ReactOS 0.4.16-dev-197-g92996da
config.h
Go to the documentation of this file.
1
10/*
11 * Copyright The Mbed TLS Contributors
12 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
13 *
14 * This file is provided under the Apache License 2.0, or the
15 * GNU General Public License v2.0 or later.
16 *
17 * **********
18 * Apache License 2.0:
19 *
20 * Licensed under the Apache License, Version 2.0 (the "License"); you may
21 * not use this file except in compliance with the License.
22 * You may obtain a copy of the License at
23 *
24 * http://www.apache.org/licenses/LICENSE-2.0
25 *
26 * Unless required by applicable law or agreed to in writing, software
27 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
28 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
29 * See the License for the specific language governing permissions and
30 * limitations under the License.
31 *
32 * **********
33 *
34 * **********
35 * GNU General Public License v2.0 or later:
36 *
37 * This program is free software; you can redistribute it and/or modify
38 * it under the terms of the GNU General Public License as published by
39 * the Free Software Foundation; either version 2 of the License, or
40 * (at your option) any later version.
41 *
42 * This program is distributed in the hope that it will be useful,
43 * but WITHOUT ANY WARRANTY; without even the implied warranty of
44 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
45 * GNU General Public License for more details.
46 *
47 * You should have received a copy of the GNU General Public License along
48 * with this program; if not, write to the Free Software Foundation, Inc.,
49 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
50 *
51 * **********
52 */
53
54#ifndef MBEDTLS_CONFIG_H
55#define MBEDTLS_CONFIG_H
56
57#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
58//#define _CRT_SECURE_NO_DEPRECATE 1
59#endif
60
86#define MBEDTLS_HAVE_ASM
87
114//#define MBEDTLS_NO_UDBL_DIVISION
115
136//#define MBEDTLS_NO_64BIT_MULTIPLICATION
137
145//#define MBEDTLS_HAVE_SSE2 /* We want to run on older hardware. TODO: This should be checked at runtime. */
146
160//#define MBEDTLS_HAVE_TIME
161
181//#define MBEDTLS_HAVE_TIME_DATE
182
205//#define MBEDTLS_PLATFORM_MEMORY
206
224//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
225
249//#define MBEDTLS_PLATFORM_EXIT_ALT
250//#define MBEDTLS_PLATFORM_TIME_ALT
251//#define MBEDTLS_PLATFORM_FPRINTF_ALT
252//#define MBEDTLS_PLATFORM_PRINTF_ALT
253//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
254//#define MBEDTLS_PLATFORM_NV_SEED_ALT
255//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
256
270//#define MBEDTLS_DEPRECATED_WARNING
271
282//#define MBEDTLS_DEPRECATED_REMOVED /* ThFabba: we need md5/sha functions for bcrypt */
283
334//#define MBEDTLS_CHECK_PARAMS
335
348//#define MBEDTLS_CHECK_PARAMS_ASSERT
349
350/* \} name SECTION: System support */
351
371//#define MBEDTLS_TIMING_ALT
372
398//#define MBEDTLS_AES_ALT
399//#define MBEDTLS_ARC4_ALT
400//#define MBEDTLS_ARIA_ALT
401//#define MBEDTLS_BLOWFISH_ALT
402//#define MBEDTLS_CAMELLIA_ALT
403//#define MBEDTLS_CCM_ALT
404//#define MBEDTLS_CHACHA20_ALT
405//#define MBEDTLS_CHACHAPOLY_ALT
406//#define MBEDTLS_CMAC_ALT
407//#define MBEDTLS_DES_ALT
408//#define MBEDTLS_DHM_ALT
409//#define MBEDTLS_ECJPAKE_ALT
410//#define MBEDTLS_GCM_ALT
411//#define MBEDTLS_NIST_KW_ALT
412//#define MBEDTLS_MD2_ALT
413//#define MBEDTLS_MD4_ALT
414//#define MBEDTLS_MD5_ALT
415//#define MBEDTLS_POLY1305_ALT
416//#define MBEDTLS_RIPEMD160_ALT
417//#define MBEDTLS_RSA_ALT
418//#define MBEDTLS_SHA1_ALT
419//#define MBEDTLS_SHA256_ALT
420//#define MBEDTLS_SHA512_ALT
421//#define MBEDTLS_XTEA_ALT
422
423/*
424 * When replacing the elliptic curve module, pleace consider, that it is
425 * implemented with two .c files:
426 * - ecp.c
427 * - ecp_curves.c
428 * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
429 * macros as described above. The only difference is that you have to make sure
430 * that you provide functionality for both .c files.
