * In particular, the SRTP packet protection itself, as well as the
1952  * demultiplexing of RTP and DTLS packets at the datagram layer
1953  * (see Section 5 of RFC 5764), are not handled by this feature.
1954  * Instead, after successful completion of a handshake negotiating
1955  * the use of DTLS-SRTP, the extended key exporter API
1956  * mbedtls_ssl_conf_export_keys_cb() should be used to implement
1957  * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
1958  * (this is implemented in the SSL example programs).
1959  * The resulting key should then be passed to an SRTP stack.
1960  *
1961  * Setting this option enables the runtime API
1962  * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
1963  * through which the supported DTLS-SRTP protection
1964  * profiles can be configured. You must call this API at
1965  * runtime if you wish to negotiate the use of DTLS-SRTP.
1966  *
1967  * Requires: MBEDTLS_SSL_PROTO_DTLS
1968  *
1969  * Uncomment this to enable support for use_srtp extension.
1970  */
1971 //#define MBEDTLS_SSL_DTLS_SRTP
1972 
1973 /**
1974  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1975  *
1976  * Enable server-side support for clients that reconnect from the same port.
1977  *
1978  * Some clients unexpectedly close the connection and try to reconnect using the
1979  * same source port. This needs special support from the server to handle the
1980  * new connection securely, as described in section 4.2.8 of RFC 6347. This
1981  * flag enables that support.
1982  *
1983  * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
1984  *
1985  * Comment this to disable support for clients reusing the source port.
1986  */
1987 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1988 
1989 /**
1990  * \def MBEDTLS_SSL_SESSION_TICKETS
1991  *
1992  * Enable support for RFC 5077 session tickets in SSL.
1993  * Client-side, provides full support for session tickets (maintenance of a
1994  * session store remains the responsibility of the application, though).
1995  * Server-side, you also need to provide callbacks for writing and parsing
1996  * tickets, including authenticated encryption and key management. Example
1997  * callbacks are provided by MBEDTLS_SSL_TICKET_C.
1998  *
1999  * Comment this macro to disable support for SSL session tickets
2000  */
2001 #define MBEDTLS_SSL_SESSION_TICKETS
2002 
2003 /**
2004  * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
2005  *
2006  * Enable support for RFC 6066 server name indication (SNI) in SSL.
2007  *
2008  * Requires: MBEDTLS_X509_CRT_PARSE_C
2009  *
2010  * Comment this macro to disable support for server name indication in SSL
2011  */
2012 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
2013 
2014 /**
2015  * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
2016  *
2017  * When this option is enabled, the SSL buffer will be resized automatically
2018  * based on the negotiated maximum fragment length in each direction.
2019  *
2020  * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2021  */
2022 //#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
2023 
2024 /**
2025  * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
2026  *
2027  * Enable testing of the constant-flow nature of some sensitive functions with
2028  * clang's MemorySanitizer. This causes some existing tests to also test
2029  * this non-functional property of the code under test.
2030  *
2031  * This setting requires compiling with clang -fsanitize=memory. The test
2032  * suites can then be run normally.
2033  *
2034  * \warning This macro is only used for extended testing; it is not considered
2035  * part of the library's API, so it may change or disappear at any time.
2036  *
2037  * Uncomment to enable testing of the constant-flow nature of selected code.
2038  */
2039 //#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
2040 
2041 /**
2042  * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
2043  *
2044  * Enable testing of the constant-flow nature of some sensitive functions with
2045  * valgrind's memcheck tool. This causes some existing tests to also test
2046  * this non-functional property of the code under test.
2047  *
2048  * This setting requires valgrind headers for building, and is only useful for
2049  * testing if the tests suites are run with valgrind's memcheck. This can be
2050  * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
2051  * using CMake, this can be done for all test suites with 'make memcheck'.
2052  *
2053  * \warning This macro is only used for extended testing; it is not considered
2054  * part of the library's API, so it may change or disappear at any time.
2055  *
2056  * Uncomment to enable testing of the constant-flow nature of selected code.
2057  */
2058 //#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
2059 
2060 /**
2061  * \def MBEDTLS_TEST_HOOKS
2062  *
2063  * Enable features for invasive testing such as introspection functions and
2064  * hooks for fault injection. This enables additional unit tests.
2065  *
2066  * Merely enabling this feature should not change the behavior of the product.
2067  * It only adds new code, and new branching points where the default behavior
2068  * is the same as when this feature is disabled.
2069  * However, this feature increases the attack surface: there is an added
2070  * risk of vulnerabilities, and more gadgets that can make exploits easier.
2071  * Therefore this feature must never be enabled in production.
2072  *
2073  * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
2074  * information.
2075  *
2076  * Uncomment to enable invasive tests.
2077  */
2078 //#define MBEDTLS_TEST_HOOKS
2079 
2080 /**
2081  * \def MBEDTLS_THREADING_ALT
2082  *
2083  * Provide your own alternate threading implementation.
2084  *
2085  * Requires: MBEDTLS_THREADING_C
2086  *
2087  * Uncomment this to allow your own alternate threading implementation.
2088  */
2089 #define MBEDTLS_THREADING_ALT
2090 
2091 /**
2092  * \def MBEDTLS_THREADING_PTHREAD
2093  *
2094  * Enable the pthread wrapper layer for the threading layer.
2095  *
2096  * Requires: MBEDTLS_THREADING_C
2097  *
2098  * Uncomment this to enable pthread mutexes.
2099  */
2100 //#define MBEDTLS_THREADING_PTHREAD
2101 
2102 /**
2103  * \def MBEDTLS_USE_PSA_CRYPTO
2104  *
2105  * Make the X.509 and TLS libraries use PSA for cryptographic operations as
2106  * much as possible, and enable new APIs for using keys handled by PSA Crypto.
2107  *
2108  * \note Development of this option is currently in progress, and parts of Mbed
2109  * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
2110  * will still continue to work as usual, so enabling this option should not
2111  * break backwards compatibility.
2112  *
2113  * \warning If you enable this option, you need to call `psa_crypto_init()`
2114  * before calling any function from the SSL/TLS, X.509 or PK modules, except
2115  * for the various mbedtls_xxx_init() functions which can be called at any time.
2116  *
2117  * \note An important and desirable effect of this option is that it allows
2118  * PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling
2119  * this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in
2120  * those modules. However, note that even with this option disabled, some code
2121  * in PK, X.509, TLS or the crypto library might still use PSA drivers, if it
2122  * can determine it's safe to do so; currently that's the case for hashes.
2123  *
2124  * \note See docs/use-psa-crypto.md for a complete description this option.
2125  *
2126  * Requires: MBEDTLS_PSA_CRYPTO_C.
2127  *
2128  * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
2129  */
2130 //#define MBEDTLS_USE_PSA_CRYPTO
2131 
2132 /**
2133  * \def MBEDTLS_PSA_CRYPTO_CONFIG
2134  *
2135  * This setting allows support for cryptographic mechanisms through the PSA
2136  * API to be configured separately from support through the mbedtls API.
2137  *
2138  * When this option is disabled, the PSA API exposes the cryptographic
2139  * mechanisms that can be implemented on top of the `mbedtls_xxx` API
2140  * configured with `MBEDTLS_XXX` symbols.
2141  *
2142  * When this option is enabled, the PSA API exposes the cryptographic
2143  * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
2144  * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
2145  * automatically enabled if required (i.e. if no PSA driver provides the
2146  * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
2147  * in mbedtls_config.h.
2148  *
2149  * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
2150  * an alternative header to include instead of include/psa/crypto_config.h.
2151  *
2152  * \warning This option is experimental, in that the set of `PSA_WANT_XXX`
2153  * symbols is not completely finalized yet, and the configuration
2154  * tooling is not ideally adapted to having two separate configuration
2155  * files.
2156  * Future minor releases of Mbed TLS may make minor changes to those
2157  * symbols, but we will endeavor to provide a transition path.
2158  * Nonetheless, this option is considered mature enough to use in
2159  * production, as long as you accept that you may need to make
2160  * minor changes to psa/crypto_config.h when upgrading Mbed TLS.
2161  */
2162 //#define MBEDTLS_PSA_CRYPTO_CONFIG
2163 
2164 /**
2165  * \def MBEDTLS_VERSION_FEATURES
2166  *
2167  * Allow run-time checking of compile-time enabled features. Thus allowing users
2168  * to check at run-time if the library is for instance compiled with threading
2169  * support via mbedtls_version_check_feature().
2170  *
2171  * Requires: MBEDTLS_VERSION_C
2172  *
2173  * Comment this to disable run-time checking and save ROM space
2174  */
2175 #define MBEDTLS_VERSION_FEATURES
2176 
2177 /**
2178  * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
2179  *
2180  * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
2181  * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
2182  * the set of trusted certificates through a callback instead of a linked
2183  * list.
