1 /**
2  * \file config.h
3  *
4  * \brief Configuration options (set of defines)
5  *
6  *  This set of compile-time options may be used to enable
7  *  or disable features selectively, and reduce the global
8  *  memory footprint.
9  */
10 /*
11  *  Copyright The Mbed TLS Contributors
12  *  SPDX-License-Identifier: Apache-2.0
13  *
14  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
15  *  not use this file except in compliance with the License.
16  *  You may obtain a copy of the License at
17  *
18  *  http://www.apache.org/licenses/LICENSE-2.0
19  *
20  *  Unless required by applicable law or agreed to in writing, software
21  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
22  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23  *  See the License for the specific language governing permissions and
24  *  limitations under the License.
25  */
26 
27 #ifndef MBEDTLS_USER_CONFIG_H
28 #define MBEDTLS_USER_CONFIG_H
29 
30 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
31 #define _CRT_SECURE_NO_DEPRECATE 1
32 #endif
33 
34 /**************************** MCUX CSS_PKC ********************************************/
35 #include <zephyr/sys/printk.h>
36 
37 #if defined(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA) && \
38     !defined(CONFIG_BUILD_WITH_TFM)
39 #define MBEDTLS_CTR_DRBG_ENABLED
40 #define MBEDTLS_CIPHER_AES_ENABLED
41 #define MBEDTLS_CIPHER_MODE_CBC_ENABLED
42 #define MBEDTLS_CIPHER_PADDING_PKCS7
43 #define PSA_CRYPTO_DRIVER_ELS_PKC
44 
45 #define PSA_WANT_ALG_ECDSA 1
46 #define PSA_WANT_ALG_ECDSA_ANY 1
47 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
48 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
49 #endif
50 
51 /**************************** MCUX CSS_PKC end ****************************************/
52 /**
53  * \name SECTION: System support
54  *
55  * This section sets system specific settings.
56  * \{
57  */
58 
59 /**
60  * \def MBEDTLS_HAVE_ASM
61  *
62  * The compiler has support for asm().
63  *
64  * Requires support for asm() in compiler.
65  *
66  * Used in:
67  *      library/aria.c
68  *      library/timing.c
69  *      include/mbedtls/bn_mul.h
70  *
71  * Required by:
72  *      MBEDTLS_AESNI_C
73  *      MBEDTLS_PADLOCK_C
74  *
75  * Comment to disable the use of assembly code.
76  */
77 #define MBEDTLS_HAVE_ASM
78 
79 /**
80  * \def MBEDTLS_NO_UDBL_DIVISION
81  *
82  * The platform lacks support for double-width integer division (64-bit
83  * division on a 32-bit platform, 128-bit division on a 64-bit platform).
84  *
85  * Used in:
86  *      include/mbedtls/bignum.h
87  *      library/bignum.c
88  *
89  * The bignum code uses double-width division to speed up some operations.
90  * Double-width division is often implemented in software that needs to
91  * be linked with the program. The presence of a double-width integer
92  * type is usually detected automatically through preprocessor macros,
93  * but the automatic detection cannot know whether the code needs to
94  * and can be linked with an implementation of division for that type.
95  * By default division is assumed to be usable if the type is present.
96  * Uncomment this option to prevent the use of double-width division.
97  *
98  * Note that division for the native integer type is always required.
99  * Furthermore, a 64-bit type is always required even on a 32-bit
100  * platform, but it need not support multiplication or division. In some
101  * cases it is also desirable to disable some double-width operations. For
102  * example, if double-width division is implemented in software, disabling
103  * it can reduce code size in some embedded targets.
104  */
105 //#define MBEDTLS_NO_UDBL_DIVISION
106 
107 /**
108  * \def MBEDTLS_NO_64BIT_MULTIPLICATION
109  *
110  * The platform lacks support for 32x32 -> 64-bit multiplication.
111  *
112  * Used in:
113  *      library/poly1305.c
114  *
115  * Some parts of the library may use multiplication of two unsigned 32-bit
116  * operands with a 64-bit result in order to speed up computations. On some
117  * platforms, this is not available in hardware and has to be implemented in
118  * software, usually in a library provided by the toolchain.
119  *
120  * Sometimes it is not desirable to have to link to that library. This option
121  * removes the dependency of that library on platforms that lack a hardware
122  * 64-bit multiplier by embedding a software implementation in Mbed TLS.
123  *
124  * Note that depending on the compiler, this may decrease performance compared
125  * to using the library function provided by the toolchain.
126  */
127 //#define MBEDTLS_NO_64BIT_MULTIPLICATION
128 
129 /**
130  * \def MBEDTLS_HAVE_SSE2
131  *
132  * CPU supports SSE2 instruction set.
133  *
134  * Uncomment if the CPU supports SSE2 (IA-32 specific).
135  */
136 //#define MBEDTLS_HAVE_SSE2
137 
138 /**
139  * \def MBEDTLS_HAVE_TIME
140  *
141  * System has time.h and time().
142  * The time does not need to be correct, only time differences are used,
143  * by contrast with MBEDTLS_HAVE_TIME_DATE
144  *
145  * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
146  * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
147  * MBEDTLS_PLATFORM_STD_TIME.
148  *
149  * Comment if your system does not support time functions
150  */
151 //#define MBEDTLS_HAVE_TIME
152 
153 /**
154  * \def MBEDTLS_HAVE_TIME_DATE
155  *
156  * System has time.h, time(), and an implementation for
157  * mbedtls_platform_gmtime_r() (see below).
158  * The time needs to be correct (not necessarily very accurate, but at least
159  * the date should be correct). This is used to verify the validity period of
160  * X.509 certificates.
161  *
162  * Comment if your system does not have a correct clock.
163  *
164  * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
165  * behaves similarly to the gmtime_r() function from the C standard. Refer to
166  * the documentation for mbedtls_platform_gmtime_r() for more information.
167  *
168  * \note It is possible to configure an implementation for
169  * mbedtls_platform_gmtime_r() at compile-time by using the macro
170  * MBEDTLS_PLATFORM_GMTIME_R_ALT.
171  */
172 //#define MBEDTLS_HAVE_TIME_DATE
173 
174 /**
175  * \def MBEDTLS_PLATFORM_MEMORY
176  *
177  * Enable the memory allocation layer.
178  *
179  * By default mbed TLS uses the system-provided calloc() and free().
180  * This allows different allocators (self-implemented or provided) to be
181  * provided to the platform abstraction layer.
182  *
183  * Enabling MBEDTLS_PLATFORM_MEMORY without the
184  * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
185  * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
186  * free() function pointer at runtime.
187  *
188  * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
189  * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
190  * alternate function at compile time.
191  *
192  * Requires: MBEDTLS_PLATFORM_C
193  *
194  * Enable this layer to allow use of alternative memory allocators.
195  */
196 //#define MBEDTLS_PLATFORM_MEMORY
197 
198 /**
199  * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
200  *
201  * Do not assign standard functions in the platform layer (e.g. calloc() to
202  * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
203  *
204  * This makes sure there are no linking errors on platforms that do not support
205  * these functions. You will HAVE to provide alternatives, either at runtime
206  * via the platform_set_xxx() functions or at compile time by setting
207  * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
208  * MBEDTLS_PLATFORM_XXX_MACRO.
209  *
210  * Requires: MBEDTLS_PLATFORM_C
211  *
212  * Uncomment to prevent default assignment of standard functions in the
213  * platform layer.
214  */
215 //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
216 
217 /**
218  * \def MBEDTLS_PLATFORM_EXIT_ALT
219  *
220  * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
221  * function in the platform abstraction layer.
222  *
223  * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
224  * provide a function "mbedtls_platform_set_printf()" that allows you to set an
225  * alternative printf function pointer.
226  *
227  * All these define require MBEDTLS_PLATFORM_C to be defined!
228  *
229  * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
230  * it will be enabled automatically by check_config.h
231  *
232  * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
233  * MBEDTLS_PLATFORM_XXX_MACRO!
234  *
235  * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
236  *
237  * Uncomment a macro to enable alternate implementation of specific base
238  * platform function
239  */
240 //#define MBEDTLS_PLATFORM_EXIT_ALT
241 //#define MBEDTLS_PLATFORM_TIME_ALT
242 //#define MBEDTLS_PLATFORM_FPRINTF_ALT
243 //#define MBEDTLS_PLATFORM_PRINTF_ALT
244 //#define MBEDTLS_PLATFORM_SNPRINTF_ALT
245 //#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
246 //#define MBEDTLS_PLATFORM_NV_SEED_ALT
247 //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
248 
249 /**
250  * \def MBEDTLS_DEPRECATED_WARNING
251  *
252  * Mark deprecated functions and features so that they generate a warning if
253  * used. Functionality deprecated in one version will usually be removed in the
254  * next version. You can enable this to help you prepare the transition to a
255  * new major version by making sure your code is not using this functionality.
256  *
257  * This only works with GCC and Clang. With other compilers, you may want to
258  * use MBEDTLS_DEPRECATED_REMOVED
259  *
260  * Uncomment to get warnings on using deprecated functions and features.
261  */
262 //#define MBEDTLS_DEPRECATED_WARNING
263 
264 /**
265  * \def MBEDTLS_DEPRECATED_REMOVED
266  *
267  * Remove deprecated functions and features so that they generate an error if
268  * used. Functionality deprecated in one version will usually be removed in the
269  * next version. You can enable this to help you prepare the transition to a
270  * new major version by making sure your code is not using this functionality.
271  *
272  * Uncomment to get errors on using deprecated functions and features.
273  */
274 //#define MBEDTLS_DEPRECATED_REMOVED
275 
276 /**
277  * \def MBEDTLS_CHECK_PARAMS
278  *
279  * This configuration option controls whether the library validates more of
280  * the parameters passed to it.
281  *
282  * When this flag is not defined, the library only attempts to validate an
283  * input parameter if: (1) they may come from the outside world (such as the
284  * network, the filesystem, etc.) or (2) not validating them could result in
285  * internal memory errors such as overflowing a buffer controlled by the
286  * library. On the other hand, it doesn't attempt to validate parameters whose
287  * values are fully controlled by the application (such as pointers).
288  *
289  * When this flag is defined, the library additionally attempts to validate
290  * parameters that are fully controlled by the application, and should always
291  * be valid if the application code is fully correct and trusted.
292  *
293  * For example, when a function accepts as input a pointer to a buffer that may
294  * contain untrusted data, and its documentation mentions that this pointer
295  * must not be NULL:
296  * - The pointer is checked to be non-NULL only if this option is enabled.
297  * - The content of the buffer is always validated.
298  *
299  * When this flag is defined, if a library function receives a parameter that
300  * is invalid:
301  * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
302  * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
303  *   will immediately return. If the function returns an Mbed TLS error code,
304  *   the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
305  *
306  * When defining this flag, you also need to arrange a definition for
307  * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
308  * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
309  *   function mbedtls_param_failed(), but the library does not define this
310  *   function. If you do not make any other arrangements, you must provide
311  *   the function mbedtls_param_failed() in your application.
312  *   See `platform_util.h` for its prototype.
313  * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
314  *   library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
315  *   You can still supply an alternative definition of
316  *   MBEDTLS_PARAM_FAILED(), which may call `assert`.
317  * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
318  *   or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
319  *   the library will call the macro that you defined and will not supply
320  *   its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
321  *   you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
322  *   files include `<assert.h>`.
323  *
324  * Uncomment to enable validation of application-controlled parameters.
325  */
326 //#define MBEDTLS_CHECK_PARAMS
327 
328 /**
329  * \def MBEDTLS_CHECK_PARAMS_ASSERT
330  *
331  * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
332  * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
333  *
334  * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
335  * calling a function mbedtls_param_failed(). See the documentation of
336  * #MBEDTLS_CHECK_PARAMS for details.
337  *
338  * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
339  */
340 //#define MBEDTLS_CHECK_PARAMS_ASSERT
341 
342 /* \} name SECTION: System support */
343 
344 /**
345  * \name SECTION: mbed TLS feature support
346  *
347  * This section sets support for features that are or are not needed
348  * within the modules that are enabled.
349  * \{
350  */
351 
352 /**
353  * \def MBEDTLS_TIMING_ALT
354  *
355  * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
356  * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
357  *
358  * Only works if you have MBEDTLS_TIMING_C enabled.
359  *
360  * You will need to provide a header "timing_alt.h" and an implementation at
361  * compile time.
362  */
363 //#define MBEDTLS_TIMING_ALT
364 
365 /**
366  * \def MBEDTLS_AES_ALT
367  *
368  * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
369  * alternate core implementation of a symmetric crypto, an arithmetic or hash
370  * module (e.g. platform specific assembly optimized implementations). Keep
371  * in mind that the function prototypes should remain the same.
372  *
373  * This replaces the whole module. If you only want to replace one of the
374  * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
375  *
376  * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
377  * provide the "struct mbedtls_aes_context" definition and omit the base
378  * function declarations and implementations. "aes_alt.h" will be included from
379  * "aes.h" to include the new function definitions.
380  *
381  * Uncomment a macro to enable alternate implementation of the corresponding
382  * module.
383  *
384  * \warning   MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
385  *            use constitutes a security risk. If possible, we recommend
386  *            avoiding dependencies on them, and considering stronger message
387  *            digests and ciphers instead.
388  *
389  */
390 
391 /**
392  * \def MBEDTLS_ECP_INTERNAL_ALT
393  *
394  * Expose a part of the internal interface of the Elliptic Curve Point module.
395  *
396  * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
397  * alternative core implementation of elliptic curve arithmetic. Keep in mind
398  * that function prototypes should remain the same.
399  *
400  * This partially replaces one function. The header file from mbed TLS is still
401  * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
402  * is still present and it is used for group structures not supported by the
403  * alternative.
404  *
405  * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
406  * and implementing the following functions:
407  *      unsigned char mbedtls_internal_ecp_grp_capable(
408  *          const mbedtls_ecp_group *grp )
409  *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
410  *      void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
411  * The mbedtls_internal_ecp_grp_capable function should return 1 if the
412  * replacement functions implement arithmetic for the given group and 0
413  * otherwise.
414  * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
415  * called before and after each point operation and provide an opportunity to
416  * implement optimized set up and tear down instructions.
417  *
418  * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
419  * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
420  * function, but will use your mbedtls_internal_ecp_double_jac if the group is
421  * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
422  * receives it as an argument). If the group is not supported then the original
423  * implementation is used. The other functions and the definition of
424  * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
425  * implementation of mbedtls_internal_ecp_double_jac and
426  * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
427  *
428  * Uncomment a macro to enable alternate implementation of the corresponding
429  * function.
430  */
431 /* Required for all the functions in this section */
432 //#define MBEDTLS_ECP_INTERNAL_ALT
433 /* Support for Weierstrass curves with Jacobi representation */
434 //#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
435 //#define MBEDTLS_ECP_ADD_MIXED_ALT
436 //#define MBEDTLS_ECP_DOUBLE_JAC_ALT
437 //#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
438 //#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
439 /* Support for curves with Montgomery arithmetic */
440 //#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
441 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
442 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
443 
444 /**
445  * \def MBEDTLS_TEST_NULL_ENTROPY
446  *
447  * Enables testing and use of mbed TLS without any configured entropy sources.