431 */
432//#define MBEDTLS_ECP_ALT
433
479//#define MBEDTLS_MD2_PROCESS_ALT
480//#define MBEDTLS_MD4_PROCESS_ALT
481//#define MBEDTLS_MD5_PROCESS_ALT
482//#define MBEDTLS_RIPEMD160_PROCESS_ALT
483//#define MBEDTLS_SHA1_PROCESS_ALT
484//#define MBEDTLS_SHA256_PROCESS_ALT
485//#define MBEDTLS_SHA512_PROCESS_ALT
486//#define MBEDTLS_DES_SETKEY_ALT
487//#define MBEDTLS_DES_CRYPT_ECB_ALT
488//#define MBEDTLS_DES3_CRYPT_ECB_ALT
489//#define MBEDTLS_AES_SETKEY_ENC_ALT
490//#define MBEDTLS_AES_SETKEY_DEC_ALT
491//#define MBEDTLS_AES_ENCRYPT_ALT
492//#define MBEDTLS_AES_DECRYPT_ALT
493//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
494//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
495//#define MBEDTLS_ECDSA_VERIFY_ALT
496//#define MBEDTLS_ECDSA_SIGN_ALT
497//#define MBEDTLS_ECDSA_GENKEY_ALT
498
539/* Required for all the functions in this section */
540//#define MBEDTLS_ECP_INTERNAL_ALT
541/* Support for Weierstrass curves with Jacobi representation */
542//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
543//#define MBEDTLS_ECP_ADD_MIXED_ALT
544//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
545//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
546//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
547/* Support for curves with Montgomery arithmetic */
548//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
549//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
550//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
551
567//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
568
586//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
587
603//#define MBEDTLS_TEST_NULL_ENTROPY
604
616//#define MBEDTLS_ENTROPY_HARDWARE_ALT
617
636//#define MBEDTLS_AES_ROM_TABLES
637
658//#define MBEDTLS_AES_FEWER_TABLES
659
667//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
668
674#define MBEDTLS_CIPHER_MODE_CBC
675
681#define MBEDTLS_CIPHER_MODE_CFB
682
688#define MBEDTLS_CIPHER_MODE_CTR
689
695#define MBEDTLS_CIPHER_MODE_OFB
696
702#define MBEDTLS_CIPHER_MODE_XTS
703
735//#define MBEDTLS_CIPHER_NULL_CIPHER
736
748#define MBEDTLS_CIPHER_PADDING_PKCS7
749#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
750#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
751#define MBEDTLS_CIPHER_PADDING_ZEROS
752
758//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
759
776//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
777
789#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
790
809#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
810
819#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
820#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
821#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
822#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
823#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
824#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
825#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
826#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
827#define MBEDTLS_ECP_DP_BP256R1_ENABLED
828#define MBEDTLS_ECP_DP_BP384R1_ENABLED
829#define MBEDTLS_ECP_DP_BP512R1_ENABLED
830#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
831#define MBEDTLS_ECP_DP_CURVE448_ENABLED
832
842#define MBEDTLS_ECP_NIST_OPTIM
843
864//#define MBEDTLS_ECP_NO_INTERNAL_RNG
865
888//#define MBEDTLS_ECP_RESTARTABLE
889
902#define MBEDTLS_ECDSA_DETERMINISTIC
903
924//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /* swyter: we don't need PSK-based ciphers for schannel */
925
955//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED /* swyter: we don't need PSK-based ciphers for schannel */
956
975//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED /* swyter: we don't need PSK-based ciphers for schannel */
976
1000//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED /* swyter: we don't need PSK-based ciphers for schannel */
1001