2184  *
2185  * This is useful for example in environments where a large number of trusted
2186  * certificates is present and storing them in a linked list isn't efficient
2187  * enough, or when the set of trusted certificates changes frequently.
2188  *
2189  * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
2190  * `mbedtls_ssl_conf_ca_cb()` for more information.
2191  *
2192  * Requires: MBEDTLS_X509_CRT_PARSE_C
2193  *
2194  * Uncomment to enable trusted certificate callbacks.
2195  */
2196 //#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
2197 
2198 /**
2199  * \def MBEDTLS_X509_REMOVE_INFO
2200  *
2201  * Disable mbedtls_x509_*_info() and related APIs.
2202  *
2203  * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
2204  * and other functions/constants only used by these functions, thus reducing
2205  * the code footprint by several KB.
2206  */
2207 //#define MBEDTLS_X509_REMOVE_INFO
2208 
2209 /**
2210  * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
2211  *
2212  * Enable parsing and verification of X.509 certificates, CRLs and CSRS
2213  * signed with RSASSA-PSS (aka PKCS#1 v2.1).
2214  *
2215  * Requires: MBEDTLS_PKCS1_V21
2216  *
2217  * Comment this macro to disallow using RSASSA-PSS in certificates.
2218  */
2219 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
2220 /** \} name SECTION: Mbed TLS feature support */
2221 
2222 /**
2223  * \name SECTION: Mbed TLS modules
2224  *
2225  * This section enables or disables entire modules in Mbed TLS
2226  * \{
2227  */
2228 
2229 /**
2230  * \def MBEDTLS_AESNI_C
2231  *
2232  * Enable AES-NI support on x86-64 or x86-32.
2233  *
2234  * \note AESNI is only supported with certain compilers and target options:
2235  * - Visual Studio: supported
2236  * - GCC, x86-64, target not explicitly supporting AESNI:
2237  * requires MBEDTLS_HAVE_ASM.
2238  * - GCC, x86-32, target not explicitly supporting AESNI:
2239  * not supported.
2240  * - GCC, x86-64 or x86-32, target supporting AESNI: supported.
2241  * For this assembly-less implementation, you must currently compile
2242  * `library/aesni.c` and `library/aes.c` with machine options to enable
2243  * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
2244  * `clang -maes -mpclmul`.
2245  * - Non-x86 targets: this option is silently ignored.
2246  * - Other compilers: this option is silently ignored.
2247  *
2248  * \note
2249  * Above, "GCC" includes compatible compilers such as Clang.
2250  * The limitations on target support are likely to be relaxed in the future.
2251  *
2252  * Module: library/aesni.c
2253  * Caller: library/aes.c
2254  *
2255  * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
2256  *
2257  * This modules adds support for the AES-NI instructions on x86.
2258  */
2259 #define MBEDTLS_AESNI_C
2260 
2261 /**
2262  * \def MBEDTLS_AESCE_C
2263  *
2264  * Enable AES cryptographic extension support on Armv8.
2265  *
2266  * Module: library/aesce.c
2267  * Caller: library/aes.c
2268  *
2269  * Requires: MBEDTLS_AES_C
2270  *
2271  * \warning Runtime detection only works on Linux. For non-Linux operating
2272  * system, Armv8-A Cryptographic Extensions must be supported by
2273  * the CPU when this option is enabled.
2274  *
2275  * \note Minimum compiler versions for this feature when targeting aarch64
2276  * are Clang 4.0; armclang 6.6; GCC 6.0; or MSVC 2019 version 16.11.2.
2277  * Minimum compiler versions for this feature when targeting 32-bit
2278  * Arm or Thumb are Clang 11.0; armclang 6.20; or GCC 6.0.
2279  *
2280  * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
2281  * armclang <= 6.9
2282  *
2283  * This module adds support for the AES Armv8-A Cryptographic Extensions on Armv8 systems.
2284  */
2285 #define MBEDTLS_AESCE_C
2286 
2287 /**
2288  * \def MBEDTLS_AES_C
2289  *
2290  * Enable the AES block cipher.
2291  *
2292  * Module: library/aes.c
2293  * Caller: library/cipher.c
2294  * library/pem.c
2295  * library/ctr_drbg.c
2296  *
2297  * This module enables the following ciphersuites (if other requisites are
2298  * enabled as well):
2299  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
2300  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
2301  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
2302  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
2303  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
2304  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
2305  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
2306  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
2307  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
2308  * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
2309  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
2310  * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
2311  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
2312  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2313  * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2314  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
2315  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
2316  * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
2317  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
2318  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2319  * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
2320  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2321  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2322  * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
2323  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
2324  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2325  * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
2326  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
2327  * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2328  * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
2329  * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
2330  * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
2331  * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
2332  * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
2333  * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
2334  * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
2335  * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
2336  * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
2337  * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
2338  * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
2339  * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
2340  * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
2341  * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
2342  * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
2343  * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
2344  * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
2345  * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
2346  * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
2347  * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
2348  * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
2349  * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
2350  * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
2351  * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
2352  * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
2353  * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
2354  * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
2355  * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
2356  * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
2357  *
2358  * PEM_PARSE uses AES for decrypting encrypted keys.
2359  */
2360 #define MBEDTLS_AES_C
2361 
2362 /**
2363  * \def MBEDTLS_ASN1_PARSE_C
2364  *
2365  * Enable the generic ASN1 parser.
2366  *
2367  * Module: library/asn1.c
2368  * Caller: library/x509.c
2369  * library/dhm.c
2370  * library/pkcs12.c
2371  * library/pkcs5.c
2372  * library/pkparse.c
2373  */
2374 #define MBEDTLS_ASN1_PARSE_C
2375 
2376 /**
2377  * \def MBEDTLS_ASN1_WRITE_C
2378  *
2379  * Enable the generic ASN1 writer.
2380  *
2381  * Module: library/asn1write.c
2382  * Caller: library/ecdsa.c
2383  * library/pkwrite.c
2384  * library/x509_create.c
2385  * library/x509write_crt.c
2386  * library/x509write_csr.c
2387  */
2388 #define MBEDTLS_ASN1_WRITE_C
2389 
2390 /**
2391  * \def MBEDTLS_BASE64_C
2392  *
2393  * Enable the Base64 module.
2394  *
2395  * Module: library/base64.c
2396  * Caller: library/pem.c
2397  *
2398  * This module is required for PEM support (required by X.509).
2399  */
2400 #define MBEDTLS_BASE64_C
2401 
2402 /**
2403  * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2404  *
2405  * Remove decryption operation for AES, ARIA and Camellia block cipher.
2406  *
2407  * \note This feature is incompatible with insecure block cipher,
2408  * MBEDTLS_DES_C, and cipher modes which always require decryption
2409  * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and
2410  * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled,
2411  * this feature is incompatible with following supported PSA equivalence,
2412  * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING,
2413  * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES.
2414  *
2415  * Module: library/aes.c
2416  * library/aesce.c
2417  * library/aesni.c
2418  * library/aria.c
2419  * library/camellia.c
2420  * library/cipher.c
2421  */
2422 //#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2423 
2424 /**
2425  * \def MBEDTLS_BIGNUM_C
2426  *
2427  * Enable the multi-precision integer library.
2428  *
2429  * Module: library/bignum.c
2430  * library/bignum_core.c
2431  * library/bignum_mod.c
2432  * library/bignum_mod_raw.c
2433  * Caller: library/dhm.c
2434  * library/ecp.c
2435  * library/ecdsa.c
2436  * library/rsa.c
2437  * library/rsa_alt_helpers.c
2438  * library/ssl_tls.c
2439  *
2440  * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
2441  */
2442 #define MBEDTLS_BIGNUM_C
2443 
2444 /**
2445  * \def MBEDTLS_CAMELLIA_C
2446  *
2447  * Enable the Camellia block cipher.
2448  *
2449  * Module: library/camellia.c
2450  * Caller: library/cipher.c
2451  *
2452  * This module enables the following ciphersuites (if other requisites are
2453  * enabled as well):
2454  * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
2455  * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
2456  * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
2457  * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
2458  * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
2459  * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
2460  * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
2461  * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
2462  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
2463  * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
2464  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
2465  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
2466  * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
2467  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2468  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2469  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
2470  * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2471  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2472  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
2473  * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2474  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2475  * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
2476  * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
2477  * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2478  * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2479  * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
2480  * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2481  * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2482  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
2483  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
2484  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
2485  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
2486  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
2487  * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
2488  * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
2489  * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
2490  * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
2491  * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
2492  * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
2493  * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
2494  * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
2495  * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
2496  */
2497 #define MBEDTLS_CAMELLIA_C
2498 
2499 /**
2500  * \def MBEDTLS_ARIA_C
2501  *
2502  * Enable the ARIA block cipher.