448  * This permits use of the library on platforms before an entropy source has
449  * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
450  * MBEDTLS_ENTROPY_NV_SEED switches).
451  *
452  * WARNING! This switch MUST be disabled in production builds, and is suitable
453  * only for development.
454  * Enabling the switch negates any security provided by the library.
455  *
456  * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
457  *
458  */
459 //#define MBEDTLS_TEST_NULL_ENTROPY
460 
461 /**
462  * \def MBEDTLS_AES_ROM_TABLES
463  *
464  * Use precomputed AES tables stored in ROM.
465  *
466  * Uncomment this macro to use precomputed AES tables stored in ROM.
467  * Comment this macro to generate AES tables in RAM at runtime.
468  *
469  * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
470  * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
471  * initialization time before the first AES operation can be performed.
472  * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
473  * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
474  * performance if ROM access is slower than RAM access.
475  *
476  * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
477  *
478  */
479 //#define MBEDTLS_AES_ROM_TABLES
480 
481 /**
482  * \def MBEDTLS_AES_FEWER_TABLES
483  *
484  * Use less ROM/RAM for AES tables.
485  *
486  * Uncommenting this macro omits 75% of the AES tables from
487  * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
488  * by computing their values on the fly during operations
489  * (the tables are entry-wise rotations of one another).
490  *
491  * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
492  * by ~6kb but at the cost of more arithmetic operations during
493  * runtime. Specifically, one has to compare 4 accesses within
494  * different tables to 4 accesses with additional arithmetic
495  * operations within the same table. The performance gain/loss
496  * depends on the system and memory details.
497  *
498  * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
499  *
500  */
501 //#define MBEDTLS_AES_FEWER_TABLES
502 
503 /**
504  * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
505  *
506  * Use less ROM for the Camellia implementation (saves about 768 bytes).
507  *
508  * Uncomment this macro to use less memory for Camellia.
509  */
510 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY
511 
512 /**
513  * \def MBEDTLS_CIPHER_MODE_CBC
514  *
515  * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
516  */
517 #define MBEDTLS_CIPHER_MODE_CBC
518 
519 /**
520  * \def MBEDTLS_CIPHER_MODE_CFB
521  *
522  * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
523  */
524 #define MBEDTLS_CIPHER_MODE_CFB
525 
526 /**
527  * \def MBEDTLS_CIPHER_MODE_CTR
528  *
529  * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
530  */
531 #define MBEDTLS_CIPHER_MODE_CTR
532 
533 /**
534  * \def MBEDTLS_CIPHER_MODE_OFB
535  *
536  * Enable Output Feedback mode (OFB) for symmetric ciphers.
537  */
538 #define MBEDTLS_CIPHER_MODE_OFB
539 
540 /**
541  * \def MBEDTLS_CIPHER_MODE_XTS
542  *
543  * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
544  */
545 #define MBEDTLS_CIPHER_MODE_XTS
546 
547 /**
548  * \def MBEDTLS_CIPHER_NULL_CIPHER
549  *
550  * Enable NULL cipher.
551  * Warning: Only do so when you know what you are doing. This allows for
552  * encryption or channels without any security!
553  *
554  * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
555  * the following ciphersuites:
556  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
557  *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
558  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
559  *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
560  *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
561  *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
562  *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
563  *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
564  *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
565  *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
566  *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
567  *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
568  *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
569  *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
570  *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
571  *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
572  *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
573  *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
574  *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
575  *
576  * Uncomment this macro to enable the NULL cipher and ciphersuites
577  */
578 //#define MBEDTLS_CIPHER_NULL_CIPHER
579 
580 /**
581  * \def MBEDTLS_CIPHER_PADDING_PKCS7
582  *
583  * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
584  * specific padding modes in the cipher layer with cipher modes that support
585  * padding (e.g. CBC)
586  *
587  * If you disable all padding modes, only full blocks can be used with CBC.
588  *
589  * Enable padding modes in the cipher layer.
590  */
591 #define MBEDTLS_CIPHER_PADDING_PKCS7
592 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
593 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
594 #define MBEDTLS_CIPHER_PADDING_ZEROS
595 
596 /** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
597  *
598  * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
599  * By default, CTR_DRBG uses a 256-bit key.
600  */
601 //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
602 
603 /**
604  * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
605  *
606  * Enable weak ciphersuites in SSL / TLS.
607  * Warning: Only do so when you know what you are doing. This allows for
608  * channels with virtually no security at all!
609  *
610  * This enables the following ciphersuites:
611  *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
612  *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
613  *
614  * Uncomment this macro to enable weak ciphersuites
615  *
616  * \warning   DES is considered a weak cipher and its use constitutes a
617  *            security risk. We recommend considering stronger ciphers instead.
618  */
619 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
620 
621 /**
622  * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
623  *
624  * Remove RC4 ciphersuites by default in SSL / TLS.
625  * This flag removes the ciphersuites based on RC4 from the default list as
626  * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
627  * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
628  * explicitly.
629  *
630  * Uncomment this macro to remove RC4 ciphersuites by default.
631  */
632 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
633 
634 /**
635  * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
636  *
637  * Remove 3DES ciphersuites by default in SSL / TLS.
638  * This flag removes the ciphersuites based on 3DES from the default list as
639  * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
640  * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
641  * them explicitly.
642  *
643  * A man-in-the-browser attacker can recover authentication tokens sent through
644  * a TLS connection using a 3DES based cipher suite (see "On the Practical
645  * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
646  * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
647  * in your threat model or you are unsure, then you should keep this option
648  * enabled to remove 3DES based cipher suites.
649  *
650  * Comment this macro to keep 3DES in the default ciphersuite list.
651  */
652 #define MBEDTLS_REMOVE_3DES_CIPHERSUITES
653 
654 /**
655  * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
656  *
657  * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
658  * module.  By default all supported curves are enabled.
659  *
660  * Comment macros to disable the curve and functions for it
661  */
662 /* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
663 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
664 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
665 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
666 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
667 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
668 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
669 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
670 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
671 #define MBEDTLS_ECP_DP_BP256R1_ENABLED
672 #define MBEDTLS_ECP_DP_BP384R1_ENABLED
673 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
674 /* Montgomery curves (supporting ECP), NOT supported by CSS PKC*/
675 //#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
676 //#define MBEDTLS_ECP_DP_CURVE448_ENABLED
677 
678 /**
679  * \def MBEDTLS_ECP_NIST_OPTIM
680  *
681  * Enable specific 'modulo p' routines for each NIST prime.
682  * Depending on the prime and architecture, makes operations 4 to 8 times
683  * faster on the corresponding curve.
684  *
685  * Comment this macro to disable NIST curves optimisation.
686  */
687 #define MBEDTLS_ECP_NIST_OPTIM
688 
689 /**
690  * \def MBEDTLS_ECP_NO_INTERNAL_RNG
691  *
692  * When this option is disabled, mbedtls_ecp_mul() will make use of an
693  * internal RNG when called with a NULL \c f_rng argument, in order to protect
694  * against some side-channel attacks.
695  *
696  * This protection introduces a dependency of the ECP module on one of the
697  * DRBG modules. For very constrained implementations that don't require this
698  * protection (for example, because you're only doing signature verification,
699  * so not manipulating any secret, or because local/physical side-channel
700  * attacks are outside your threat model), it might be desirable to get rid of
701  * that dependency.
702  *
703  * \warning Enabling this option makes some uses of ECP vulnerable to some
704  * side-channel attacks. Only enable it if you know that's not a problem for
705  * your use case.
706  *
707  * Uncomment this macro to disable some counter-measures in ECP.
708  */
709 //#define MBEDTLS_ECP_NO_INTERNAL_RNG
710 
711 /**
712  * \def MBEDTLS_ECP_RESTARTABLE
713  *
714  * Enable "non-blocking" ECC operations that can return early and be resumed.
715  *
716  * This allows various functions to pause by returning
717  * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
718  * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
719  * order to further progress and eventually complete their operation. This is
720  * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
721  * number of ECC operations a function may perform before pausing; see
722  * mbedtls_ecp_set_max_ops() for more information.
723  *
724  * This is useful in non-threaded environments if you want to avoid blocking
725  * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
726  *
727  * Uncomment this macro to enable restartable ECC computations.
728  *
729  * \note  This option only works with the default software implementation of
730  *        elliptic curve functionality. It is incompatible with
731  *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
732  *        and MBEDTLS_ECDH_LEGACY_CONTEXT.
733  */
734 //#define MBEDTLS_ECP_RESTARTABLE
735 
736 /**
737  * \def MBEDTLS_ECDH_LEGACY_CONTEXT
738  *
739  * Use a backward compatible ECDH context.
740  *
741  * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
742  * defined in `ecdh.h`). For most applications, the choice of format makes
743  * no difference, since all library functions can work with either format,
744  * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
745 
746  * The new format used when this option is disabled is smaller
747  * (56 bytes on a 32-bit platform). In future versions of the library, it
748  * will support alternative implementations of ECDH operations.
749  * The new format is incompatible with applications that access
750  * context fields directly and with restartable ECP operations.
751  *
752  * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
753  * want to access ECDH context fields directly. Otherwise you should
754  * comment out this macro definition.
755  *
756  * This option has no effect if #MBEDTLS_ECDH_C is not enabled.
757  *
758  * \note This configuration option is experimental. Future versions of the
759  *       library may modify the way the ECDH context layout is configured
760  *       and may modify the layout of the new context type.
761  */
762 #ifdef MBEDTLS_ECDH_LEGACY_CONTEXT
763 #undef MBEDTLS_ECDH_LEGACY_CONTEXT
764 #endif
765 
766 /**
767  * \def MBEDTLS_ECDSA_DETERMINISTIC
768  *
769  * Enable deterministic ECDSA (RFC 6979).
770  * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
771  * may result in a compromise of the long-term signing key. This is avoided by
772  * the deterministic variant.
773  *
774  * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
775  *
776  * Comment this macro to disable deterministic ECDSA.
777  */
778 #define MBEDTLS_ECDSA_DETERMINISTIC
779 
780 /**
781  * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
782  *
783  * Enable the PSK based ciphersuite modes in SSL / TLS.
784  *
785  * This enables the following ciphersuites (if other requisites are
786  * enabled as well):
787  *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
788  *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
789  *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
790  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
791  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
792  *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
793  *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
794  *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
795  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
796  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
797  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
798  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
799  */
800 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
801 
802 /**
803  * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
804  *
805  * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
806  *
807  * Requires: MBEDTLS_DHM_C
808  *
809  * This enables the following ciphersuites (if other requisites are
810  * enabled as well):
811  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
812  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
813  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
814  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
815  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
816  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
817  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
818  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
819  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
820  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
821  *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
822  *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
823  *
824  * \warning    Using DHE constitutes a security risk as it
825  *             is not possible to validate custom DH parameters.
826  *             If possible, it is recommended users should consider
827  *             preferring other methods of key exchange.
828  *             See dhm.h for more details.
829  *
830  */
831 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
832 
833 /**
834  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
835  *
836  * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
837  *
838  * Requires: MBEDTLS_ECDH_C
839  *
840  * This enables the following ciphersuites (if other requisites are
841  * enabled as well):
842  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
843  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
844  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
845  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
846  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
847  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
848  *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
849  *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
850  */
851 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
852 
853 /**
854  * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
855  *
856  * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
857  *
858  * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
859  *           MBEDTLS_X509_CRT_PARSE_C
860  *
861  * This enables the following ciphersuites (if other requisites are
862  * enabled as well):
863  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
864  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
865  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
866  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
867  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
868  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
869  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
870  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
871  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
872  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
873  *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
874  *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
875  */
876 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
877 
878 /**
879  * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
880  *
881  * Enable the RSA-only based ciphersuite modes in SSL / TLS.
882  *
883  * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
884  *           MBEDTLS_X509_CRT_PARSE_C
885  *
886  * This enables the following ciphersuites (if other requisites are
887  * enabled as well):
888  *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
889  *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
890  *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
891  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
892  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
893  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
894  *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
895  *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
896  *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
897  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
898  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
899  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
900  *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
901  *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
902  *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
903  */
904 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
905 
906 /**
907  * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
908  *
909  * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
910  *
911  * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
912  *           MBEDTLS_X509_CRT_PARSE_C
913  *
914  * This enables the following ciphersuites (if other requisites are
915  * enabled as well):
916  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
917  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
918  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
919  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
920  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
921  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
922  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
923  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
924  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
925  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
926  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
927  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
928  *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
929  *
930  * \warning    Using DHE constitutes a security risk as it
931  *             is not possible to validate custom DH parameters.
932  *             If possible, it is recommended users should consider
933  *             preferring other methods of key exchange.
934  *             See dhm.h for more details.
935  *
936  */
937 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
938 
939 /**
940  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
941  *
942  * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
943  *
944  * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
945  *           MBEDTLS_X509_CRT_PARSE_C
946  *
947  * This enables the following ciphersuites (if other requisites are
948  * enabled as well):
949  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
950  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
951  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
952  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
953  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
954  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
955  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
956  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
957  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
958  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
959  *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
960  *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
961  */
962 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
963 
964 /**
965  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
966  *
967  * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
968  *
969  * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
970  *
971  * This enables the following ciphersuites (if other requisites are
972  * enabled as well):
973  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
974  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
975  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
976  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
977  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
978  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
979  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
980  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
981  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
982  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
983  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
984  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
985  */
986 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
987 
988 /**
989  * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
990  *
991  * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
992  *
993  * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
994  *
995  * This enables the following ciphersuites (if other requisites are
996  * enabled as well):
997  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
998  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
999  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
1000  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
1001  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
1002  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
1003  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
1004  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
1005  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1006  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1007  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1008  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1009  */
1010 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
1011 
1012 /**
1013  * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1014  *
1015  * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
1016  *
1017  * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
1018  *
1019  * This enables the following ciphersuites (if other requisites are
1020  * enabled as well):
1021  *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
1022  *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
1023  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
1024  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
1025  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
1026  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
1027  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
1028  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
1029  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
1030  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
1031  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
1032  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
1033  */
1034 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1035 
1036 /**
1037  * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1038  *
1039  * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
1040  *
1041  * \warning This is currently experimental. EC J-PAKE support is based on the
1042  * Thread v1.0.0 specification; incompatible changes to the specification
1043  * might still happen. For this reason, this is disabled by default.
1044  *
1045  * Requires: MBEDTLS_ECJPAKE_C
1046  *           MBEDTLS_SHA256_C
1047  *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
1048  *
1049  * This enables the following ciphersuites (if other requisites are
1050  * enabled as well):
1051  *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
1052  */
1053 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1054 
1055 /**
1056  * \def MBEDTLS_PK_PARSE_EC_EXTENDED
1057  *
1058  * Enhance support for reading EC keys using variants of SEC1 not allowed by
1059  * RFC 5915 and RFC 5480.
1060  *
1061  * Currently this means parsing the SpecifiedECDomain choice of EC
1062  * parameters (only known groups are supported, not arbitrary domains, to
1063  * avoid validation issues).
1064  *
1065  * Disable if you only need to support RFC 5915 + 5480 key formats.
1066  */
1067 #define MBEDTLS_PK_PARSE_EC_EXTENDED
1068 
1069 /**
1070  * \def MBEDTLS_ERROR_STRERROR_DUMMY
1071  *
1072  * Enable a dummy error function to make use of mbedtls_strerror() in
1073  * third party libraries easier when MBEDTLS_ERROR_C is disabled
1074  * (no effect when MBEDTLS_ERROR_C is enabled).
1075  *
1076  * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
1077  * not using mbedtls_strerror() or error_strerror() in your application.
1078  *
1079  * Disable if you run into name conflicts and want to really remove the
1080  * mbedtls_strerror()
1081  */
1082 #define MBEDTLS_ERROR_STRERROR_DUMMY
1083 
1084 /**
1085  * \def MBEDTLS_GENPRIME
1086  *
1087  * Enable the prime-number generation code.
1088  *
1089  * Requires: MBEDTLS_BIGNUM_C
1090  */
1091 #define MBEDTLS_GENPRIME
1092 
1093 /**
1094  * \def MBEDTLS_FS_IO
1095  *
1096  * Enable functions that use the filesystem.
1097  */
1098 //#define MBEDTLS_FS_IO
1099 
1100 /**
1101  * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
1102  *
1103  * Do not add default entropy sources. These are the platform specific,
1104  * mbedtls_timing_hardclock and HAVEGE based poll functions.
1105  *
1106  * This is useful to have more control over the added entropy sources in an
1107  * application.
1108  *
1109  * Uncomment this macro to prevent loading of default entropy functions.
1110  */
1111 //#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
1112 
1113 /**
1114  * \def MBEDTLS_NO_PLATFORM_ENTROPY
1115  *
1116  * Do not use built-in platform entropy functions.
1117  * This is useful if your platform does not support
1118  * standards like the /dev/urandom or Windows CryptoAPI.
1119  *
1120  * Uncomment this macro to disable the built-in platform entropy functions.
1121  */
1122 #define MBEDTLS_NO_PLATFORM_ENTROPY
1123 
1124 /**
1125  * \def MBEDTLS_ENTROPY_FORCE_SHA256
1126  *
1127  * Force the entropy accumulator to use a SHA-256 accumulator instead of the
1128  * default SHA-512 based one (if both are available).
1129  *
1130  * Requires: MBEDTLS_SHA256_C
1131  *
1132  * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
1133  * if you have performance concerns.
1134  *
1135  * This option is only useful if both MBEDTLS_SHA256_C and
1136  * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
1137  */
1138 //#define MBEDTLS_ENTROPY_FORCE_SHA256
1139 
1140 /**
1141  * \def MBEDTLS_ENTROPY_NV_SEED
1142  *
1143  * Enable the non-volatile (NV) seed file-based entropy source.
1144  * (Also enables the NV seed read/write functions in the platform layer)
1145  *
1146  * This is crucial (if not required) on systems that do not have a
1147  * cryptographic entropy source (in hardware or kernel) available.
1148  *
1149  * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
1150  *
1151  * \note The read/write functions that are used by the entropy source are
1152  *       determined in the platform layer, and can be modified at runtime and/or
1153  *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
1154  *
1155  * \note If you use the default implementation functions that read a seedfile
1156  *       with regular fopen(), please make sure you make a seedfile with the
1157  *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
1158  *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
1159  *       and written to or you will get an entropy source error! The default
1160  *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
1161  *       bytes from the file.
1162  *
1163  * \note The entropy collector will write to the seed file before entropy is
1164  *       given to an external source, to update it.
1165  */
1166 //#define MBEDTLS_ENTROPY_NV_SEED
1167 
1168 /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
1169  *
1170  * Enable key identifiers that encode a key owner identifier.
1171  *
1172  * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
1173  * which is currently hard-coded to be int32_t.
1174  *
1175  * Note that this option is meant for internal use only and may be removed
1176  * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO.
1177  */
1178 //#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
1179 
1180 /**
1181  * \def MBEDTLS_MEMORY_DEBUG
1182  *
1183  * Enable debugging of buffer allocator memory issues. Automatically prints
1184  * (to stderr) all (fatal) messages on memory allocation issues. Enables
1185  * function for 'debug output' of allocated memory.
1186  *
1187  * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
1188  *
1189  * Uncomment this macro to let the buffer allocator print out error messages.
1190  */
1191 //#define MBEDTLS_MEMORY_DEBUG
1192 
1193 /**
1194  * \def MBEDTLS_MEMORY_BACKTRACE
1195  *
1196  * Include backtrace information with each allocated block.
1197  *
1198  * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
1199  *           GLIBC-compatible backtrace() an backtrace_symbols() support
1200  *
1201  * Uncomment this macro to include backtrace information
1202  */
1203 //#define MBEDTLS_MEMORY_BACKTRACE
1204 
1205 /**
1206  * \def MBEDTLS_PK_RSA_ALT_SUPPORT
1207  *
1208  * Support external private RSA keys (eg from a HSM) in the PK layer.
1209  *
1210  * Comment this macro to disable support for external private RSA keys.
1211  */
1212 #define MBEDTLS_PK_RSA_ALT_SUPPORT
1213 
1214 /**
1215  * \def MBEDTLS_PKCS1_V15
1216  *
1217  * Enable support for PKCS#1 v1.5 encoding.
1218  *
1219  * Requires: MBEDTLS_RSA_C
1220  *
1221  * This enables support for PKCS#1 v1.5 operations.
1222  */
1223 #define MBEDTLS_PKCS1_V15
1224 
1225 /**
1226  * \def MBEDTLS_PKCS1_V21
1227  *
1228  * Enable support for PKCS#1 v2.1 encoding.
1229  *
1230  * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
1231  *
1232  * This enables support for RSAES-OAEP and RSASSA-PSS operations.
1233  */
1234 #define MBEDTLS_PKCS1_V21
1235 
1236 /** \def MBEDTLS_PSA_CRYPTO_DRIVERS
1237  *
1238  * Enable support for the experimental PSA crypto driver interface.
1239  *
1240  * Requires: MBEDTLS_PSA_CRYPTO_C
1241  *
1242  * \warning This interface is experimental and may change or be removed
1243  * without notice.
1244  */
1245 //#define MBEDTLS_PSA_CRYPTO_DRIVERS
1246 
1247 /**
1248  * \def MBEDTLS_PSA_CRYPTO_SPM
1249  *
1250  * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
1251  * Partition Manager) integration which separates the code into two parts: a
1252  * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
1253  * Environment).
1254  *
1255  * Module:  library/psa_crypto.c
1256  * Requires: MBEDTLS_PSA_CRYPTO_C
1257  *
1258  */
1259 //#define MBEDTLS_PSA_CRYPTO_SPM
1260 
1261 /**
1262  * \def MBEDTLS_PSA_INJECT_ENTROPY
1263  *
1264  * Enable support for entropy injection at first boot. This feature is
1265  * required on systems that do not have a built-in entropy source (TRNG).
1266  * This feature is currently not supported on systems that have a built-in
1267  * entropy source.
1268  *
1269  * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
1270  *
1271  */
1272 //#define MBEDTLS_PSA_INJECT_ENTROPY
1273 
1274 /**
1275  * \def MBEDTLS_RSA_NO_CRT
1276  *
1277  * Do not use the Chinese Remainder Theorem
1278  * for the RSA private operation.
1279  *
1280  * Uncomment this macro to disable the use of CRT in RSA.
1281  *
1282  */
1283 //#define MBEDTLS_RSA_NO_CRT
1284 
1285 /**
1286  * \def MBEDTLS_SELF_TEST
1287  *
1288  * Enable the checkup functions (*_self_test).
1289  */
1290 #define MBEDTLS_SELF_TEST
1291 
1292 /**
1293  * \def MBEDTLS_SHA256_SMALLER
1294  *
1295  * Enable an implementation of SHA-256 that has lower ROM footprint but also
1296  * lower performance.
1297  *
1298  * The default implementation is meant to be a reasonnable compromise between
1299  * performance and size. This version optimizes more aggressively for size at
1300  * the expense of performance. Eg on Cortex-M4 it reduces the size of
1301  * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
1302  * 30%.
1303  *
1304  * Uncomment to enable the smaller implementation of SHA256.
1305  */
1306 //#define MBEDTLS_SHA256_SMALLER
1307 
1308 /**
1309  * \def MBEDTLS_SHA512_SMALLER
1310  *
1311  * Enable an implementation of SHA-512 that has lower ROM footprint but also
1312  * lower performance.
1313  *
1314  * Uncomment to enable the smaller implementation of SHA512.
1315  */
1316 //#define MBEDTLS_SHA512_SMALLER
1317 
1318 /**
1319  * \def MBEDTLS_SHA512_NO_SHA384
1320  *
1321  * Disable the SHA-384 option of the SHA-512 module. Use this to save some
1322  * code size on devices that don't use SHA-384.
1323  *
1324  * Requires: MBEDTLS_SHA512_C
1325  *
1326  * Uncomment to disable SHA-384
1327  */
1328 //#define MBEDTLS_SHA512_NO_SHA384
1329 
1330 /**
1331  * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
1332  *
1333  * Enable sending of alert messages in case of encountered errors as per RFC.
1334  * If you choose not to send the alert messages, mbed TLS can still communicate
1335  * with other servers, only debugging of failures is harder.
1336  *
1337  * The advantage of not sending alert messages, is that no information is given
1338  * about reasons for failures thus preventing adversaries of gaining intel.
1339  *
1340  * Enable sending of all alert messages
1341  */
1342 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
1343 
1344 /**
1345  * \def MBEDTLS_SSL_RECORD_CHECKING
1346  *
1347  * Enable the function mbedtls_ssl_check_record() which can be used to check
1348  * the validity and authenticity of an incoming record, to verify that it has
1349  * not been seen before. These checks are performed without modifying the
1350  * externally visible state of the SSL context.
1351  *
1352  * See mbedtls_ssl_check_record() for more information.
1353  *
1354  * Uncomment to enable support for record checking.
1355  */
1356 #define MBEDTLS_SSL_RECORD_CHECKING
1357 
1358 /**
1359  * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
1360  *
1361  * Enable support for the DTLS Connection ID extension
1362  * (version draft-ietf-tls-dtls-connection-id-05,
1363  * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
1364  * which allows to identify DTLS connections across changes
1365  * in the underlying transport.
1366  *
1367  * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
1368  * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
1369  * See the corresponding documentation for more information.
1370  *
1371  * \warning The Connection ID extension is still in draft state.
1372  *          We make no stability promises for the availability
1373  *          or the shape of the API controlled by this option.
1374  *
1375  * The maximum lengths of outgoing and incoming CIDs can be configured
1376  * through the options
1377  * - MBEDTLS_SSL_CID_OUT_LEN_MAX
1378  * - MBEDTLS_SSL_CID_IN_LEN_MAX.
1379  *
1380  * Requires: MBEDTLS_SSL_PROTO_DTLS
1381  *
1382  * Uncomment to enable the Connection ID extension.
1383  */
1384 //#define MBEDTLS_SSL_DTLS_CONNECTION_ID
1385 
1386 /**
1387  * \def MBEDTLS_SSL_ASYNC_PRIVATE
1388  *
1389  * Enable asynchronous external private key operations in SSL. This allows
1390  * you to configure an SSL connection to call an external cryptographic
1391  * module to perform private key operations instead of performing the
1392  * operation inside the library.
1393  *
1394  */
1395 //#define MBEDTLS_SSL_ASYNC_PRIVATE
1396 
1397 /**
1398  * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
1399  *
1400  * Enable serialization of the TLS context structures, through use of the
1401  * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
1402  *
1403  * This pair of functions allows one side of a connection to serialize the
1404  * context associated with the connection, then free or re-use that context
1405  * while the serialized state is persisted elsewhere, and finally deserialize
1406  * that state to a live context for resuming read/write operations on the
1407  * connection. From a protocol perspective, the state of the connection is
1408  * unaffected, in particular this is entirely transparent to the peer.
1409  *
1410  * Note: this is distinct from TLS session resumption, which is part of the
1411  * protocol and fully visible by the peer. TLS session resumption enables
1412  * establishing new connections associated to a saved session with shorter,
1413  * lighter handshakes, while context serialization is a local optimization in
1414  * handling a single, potentially long-lived connection.
1415  *
1416  * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
1417  * saved after the handshake to allow for more efficient serialization, so if
1418  * you don't need this feature you'll save RAM by disabling it.
1419  *
1420  * Comment to disable the context serialization APIs.
1421  */
1422 #define MBEDTLS_SSL_CONTEXT_SERIALIZATION
1423 
1424 /**
1425  * \def MBEDTLS_SSL_DEBUG_ALL
1426  *
1427  * Enable the debug messages in SSL module for all issues.
1428  * Debug messages have been disabled in some places to prevent timing
1429  * attacks due to (unbalanced) debugging function calls.
1430  *
1431  * If you need all error reporting you should enable this during debugging,
1432  * but remove this for production servers that should log as well.
1433  *
1434  * Uncomment this macro to report all debug messages on errors introducing
1435  * a timing side-channel.
1436  *
1437  */
1438 //#define MBEDTLS_SSL_DEBUG_ALL
1439 
1440 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
1441  *
1442  * Enable support for Encrypt-then-MAC, RFC 7366.
1443  *
1444  * This allows peers that both support it to use a more robust protection for
1445  * ciphersuites using CBC, providing deep resistance against timing attacks
1446  * on the padding or underlying cipher.
1447  *
1448  * This only affects CBC ciphersuites, and is useless if none is defined.
1449  *
1450  * Requires: MBEDTLS_SSL_PROTO_TLS1    or
1451  *           MBEDTLS_SSL_PROTO_TLS1_1  or
1452  *           MBEDTLS_SSL_PROTO_TLS1_2
1453  *
1454  * Comment this macro to disable support for Encrypt-then-MAC
1455  */
1456 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC
1457 
1458 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
1459  *
1460  * Enable support for RFC 7627: Session Hash and Extended Master Secret
1461  * Extension.
1462  *
1463  * This was introduced as "the proper fix" to the Triple Handshake familiy of
1464  * attacks, but it is recommended to always use it (even if you disable
1465  * renegotiation), since it actually fixes a more fundamental issue in the
1466  * original SSL/TLS design, and has implications beyond Triple Handshake.
1467  *
1468  * Requires: MBEDTLS_SSL_PROTO_TLS1    or
1469  *           MBEDTLS_SSL_PROTO_TLS1_1  or
1470  *           MBEDTLS_SSL_PROTO_TLS1_2
1471  *
1472  * Comment this macro to disable support for Extended Master Secret.
1473  */
1474 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
1475 
1476 /**
1477  * \def MBEDTLS_SSL_FALLBACK_SCSV
1478  *
1479  * Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
1480  * for Preventing Protocol Downgrade Attacks.
1481  *
1482  * For servers, it is recommended to always enable this, unless you support
1483  * only one version of TLS, or know for sure that none of your clients
1484  * implements a fallback strategy.