2503  *
2504  * Module: library/aria.c
2505  * Caller: library/cipher.c
2506  *
2507  * This module enables the following ciphersuites (if other requisites are
2508  * enabled as well):
2509  *
2510  * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
2511  * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
2512  * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
2513  * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
2514  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
2515  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
2516  * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
2517  * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
2518  * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
2519  * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
2520  * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
2521  * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
2522  * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
2523  * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
2524  * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
2525  * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
2526  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
2527  * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
2528  * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
2529  * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
2530  * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
2531  * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
2532  * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
2533  * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
2534  * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
2535  * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
2536  * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
2537  * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
2538  * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
2539  * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
2540  * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
2541  * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
2542  * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
2543  * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
2544  * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
2545  * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
2546  * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
2547  * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
2548  */
2549 #define MBEDTLS_ARIA_C
2550 
2551 /**
2552  * \def MBEDTLS_CCM_C
2553  *
2554  * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
2555  *
2556  * Module: library/ccm.c
2557  *
2558  * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
2559  * MBEDTLS_ARIA_C
2560  *
2561  * This module enables the AES-CCM ciphersuites, if other requisites are
2562  * enabled as well.
2563  */
2564 #define MBEDTLS_CCM_C
2565 
2566 /**
2567  * \def MBEDTLS_CHACHA20_C
2568  *
2569  * Enable the ChaCha20 stream cipher.
2570  *
2571  * Module: library/chacha20.c
2572  */
2573 #define MBEDTLS_CHACHA20_C
2574 
2575 /**
2576  * \def MBEDTLS_CHACHAPOLY_C
2577  *
2578  * Enable the ChaCha20-Poly1305 AEAD algorithm.
2579  *
2580  * Module: library/chachapoly.c
2581  *
2582  * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
2583  */
2584 #define MBEDTLS_CHACHAPOLY_C
2585 
2586 /**
2587  * \def MBEDTLS_CIPHER_C
2588  *
2589  * Enable the generic cipher layer.
2590  *
2591  * Module: library/cipher.c
2592  * Caller: library/ccm.c
2593  * library/cmac.c
2594  * library/gcm.c
2595  * library/nist_kw.c
2596  * library/pkcs12.c
2597  * library/pkcs5.c
2598  * library/psa_crypto_aead.c
2599  * library/psa_crypto_mac.c
2600  * library/ssl_ciphersuites.c
2601  * library/ssl_msg.c
2602  * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
2603  * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled
2604  * (see the documentation of that option for details).
2605  *
2606  * Uncomment to enable generic cipher wrappers.
2607  */
2608 #define MBEDTLS_CIPHER_C
2609 
2610 /**
2611  * \def MBEDTLS_CMAC_C
2612  *
2613  * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
2614  * ciphers.
2615  *
2616  * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
2617  * implementation of the CMAC algorithm is provided by an alternate
2618  * implementation, that alternate implementation may opt to not support
2619  * AES-192 or 3DES as underlying block ciphers for the CMAC operation.
2620  *
2621  * Module: library/cmac.c
2622  *
2623  * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
2624  *
2625  */
2626 #define MBEDTLS_CMAC_C
2627 
2628 /**
2629  * \def MBEDTLS_CTR_DRBG_C
2630  *
2631  * Enable the CTR_DRBG AES-based random generator.
2632  * The CTR_DRBG generator uses AES-256 by default.
2633  * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
2634  *
2635  * AES support can either be achived through builtin (MBEDTLS_AES_C) or PSA.
2636  * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA
2637  * is used.
2638  *
2639  * \warning When using PSA, the user should call `psa_crypto_init()` before
2640  * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`).
2641  *
2642  * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
2643  *
2644  * \note To achieve a 256-bit security strength with CTR_DRBG,
2645  * you must use AES-256 *and* use sufficient entropy.
2646  * See ctr_drbg.h for more details.
2647  *
2648  * Module: library/ctr_drbg.c
2649  * Caller:
2650  *
2651  * Requires: MBEDTLS_AES_C or
2652  * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and
2653  * MBEDTLS_PSA_CRYPTO_C)
2654  *
2655  * This module provides the CTR_DRBG AES random number generator.
2656  */
2657 #define MBEDTLS_CTR_DRBG_C
2658 
2659 /**
2660  * \def MBEDTLS_DEBUG_C
2661  *
2662  * Enable the debug functions.
2663  *
2664  * Module: library/debug.c
2665  * Caller: library/ssl_msg.c
2666  * library/ssl_tls.c
2667  * library/ssl_tls12_*.c
2668  * library/ssl_tls13_*.c
2669  *
2670  * This module provides debugging functions.
2671  */
2672 #define MBEDTLS_DEBUG_C
2673 
2674 /**
2675  * \def MBEDTLS_DES_C
2676  *
2677  * Enable the DES block cipher.
2678  *
2679  * Module: library/des.c
2680  * Caller: library/pem.c
2681  * library/cipher.c
2682  *
2683  * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
2684  *
2685  * \warning DES/3DES are considered weak ciphers and their use constitutes a
2686  * security risk. We recommend considering stronger ciphers instead.
2687  */
2688 #define MBEDTLS_DES_C
2689 
2690 /**
2691  * \def MBEDTLS_DHM_C
2692  *
2693  * Enable the Diffie-Hellman-Merkle module.
2694  *
2695  * Module: library/dhm.c
2696  * Caller: library/ssl_tls.c
2697  * library/ssl*_client.c
2698  * library/ssl*_server.c
2699  *
2700  * This module is used by the following key exchanges:
2701  * DHE-RSA, DHE-PSK
2702  *
2703  * \warning Using DHE constitutes a security risk as it
2704  * is not possible to validate custom DH parameters.
2705  * If possible, it is recommended users should consider
2706  * preferring other methods of key exchange.
2707  * See dhm.h for more details.
2708  *
2709  */
2710 #define MBEDTLS_DHM_C
2711 
2712 /**
2713  * \def MBEDTLS_ECDH_C
2714  *
2715  * Enable the elliptic curve Diffie-Hellman library.
2716  *
2717  * Module: library/ecdh.c
2718  * Caller: library/psa_crypto.c
2719  * library/ssl_tls.c
2720  * library/ssl*_client.c
2721  * library/ssl*_server.c
2722  *
2723  * This module is used by the following key exchanges:
2724  * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
2725  *
2726  * Requires: MBEDTLS_ECP_C
2727  */
2728 #define MBEDTLS_ECDH_C
2729 
2730 /**
2731  * \def MBEDTLS_ECDSA_C
2732  *
2733  * Enable the elliptic curve DSA library.
2734  *
2735  * Module: library/ecdsa.c
2736  * Caller:
2737  *
2738  * This module is used by the following key exchanges:
2739  * ECDHE-ECDSA
2740  *
2741  * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
2742  * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
2743  * short Weierstrass curve.
2744  */
2745 #define MBEDTLS_ECDSA_C
2746 
2747 /**
2748  * \def MBEDTLS_ECJPAKE_C
2749  *
2750  * Enable the elliptic curve J-PAKE library.
2751  *
2752  * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
2753  * It has not been reviewed for compliance with newer standards such as
2754  * Thread v1.1 or RFC 8236.
2755  *
2756  * Module: library/ecjpake.c
2757  * Caller:
2758  *
2759  * This module is used by the following key exchanges:
2760  * ECJPAKE
2761  *
2762  * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
2763  *
2764  * \warning If using a hash that is only provided by PSA drivers, you must
2765  * call psa_crypto_init() before doing any EC J-PAKE operations.
2766  */
2767 #define MBEDTLS_ECJPAKE_C
2768 
2769 /**
2770  * \def MBEDTLS_ECP_C
2771  *
2772  * Enable the elliptic curve over GF(p) library.
2773  *
2774  * Module: library/ecp.c
2775  * Caller: library/ecdh.c
2776  * library/ecdsa.c
2777  * library/ecjpake.c
2778  *
2779  * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
2780  */
2781 #define MBEDTLS_ECP_C
2782 
2783 /**
2784  * \def MBEDTLS_ENTROPY_C
2785  *
2786  * Enable the platform-specific entropy code.
2787  *
2788  * Module: library/entropy.c
2789  * Caller:
2790  *
2791  * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
2792  *
2793  * This module provides a generic entropy pool
2794  */
2795 #define MBEDTLS_ENTROPY_C
2796 
2797 /**
2798  * \def MBEDTLS_ERROR_C
2799  *
2800  * Enable error code to error string conversion.
2801  *
2802  * Module: library/error.c
2803  * Caller:
2804  *
2805  * This module enables mbedtls_strerror().
2806  */
2807 #define MBEDTLS_ERROR_C
2808 
2809 /**
2810  * \def MBEDTLS_GCM_C
2811  *
2812  * Enable the Galois/Counter Mode (GCM).
2813  *
2814  * Module: library/gcm.c
2815  *
2816  * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
2817  * MBEDTLS_ARIA_C
2818  *
2819  * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
2820  * requisites are enabled as well.