1485  *
1486  * For clients, you only need this if you're using a fallback strategy, which
1487  * is not recommended in the first place, unless you absolutely need it to
1488  * interoperate with buggy (version-intolerant) servers.
1489  *
1490  * Comment this macro to disable support for FALLBACK_SCSV
1491  */
1492 #define MBEDTLS_SSL_FALLBACK_SCSV
1493 
1494 /**
1495  * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1496  *
1497  * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
1498  * giving access to the peer's certificate after completion of the handshake.
1499  *
1500  * Unless you need mbedtls_ssl_peer_cert() in your application, it is
1501  * recommended to disable this option for reduced RAM usage.
1502  *
1503  * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
1504  *       defined, but always returns \c NULL.
1505  *
1506  * \note This option has no influence on the protection against the
1507  *       triple handshake attack. Even if it is disabled, Mbed TLS will
1508  *       still ensure that certificates do not change during renegotiation,
1509  *       for exaple by keeping a hash of the peer's certificate.
1510  *
1511  * Comment this macro to disable storing the peer's certificate
1512  * after the handshake.
1513  */
1514 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1515 
1516 /**
1517  * \def MBEDTLS_SSL_HW_RECORD_ACCEL
1518  *
1519  * Enable hooking functions in SSL module for hardware acceleration of
1520  * individual records.
1521  *
1522  * \deprecated This option is deprecated and will be removed in a future
1523  *             version of Mbed TLS.
1524  *
1525  * Uncomment this macro to enable hooking functions.
1526  */
1527 //#define MBEDTLS_SSL_HW_RECORD_ACCEL
1528 
1529 /**
1530  * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
1531  *
1532  * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
1533  *
1534  * This is a countermeasure to the BEAST attack, which also minimizes the risk
1535  * of interoperability issues compared to sending 0-length records.
1536  *
1537  * Comment this macro to disable 1/n-1 record splitting.
1538  */
1539 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING
1540 
1541 /**
1542  * \def MBEDTLS_SSL_RENEGOTIATION
1543  *
1544  * Enable support for TLS renegotiation.
1545  *
1546  * The two main uses of renegotiation are (1) refresh keys on long-lived
1547  * connections and (2) client authentication after the initial handshake.
1548  * If you don't need renegotiation, it's probably better to disable it, since
1549  * it has been associated with security issues in the past and is easy to
1550  * misuse/misunderstand.
1551  *
1552  * Comment this to disable support for renegotiation.
1553  *
1554  * \note   Even if this option is disabled, both client and server are aware
1555  *         of the Renegotiation Indication Extension (RFC 5746) used to
1556  *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
1557  *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
1558  *          configuration of this extension).
1559  *
1560  */
1561 #define MBEDTLS_SSL_RENEGOTIATION
1562 
1563 /**
1564  * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
1565  *
1566  * Enable support for receiving and parsing SSLv2 Client Hello messages for the
1567  * SSL Server module (MBEDTLS_SSL_SRV_C).
1568  *
1569  * \deprecated This option is deprecated and will be removed in a future
1570  *             version of Mbed TLS.
1571  *
1572  * Uncomment this macro to enable support for SSLv2 Client Hello messages.
1573  */
1574 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
1575 
1576 /**
1577  * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
1578  *
1579  * Pick the ciphersuite according to the client's preferences rather than ours
1580  * in the SSL Server module (MBEDTLS_SSL_SRV_C).
1581  *
1582  * Uncomment this macro to respect client's ciphersuite order
1583  */
1584 //#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
1585 
1586 /**
1587  * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1588  *
1589  * Enable support for RFC 6066 max_fragment_length extension in SSL.
1590  *
1591  * Comment this macro to disable support for the max_fragment_length extension
1592  */
1593 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1594 
1595 /**
1596  * \def MBEDTLS_SSL_PROTO_SSL3
1597  *
1598  * Enable support for SSL 3.0.
1599  *
1600  * Requires: MBEDTLS_MD5_C
1601  *           MBEDTLS_SHA1_C
1602  *
1603  * \deprecated This option is deprecated and will be removed in a future
1604  *             version of Mbed TLS.
1605  *
1606  * Comment this macro to disable support for SSL 3.0
1607  */
1608 //#define MBEDTLS_SSL_PROTO_SSL3
1609 
1610 /**
1611  * \def MBEDTLS_SSL_PROTO_TLS1
1612  *
1613  * Enable support for TLS 1.0.
1614  *
1615  * Requires: MBEDTLS_MD5_C
1616  *           MBEDTLS_SHA1_C
1617  *
1618  * Comment this macro to disable support for TLS 1.0
1619  */
1620 #define MBEDTLS_SSL_PROTO_TLS1
1621 
1622 /**
1623  * \def MBEDTLS_SSL_PROTO_TLS1_1
1624  *
1625  * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
1626  *
1627  * Requires: MBEDTLS_MD5_C
1628  *           MBEDTLS_SHA1_C
1629  *
1630  * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
1631  */
1632 #define MBEDTLS_SSL_PROTO_TLS1_1
1633 
1634 /**
1635  * \def MBEDTLS_SSL_PROTO_TLS1_2
1636  *
1637  * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
1638  *
1639  * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
1640  *           (Depends on ciphersuites)
1641  *
1642  * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
1643  */
1644 #define MBEDTLS_SSL_PROTO_TLS1_2
1645 
1646 /**
1647  * \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1648  *
1649  * This macro is used to selectively enable experimental parts
1650  * of the code that contribute to the ongoing development of
1651  * the prototype TLS 1.3 and DTLS 1.3 implementation, and provide
1652  * no other purpose.
1653  *
1654  * \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS,
1655  *          and no feature exposed through this macro is part of the
1656  *          public API. In particular, features under the control
1657  *          of this macro are experimental and don't come with any
1658  *          stability guarantees.
1659  *
1660  * Uncomment this macro to enable experimental and partial
1661  * functionality specific to TLS 1.3.
1662  */
1663 //#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1664 
1665 /**
1666  * \def MBEDTLS_SSL_PROTO_DTLS
1667  *
1668  * Enable support for DTLS (all available versions).
1669  *
1670  * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
1671  * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
1672  *
1673  * Requires: MBEDTLS_SSL_PROTO_TLS1_1
1674  *        or MBEDTLS_SSL_PROTO_TLS1_2
1675  *
1676  * Comment this macro to disable support for DTLS
1677  */
1678 #define MBEDTLS_SSL_PROTO_DTLS
1679 
1680 /**
1681  * \def MBEDTLS_SSL_ALPN
1682  *
1683  * Enable support for RFC 7301 Application Layer Protocol Negotiation.
1684  *
1685  * Comment this macro to disable support for ALPN.
1686  */
1687 #define MBEDTLS_SSL_ALPN
1688 
1689 /**
1690  * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
1691  *
1692  * Enable support for the anti-replay mechanism in DTLS.
1693  *
1694  * Requires: MBEDTLS_SSL_TLS_C
1695  *           MBEDTLS_SSL_PROTO_DTLS
1696  *
1697  * \warning Disabling this is often a security risk!
1698  * See mbedtls_ssl_conf_dtls_anti_replay() for details.
1699  *
1700  * Comment this to disable anti-replay in DTLS.
1701  */
1702 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
1703 
1704 /**
1705  * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
1706  *
1707  * Enable support for HelloVerifyRequest on DTLS servers.
1708  *
1709  * This feature is highly recommended to prevent DTLS servers being used as
1710  * amplifiers in DoS attacks against other hosts. It should always be enabled
1711  * unless you know for sure amplification cannot be a problem in the
1712  * environment in which your server operates.
1713  *
1714  * \warning Disabling this can ba a security risk! (see above)
1715  *
1716  * Requires: MBEDTLS_SSL_PROTO_DTLS
1717  *
1718  * Comment this to disable support for HelloVerifyRequest.
1719  */
1720 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
1721 
1722 /**
1723  * \def MBEDTLS_SSL_DTLS_SRTP
1724  *
1725  * Enable support for negotation of DTLS-SRTP (RFC 5764)
1726  * through the use_srtp extension.
1727  *
1728  * \note This feature provides the minimum functionality required
1729  * to negotiate the use of DTLS-SRTP and to allow the derivation of
1730  * the associated SRTP packet protection key material.
1731  * In particular, the SRTP packet protection itself, as well as the
1732  * demultiplexing of RTP and DTLS packets at the datagram layer
1733  * (see Section 5 of RFC 5764), are not handled by this feature.
1734  * Instead, after successful completion of a handshake negotiating
1735  * the use of DTLS-SRTP, the extended key exporter API
1736  * mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement
1737  * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
1738  * (this is implemented in the SSL example programs).
1739  * The resulting key should then be passed to an SRTP stack.
1740  *
1741  * Setting this option enables the runtime API
1742  * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
1743  * through which the supported DTLS-SRTP protection
1744  * profiles can be configured. You must call this API at
1745  * runtime if you wish to negotiate the use of DTLS-SRTP.
1746  *
1747  * Requires: MBEDTLS_SSL_PROTO_DTLS
1748  *
1749  * Uncomment this to enable support for use_srtp extension.
1750  */
1751 //#define MBEDTLS_SSL_DTLS_SRTP
1752 
1753 /**
1754  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1755  *
1756  * Enable server-side support for clients that reconnect from the same port.
1757  *
1758  * Some clients unexpectedly close the connection and try to reconnect using the
1759  * same source port. This needs special support from the server to handle the
1760  * new connection securely, as described in section 4.2.8 of RFC 6347. This
1761  * flag enables that support.
1762  *
1763  * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
1764  *
1765  * Comment this to disable support for clients reusing the source port.
1766  */
1767 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
1768 
1769 /**
1770  * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
1771  *
1772  * Enable support for a limit of records with bad MAC.
1773  *
1774  * See mbedtls_ssl_conf_dtls_badmac_limit().
1775  *
1776  * Requires: MBEDTLS_SSL_PROTO_DTLS
1777  */
1778 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
1779 
1780 /**
1781  * \def MBEDTLS_SSL_SESSION_TICKETS
1782  *
1783  * Enable support for RFC 5077 session tickets in SSL.
1784  * Client-side, provides full support for session tickets (maintenance of a
1785  * session store remains the responsibility of the application, though).
1786  * Server-side, you also need to provide callbacks for writing and parsing
1787  * tickets, including authenticated encryption and key management. Example
1788  * callbacks are provided by MBEDTLS_SSL_TICKET_C.
1789  *
1790  * Comment this macro to disable support for SSL session tickets
1791  */
1792 #define MBEDTLS_SSL_SESSION_TICKETS
1793 
1794 /**
1795  * \def MBEDTLS_SSL_EXPORT_KEYS
1796  *
1797  * Enable support for exporting key block and master secret.
1798  * This is required for certain users of TLS, e.g. EAP-TLS.
1799  *
1800  * Comment this macro to disable support for key export
1801  */
1802 #define MBEDTLS_SSL_EXPORT_KEYS
1803 
1804 /**
1805  * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
1806  *
1807  * Enable support for RFC 6066 server name indication (SNI) in SSL.
1808  *
1809  * Requires: MBEDTLS_X509_CRT_PARSE_C
1810  *
1811  * Comment this macro to disable support for server name indication in SSL
1812  */
1813 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
1814 
1815 /**
1816  * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
1817  *
1818  * Fallback to old (pre-2.7), non-conforming implementation of the truncated
1819  * HMAC extension which also truncates the HMAC key. Note that this option is
1820  * only meant for a transitory upgrade period and will be removed in a future
1821  * version of the library.
1822  *
1823  * \warning The old implementation is non-compliant and has a security weakness
1824  *          (2^80 brute force attack on the HMAC key used for a single,
1825  *          uninterrupted connection). This should only be enabled temporarily
1826  *          when (1) the use of truncated HMAC is essential in order to save
1827  *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
1828  *          the fixed implementation yet (pre-2.7).
1829  *
1830  * \deprecated This option is deprecated and will be removed in a
1831  *             future version of Mbed TLS.
1832  *
1833  * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
1834  *
1835  * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
1836  */
1837 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
1838 
1839 /**
1840  * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
1841  *
1842  * Enable modifying the maximum I/O buffer size.
1843  */
1844 //#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
1845 
1846 /**
1847  * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
1848  *
1849  * Enable testing of the constant-flow nature of some sensitive functions with
1850  * clang's MemorySanitizer. This causes some existing tests to also test
1851  * this non-functional property of the code under test.
1852  *
1853  * This setting requires compiling with clang -fsanitize=memory. The test
1854  * suites can then be run normally.
1855  *
1856  * \warning This macro is only used for extended testing; it is not considered
1857  * part of the library's API, so it may change or disappear at any time.
1858  *
1859  * Uncomment to enable testing of the constant-flow nature of selected code.
1860  */
1861 //#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
1862 
1863 /**
1864  * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
1865  *
1866  * Enable testing of the constant-flow nature of some sensitive functions with
1867  * valgrind's memcheck tool. This causes some existing tests to also test
1868  * this non-functional property of the code under test.
1869  *
1870  * This setting requires valgrind headers for building, and is only useful for
1871  * testing if the tests suites are run with valgrind's memcheck. This can be
1872  * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
1873  * using CMake, this can be done for all test suites with 'make memcheck'.
1874  *
1875  * \warning This macro is only used for extended testing; it is not considered
1876  * part of the library's API, so it may change or disappear at any time.
1877  *
1878  * Uncomment to enable testing of the constant-flow nature of selected code.
1879  */
1880 //#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
1881 
1882 /**
1883  * \def MBEDTLS_TEST_HOOKS
1884  *
1885  * Enable features for invasive testing such as introspection functions and
1886  * hooks for fault injection. This enables additional unit tests.
1887  *
1888  * Merely enabling this feature should not change the behavior of the product.
1889  * It only adds new code, and new branching points where the default behavior
1890  * is the same as when this feature is disabled.
1891  * However, this feature increases the attack surface: there is an added
1892  * risk of vulnerabilities, and more gadgets that can make exploits easier.
1893  * Therefore this feature must never be enabled in production.
1894  *
1895  * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
1896  * information.
1897  *
1898  * Uncomment to enable invasive tests.
1899  */
1900 //#define MBEDTLS_TEST_HOOKS
1901 
1902 /**
1903  * \def MBEDTLS_THREADING_PTHREAD
1904  *
1905  * Enable the pthread wrapper layer for the threading layer.
1906  *
1907  * Requires: MBEDTLS_THREADING_C
1908  *
1909  * Uncomment this to enable pthread mutexes.
1910  */
1911 //#define MBEDTLS_THREADING_PTHREAD
1912 
1913 /**
1914  * \def MBEDTLS_USE_PSA_CRYPTO
1915  *
1916  * Make the X.509 and TLS library use PSA for cryptographic operations, and
1917  * enable new APIs for using keys handled by PSA Crypto.
1918  *
1919  * \note Development of this option is currently in progress, and parts of Mbed
1920  * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
1921  * will still continue to work as usual, so enabling this option should not
1922  * break backwards compatibility.
1923  *
1924  * \warning The PSA Crypto API is in beta stage. While you're welcome to
1925  * experiment using it, incompatible API changes are still possible, and some
1926  * parts may not have reached the same quality as the rest of Mbed TLS yet.
1927  *
1928  * \warning This option enables new Mbed TLS APIs that are dependent on the
1929  * PSA Crypto API, so can't come with the same stability guarantees as the
1930  * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
1931  * now, access to these APIs is opt-in (via enabling the present option), in
1932  * order to clearly differentiate them from the stable Mbed TLS APIs.
1933  *
1934  * Requires: MBEDTLS_PSA_CRYPTO_C.
1935  *
1936  * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
1937  */
1938 //#define MBEDTLS_USE_PSA_CRYPTO
1939 
1940 /**
1941  * \def MBEDTLS_PSA_CRYPTO_CONFIG
1942  *
1943  * This setting allows support for cryptographic mechanisms through the PSA
1944  * API to be configured separately from support through the mbedtls API.
1945  *
1946  * Uncomment this to enable use of PSA Crypto configuration settings which
1947  * can be found in include/psa/crypto_config.h.
1948  *
1949  * If you enable this option and write your own configuration file, you must
1950  * include mbedtls/config_psa.h in your configuration file. The default
1951  * provided mbedtls/config.h contains the necessary inclusion.
1952  *
1953  * This feature is still experimental and is not ready for production since
1954  * it is not completed.
1955  */
1956 //#define MBEDTLS_PSA_CRYPTO_CONFIG
1957 
1958 /**
1959  * \def MBEDTLS_VERSION_FEATURES
1960  *
1961  * Allow run-time checking of compile-time enabled features. Thus allowing users
1962  * to check at run-time if the library is for instance compiled with threading
1963  * support via mbedtls_version_check_feature().
1964  *
1965  * Requires: MBEDTLS_VERSION_C
1966  *
1967  * Comment this to disable run-time checking and save ROM space
1968  */
1969 #define MBEDTLS_VERSION_FEATURES
1970 
1971 /**
1972  * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
1973  *
1974  * If set, the X509 parser will not break-off when parsing an X509 certificate
1975  * and encountering an extension in a v1 or v2 certificate.
1976  *
1977  * Uncomment to prevent an error.
1978  */
1979 //#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
1980 
1981 /**
1982  * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
1983  *
1984  * If set, the X509 parser will not break-off when parsing an X509 certificate
1985  * and encountering an unknown critical extension.
1986  *
1987  * \warning Depending on your PKI use, enabling this can be a security risk!
1988  *
1989  * Uncomment to prevent an error.
1990  */
1991 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
1992 
1993 /**
1994  * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
1995  *
1996  * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
1997  * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
1998  * the set of trusted certificates through a callback instead of a linked
1999  * list.
2000  *
2001  * This is useful for example in environments where a large number of trusted
2002  * certificates is present and storing them in a linked list isn't efficient
2003  * enough, or when the set of trusted certificates changes frequently.
2004  *
2005  * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
2006  * `mbedtls_ssl_conf_ca_cb()` for more information.
2007  *
2008  * Uncomment to enable trusted certificate callbacks.
2009  */
2010 //#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
2011 
2012 /**
2013  * \def MBEDTLS_X509_CHECK_KEY_USAGE
2014  *
2015  * Enable verification of the keyUsage extension (CA and leaf certificates).
2016  *
2017  * Disabling this avoids problems with mis-issued and/or misused
2018  * (intermediate) CA and leaf certificates.
2019  *
2020  * \warning Depending on your PKI use, disabling this can be a security risk!
2021  *
2022  * Comment to skip keyUsage checking for both CA and leaf certificates.
2023  */
2024 #define MBEDTLS_X509_CHECK_KEY_USAGE
2025 
2026 /**
2027  * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
2028  *
2029  * Enable verification of the extendedKeyUsage extension (leaf certificates).
2030  *
2031  * Disabling this avoids problems with mis-issued and/or misused certificates.
2032  *
2033  * \warning Depending on your PKI use, disabling this can be a security risk!
2034  *
2035  * Comment to skip extendedKeyUsage checking for certificates.
2036  */
2037 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
2038 
2039 /**
2040  * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
2041  *
2042  * Enable parsing and verification of X.509 certificates, CRLs and CSRS
2043  * signed with RSASSA-PSS (aka PKCS#1 v2.1).
2044  *
2045  * Comment this macro to disallow using RSASSA-PSS in certificates.
2046  */
2047 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
2048 
2049 /**
2050  * \def MBEDTLS_ZLIB_SUPPORT
2051  *
2052  * If set, the SSL/TLS module uses ZLIB to support compression and
2053  * decompression of packet data.
2054  *
2055  * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
2056  * CRIME attack. Before enabling this option, you should examine with care if
2057  * CRIME or similar exploits may be applicable to your use case.
2058  *
2059  * \note Currently compression can't be used with DTLS.
2060  *
2061  * \deprecated This feature is deprecated and will be removed
2062  *             in the next major revision of the library.
2063  *
2064  * Used in: library/ssl_tls.c
2065  *          library/ssl_cli.c
2066  *          library/ssl_srv.c
2067  *
2068  * This feature requires zlib library and headers to be present.
2069  *
2070  * Uncomment to enable use of ZLIB
2071  */
2072 //#define MBEDTLS_ZLIB_SUPPORT
2073 /* \} name SECTION: mbed TLS feature support */
2074 
2075 /**
2076  * \name SECTION: mbed TLS modules
2077  *
2078  * This section enables or disables entire modules in mbed TLS
2079  * \{
2080  */
2081 
2082 /**
2083  * \def MBEDTLS_AESNI_C
2084  *
2085  * Enable AES-NI support on x86-64.
2086  *
2087  * Module:  library/aesni.c
2088  * Caller:  library/aes.c
2089  *
2090  * Requires: MBEDTLS_HAVE_ASM
2091  *
2092  * This modules adds support for the AES-NI instructions on x86-64
2093  */
2094 #define MBEDTLS_AESNI_C
2095 
2096 /**
2097  * \def MBEDTLS_AES_C
2098  *
2099  * Enable the AES block cipher.
2100  *
2101  * Module:  library/aes.c
2102  * Caller:  library/cipher.c
2103  *          library/pem.c
2104  *          library/ctr_drbg.c
2105  *
2106  * This module enables the following ciphersuites (if other requisites are
2107  * enabled as well):
2108  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
2109  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
2110  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
2111  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
2112  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
2113  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
2114  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
2115  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
2116  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
2117  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
2118  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
2119  *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
2120  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
2121  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2122  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2123  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
2124  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
2125  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
2126  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
2127  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2128  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
2129  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2130  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2131  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
2132  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
2133  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2134  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
2135  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
2136  *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2137  *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
2138  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
2139  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
2140  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
2141  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
2142  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
2143  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
2144  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
2145  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
2146  *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
2147  *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
2148  *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
2149  *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
2150  *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
2151  *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
2152  *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
2153  *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
2154  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
2155  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
2156  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
2157  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
2158  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
2159  *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
2160  *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
2161  *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
2162  *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
2163  *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
2164  *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
2165  *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
2166  *
2167  * PEM_PARSE uses AES for decrypting encrypted keys.
2168  */
2169 #define MBEDTLS_AES_C
2170 
2171 /**
2172  * \def MBEDTLS_ASN1_PARSE_C
2173  *
2174  * Enable the generic ASN1 parser.
2175  *
2176  * Module:  library/asn1.c
2177  * Caller:  library/x509.c
2178  *          library/dhm.c
2179  *          library/pkcs12.c
2180  *          library/pkcs5.c
2181  *          library/pkparse.c
2182  */
2183 #define MBEDTLS_ASN1_PARSE_C
2184 
2185 /**
2186  * \def MBEDTLS_ASN1_WRITE_C
2187  *
2188  * Enable the generic ASN1 writer.
2189  *
2190  * Module:  library/asn1write.c
2191  * Caller:  library/ecdsa.c
2192  *          library/pkwrite.c
2193  *          library/x509_create.c
2194  *          library/x509write_crt.c
2195  *          library/x509write_csr.c
2196  */
2197 #define MBEDTLS_ASN1_WRITE_C
2198 
2199 /**
2200  * \def MBEDTLS_BASE64_C
2201  *
2202  * Enable the Base64 module.
2203  *
2204  * Module:  library/base64.c
2205  * Caller:  library/pem.c
2206  *
2207  * This module is required for PEM support (required by X.509).
2208  */
2209 #define MBEDTLS_BASE64_C
2210 
2211 /**
2212  * \def MBEDTLS_BIGNUM_C
2213  *
2214  * Enable the multi-precision integer library.
2215  *
2216  * Module:  library/bignum.c
2217  * Caller:  library/dhm.c
2218  *          library/ecp.c
2219  *          library/ecdsa.c
2220  *          library/rsa.c
2221  *          library/rsa_internal.c
2222  *          library/ssl_tls.c
2223  *
2224  * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
2225  */
2226 #define MBEDTLS_BIGNUM_C
2227 
2228 /**
2229  * \def MBEDTLS_BLOWFISH_C
2230  *
2231  * Enable the Blowfish block cipher.
2232  *
2233  * Module:  library/blowfish.c
2234  */
2235 #define MBEDTLS_BLOWFISH_C
2236 
2237 /**
2238  * \def MBEDTLS_CAMELLIA_C
2239  *
2240  * Enable the Camellia block cipher.
2241  *
2242  * Module:  library/camellia.c
2243  * Caller:  library/cipher.c
2244  *
2245  * This module enables the following ciphersuites (if other requisites are
2246  * enabled as well):
2247  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
2248  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
2249  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
2250  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
2251  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
2252  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
2253  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
2254  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
2255  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
2256  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
2257  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
2258  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
2259  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
2260  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2261  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2262  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
2263  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2264  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2265  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
2266  *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2267  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2268  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
2269  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
2270  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2271  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2272  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
2273  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2274  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2275  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
2276  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
2277  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
2278  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
2279  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
2280  *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
2281  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
2282  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
2283  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
2284  *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
2285  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
2286  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
2287  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
2288  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
2289  */
2290 //#define MBEDTLS_CAMELLIA_C
2291 
2292 /**
2293  * \def MBEDTLS_ARIA_C
2294  *
2295  * Enable the ARIA block cipher.
2296  *
2297  * Module:  library/aria.c
2298  * Caller:  library/cipher.c
2299  *
2300  * This module enables the following ciphersuites (if other requisites are
2301  * enabled as well):
2302  *
2303  *      MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
2304  *      MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
2305  *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
2306  *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
2307  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
2308  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
2309  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
2310  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
2311  *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
2312  *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
2313  *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
2314  *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
2315  *      MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
2316  *      MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
2317  *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
2318  *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
2319  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
2320  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
2321  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
2322  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
2323  *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
2324  *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
2325  *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
2326  *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
2327  *      MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
2328  *      MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
2329  *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
2330  *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
2331  *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
2332  *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
2333  *      MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
2334  *      MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
2335  *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
2336  *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
2337  *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
2338  *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
2339  *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
2340  *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
2341  */
2342 //#define MBEDTLS_ARIA_C
2343 
2344 /**
2345  * \def MBEDTLS_CCM_C
2346  *
2347  * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
2348  *
2349  * Module:  library/ccm.c
2350  *
2351  * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
2352  *
2353  * This module enables the AES-CCM ciphersuites, if other requisites are
2354  * enabled as well.
2355  */
2356 #define MBEDTLS_CCM_C
2357 
2358 /**
2359  * \def MBEDTLS_CERTS_C
2360  *
2361  * Enable the test certificates.
2362  *
2363  * Module:  library/certs.c
2364  * Caller:
2365  *
2366  * This module is used for testing (ssl_client/server).
2367  */
2368 #define MBEDTLS_CERTS_C
2369 
2370 /**
2371  * \def MBEDTLS_CHACHA20_C
2372  *
2373  * Enable the ChaCha20 stream cipher.
2374  *
2375  * Module:  library/chacha20.c
2376  */
2377 //#define MBEDTLS_CHACHA20_C
2378 
2379 /**
2380  * \def MBEDTLS_CHACHAPOLY_C
2381  *
2382  * Enable the ChaCha20-Poly1305 AEAD algorithm.
2383  *
2384  * Module:  library/chachapoly.c
2385  *
2386  * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
2387  */
2388 //#define MBEDTLS_CHACHAPOLY_C
2389 
2390 /**
2391  * \def MBEDTLS_CIPHER_C
2392  *
2393  * Enable the generic cipher layer.
2394  *
2395  * Module:  library/cipher.c
2396  * Caller:  library/ssl_tls.c
2397  *
2398  * Uncomment to enable generic cipher wrappers.
2399  */
2400 #define MBEDTLS_CIPHER_C
2401 
2402 /**
2403  * \def MBEDTLS_CMAC_C
2404  *
2405  * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
2406  * ciphers.
2407  *
2408  * Module:  library/cmac.c
2409  *
2410  * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
2411  *
2412  */
2413 #define MBEDTLS_CMAC_C
2414 
2415 /**
2416  * \def MBEDTLS_CTR_DRBG_C
2417  *
2418  * Enable the CTR_DRBG AES-based random generator.
2419  * The CTR_DRBG generator uses AES-256 by default.
2420  * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
2421  *
2422  * \note To achieve a 256-bit security strength with CTR_DRBG,
2423  *       you must use AES-256 *and* use sufficient entropy.
2424  *       See ctr_drbg.h for more details.
2425  *
2426  * Module:  library/ctr_drbg.c
2427  * Caller:
2428  *
2429  * Requires: MBEDTLS_AES_C
2430  *
2431  * This module provides the CTR_DRBG AES random number generator.
2432  */
2433 #define MBEDTLS_CTR_DRBG_C
2434 
2435 /**
2436  * \def MBEDTLS_DEBUG_C
2437  *
2438  * Enable the debug functions.
2439  *
2440  * Module:  library/debug.c
2441  * Caller:  library/ssl_cli.c
2442  *          library/ssl_srv.c
2443  *          library/ssl_tls.c
2444  *
2445  * This module provides debugging functions.
2446  */
2447 //#define MBEDTLS_DEBUG_C
2448 
2449 /**
2450  * \def MBEDTLS_DES_C
2451  *
2452  * Enable the DES block cipher.
2453  *
2454  * Module:  library/des.c
2455  * Caller:  library/pem.c
2456  *          library/cipher.c
2457  *
2458  * This module enables the following ciphersuites (if other requisites are
2459  * enabled as well):
2460  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
2461  *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
2462  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
2463  *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
2464  *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
2465  *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
2466  *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
2467  *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
2468  *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
2469  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
2470  *
2471  * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
2472  *
2473  * \warning   DES is considered a weak cipher and its use constitutes a
2474  *            security risk. We recommend considering stronger ciphers instead.
2475  */
2476 #define MBEDTLS_DES_C
2477 
2478 /**
2479  * \def MBEDTLS_DHM_C
2480  *
2481  * Enable the Diffie-Hellman-Merkle module.
2482  *
2483  * Module:  library/dhm.c
2484  * Caller:  library/ssl_cli.c
2485  *          library/ssl_srv.c
2486  *
2487  * This module is used by the following key exchanges:
2488  *      DHE-RSA, DHE-PSK
2489  *
2490  * \warning    Using DHE constitutes a security risk as it
2491  *             is not possible to validate custom DH parameters.