2821  */
2822 #define MBEDTLS_GCM_C
2823 
2824 /**
2825  * \def MBEDTLS_GCM_LARGE_TABLE
2826  *
2827  * Enable large pre-computed tables for Galois/Counter Mode (GCM).
2828  * Can significantly increase throughput on systems without GCM hardware
2829  * acceleration (e.g., AESNI, AESCE).
2830  *
2831  * The mbedtls_gcm_context size will increase by 3840 bytes.
2832  * The code size will increase by roughly 344 bytes.
2833  *
2834  * Module: library/gcm.c
2835  *
2836  * Requires: MBEDTLS_GCM_C
2837  */
2838 //#define MBEDTLS_GCM_LARGE_TABLE
2839 
2840 /**
2841  * \def MBEDTLS_HKDF_C
2842  *
2843  * Enable the HKDF algorithm (RFC 5869).
2844  *
2845  * Module: library/hkdf.c
2846  * Caller:
2847  *
2848  * Requires: MBEDTLS_MD_C
2849  *
2850  * This module adds support for the Hashed Message Authentication Code
2851  * (HMAC)-based key derivation function (HKDF).
2852  */
2853 #define MBEDTLS_HKDF_C
2854 
2855 /**
2856  * \def MBEDTLS_HMAC_DRBG_C
2857  *
2858  * Enable the HMAC_DRBG random generator.
2859  *
2860  * Module: library/hmac_drbg.c
2861  * Caller:
2862  *
2863  * Requires: MBEDTLS_MD_C
2864  *
2865  * Uncomment to enable the HMAC_DRBG random number generator.
2866  */
2867 #define MBEDTLS_HMAC_DRBG_C
2868 
2869 /**
2870  * \def MBEDTLS_LMS_C
2871  *
2872  * Enable the LMS stateful-hash asymmetric signature algorithm.
2873  *
2874  * Module: library/lms.c
2875  * Caller:
2876  *
2877  * Requires: MBEDTLS_PSA_CRYPTO_C
2878  *
2879  * Uncomment to enable the LMS verification algorithm and public key operations.
2880  */
2881 #define MBEDTLS_LMS_C
2882 
2883 /**
2884  * \def MBEDTLS_LMS_PRIVATE
2885  *
2886  * Enable LMS private-key operations and signing code. Functions enabled by this
2887  * option are experimental, and should not be used in production.
2888  *
2889  * Requires: MBEDTLS_LMS_C
2890  *
2891  * Uncomment to enable the LMS signature algorithm and private key operations.
2892  */
2893 //#define MBEDTLS_LMS_PRIVATE
2894 
2895 /**
2896  * \def MBEDTLS_NIST_KW_C
2897  *
2898  * Enable the Key Wrapping mode for 128-bit block ciphers,
2899  * as defined in NIST SP 800-38F. Only KW and KWP modes
2900  * are supported. At the moment, only AES is approved by NIST.
2901  *
2902  * Module: library/nist_kw.c
2903  *
2904  * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
2905  */
2906 #define MBEDTLS_NIST_KW_C
2907 
2908 /**
2909  * \def MBEDTLS_MD_C
2910  *
2911  * Enable the generic layer for message digest (hashing) and HMAC.
2912  *
2913  * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
2914  * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
2915  * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least
2916  * one hash.
2917  * Module: library/md.c
2918  * Caller: library/constant_time.c
2919  * library/ecdsa.c
2920  * library/ecjpake.c
2921  * library/hkdf.c
2922  * library/hmac_drbg.c
2923  * library/pk.c
2924  * library/pkcs5.c
2925  * library/pkcs12.c
2926  * library/psa_crypto_ecp.c
2927  * library/psa_crypto_rsa.c
2928  * library/rsa.c
2929  * library/ssl_cookie.c
2930  * library/ssl_msg.c
2931  * library/ssl_tls.c
2932  * library/x509.c
2933  * library/x509_crt.c
2934  * library/x509write_crt.c
2935  * library/x509write_csr.c
2936  *
2937  * Uncomment to enable generic message digest wrappers.
2938  */
2939 #define MBEDTLS_MD_C
2940 
2941 /**
2942  * \def MBEDTLS_MD5_C
2943  *
2944  * Enable the MD5 hash algorithm.
2945  *
2946  * Module: library/md5.c
2947  * Caller: library/md.c
2948  * library/pem.c
2949  * library/ssl_tls.c
2950  *
2951  * This module is required for TLS 1.2 depending on the handshake parameters.
2952  * Further, it is used for checking MD5-signed certificates, and for PBKDF1
2953  * when decrypting PEM-encoded encrypted keys.
2954  *
2955  * \warning MD5 is considered a weak message digest and its use constitutes a
2956  * security risk. If possible, we recommend avoiding dependencies on
2957  * it, and considering stronger message digests instead.
2958  *
2959  */
2960 #define MBEDTLS_MD5_C
2961 
2962 /**
2963  * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
2964  *
2965  * Enable the buffer allocator implementation that makes use of a (stack)
2966  * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
2967  * calls)
2968  *
2969  * Module: library/memory_buffer_alloc.c
2970  *
2971  * Requires: MBEDTLS_PLATFORM_C
2972  * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
2973  *
2974  * Enable this module to enable the buffer memory allocator.
2975  */
2976 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
2977 
2978 /**
2979  * \def MBEDTLS_NET_C
2980  *
2981  * Enable the TCP and UDP over IPv6/IPv4 networking routines.
2982  *
2983  * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
2984  * and Windows. For other platforms, you'll want to disable it, and write your
2985  * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
2986  *
2987  * \note See also our Knowledge Base article about porting to a new
2988  * environment:
2989  * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
2990  *
2991  * Module: library/net_sockets.c
2992  *
2993  * This module provides networking routines.
2994  */
2995 #define MBEDTLS_NET_C
2996 
2997 /**
2998  * \def MBEDTLS_OID_C
2999  *
3000  * Enable the OID database.
3001  *
3002  * Module: library/oid.c
3003  * Caller: library/asn1write.c
3004  * library/pkcs5.c
3005  * library/pkparse.c
3006  * library/pkwrite.c
3007  * library/rsa.c
3008  * library/x509.c
3009  * library/x509_create.c
3010  * library/x509_crl.c
3011  * library/x509_crt.c
3012  * library/x509_csr.c
3013  * library/x509write_crt.c
3014  * library/x509write_csr.c
3015  *
3016  * This modules translates between OIDs and internal values.
3017  */
3018 #define MBEDTLS_OID_C
3019 
3020 /**
3021  * \def MBEDTLS_PADLOCK_C
3022  *
3023  * Enable VIA Padlock support on x86.
3024  *
3025  * Module: library/padlock.c
3026  * Caller: library/aes.c
3027  *
3028  * Requires: MBEDTLS_HAVE_ASM
3029  *
3030  * This modules adds support for the VIA PadLock on x86.
3031  */
3032 #define MBEDTLS_PADLOCK_C
3033 
3034 /**
3035  * \def MBEDTLS_PEM_PARSE_C
3036  *
3037  * Enable PEM decoding / parsing.
3038  *
3039  * Module: library/pem.c
3040  * Caller: library/dhm.c
3041  * library/pkparse.c
3042  * library/x509_crl.c
3043  * library/x509_crt.c
3044  * library/x509_csr.c
3045  *
3046  * Requires: MBEDTLS_BASE64_C
3047  * optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below)
3048  *
3049  * \warning When parsing password-protected files, if MD5 is provided only by
3050  * a PSA driver, you must call psa_crypto_init() before the first file.
3051  *
3052  * This modules adds support for decoding / parsing PEM files.
3053  */
3054 #define MBEDTLS_PEM_PARSE_C
3055 
3056 /**
3057  * \def MBEDTLS_PEM_WRITE_C
3058  *
3059  * Enable PEM encoding / writing.
3060  *
3061  * Module: library/pem.c
3062  * Caller: library/pkwrite.c
3063  * library/x509write_crt.c
3064  * library/x509write_csr.c
3065  *
3066  * Requires: MBEDTLS_BASE64_C
3067  *
3068  * This modules adds support for encoding / writing PEM files.
3069  */
3070 #define MBEDTLS_PEM_WRITE_C
3071 
3072 /**
3073  * \def MBEDTLS_PK_C
3074  *
3075  * Enable the generic public (asymmetric) key layer.
3076  *
3077  * Module: library/pk.c
3078  * Caller: library/psa_crypto_rsa.c
3079  * library/ssl_tls.c
3080  * library/ssl*_client.c
3081  * library/ssl*_server.c
3082  * library/x509.c
3083  *
3084  * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
3085  *
3086  * Uncomment to enable generic public key wrappers.