2492  *             If possible, it is recommended users should consider
2493  *             preferring other methods of key exchange.
2494  *             See dhm.h for more details.
2495  *
2496  */
2497 #define MBEDTLS_DHM_C
2498 
2499 /**
2500  * \def MBEDTLS_ECDH_C
2501  *
2502  * Enable the elliptic curve Diffie-Hellman library.
2503  *
2504  * Module:  library/ecdh.c
2505  * Caller:  library/ssl_cli.c
2506  *          library/ssl_srv.c
2507  *
2508  * This module is used by the following key exchanges:
2509  *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
2510  *
2511  * Requires: MBEDTLS_ECP_C
2512  */
2513 #define MBEDTLS_ECDH_C
2514 
2515 /**
2516  * \def MBEDTLS_ECDSA_C
2517  *
2518  * Enable the elliptic curve DSA library.
2519  *
2520  * Module:  library/ecdsa.c
2521  * Caller:
2522  *
2523  * This module is used by the following key exchanges:
2524  *      ECDHE-ECDSA
2525  *
2526  * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
2527  *           and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
2528  *           short Weierstrass curve.
2529  */
2530 #define MBEDTLS_ECDSA_C
2531 
2532 /**
2533  * \def MBEDTLS_ECJPAKE_C
2534  *
2535  * Enable the elliptic curve J-PAKE library.
2536  *
2537  * \warning This is currently experimental. EC J-PAKE support is based on the
2538  * Thread v1.0.0 specification; incompatible changes to the specification
2539  * might still happen. For this reason, this is disabled by default.
2540  *
2541  * Module:  library/ecjpake.c
2542  * Caller:
2543  *
2544  * This module is used by the following key exchanges:
2545  *      ECJPAKE
2546  *
2547  * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
2548  */
2549 //#define MBEDTLS_ECJPAKE_C
2550 
2551 /**
2552  * \def MBEDTLS_ECP_C
2553  *
2554  * Enable the elliptic curve over GF(p) library.
2555  *
2556  * Module:  library/ecp.c
2557  * Caller:  library/ecdh.c
2558  *          library/ecdsa.c
2559  *          library/ecjpake.c
2560  *
2561  * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
2562  */
2563 #define MBEDTLS_ECP_C
2564 
2565 /**
2566  * \def MBEDTLS_ENTROPY_C
2567  *
2568  * Enable the platform-specific entropy code.
2569  *
2570  * Module:  library/entropy.c
2571  * Caller:
2572  *
2573  * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
2574  *
2575  * This module provides a generic entropy pool
2576  */
2577 #define MBEDTLS_ENTROPY_C
2578 
2579 /**
2580  * \def MBEDTLS_ERROR_C
2581  *
2582  * Enable error code to error string conversion.
2583  *
2584  * Module:  library/error.c
2585  * Caller:
2586  *
2587  * This module enables mbedtls_strerror().
2588  */
2589 #define MBEDTLS_ERROR_C
2590 
2591 /**
2592  * \def MBEDTLS_GCM_C
2593  *
2594  * Enable the Galois/Counter Mode (GCM).
2595  *
2596  * Module:  library/gcm.c
2597  *
2598  * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
2599  *
2600  * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
2601  * requisites are enabled as well.
2602  */
2603 #define MBEDTLS_GCM_C
2604 
2605 /**
2606  * \def MBEDTLS_HAVEGE_C
2607  *
2608  * Enable the HAVEGE random generator.
2609  *
2610  * Warning: the HAVEGE random generator is not suitable for virtualized
2611  *          environments
2612  *
2613  * Warning: the HAVEGE random generator is dependent on timing and specific
2614  *          processor traits. It is therefore not advised to use HAVEGE as
2615  *          your applications primary random generator or primary entropy pool
2616  *          input. As a secondary input to your entropy pool, it IS able add
2617  *          the (limited) extra entropy it provides.
2618  *
2619  * Module:  library/havege.c
2620  * Caller:
2621  *
2622  * Requires: MBEDTLS_TIMING_C
2623  *
2624  * Uncomment to enable the HAVEGE random generator.
2625  */
2626 //#define MBEDTLS_HAVEGE_C
2627 
2628 /**
2629  * \def MBEDTLS_HKDF_C
2630  *
2631  * Enable the HKDF algorithm (RFC 5869).
2632  *
2633  * Module:  library/hkdf.c
2634  * Caller:
2635  *
2636  * Requires: MBEDTLS_MD_C
2637  *
2638  * This module adds support for the Hashed Message Authentication Code
2639  * (HMAC)-based key derivation function (HKDF).
2640  */
2641 #define MBEDTLS_HKDF_C
2642 
2643 /**
2644  * \def MBEDTLS_HMAC_DRBG_C
2645  *
2646  * Enable the HMAC_DRBG random generator.
2647  *
2648  * Module:  library/hmac_drbg.c
2649  * Caller:
2650  *
2651  * Requires: MBEDTLS_MD_C
2652  *
2653  * Uncomment to enable the HMAC_DRBG random number geerator.
2654  */
2655 #define MBEDTLS_HMAC_DRBG_C
2656 
2657 #ifndef CONFIG_BUILD_WITH_TFM
2658 /**
2659  * \def MBEDTLS_NIST_KW_C
2660  *
2661  * Enable the Key Wrapping mode for 128-bit block ciphers,
2662  * as defined in NIST SP 800-38F. Only KW and KWP modes
2663  * are supported. At the moment, only AES is approved by NIST.
2664  *
2665  * Module:  library/nist_kw.c
2666  *
2667  * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
2668  */
2669 #define MBEDTLS_NIST_KW_C
2670 #endif
2671 
2672 /**
2673  * \def MBEDTLS_MD_C
2674  *
2675  * Enable the generic message digest layer.
2676  *
2677  * Module:  library/md.c
2678  * Caller:
2679  *
2680  * Uncomment to enable generic message digest wrappers.
2681  */
2682 #define MBEDTLS_MD_C
2683 
2684 /**
2685  * \def MBEDTLS_MD2_C
2686  *
2687  * Enable the MD2 hash algorithm.
2688  *
2689  * Module:  library/md2.c
2690  * Caller:
2691  *
2692  * Uncomment to enable support for (rare) MD2-signed X.509 certs.
2693  *
2694  * \warning   MD2 is considered a weak message digest and its use constitutes a
2695  *            security risk. If possible, we recommend avoiding dependencies on
2696  *            it, and considering stronger message digests instead.
2697  *
2698  */
2699 //#define MBEDTLS_MD2_C
2700 
2701 /**
2702  * \def MBEDTLS_MD5_C
2703  *
2704  * Enable the MD5 hash algorithm.
2705  *
2706  * Module:  library/md5.c
2707  * Caller:  library/md.c
2708  *          library/pem.c
2709  *          library/ssl_tls.c
2710  *
2711  * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
2712  * depending on the handshake parameters. Further, it is used for checking
2713  * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
2714  * encrypted keys.
2715  *
2716  * \warning   MD5 is considered a weak message digest and its use constitutes a
2717  *            security risk. If possible, we recommend avoiding dependencies on
2718  *            it, and considering stronger message digests instead.
2719  *
2720  */
2721 #define MBEDTLS_MD5_C
2722 
2723 /**
2724  * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
2725  *
2726  * Enable the buffer allocator implementation that makes use of a (stack)
2727  * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
2728  * calls)
2729  *
2730  * Module:  library/memory_buffer_alloc.c
2731  *
2732  * Requires: MBEDTLS_PLATFORM_C
2733  *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
2734  *
2735  * Enable this module to enable the buffer memory allocator.
2736  */
2737 //#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
2738 
2739 /**
2740  * \def MBEDTLS_NET_C
2741  *
2742  * Enable the TCP and UDP over IPv6/IPv4 networking routines.
2743  *
2744  * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
2745  * and Windows. For other platforms, you'll want to disable it, and write your
2746  * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
2747  *
2748  * \note See also our Knowledge Base article about porting to a new
2749  * environment:
2750  * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
2751  *
2752  * Module:  library/net_sockets.c
2753  *
2754  * This module provides networking routines.
2755  */
2756 //#define MBEDTLS_NET_C
2757 
2758 /**
2759  * \def MBEDTLS_OID_C
2760  *
2761  * Enable the OID database.
2762  *
2763  * Module:  library/oid.c
2764  * Caller:  library/asn1write.c
2765  *          library/pkcs5.c
2766  *          library/pkparse.c
2767  *          library/pkwrite.c
2768  *          library/rsa.c
2769  *          library/x509.c
2770  *          library/x509_create.c
2771  *          library/x509_crl.c
2772  *          library/x509_crt.c
2773  *          library/x509_csr.c
2774  *          library/x509write_crt.c
2775  *          library/x509write_csr.c
2776  *
2777  * This modules translates between OIDs and internal values.
2778  */
2779 #define MBEDTLS_OID_C
2780 
2781 /**
2782  * \def MBEDTLS_PADLOCK_C
2783  *
2784  * Enable VIA Padlock support on x86.
2785  *
2786  * Module:  library/padlock.c
2787  * Caller:  library/aes.c
2788  *
2789  * Requires: MBEDTLS_HAVE_ASM
2790  *
2791  * This modules adds support for the VIA PadLock on x86.
2792  */
2793 #define MBEDTLS_PADLOCK_C
2794 
2795 /**
2796  * \def MBEDTLS_PEM_PARSE_C
2797  *
2798  * Enable PEM decoding / parsing.
2799  *
2800  * Module:  library/pem.c
2801  * Caller:  library/dhm.c
2802  *          library/pkparse.c
2803  *          library/x509_crl.c
2804  *          library/x509_crt.c
2805  *          library/x509_csr.c
2806  *
2807  * Requires: MBEDTLS_BASE64_C
2808  *
2809  * This modules adds support for decoding / parsing PEM files.
2810  */
2811 #define MBEDTLS_PEM_PARSE_C
2812 
2813 /**
2814  * \def MBEDTLS_PEM_WRITE_C
2815  *
2816  * Enable PEM encoding / writing.
2817  *
2818  * Module:  library/pem.c
2819  * Caller:  library/pkwrite.c
2820  *          library/x509write_crt.c
2821  *          library/x509write_csr.c
2822  *
2823  * Requires: MBEDTLS_BASE64_C
2824  *
2825  * This modules adds support for encoding / writing PEM files.
2826  */
2827 #define MBEDTLS_PEM_WRITE_C
2828 
2829 /**
2830  * \def MBEDTLS_PK_C
2831  *
2832  * Enable the generic public (asymetric) key layer.
2833  *
2834  * Module:  library/pk.c
2835  * Caller:  library/ssl_tls.c
2836  *          library/ssl_cli.c
2837  *          library/ssl_srv.c
2838  *
2839  * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
2840  *
2841  * Uncomment to enable generic public key wrappers.
2842  */
2843 #define MBEDTLS_PK_C
2844 
2845 /**
2846  * \def MBEDTLS_PK_PARSE_C
2847  *
2848  * Enable the generic public (asymetric) key parser.
2849  *
2850  * Module:  library/pkparse.c
2851  * Caller:  library/x509_crt.c
2852  *          library/x509_csr.c
2853  *
2854  * Requires: MBEDTLS_PK_C
2855  *
2856  * Uncomment to enable generic public key parse functions.
2857  */
2858 #define MBEDTLS_PK_PARSE_C
2859 
2860 /**
2861  * \def MBEDTLS_PK_WRITE_C
2862  *
2863  * Enable the generic public (asymetric) key writer.
2864  *
2865  * Module:  library/pkwrite.c
2866  * Caller:  library/x509write.c
2867  *
2868  * Requires: MBEDTLS_PK_C
2869  *
2870  * Uncomment to enable generic public key write functions.
2871  */
2872 #define MBEDTLS_PK_WRITE_C
2873 
2874 /**
2875  * \def MBEDTLS_PKCS5_C
2876  *
2877  * Enable PKCS#5 functions.
2878  *
2879  * Module:  library/pkcs5.c
2880  *
2881  * Requires: MBEDTLS_MD_C
2882  *
2883  * This module adds support for the PKCS#5 functions.
2884  */
2885 #define MBEDTLS_PKCS5_C
2886 
2887 /**
2888  * \def MBEDTLS_PKCS11_C
2889  *
2890  * Enable wrapper for PKCS#11 smartcard support via the pkcs11-helper library.
2891  *
2892  * \deprecated This option is deprecated and will be removed in a future
2893  *             version of Mbed TLS.
2894  *
2895  * Module:  library/pkcs11.c
2896  * Caller:  library/pk.c
2897  *
2898  * Requires: MBEDTLS_PK_C
2899  *
2900  * This module enables SSL/TLS PKCS #11 smartcard support.
2901  * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
2902  */
2903 //#define MBEDTLS_PKCS11_C
2904 
2905 /**
2906  * \def MBEDTLS_PKCS12_C
2907  *
2908  * Enable PKCS#12 PBE functions.
2909  * Adds algorithms for parsing PKCS#8 encrypted private keys
2910  *
2911  * Module:  library/pkcs12.c
2912  * Caller:  library/pkparse.c
2913  *
2914  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
2915  * Can use:  MBEDTLS_ARC4_C
2916  *
2917  * This module enables PKCS#12 functions.
2918  */
2919 #define MBEDTLS_PKCS12_C
2920 
2921 /**
2922  * \def MBEDTLS_PLATFORM_C
2923  *
2924  * Enable the platform abstraction layer that allows you to re-assign
2925  * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
2926  *
2927  * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
2928  * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
2929  * above to be specified at runtime or compile time respectively.
2930  *
2931  * \note This abstraction layer must be enabled on Windows (including MSYS2)
2932  * as other module rely on it for a fixed snprintf implementation.
2933  *
2934  * Module:  library/platform.c
2935  * Caller:  Most other .c files
2936  *
2937  * This module enables abstraction of common (libc) functions.
2938  */
2939 #define MBEDTLS_PLATFORM_C
2940 
2941 /**
2942  * \def MBEDTLS_POLY1305_C
2943  *
2944  * Enable the Poly1305 MAC algorithm.
2945  *
2946  * Module:  library/poly1305.c
2947  * Caller:  library/chachapoly.c
2948  */
2949 #define MBEDTLS_POLY1305_C
2950 
2951 /**
2952  * \def MBEDTLS_PSA_CRYPTO_C
2953  *
2954  * Enable the Platform Security Architecture cryptography API.
2955  *
2956  * \warning The PSA Crypto API is still beta status. While you're welcome to
2957  * experiment using it, incompatible API changes are still possible, and some
2958  * parts may not have reached the same quality as the rest of Mbed TLS yet.
2959  *
2960  * Module:  library/psa_crypto.c
2961  *
2962  * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
2963  *
2964  */
2965 #define MBEDTLS_PSA_CRYPTO_C
2966 
2967 /**
2968  * \def MBEDTLS_PSA_CRYPTO_SE_C
2969  *
2970  * Enable secure element support in the Platform Security Architecture
2971  * cryptography API.