3087  */
3088 #define MBEDTLS_PK_C
3089 
3090 /**
3091  * \def MBEDTLS_PK_PARSE_C
3092  *
3093  * Enable the generic public (asymmetric) key parser.
3094  *
3095  * Module: library/pkparse.c
3096  * Caller: library/x509_crt.c
3097  * library/x509_csr.c
3098  *
3099  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
3100  *
3101  * Uncomment to enable generic public key parse functions.
3102  */
3103 #define MBEDTLS_PK_PARSE_C
3104 
3105 /**
3106  * \def MBEDTLS_PK_WRITE_C
3107  *
3108  * Enable the generic public (asymmetric) key writer.
3109  *
3110  * Module: library/pkwrite.c
3111  * Caller: library/x509write.c
3112  *
3113  * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
3114  *
3115  * Uncomment to enable generic public key write functions.
3116  */
3117 #define MBEDTLS_PK_WRITE_C
3118 
3119 /**
3120  * \def MBEDTLS_PKCS5_C
3121  *
3122  * Enable PKCS#5 functions.
3123  *
3124  * Module: library/pkcs5.c
3125  *
3126  * Auto-enables: MBEDTLS_MD_C
3127  *
3128  * \warning If using a hash that is only provided by PSA drivers, you must
3129  * call psa_crypto_init() before doing any PKCS5 operations.
3130  *
3131  * This module adds support for the PKCS#5 functions.
3132  */
3133 #define MBEDTLS_PKCS5_C
3134 
3135 /**
3136  * \def MBEDTLS_PKCS7_C
3137  *
3138  * Enable PKCS #7 core for using PKCS #7-formatted signatures.
3139  * RFC Link - https://tools.ietf.org/html/rfc2315
3140  *
3141  * Module: library/pkcs7.c
3142  *
3143  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
3144  * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
3145  * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
3146  *
3147  * This module is required for the PKCS #7 parsing modules.
3148  */
3149 #define MBEDTLS_PKCS7_C
3150 
3151 /**
3152  * \def MBEDTLS_PKCS12_C
3153  *
3154  * Enable PKCS#12 PBE functions.
3155  * Adds algorithms for parsing PKCS#8 encrypted private keys
3156  *
3157  * Module: library/pkcs12.c
3158  * Caller: library/pkparse.c
3159  *
3160  * Requires: MBEDTLS_ASN1_PARSE_C and either MBEDTLS_MD_C or
3161  * MBEDTLS_PSA_CRYPTO_C.
3162  *
3163  * \warning If using a hash that is only provided by PSA drivers, you must
3164  * call psa_crypto_init() before doing any PKCS12 operations.
3165  *
3166  * This module enables PKCS#12 functions.
3167  */
3168 #define MBEDTLS_PKCS12_C
3169 
3170 /**
3171  * \def MBEDTLS_PLATFORM_C
3172  *
3173  * Enable the platform abstraction layer that allows you to re-assign
3174  * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
3175  *
3176  * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
3177  * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
3178  * above to be specified at runtime or compile time respectively.
3179  *
3180  * \note This abstraction layer must be enabled on Windows (including MSYS2)
3181  * as other modules rely on it for a fixed snprintf implementation.
3182  *
3183  * Module: library/platform.c
3184  * Caller: Most other .c files
3185  *
3186  * This module enables abstraction of common (libc) functions.
3187  */
3188 #define MBEDTLS_PLATFORM_C
3189 
3190 /**
3191  * \def MBEDTLS_POLY1305_C
3192  *
3193  * Enable the Poly1305 MAC algorithm.
3194  *
3195  * Module: library/poly1305.c
3196  * Caller: library/chachapoly.c
3197  */
3198 #define MBEDTLS_POLY1305_C
3199 
3200 /**
3201  * \def MBEDTLS_PSA_CRYPTO_C
3202  *
3203  * Enable the Platform Security Architecture cryptography API.
3204  *
3205  * Module: library/psa_crypto.c
3206  *
3207  * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
3208  * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
3209  * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
3210  * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher
3211  * is enabled in PSA (unless it's fully accelerated, see
3212  * docs/driver-only-builds.md about that).
3213  */
3214 #define MBEDTLS_PSA_CRYPTO_C
3215 
3216 /**
3217  * \def MBEDTLS_PSA_CRYPTO_SE_C
3218  *
3219  * Enable dynamic secure element support in the Platform Security Architecture
3220  * cryptography API.
3221  *
3222  * \deprecated This feature is deprecated. Please switch to the PSA driver
3223  * interface.
3224  *
3225  * \warning This feature is not thread-safe, and should not be used in a
3226  * multi-threaded environment.
3227  *
3228  * Module: library/psa_crypto_se.c
3229  *
3230  * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
3231  *
3232  */
3233 //#define MBEDTLS_PSA_CRYPTO_SE_C
3234 
3235 /**
3236  * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
3237  *
3238  * Enable the Platform Security Architecture persistent key storage.
3239  *
3240  * Module: library/psa_crypto_storage.c
3241  *
3242  * Requires: MBEDTLS_PSA_CRYPTO_C,
3243  * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
3244  * the PSA ITS interface
3245  */
3246 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
3247 
3248 /**
3249  * \def MBEDTLS_PSA_ITS_FILE_C
3250  *
3251  * Enable the emulation of the Platform Security Architecture
3252  * Internal Trusted Storage (PSA ITS) over files.
3253  *
3254  * Module: library/psa_its_file.c
3255  *
3256  * Requires: MBEDTLS_FS_IO
3257  */
3258 #define MBEDTLS_PSA_ITS_FILE_C
3259 
3260 /**
3261  * \def MBEDTLS_RIPEMD160_C
3262  *
3263  * Enable the RIPEMD-160 hash algorithm.
3264  *
3265  * Module: library/ripemd160.c
3266  * Caller: library/md.c
3267  *
3268  */
3269 #define MBEDTLS_RIPEMD160_C
3270 
3271 /**
3272  * \def MBEDTLS_RSA_C
3273  *
3274  * Enable the RSA public-key cryptosystem.
3275  *
3276  * Module: library/rsa.c
3277  * library/rsa_alt_helpers.c
3278  * Caller: library/pk.c
3279  * library/psa_crypto.c
3280  * library/ssl_tls.c
3281  * library/ssl*_client.c
3282  * library/ssl*_server.c
3283  *
3284  * This module is used by the following key exchanges:
3285  * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
3286  *
3287  * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
3288  */
3289 #define MBEDTLS_RSA_C
3290 
3291 /**
3292  * \def MBEDTLS_SHA1_C
3293  *
3294  * Enable the SHA1 cryptographic hash algorithm.
3295  *
3296  * Module: library/sha1.c
3297  * Caller: library/md.c
3298  * library/psa_crypto_hash.c
3299  *
3300  * This module is required for TLS 1.2 depending on the handshake parameters,
3301  * and for SHA1-signed certificates.
3302  *
3303  * \warning SHA-1 is considered a weak message digest and its use constitutes
3304  * a security risk. If possible, we recommend avoiding dependencies
3305  * on it, and considering stronger message digests instead.
3306  *
3307  */
3308 #define MBEDTLS_SHA1_C
3309 
3310 /**
3311  * \def MBEDTLS_SHA224_C
3312  *
3313  * Enable the SHA-224 cryptographic hash algorithm.
3314  *
3315  * Module: library/sha256.c
3316  * Caller: library/md.c
3317  * library/ssl_cookie.c
3318  *
3319  * This module adds support for SHA-224.
3320  */
3321 #define MBEDTLS_SHA224_C
3322 
3323 /**
3324  * \def MBEDTLS_SHA256_C
3325  *
3326  * Enable the SHA-256 cryptographic hash algorithm.
3327  *
3328  * Module: library/sha256.c
3329  * Caller: library/entropy.c
3330  * library/md.c
3331  * library/ssl_tls.c
3332  * library/ssl*_client.c
3333  * library/ssl*_server.c
3334  *
3335  * This module adds support for SHA-256.
3336  * This module is required for the SSL/TLS 1.2 PRF function.
3337  */
3338 #define MBEDTLS_SHA256_C
3339 
3340 /**
3341  * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
3342  *
3343  * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
3344  * with the ARMv8 cryptographic extensions if they are available at runtime.
3345  * If not, the library will fall back to the C implementation.
3346  *
3347  * \note If MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT is defined when building
3348  * for a non-Armv8-A build it will be silently ignored.
3349  *
3350  * \note Minimum compiler versions for this feature are Clang 4.0,
3351  * armclang 6.6 or GCC 6.0.
3352  *
3353  * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
3354  * armclang <= 6.9
3355  *
3356  * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
3357  * That name is deprecated, but may still be used as an alternative form for this
3358  * option.
3359  *
3360  * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT cannot be defined at the
3361  * same time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
3362  *
3363  * Requires: MBEDTLS_SHA256_C.
3364  *
3365  * Module: library/sha256.c
3366  *
3367  * Uncomment to have the library check for the Armv8-A SHA-256 crypto extensions
3368  * and use them if available.
3369  */
3370 //#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
3371 
3372 /**
3373  * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
3374  *
3375  * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
3376  * This name is now deprecated, but may still be used as an alternative form for
3377  * this option.
3378  */
3379 //#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
3380 
3381 /**
3382  * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
3383  *
3384  * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
3385  * with the ARMv8 cryptographic extensions, which must be available at runtime
3386  * or else an illegal instruction fault will occur.
3387  *
3388  * \note This allows builds with a smaller code size than with
3389  * MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
3390  *
3391  * \note Minimum compiler versions for this feature are Clang 4.0,
3392  * armclang 6.6 or GCC 6.0.
3393  *
3394  * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
3395  * armclang <= 6.9
3396  *
3397  * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
3398  * That name is deprecated, but may still be used as an alternative form for this
3399  * option.
3400  *
3401  * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY cannot be defined at the same
3402  * time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
3403  *
3404  * Requires: MBEDTLS_SHA256_C.
3405  *
3406  * Module: library/sha256.c
3407  *
3408  * Uncomment to have the library use the Armv8-A SHA-256 crypto extensions
3409  * unconditionally.
3410  */
3411 //#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
3412 
3413 /**
3414  * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
3415  *
3416  * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
3417  * This name is now deprecated, but may still be used as an alternative form for
3418  * this option.
3419  */
3420 //#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
3421 
3422 /**
3423  * \def MBEDTLS_SHA384_C
3424  *
3425  * Enable the SHA-384 cryptographic hash algorithm.
3426  *
3427  * Module: library/sha512.c
3428  * Caller: library/md.c
3429  * library/psa_crypto_hash.c
3430  * library/ssl_tls.c
3431  * library/ssl*_client.c
3432  * library/ssl*_server.c
3433  *
3434  * Comment to disable SHA-384
3435  */
3436 #define MBEDTLS_SHA384_C
3437 
3438 /**
3439  * \def MBEDTLS_SHA512_C
3440  *
3441  * Enable SHA-512 cryptographic hash algorithms.
3442  *
3443  * Module: library/sha512.c
3444  * Caller: library/entropy.c
3445  * library/md.c
3446  * library/ssl_tls.c
3447  * library/ssl_cookie.c
3448  *
3449  * This module adds support for SHA-512.
3450  */
3451 #define MBEDTLS_SHA512_C
3452 
3453 /**
3454  * \def MBEDTLS_SHA3_C
3455  *
3456  * Enable the SHA3 cryptographic hash algorithm.
3457  *
3458  * Module: library/sha3.c
3459  *
3460  * This module adds support for SHA3.
3461  */
3462 #define MBEDTLS_SHA3_C
3463 
3464 /**
3465  * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
3466  *
3467  * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
3468  * with the ARMv8 cryptographic extensions if they are available at runtime.
3469  * If not, the library will fall back to the C implementation.
3470  *
3471  * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
3472  * for a non-Aarch64 build it will be silently ignored.
3473  *
3474  * \note Minimum compiler versions for this feature are Clang 7.0,
3475  * armclang 6.9 or GCC 8.0.
3476  *
3477  * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for
3478  * armclang 6.9
3479  *
3480  * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
3481  * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY.
3482  *
3483  * Requires: MBEDTLS_SHA512_C.
3484  *
3485  * Module: library/sha512.c
3486  *
3487  * Uncomment to have the library check for the A64 SHA-512 crypto extensions
3488  * and use them if available.
3489  */
3490 //#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
3491 
3492 /**
3493  * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
3494  *
3495  * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
3496  * with the ARMv8 cryptographic extensions, which must be available at runtime
3497  * or else an illegal instruction fault will occur.
3498  *
3499  * \note This allows builds with a smaller code size than with
3500  * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
3501  *
3502  * \note Minimum compiler versions for this feature are Clang 7.0,
3503  * armclang 6.9 or GCC 8.0.
3504  *
3505  * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for
3506  * armclang 6.9
3507  *
3508  * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same
3509  * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT.
3510  *
3511  * Requires: MBEDTLS_SHA512_C.
3512  *
3513  * Module: library/sha512.c
3514  *
3515  * Uncomment to have the library use the A64 SHA-512 crypto extensions
3516  * unconditionally.
3517  */
3518 //#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
3519 
3520 /**
3521  * \def MBEDTLS_SSL_CACHE_C
3522  *
3523  * Enable simple SSL cache implementation.
3524  *
3525  * Module: library/ssl_cache.c
3526  * Caller:
3527  *
3528  * Requires: MBEDTLS_SSL_CACHE_C
3529  */
3530 #define MBEDTLS_SSL_CACHE_C
3531 
3532 /**
3533  * \def MBEDTLS_SSL_COOKIE_C
3534  *
3535  * Enable basic implementation of DTLS cookies for hello verification.
3536  *
3537  * Module: library/ssl_cookie.c
3538  * Caller:
3539  */
3540 #define MBEDTLS_SSL_COOKIE_C
3541 
3542 /**
3543  * \def MBEDTLS_SSL_TICKET_C
3544  *
3545  * Enable an implementation of TLS server-side callbacks for session tickets.
3546  *
3547  * Module: library/ssl_ticket.c
3548  * Caller:
3549  *
3550  * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) &&
3551  * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
3552  */
3553 #define MBEDTLS_SSL_TICKET_C
3554 
3555 /**
3556  * \def MBEDTLS_SSL_CLI_C
3557  *
3558  * Enable the SSL/TLS client code.
3559  *
3560  * Module: library/ssl*_client.c
3561  * Caller:
3562  *
3563  * Requires: MBEDTLS_SSL_TLS_C
3564  *
3565  * This module is required for SSL/TLS client support.
3566  */
3567 #define MBEDTLS_SSL_CLI_C
3568 
3569 /**
3570  * \def MBEDTLS_SSL_SRV_C
3571  *
3572  * Enable the SSL/TLS server code.
3573  *
3574  * Module: library/ssl*_server.c
3575  * Caller:
3576  *
3577  * Requires: MBEDTLS_SSL_TLS_C
3578  *
3579  * This module is required for SSL/TLS server support.
3580  */
3581 #define MBEDTLS_SSL_SRV_C
3582 
3583 /**
3584  * \def MBEDTLS_SSL_TLS_C
3585  *
3586  * Enable the generic SSL/TLS code.
3587  *
3588  * Module: library/ssl_tls.c
3589  * Caller: library/ssl*_client.c
3590  * library/ssl*_server.c
3591  *
3592  * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
3593  * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
3594  *
3595  * This module is required for SSL/TLS.
3596  */
3597 #define MBEDTLS_SSL_TLS_C
3598 
3599 /**
3600  * \def MBEDTLS_THREADING_C
3601  *
3602  * Enable the threading abstraction layer.
3603  * By default Mbed TLS assumes it is used in a non-threaded environment or that
3604  * contexts are not shared between threads. If you do intend to use contexts
3605  * between threads, you will need to enable this layer to prevent race
3606  * conditions. See also our Knowledge Base article about threading:
3607  * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
3608  *
3609  * Module: library/threading.c
3610  *
3611  * This allows different threading implementations (self-implemented or
3612  * provided).
3613  *
3614  * You will have to enable either MBEDTLS_THREADING_ALT or
3615  * MBEDTLS_THREADING_PTHREAD.
3616  *
3617  * Enable this layer to allow use of mutexes within Mbed TLS
3618  */
3619 #define MBEDTLS_THREADING_C
3620 
3621 /**
3622  * \def MBEDTLS_TIMING_C
3623  *
3624  * Enable the semi-portable timing interface.
3625  *
3626  * \note The provided implementation only works on POSIX/Unix (including Linux,
3627  * BSD and OS X) and Windows. On other platforms, you can either disable that
3628  * module and provide your own implementations of the callbacks needed by
3629  * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
3630  * your own implementation of the whole module by setting
3631  * \c MBEDTLS_TIMING_ALT in the current file.
3632  *
3633  * \note The timing module will include time.h on suitable platforms
3634  * regardless of the setting of MBEDTLS_HAVE_TIME, unless
3635  * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
3636  *
3637  * \note See also our Knowledge Base article about porting to a new
3638  * environment:
3639  * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
3640  *
3641  * Module: library/timing.c
3642  */
3643 #define MBEDTLS_TIMING_C
3644 
3645 /**
3646  * \def MBEDTLS_VERSION_C
3647  *
3648  * Enable run-time version information.
3649  *
3650  * Module: library/version.c
3651  *
3652  * This module provides run-time version information.
3653  */
3654 #define MBEDTLS_VERSION_C
3655 
3656 /**
3657  * \def MBEDTLS_X509_USE_C
3658  *
3659  * Enable X.509 core for using certificates.