2972  *
2973  * \warning This feature is not yet suitable for production. It is provided
2974  *          for API evaluation and testing purposes only.
2975  *
2976  * Module:  library/psa_crypto_se.c
2977  *
2978  * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
2979  *
2980  */
2981 //#define MBEDTLS_PSA_CRYPTO_SE_C
2982 
2983 /**
2984  * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
2985  *
2986  * Enable the Platform Security Architecture persistent key storage.
2987  *
2988  * Module:  library/psa_crypto_storage.c
2989  *
2990  * Requires: MBEDTLS_PSA_CRYPTO_C,
2991  *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
2992  *           the PSA ITS interface
2993  */
2994 //#define MBEDTLS_PSA_CRYPTO_STORAGE_C
2995 
2996 /**
2997  * \def MBEDTLS_PSA_ITS_FILE_C
2998  *
2999  * Enable the emulation of the Platform Security Architecture
3000  * Internal Trusted Storage (PSA ITS) over files.
3001  *
3002  * Module:  library/psa_its_file.c
3003  *
3004  * Requires: MBEDTLS_FS_IO
3005  */
3006 //#define MBEDTLS_PSA_ITS_FILE_C
3007 
3008 /**
3009  * \def MBEDTLS_RIPEMD160_C
3010  *
3011  * Enable the RIPEMD-160 hash algorithm.
3012  *
3013  * Module:  library/ripemd160.c
3014  * Caller:  library/md.c
3015  *
3016  */
3017 //#define MBEDTLS_RIPEMD160_C
3018 
3019 /**
3020  * \def MBEDTLS_RSA_C
3021  *
3022  * Enable the RSA public-key cryptosystem.
3023  *
3024  * Module:  library/rsa.c
3025  *          library/rsa_internal.c
3026  * Caller:  library/ssl_cli.c
3027  *          library/ssl_srv.c
3028  *          library/ssl_tls.c
3029  *          library/x509.c
3030  *
3031  * This module is used by the following key exchanges:
3032  *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
3033  *
3034  * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
3035  */
3036 #define MBEDTLS_RSA_C
3037 
3038 /**
3039  * \def MBEDTLS_SHA1_C
3040  *
3041  * Enable the SHA1 cryptographic hash algorithm.
3042  *
3043  * Module:  library/sha1.c
3044  * Caller:  library/md.c
3045  *          library/ssl_cli.c
3046  *          library/ssl_srv.c
3047  *          library/ssl_tls.c
3048  *          library/x509write_crt.c
3049  *
3050  * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
3051  * depending on the handshake parameters, and for SHA1-signed certificates.
3052  *
3053  * \warning   SHA-1 is considered a weak message digest and its use constitutes
3054  *            a security risk. If possible, we recommend avoiding dependencies
3055  *            on it, and considering stronger message digests instead.
3056  *
3057  */
3058 #define MBEDTLS_SHA1_C
3059 
3060 /**
3061  * \def MBEDTLS_SHA224_C
3062  *
3063  * Enable the SHA-224 cryptographic hash algorithm.
3064  *
3065  * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
3066  *           SHA-224 without SHA-256.
3067  *
3068  * Module:  library/sha256.c
3069  * Caller:  library/md.c
3070  *          library/ssl_cookie.c
3071  *
3072  * This module adds support for SHA-224.
3073  */
3074 #define MBEDTLS_SHA224_C
3075 
3076 /**
3077  * \def MBEDTLS_SHA256_C
3078  *
3079  * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
3080  *
3081  * Module:  library/sha256.c
3082  * Caller:  library/entropy.c
3083  *          library/md.c
3084  *          library/ssl_cli.c
3085  *          library/ssl_srv.c
3086  *          library/ssl_tls.c
3087  *
3088  * This module adds support for SHA-224 and SHA-256.
3089  * This module is required for the SSL/TLS 1.2 PRF function.
3090  */
3091 #define MBEDTLS_SHA256_C
3092 
3093 /**
3094  * \def MBEDTLS_SHA384_C
3095  *
3096  * Enable the SHA-384 cryptographic hash algorithm.
3097  *
3098  * Requires: MBEDTLS_SHA512_C
3099  *
3100  * Module:  library/sha512.c
3101  * Caller:  library/md.c
3102  *          library/psa_crypto_hash.c
3103  *          library/ssl_tls.c
3104  *          library/ssl*_client.c
3105  *          library/ssl*_server.c
3106  *
3107  * Comment to disable SHA-384
3108  */
3109 #define MBEDTLS_SHA384_C
3110 
3111 /**
3112  * \def MBEDTLS_SHA512_C
3113  *
3114  * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
3115  *
3116  * Module:  library/sha512.c
3117  * Caller:  library/entropy.c
3118  *          library/md.c
3119  *          library/ssl_cli.c
3120  *          library/ssl_srv.c
3121  *
3122  * This module adds support for SHA-384 and SHA-512.
3123  */
3124 #define MBEDTLS_SHA512_C
3125 
3126 /**
3127  * \def MBEDTLS_SSL_CACHE_C
3128  *
3129  * Enable simple SSL cache implementation.
3130  *
3131  * Module:  library/ssl_cache.c
3132  * Caller:
3133  *
3134  * Requires: MBEDTLS_SSL_CACHE_C
3135  */
3136 #define MBEDTLS_SSL_CACHE_C
3137 
3138 /**
3139  * \def MBEDTLS_SSL_COOKIE_C
3140  *
3141  * Enable basic implementation of DTLS cookies for hello verification.
3142  *
3143  * Module:  library/ssl_cookie.c
3144  * Caller:
3145  */
3146 #define MBEDTLS_SSL_COOKIE_C
3147 
3148 /**
3149  * \def MBEDTLS_SSL_TICKET_C
3150  *
3151  * Enable an implementation of TLS server-side callbacks for session tickets.
3152  *
3153  * Module:  library/ssl_ticket.c
3154  * Caller:
3155  *
3156  * Requires: MBEDTLS_CIPHER_C
3157  */
3158 #define MBEDTLS_SSL_TICKET_C
3159 
3160 /**
3161  * \def MBEDTLS_SSL_CLI_C
3162  *
3163  * Enable the SSL/TLS client code.
3164  *
3165  * Module:  library/ssl_cli.c
3166  * Caller:
3167  *
3168  * Requires: MBEDTLS_SSL_TLS_C
3169  *
3170  * This module is required for SSL/TLS client support.
3171  */
3172 #define MBEDTLS_SSL_CLI_C
3173 
3174 /**
3175  * \def MBEDTLS_SSL_SRV_C
3176  *
3177  * Enable the SSL/TLS server code.
3178  *
3179  * Module:  library/ssl_srv.c
3180  * Caller:
3181  *
3182  * Requires: MBEDTLS_SSL_TLS_C
3183  *
3184  * This module is required for SSL/TLS server support.
3185  */
3186 #define MBEDTLS_SSL_SRV_C
3187 
3188 /**
3189  * \def MBEDTLS_SSL_TLS_C
3190  *
3191  * Enable the generic SSL/TLS code.
3192  *
3193  * Module:  library/ssl_tls.c
3194  * Caller:  library/ssl_cli.c
3195  *          library/ssl_srv.c
3196  *
3197  * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
3198  *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
3199  *
3200  * This module is required for SSL/TLS.
3201  */
3202 #define MBEDTLS_SSL_TLS_C
3203 
3204 /**
3205  * \def MBEDTLS_TIMING_C
3206  *
3207  * Enable the semi-portable timing interface.
3208  *
3209  * \note The provided implementation only works on POSIX/Unix (including Linux,
3210  * BSD and OS X) and Windows. On other platforms, you can either disable that
3211  * module and provide your own implementations of the callbacks needed by
3212  * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
3213  * your own implementation of the whole module by setting
3214  * \c MBEDTLS_TIMING_ALT in the current file.
3215  *
3216  * \note See also our Knowledge Base article about porting to a new
3217  * environment:
3218  * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
3219  *
3220  * Module:  library/timing.c
3221  * Caller:  library/havege.c
3222  *
3223  * This module is used by the HAVEGE random number generator.
3224  */
3225 //#define MBEDTLS_TIMING_C
3226 
3227 /**
3228  * \def MBEDTLS_VERSION_C
3229  *
3230  * Enable run-time version information.
3231  *
3232  * Module:  library/version.c
3233  *
3234  * This module provides run-time version information.
3235  */
3236 #define MBEDTLS_VERSION_C
3237 
3238 /**
3239  * \def MBEDTLS_X509_USE_C
3240  *
3241  * Enable X.509 core for using certificates.
3242  *
3243  * Module:  library/x509.c
3244  * Caller:  library/x509_crl.c
3245  *          library/x509_crt.c
3246  *          library/x509_csr.c
3247  *
3248  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
3249  *           MBEDTLS_PK_PARSE_C
3250  *
3251  * This module is required for the X.509 parsing modules.
3252  */
3253 #define MBEDTLS_X509_USE_C
3254 
3255 /**
3256  * \def MBEDTLS_X509_CRT_PARSE_C
3257  *
3258  * Enable X.509 certificate parsing.
3259  *
3260  * Module:  library/x509_crt.c
3261  * Caller:  library/ssl_cli.c
3262  *          library/ssl_srv.c
3263  *          library/ssl_tls.c
3264  *
3265  * Requires: MBEDTLS_X509_USE_C
3266  *
3267  * This module is required for X.509 certificate parsing.
3268  */
3269 #define MBEDTLS_X509_CRT_PARSE_C
3270 
3271 /**
3272  * \def MBEDTLS_X509_CRL_PARSE_C
3273  *
3274  * Enable X.509 CRL parsing.
3275  *
3276  * Module:  library/x509_crl.c
3277  * Caller:  library/x509_crt.c
3278  *
3279  * Requires: MBEDTLS_X509_USE_C
3280  *
3281  * This module is required for X.509 CRL parsing.
3282  */
3283 #define MBEDTLS_X509_CRL_PARSE_C
3284 
3285 /**
3286  * \def MBEDTLS_X509_CSR_PARSE_C
3287  *
3288  * Enable X.509 Certificate Signing Request (CSR) parsing.
3289  *
3290  * Module:  library/x509_csr.c
3291  * Caller:  library/x509_crt_write.c
3292  *
3293  * Requires: MBEDTLS_X509_USE_C
3294  *
3295  * This module is used for reading X.509 certificate request.
3296  */
3297 #define MBEDTLS_X509_CSR_PARSE_C
3298 
3299 /**
3300  * \def MBEDTLS_X509_CREATE_C
3301  *
3302  * Enable X.509 core for creating certificates.
3303  *
3304  * Module:  library/x509_create.c
3305  *
3306  * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
3307  *
3308  * This module is the basis for creating X.509 certificates and CSRs.
3309  */
3310 #define MBEDTLS_X509_CREATE_C
3311 
3312 /**
3313  * \def MBEDTLS_X509_CRT_WRITE_C
3314  *
3315  * Enable creating X.509 certificates.
3316  *
3317  * Module:  library/x509_crt_write.c
3318  *
3319  * Requires: MBEDTLS_X509_CREATE_C
3320  *
3321  * This module is required for X.509 certificate creation.
3322  */
3323 #define MBEDTLS_X509_CRT_WRITE_C
3324 
3325 /**
3326  * \def MBEDTLS_X509_CSR_WRITE_C
3327  *
3328  * Enable creating X.509 Certificate Signing Requests (CSR).
3329  *
3330  * Module:  library/x509_csr_write.c
3331  *
3332  * Requires: MBEDTLS_X509_CREATE_C
3333  *
3334  * This module is required for X.509 certificate request writing.
3335  */
3336 #define MBEDTLS_X509_CSR_WRITE_C
3337 
3338 /**
3339  * \def MBEDTLS_XTEA_C
3340  *
3341  * Enable the XTEA block cipher.
3342  *
3343  * Module:  library/xtea.c
3344  * Caller:
3345  */
3346 //#define MBEDTLS_XTEA_C
3347 
3348 /* \} name SECTION: mbed TLS modules */
3349 
3350 /**
3351  * \name SECTION: Module configuration options
3352  *
3353  * This section allows for the setting of module specific sizes and
3354  * configuration options. The default values are already present in the
3355  * relevant header files and should suffice for the regular use cases.
3356  *
3357  * Our advice is to enable options and change their values here
3358  * only if you have a good reason and know the consequences.
3359  *
3360  * Please check the respective header file for documentation on these
3361  * parameters (to prevent duplicate documentation).
3362  * \{
3363  */
3364 
3365 /* MPI / BIGNUM options */
3366 //#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
3367 //#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
3368 
3369 /* CTR_DRBG options */
3370 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
3371 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
3372 //#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
3373 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
3374 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
3375 
3376 /* HMAC_DRBG options */
3377 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
3378 //#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
3379 //#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
3380 //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
3381 
3382 /* ECP options */
3383 //#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
3384 //#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
3385 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
3386 
3387 /* Entropy options */
3388 //#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
3389 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
3390 //#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
3391 
3392 /* Memory buffer allocator options */
3393 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
3394 
3395 /* Platform options */
3396 //#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
3397 //#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
3398 //#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
3399 //#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
3400 //#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3401 //#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
3402 //#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
3403 /* Note: your snprintf must correctly zero-terminate the buffer! */
3404 //#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
3405 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
3406 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
3407 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3408 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3409 //#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
3410 
3411 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
3412 /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
3413 //#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
3414 //#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
3415 //#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
3416 //#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3417 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3418 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
3419 #define MBEDTLS_PLATFORM_PRINTF_MACRO        printk /**< Default printf macro to use, can be undefined */
3420 /* Note: your snprintf must correctly zero-terminate the buffer! */
3421 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
3422 //#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO    vsnprintf /**< Default vsnprintf macro to use, can be undefined */
3423 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3424 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3425 
3426 /**
3427  * \brief       This macro is invoked by the library when an invalid parameter
3428  *              is detected that is only checked with #MBEDTLS_CHECK_PARAMS
3429  *              (see the documentation of that option for context).
3430  *
3431  *              When you leave this undefined here, the library provides
3432  *              a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
3433  *              is defined, the default definition is `assert(cond)`,
3434  *              otherwise the default definition calls a function
3435  *              mbedtls_param_failed(). This function is declared in
3436  *              `platform_util.h` for the benefit of the library, but
3437  *              you need to define in your application.
3438  *
3439  *              When you define this here, this replaces the default
3440  *              definition in platform_util.h (which no longer declares the
3441  *              function mbedtls_param_failed()) and it is your responsibility
3442  *              to make sure this macro expands to something suitable (in
3443  *              particular, that all the necessary declarations are visible
3444  *              from within the library - you can ensure that by providing
3445  *              them in this file next to the macro definition).
3446  *              If you define this macro to call `assert`, also define
3447  *              #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
3448  *              include `<assert.h>`.
3449  *
3450  *              Note that you may define this macro to expand to nothing, in
3451  *              which case you don't have to worry about declarations or
3452  *              definitions. However, you will then be notified about invalid
3453  *              parameters only in non-void functions, and void function will
3454  *              just silently return early on invalid parameters, which
3455  *              partially negates the benefits of enabling
3456  *              #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
3457  *
3458  * \param cond  The expression that should evaluate to true, but doesn't.