3660  *
3661  * Module: library/x509.c
3662  * Caller: library/x509_crl.c
3663  * library/x509_crt.c
3664  * library/x509_csr.c
3665  *
3666  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
3667  * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
3668  *
3669  * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
3670  * psa_crypto_init() before doing any X.509 operation.
3671  *
3672  * This module is required for the X.509 parsing modules.
3673  */
3674 #define MBEDTLS_X509_USE_C
3675 
3676 /**
3677  * \def MBEDTLS_X509_CRT_PARSE_C
3678  *
3679  * Enable X.509 certificate parsing.
3680  *
3681  * Module: library/x509_crt.c
3682  * Caller: library/ssl_tls.c
3683  * library/ssl*_client.c
3684  * library/ssl*_server.c
3685  *
3686  * Requires: MBEDTLS_X509_USE_C
3687  *
3688  * This module is required for X.509 certificate parsing.
3689  */
3690 #define MBEDTLS_X509_CRT_PARSE_C
3691 
3692 /**
3693  * \def MBEDTLS_X509_CRL_PARSE_C
3694  *
3695  * Enable X.509 CRL parsing.
3696  *
3697  * Module: library/x509_crl.c
3698  * Caller: library/x509_crt.c
3699  *
3700  * Requires: MBEDTLS_X509_USE_C
3701  *
3702  * This module is required for X.509 CRL parsing.
3703  */
3704 #define MBEDTLS_X509_CRL_PARSE_C
3705 
3706 /**
3707  * \def MBEDTLS_X509_CSR_PARSE_C
3708  *
3709  * Enable X.509 Certificate Signing Request (CSR) parsing.
3710  *
3711  * Module: library/x509_csr.c
3712  * Caller: library/x509_crt_write.c
3713  *
3714  * Requires: MBEDTLS_X509_USE_C
3715  *
3716  * This module is used for reading X.509 certificate request.
3717  */
3718 #define MBEDTLS_X509_CSR_PARSE_C
3719 
3720 /**
3721  * \def MBEDTLS_X509_CREATE_C
3722  *
3723  * Enable X.509 core for creating certificates.
3724  *
3725  * Module: library/x509_create.c
3726  *
3727  * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
3728  * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
3729  *
3730  * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
3731  * psa_crypto_init() before doing any X.509 create operation.
3732  *
3733  * This module is the basis for creating X.509 certificates and CSRs.
3734  */
3735 #define MBEDTLS_X509_CREATE_C
3736 
3737 /**
3738  * \def MBEDTLS_X509_CRT_WRITE_C
3739  *
3740  * Enable creating X.509 certificates.
3741  *
3742  * Module: library/x509_crt_write.c
3743  *
3744  * Requires: MBEDTLS_X509_CREATE_C
3745  *
3746  * This module is required for X.509 certificate creation.
3747  */
3748 #define MBEDTLS_X509_CRT_WRITE_C
3749 
3750 /**
3751  * \def MBEDTLS_X509_CSR_WRITE_C
3752  *
3753  * Enable creating X.509 Certificate Signing Requests (CSR).
3754  *
3755  * Module: library/x509_csr_write.c
3756  *
3757  * Requires: MBEDTLS_X509_CREATE_C
3758  *
3759  * This module is required for X.509 certificate request writing.
3760  */
3761 #define MBEDTLS_X509_CSR_WRITE_C
3762 
3763 /** \} name SECTION: Mbed TLS modules */
3764 
3765 /**
3766  * \name SECTION: General configuration options
3767  *
3768  * This section contains Mbed TLS build settings that are not associated
3769  * with a particular module.
3770  *
3771  * \{
3772  */
3773 
3774 /**
3775  * \def MBEDTLS_CONFIG_FILE
3776  *
3777  * If defined, this is a header which will be included instead of
3778  * `"mbedtls/mbedtls_config.h"`.
3779  * This header file specifies the compile-time configuration of Mbed TLS.
3780  * Unlike other configuration options, this one must be defined on the
3781  * compiler command line: a definition in `mbedtls_config.h` would have
3782  * no effect.
3783  *
3784  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3785  * non-standard feature of the C language, so this feature is only available
3786  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3787  *
3788  * The value of this symbol is typically a path in double quotes, either
3789  * absolute or relative to a directory on the include search path.
3790  */
3791 //#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
3792 
3793 /**
3794  * \def MBEDTLS_USER_CONFIG_FILE
3795  *
3796  * If defined, this is a header which will be included after
3797  * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
3798  * This allows you to modify the default configuration, including the ability
3799  * to undefine options that are enabled by default.
3800  *
3801  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3802  * non-standard feature of the C language, so this feature is only available
3803  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3804  *
3805  * The value of this symbol is typically a path in double quotes, either
3806  * absolute or relative to a directory on the include search path.
3807  */
3808 //#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
3809 
3810 /**
3811  * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
3812  *
3813  * If defined, this is a header which will be included instead of
3814  * `"psa/crypto_config.h"`.
3815  * This header file specifies which cryptographic mechanisms are available
3816  * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
3817  * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
3818  *
3819  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3820  * non-standard feature of the C language, so this feature is only available
3821  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3822  *
3823  * The value of this symbol is typically a path in double quotes, either
3824  * absolute or relative to a directory on the include search path.
3825  */
3826 //#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
3827 
3828 /**
3829  * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
3830  *
3831  * If defined, this is a header which will be included after
3832  * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
3833  * This allows you to modify the default configuration, including the ability
3834  * to undefine options that are enabled by default.
3835  *
3836  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3837  * non-standard feature of the C language, so this feature is only available
3838  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3839  *
3840  * The value of this symbol is typically a path in double quotes, either
3841  * absolute or relative to a directory on the include search path.
3842  */
3843 //#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
3844 
3845 /**
3846  * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
3847  *
3848  * If defined, this is a header which will be included instead of
3849  * `"psa/crypto_platform.h"`. This file should declare the same identifiers
3850  * as the one in Mbed TLS, but with definitions adapted to the platform on
3851  * which the library code will run.
3852  *
3853  * \note The required content of this header can vary from one version of
3854  * Mbed TLS to the next. Integrators who provide an alternative file
3855  * should review the changes in the original file whenever they
3856  * upgrade Mbed TLS.
3857  *
3858  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3859  * non-standard feature of the C language, so this feature is only available
3860  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3861  *
3862  * The value of this symbol is typically a path in double quotes, either
3863  * absolute or relative to a directory on the include search path.
3864  */
3865 //#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
3866 
3867 /**
3868  * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE
3869  *
3870  * If defined, this is a header which will be included instead of
3871  * `"psa/crypto_struct.h"`. This file should declare the same identifiers
3872  * as the one in Mbed TLS, but with definitions adapted to the environment
3873  * in which the library code will run. The typical use for this feature
3874  * is to provide alternative type definitions on the client side in
3875  * client-server integrations of PSA crypto, where operation structures
3876  * contain handles instead of cryptographic data.
3877  *
3878  * \note The required content of this header can vary from one version of
3879  * Mbed TLS to the next. Integrators who provide an alternative file
3880  * should review the changes in the original file whenever they
3881  * upgrade Mbed TLS.
3882  *
3883  * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
3884  * non-standard feature of the C language, so this feature is only available
3885  * with compilers that perform macro expansion on an <tt>\#include</tt> line.
3886  *
3887  * The value of this symbol is typically a path in double quotes, either
3888  * absolute or relative to a directory on the include search path.
3889  */
3890 //#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
3891 
3892 /** \} name SECTION: General configuration options */
3893 
3894 /**
3895  * \name SECTION: Module configuration options
3896  *
3897  * This section allows for the setting of module specific sizes and
3898  * configuration options. The default values are already present in the
3899  * relevant header files and should suffice for the regular use cases.
3900  *
3901  * Our advice is to enable options and change their values here
3902  * only if you have a good reason and know the consequences.
3903  * \{
3904  */
3905 /* The Doxygen documentation here is used when a user comments out a
3906  * setting and runs doxygen themselves. On the other hand, when we typeset
3907  * the full documentation including disabled settings, the documentation
3908  * in specific modules' header files is used if present. When editing this
3909  * file, make sure that each option is documented in exactly one place,
3910  * plus optionally a same-line Doxygen comment here if there is a Doxygen
3911  * comment in the specific module. */
3912 
3913 /* MPI / BIGNUM options */
3914 //#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */
3915 //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
3916 
3917 /* CTR_DRBG options */
3918 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
3919 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
3920 //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
3921 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
3922 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
3923 
3924 /* HMAC_DRBG options */
3925 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
3926 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
3927 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
3928 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
3929 
3930 /* ECP options */
3931 //#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
3932 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
3933 
3934 /* Entropy options */
3935 //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
3936 //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
3937 //#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
3938 
3939 /* Memory buffer allocator options */
3940 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
3941 
3942 /* Platform options */
3943 //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
3944 
3945 /** \def MBEDTLS_PLATFORM_STD_CALLOC
3946  *
3947  * Default allocator to use, can be undefined.