3459  */
3460 //#define MBEDTLS_PARAM_FAILED( cond )               assert( cond )
3461 
3462 /* SSL Cache options */
3463 //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
3464 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
3465 
3466 /* SSL options */
3467 
3468 /** \def MBEDTLS_SSL_MAX_CONTENT_LEN
3469  *
3470  * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
3471  *
3472  * This determines the size of both the incoming and outgoing TLS I/O buffers
3473  * in such a way that both are capable of holding the specified amount of
3474  * plaintext data, regardless of the protection mechanism used.
3475  *
3476  * To configure incoming and outgoing I/O buffers separately, use
3477  * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
3478  * which overwrite the value set by this option.
3479  *
3480  * \note When using a value less than the default of 16KB on the client, it is
3481  *       recommended to use the Maximum Fragment Length (MFL) extension to
3482  *       inform the server about this limitation. On the server, there
3483  *       is no supported, standardized way of informing the client about
3484  *       restriction on the maximum size of incoming messages, and unless
3485  *       the limitation has been communicated by other means, it is recommended
3486  *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
3487  *       while keeping the default value of 16KB for the incoming buffer.
3488  *
3489  * Uncomment to set the maximum plaintext size of both
3490  * incoming and outgoing I/O buffers.
3491  */
3492 #define MBEDTLS_SSL_MAX_CONTENT_LEN             (1024 * 8)
3493 
3494 /** \def MBEDTLS_SSL_IN_CONTENT_LEN
3495  *
3496  * Maximum length (in bytes) of incoming plaintext fragments.
3497  *
3498  * This determines the size of the incoming TLS I/O buffer in such a way
3499  * that it is capable of holding the specified amount of plaintext data,
3500  * regardless of the protection mechanism used.
3501  *
3502  * If this option is undefined, it inherits its value from
3503  * #MBEDTLS_SSL_MAX_CONTENT_LEN.
3504  *
3505  * \note When using a value less than the default of 16KB on the client, it is
3506  *       recommended to use the Maximum Fragment Length (MFL) extension to
3507  *       inform the server about this limitation. On the server, there
3508  *       is no supported, standardized way of informing the client about
3509  *       restriction on the maximum size of incoming messages, and unless
3510  *       the limitation has been communicated by other means, it is recommended
3511  *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
3512  *       while keeping the default value of 16KB for the incoming buffer.
3513  *
3514  * Uncomment to set the maximum plaintext size of the incoming I/O buffer
3515  * independently of the outgoing I/O buffer.
3516  */
3517 //#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
3518 
3519 /** \def MBEDTLS_SSL_CID_IN_LEN_MAX
3520  *
3521  * The maximum length of CIDs used for incoming DTLS messages.
3522  *
3523  */
3524 //#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
3525 
3526 /** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
3527  *
3528  * The maximum length of CIDs used for outgoing DTLS messages.
3529  *
3530  */
3531 //#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
3532 
3533 /** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
3534  *
3535  * This option controls the use of record plaintext padding
3536  * when using the Connection ID extension in DTLS 1.2.
3537  *
3538  * The padding will always be chosen so that the length of the
3539  * padded plaintext is a multiple of the value of this option.
3540  *
3541  * Note: A value of \c 1 means that no padding will be used
3542  *       for outgoing records.
3543  *
3544  * Note: On systems lacking division instructions,
3545  *       a power of two should be preferred.
3546  *
3547  */
3548 //#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
3549 
3550 /** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY
3551  *
3552  * This option controls the use of record plaintext padding
3553  * in TLS 1.3.
3554  *
3555  * The padding will always be chosen so that the length of the
3556  * padded plaintext is a multiple of the value of this option.
3557  *
3558  * Note: A value of \c 1 means that no padding will be used
3559  *       for outgoing records.
3560  *
3561  * Note: On systems lacking division instructions,
3562  *       a power of two should be preferred.
3563  */
3564 //#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
3565 
3566 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
3567  *
3568  * Maximum length (in bytes) of outgoing plaintext fragments.
3569  *
3570  * This determines the size of the outgoing TLS I/O buffer in such a way
3571  * that it is capable of holding the specified amount of plaintext data,
3572  * regardless of the protection mechanism used.
3573  *
3574  * If this option undefined, it inherits its value from
3575  * #MBEDTLS_SSL_MAX_CONTENT_LEN.
3576  *
3577  * It is possible to save RAM by setting a smaller outward buffer, while keeping
3578  * the default inward 16384 byte buffer to conform to the TLS specification.
3579  *
3580  * The minimum required outward buffer size is determined by the handshake
3581  * protocol's usage. Handshaking will fail if the outward buffer is too small.
3582  * The specific size requirement depends on the configured ciphers and any
3583  * certificate data which is sent during the handshake.
3584  *
3585  * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
3586  * independently of the incoming I/O buffer.
3587  */
3588 //#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
3589 
3590 /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
3591  *
3592  * Maximum number of heap-allocated bytes for the purpose of
3593  * DTLS handshake message reassembly and future message buffering.
3594  *
3595  * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
3596  * to account for a reassembled handshake message of maximum size,
3597  * together with its reassembly bitmap.
3598  *
3599  * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
3600  * should be sufficient for all practical situations as it allows
3601  * to reassembly a large handshake message (such as a certificate)
3602  * while buffering multiple smaller handshake messages.
3603  *
3604  */
3605 //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
3606 
3607 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
3608 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
3609 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
3610 
3611 /**
3612  * Complete list of ciphersuites to use, in order of preference.
3613  *
3614  * \warning No dependency checking is done on that field! This option can only
3615  * be used to restrict the set of available ciphersuites. It is your
3616  * responsibility to make sure the needed modules are active.
3617  *
3618  * Use this to save a few hundred bytes of ROM (default ordering of all
3619  * available ciphersuites) and a few to a few hundred bytes of RAM.
3620  *
3621  * The value below is only an example, not the default.
3622  */
3623 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
3624 
3625 /* X509 options */
3626 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
3627 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
3628 
3629 /**
3630  * Allow SHA-1 in the default TLS configuration for certificate signing.
3631  * Without this build-time option, SHA-1 support must be activated explicitly
3632  * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
3633  * recommended because of it is possible to generate SHA-1 collisions, however
3634  * this may be safe for legacy infrastructure where additional controls apply.
3635  *
3636  * \warning   SHA-1 is considered a weak message digest and its use constitutes
3637  *            a security risk. If possible, we recommend avoiding dependencies
3638  *            on it, and considering stronger message digests instead.
3639  *
3640  */
3641 //#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
3642 
3643 /**
3644  * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
3645  * signature and ciphersuite selection. Without this build-time option, SHA-1
3646  * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
3647  * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
3648  * default. At the time of writing, there is no practical attack on the use
3649  * of SHA-1 in handshake signatures, hence this option is turned on by default
3650  * to preserve compatibility with existing peers, but the general
3651  * warning applies nonetheless:
3652  *
3653  * \warning   SHA-1 is considered a weak message digest and its use constitutes
3654  *            a security risk. If possible, we recommend avoiding dependencies
3655  *            on it, and considering stronger message digests instead.
3656  *
3657  */
3658 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
3659 
3660 /**
3661  * Uncomment the macro to let mbed TLS use your alternate implementation of
3662  * mbedtls_platform_zeroize(). This replaces the default implementation in
3663  * platform_util.c.
3664  *
3665  * mbedtls_platform_zeroize() is a widely used function across the library to
3666  * zero a block of memory. The implementation is expected to be secure in the
3667  * sense that it has been written to prevent the compiler from removing calls
3668  * to mbedtls_platform_zeroize() as part of redundant code elimination
3669  * optimizations. However, it is difficult to guarantee that calls to
3670  * mbedtls_platform_zeroize() will not be optimized by the compiler as older
3671  * versions of the C language standards do not provide a secure implementation
3672  * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
3673  * configure their own implementation of mbedtls_platform_zeroize(), for
3674  * example by using directives specific to their compiler, features from newer
3675  * C standards (e.g using memset_s() in C11) or calling a secure memset() from
3676  * their system (e.g explicit_bzero() in BSD).
3677  */
3678 //#define MBEDTLS_PLATFORM_ZEROIZE_ALT
3679 
3680 /**
3681  * Uncomment the macro to let Mbed TLS use your alternate implementation of
3682  * mbedtls_platform_gmtime_r(). This replaces the default implementation in
3683  * platform_util.c.
3684  *
3685  * gmtime() is not a thread-safe function as defined in the C standard. The
3686  * library will try to use safer implementations of this function, such as
3687  * gmtime_r() when available. However, if Mbed TLS cannot identify the target
3688  * system, the implementation of mbedtls_platform_gmtime_r() will default to
3689  * using the standard gmtime(). In this case, calls from the library to
3690  * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
3691  * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
3692  * library are also guarded with this mutex to avoid race conditions. However,
3693  * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
3694  * unconditionally use the implementation for mbedtls_platform_gmtime_r()
3695  * supplied at compile time.
3696  */
3697 //#define MBEDTLS_PLATFORM_GMTIME_R_ALT
3698 
3699 /**
3700  * Enable the verified implementations of ECDH primitives from Project Everest
3701  * (currently only Curve25519). This feature changes the layout of ECDH
3702  * contexts and therefore is a compatibility break for applications that access
3703  * fields of a mbedtls_ecdh_context structure directly. See also
3704  * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
3705  */
3706 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
3707 
3708 /**
3709  * \def MBEDTLS_CCM_USE_AES_CBC_MAC
3710  *
3711  * Uncomment this macro in case CCM should be used with AES CBC-MAC calling CSS IP.
3712  *
3713  */
3714 #define MBEDTLS_CCM_USE_AES_CBC_MAC
3715 
3716 /**
3717  * \def MBEDTLS_CBC_MAC_USE_CMAC
3718  *
3719  * Uncomment this macro in case AES CBC-MAC should be used with CSS CMAC command.
3720  *
3721  */
3722 //#define MBEDTLS_CBC_MAC_USE_CMAC
3723 
3724 /* Uncomment if you do not want PSA wrapper inside Mbedtls */
3725 //#undef MBEDTLS_USE_PSA_CRYPTO
3726 
3727 /* \} name SECTION: Customisation configuration options */
3728 
3729 /* Target and application specific configurations
3730  *
3731  * Allow user to override any previous default.
3732  *
3733  */
3734 
3735 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
3736 
3737 #ifndef CONFIG_BUILD_WITH_TFM
3738 #define MBEDTLS_CTR_DRBG_ENABLED
3739 #define MBEDTLS_CIPHER_AES_ENABLED
3740 #define MBEDTLS_CIPHER_MODE_CBC_ENABLED
3741 #define MBEDTLS_CIPHER_PADDING_PKCS7
3742 
3743 #define PSA_CRYPTO_DRIVER_ELS_PKC
3744 //#define PSA_CRYPTO_DRIVER_THREAD_ALT
3745 
3746 //#define MBEDTLS_THREADING_C
3747 //#define MBEDTLS_THREADING_ALT
3748 //#define MBEDTLS_MCUX_ENTROPY
3749 #define MBEDTLS_ENTROPY_HARDWARE_ALT
3750 #undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
3751 #endif /* CONFIG_BUILD_WITH_TFM */
3752 
3753 /*
3754  * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
3755  */
3756 //#define PSA_WANT_ALG_CBC_MAC                    1
3757 #define PSA_WANT_ALG_CBC_NO_PADDING             1
3758 #define PSA_WANT_ALG_CBC_PKCS7                  1
3759 #define PSA_WANT_ALG_CCM                        1
3760 #define PSA_WANT_ALG_CMAC                       1
3761 #define PSA_WANT_ALG_CFB                        1
3762 //#define PSA_WANT_ALG_CHACHA20_POLY1305          1
3763 #define PSA_WANT_ALG_CTR                        1
3764 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
3765 #define PSA_WANT_ALG_ECB_NO_PADDING             1
3766 #define PSA_WANT_ALG_ECDH                       1
3767 #define PSA_WANT_ALG_ECDSA                      1
3768 #define PSA_WANT_ALG_GCM                        1
3769 #define PSA_WANT_ALG_HKDF                       1
3770 #define PSA_WANT_ALG_HMAC                       1
3771 #define PSA_WANT_ALG_MD5                        1
3772 #define PSA_WANT_ALG_OFB                        1
3773 #define PSA_WANT_ALG_PBKDF2_HMAC                1
3774 //#define PSA_WANT_ALG_RIPEMD160                  1
3775 #define PSA_WANT_ALG_RSA_OAEP                   1
3776 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT         1
3777 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN          1
3778 #define PSA_WANT_ALG_RSA_PSS                    1
3779 #define PSA_WANT_ALG_SHA_1                      1
3780 #define PSA_WANT_ALG_SHA_224                    1
3781 #define PSA_WANT_ALG_SHA_256                    1
3782 #define PSA_WANT_ALG_SHA_384                    1
3783 #define PSA_WANT_ALG_SHA_512                    1
3784 //#define PSA_WANT_ALG_STREAM_CIPHER              1
3785 #define PSA_WANT_ALG_TLS12_PRF                  1
3786 #define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
3787 //#define PSA_WANT_ALG_XTS                        1
3788 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1
3789 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1
3790 //#define PSA_WANT_ECC_BRAINPOOL_P_R1_512         1
3791 #define PSA_WANT_ECC_MONTGOMERY_255             1
3792 #define PSA_WANT_ECC_MONTGOMERY_448             1
3793 //#define PSA_WANT_ECC_SECP_K1_192                1
3794 /*
3795  * SECP224K1 is buggy via the PSA API in Mbed TLS
3796  * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
3797  * default.
3798  */
3799 //#define PSA_WANT_ECC_SECP_K1_224                1
3800 #define PSA_WANT_ECC_SECP_K1_256                1
3801 #define PSA_WANT_ECC_SECP_R1_192                1
3802 #define PSA_WANT_ECC_SECP_R1_224                1
3803 #define PSA_WANT_ECC_SECP_R1_256                1
3804 #define PSA_WANT_ECC_SECP_R1_384                1
3805 #define PSA_WANT_ECC_SECP_R1_521                1
3806 
3807 #define PSA_WANT_KEY_TYPE_DERIVE                1
3808 #define PSA_WANT_KEY_TYPE_HMAC                  1
3809 #define PSA_WANT_KEY_TYPE_AES                   1
3810 //#define PSA_WANT_KEY_TYPE_ARIA                  1
3811 //#define PSA_WANT_KEY_TYPE_CAMELLIA              1
3812 //#define PSA_WANT_KEY_TYPE_CHACHA20              1
3813 //#define PSA_WANT_KEY_TYPE_DES                   1
3814 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR          1
3815 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY        1
3816 #define PSA_WANT_KEY_TYPE_RAW_DATA              1
3817 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR          1
3818 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY        1
3819 
3820 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC    1
3821 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT   1
3822 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT   1
3823 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
3824 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE   1
3825 
3826 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC    1
3827 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT   1
3828 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT   1
3829 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
3830 
3831 #endif /* MBEDTLS_USER_CONFIG_H */
3832