3948  * It must initialize the allocated buffer memory to zeroes.
3949  * The size of the buffer is the product of the two parameters.
3950  * The calloc function returns either a null pointer or a pointer to the allocated space.
3951  * If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function.
3952  * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
3953  * See the description of #MBEDTLS_PLATFORM_MEMORY for more details.
3954  * The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE.
3955  */
3956 //#define MBEDTLS_PLATFORM_STD_CALLOC calloc
3957 
3958 /** \def MBEDTLS_PLATFORM_STD_FREE
3959  *
3960  * Default free to use, can be undefined.
3961  * NULL is a valid parameter, and the function must do nothing.
3962  * A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed.
3963  * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
3964  * See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply).
3965  */
3966 //#define MBEDTLS_PLATFORM_STD_FREE free
3967 //#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */
3968 //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
3969 //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3970 //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
3971 //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
3972 /* Note: your snprintf must correctly zero-terminate the buffer! */
3973 //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
3974 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
3975 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
3976 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3977 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3978 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
3979 
3980 /* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
3981 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
3982 //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */
3983 //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */
3984 //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
3985 //#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */
3986 //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3987 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3988 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
3989 //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
3990 /* Note: your snprintf must correctly zero-terminate the buffer! */
3991 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
3992 //#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
3993 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3994 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3995 //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t /**< Default milliseconds time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled. It must be signed, and at least 64 bits. If it is changed from the default, MBEDTLS_PRINTF_MS_TIME must be updated to match.*/
3996 //#define MBEDTLS_PRINTF_MS_TIME PRId64 /**< Default fmt for printf. That's avoid compiler warning if mbedtls_ms_time_t is redefined */
3997 
3998 /** \def MBEDTLS_CHECK_RETURN
3999  *
4000  * This macro is used at the beginning of the declaration of a function
4001  * to indicate that its return value should be checked. It should
4002  * instruct the compiler to emit a warning or an error if the function
4003  * is called without checking its return value.
4004  *
4005  * There is a default implementation for popular compilers in platform_util.h.
4006  * You can override the default implementation by defining your own here.
4007  *
4008  * If the implementation here is empty, this will effectively disable the
4009  * checking of functions' return values.
4010  */
4011 //#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
4012 
4013 /** \def MBEDTLS_IGNORE_RETURN
4014  *
4015  * This macro requires one argument, which should be a C function call.
4016  * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
4017  * warning is suppressed.
4018  */
4019 //#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
4020 
4021 /* PSA options */
4022 /**
4023  * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
4024  * PSA crypto subsystem.
4025  *
4026  * If this option is unset:
4027  * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
4028  * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
4029  * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
4030  * on unspecified heuristics.
4031  */
4032 //#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
4033 
4034 /** \def MBEDTLS_PSA_KEY_SLOT_COUNT
4035  * Restrict the PSA library to supporting a maximum amount of simultaneously
4036  * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
4037  * volatile key, or a persistent key which is loaded temporarily by the
4038  * library as part of a crypto operation in flight.
4039  *
4040  * If this option is unset, the library will fall back to a default value of
4041  * 32 keys.
4042  */
4043 //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
4044 
4045 /* RSA OPTIONS */
4046 //#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
4047 
4048 /* SSL Cache options */
4049 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
4050 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
4051 
4052 /* SSL options */
4053 
4054 /** \def MBEDTLS_SSL_IN_CONTENT_LEN
4055  *
4056  * Maximum length (in bytes) of incoming plaintext fragments.
4057  *
4058  * This determines the size of the incoming TLS I/O buffer in such a way
4059  * that it is capable of holding the specified amount of plaintext data,
4060  * regardless of the protection mechanism used.
4061  *
4062  * \note When using a value less than the default of 16KB on the client, it is
4063  * recommended to use the Maximum Fragment Length (MFL) extension to
4064  * inform the server about this limitation. On the server, there
4065  * is no supported, standardized way of informing the client about
4066  * restriction on the maximum size of incoming messages, and unless
4067  * the limitation has been communicated by other means, it is recommended
4068  * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
4069  * while keeping the default value of 16KB for the incoming buffer.
4070  *
4071  * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
4072  */
4073 //#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
4074 
4075 /** \def MBEDTLS_SSL_CID_IN_LEN_MAX
4076  *
4077  * The maximum length of CIDs used for incoming DTLS messages.
4078  *
4079  */
4080 //#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
4081 
4082 /** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
4083  *
4084  * The maximum length of CIDs used for outgoing DTLS messages.
4085  *
4086  */
4087 //#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
4088 
4089 /** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
4090  *
4091  * This option controls the use of record plaintext padding
4092  * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
4093  *
4094  * The padding will always be chosen so that the length of the
4095  * padded plaintext is a multiple of the value of this option.
4096  *
4097  * Note: A value of \c 1 means that no padding will be used
4098  * for outgoing records.
4099  *
4100  * Note: On systems lacking division instructions,
4101  * a power of two should be preferred.
4102  */
4103 //#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
4104 
4105 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
4106  *
4107  * Maximum length (in bytes) of outgoing plaintext fragments.
4108  *
4109  * This determines the size of the outgoing TLS I/O buffer in such a way
4110  * that it is capable of holding the specified amount of plaintext data,
4111  * regardless of the protection mechanism used.
4112  *
4113  * It is possible to save RAM by setting a smaller outward buffer, while keeping
4114  * the default inward 16384 byte buffer to conform to the TLS specification.
4115  *
4116  * The minimum required outward buffer size is determined by the handshake
4117  * protocol's usage. Handshaking will fail if the outward buffer is too small.
4118  * The specific size requirement depends on the configured ciphers and any
4119  * certificate data which is sent during the handshake.
4120  *
4121  * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
4122  */
4123 //#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
4124 
4125 /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
4126  *
4127  * Maximum number of heap-allocated bytes for the purpose of
4128  * DTLS handshake message reassembly and future message buffering.
4129  *
4130  * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
4131  * to account for a reassembled handshake message of maximum size,
4132  * together with its reassembly bitmap.
4133  *
4134  * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
4135  * should be sufficient for all practical situations as it allows
4136  * to reassembly a large handshake message (such as a certificate)
4137  * while buffering multiple smaller handshake messages.
4138  *
4139  */
4140 //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
4141 
4142 //#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */
4143 //#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
4144 
4145 /**
4146  * Complete list of ciphersuites to use, in order of preference.
4147  *
4148  * \warning No dependency checking is done on that field! This option can only
4149  * be used to restrict the set of available ciphersuites. It is your
4150  * responsibility to make sure the needed modules are active.
4151  *
4152  * Use this to save a few hundred bytes of ROM (default ordering of all
4153  * available ciphersuites) and a few to a few hundred bytes of RAM.
4154  *
4155  * The value below is only an example, not the default.
4156  */
4157 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
4158 
4159 /**
4160  * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
4161  *
4162  * The default maximum amount of 0-RTT data. See the documentation of
4163  * \c mbedtls_ssl_conf_max_early_data_size() for more information.
4164  *
4165  * It must be positive and smaller than UINT32_MAX.
4166  *
4167  * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
4168  * have any impact on the build.
4169  */
4170 //#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
4171 
4172 /**
4173  * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
4174  *
4175  * Maximum allowed ticket age difference in milliseconds tolerated between
4176  * server and client. Default value is 6000. This is not used in TLS 1.2.
4177  *
4178  * - The client ticket age is the time difference between the time when the
4179  * client proposes to the server to use the ticket and the time the client
4180  * received the ticket from the server.
4181  * - The server ticket age is the time difference between the time when the
4182  * server receives a proposition from the client to use the ticket and the
4183  * time when the ticket was created by the server.
4184  *
4185  * The ages might be different due to the client and server clocks not running
4186  * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts
4187  * per million (360 to 72 milliseconds per hour). Default tolerance window is
4188  * 6s, thus in the worst case clients and servers must sync up their system time
4189  * every 6000/360/2~=8 hours.
4190  *
4191  * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.
4192  */
4193 //#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
4194 
4195 /**
4196  * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
4197  *
4198  * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
4199  *
4200  * This must be less than 256.
4201  */
4202 //#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
4203 
4204 /**
4205  * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
4206  *
4207  * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
4208  * after handshake completion. This is not used in TLS 1.2 and relevant only if
4209  * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
4210  *
4211  */
4212 //#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
4213 
4214 /* X509 options */
4215 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
4216 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
4217 
4218 /** \} name SECTION: Module configuration options */
4219 
4220 #include "ncbicxx_rename_mbedtls.h"
Front end for a platform-specific configuration summary.
Modified on Sat Jul 13 13:39:54 2024 by modify_doxy.py rev. 669887