1028#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
1029
1061#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
1062
1086#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
1087
1110#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
1111
1134#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
1135
1158#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
1159
1177//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
1178
1191#define MBEDTLS_PK_PARSE_EC_EXTENDED
1192
1206#define MBEDTLS_ERROR_STRERROR_DUMMY
1207
1215#define MBEDTLS_GENPRIME
1216
1222//#define MBEDTLS_FS_IO /* swyter: we don't have to access the filesystem directly in schannel */
1223
1235//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
1236
1246//#define MBEDTLS_NO_PLATFORM_ENTROPY
1247
1262#define MBEDTLS_ENTROPY_FORCE_SHA256 /* swyter: ReactOS is primarily 32-bit only, this speeds it up notably */
1263
1290//#define MBEDTLS_ENTROPY_NV_SEED
1291
1303//#define MBEDTLS_MEMORY_DEBUG
1304
1315//#define MBEDTLS_MEMORY_BACKTRACE
1316
1324#define MBEDTLS_PK_RSA_ALT_SUPPORT
1325
1335#define MBEDTLS_PKCS1_V15
1336
1346#define MBEDTLS_PKCS1_V21
1347
1357//#define MBEDTLS_RSA_NO_CRT
1358
1364//#define MBEDTLS_SELF_TEST /* swyter: we don't need this, adds quite a bit of bloat */
1365
1380//#define MBEDTLS_SHA256_SMALLER
1381
1394#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
1395
1405//#define MBEDTLS_SSL_ASYNC_PRIVATE
1406
1421//#define MBEDTLS_SSL_DEBUG_ALL /* swyter: we don't need that much verboseness that clogges up the dll with strings */
1422
1439#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
1440
1457#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
1458
1474//#define MBEDTLS_SSL_FALLBACK_SCSV /* swyter: as the description says, we don't need this for clients */
1475
1484//#define MBEDTLS_SSL_HW_RECORD_ACCEL
1485
1496#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
1497
1518#define MBEDTLS_SSL_RENEGOTIATION
1519
1528//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO /* swyter: we don't need anything server-related */
1529
1538//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE /* swyter: we don't need anything server-related */
1539
1547#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1548
1559//#define MBEDTLS_SSL_PROTO_SSL3 /* swyter: this is potentially insecure and should remain ethernaly disabled */
1560
1571#define MBEDTLS_SSL_PROTO_TLS1
1572
1583#define MBEDTLS_SSL_PROTO_TLS1_1
1584
1595#define MBEDTLS_SSL_PROTO_TLS1_2
1596
1610//#define MBEDTLS_SSL_PROTO_DTLS /* swyter: schannel does not support UDP sockets, DTLS is useless */
1611
1619#define MBEDTLS_SSL_ALPN
1620
1634//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY /* swyter: schannel does not support UDP sockets, DTLS is useless */
1635
1652//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY /* swyter: schannel does not support UDP sockets, DTLS is useless */
1653
1668//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE /* swyter: schannel does not support UDP sockets, DTLS is useless */
1669
1679//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT /* swyter: schannel does not support UDP sockets, DTLS is useless */
1680
1693#define MBEDTLS_SSL_SESSION_TICKETS
1694
1703//#define MBEDTLS_SSL_EXPORT_KEYS
1704
1714#define MBEDTLS_SSL_SERVER_NAME_INDICATION
1715
1723#define MBEDTLS_SSL_TRUNCATED_HMAC
1724
1747//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
1748
1764//#define MBEDTLS_TEST_HOOKS
1765
1775//#define MBEDTLS_THREADING_ALT
1776
1786//#define MBEDTLS_THREADING_PTHREAD
1787
1799//#define MBEDTLS_VERSION_FEATURES
1800
1809//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
1810
1821//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
1822
1835#define MBEDTLS_X509_CHECK_KEY_USAGE
1836
1848#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
1849
1858#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
1859
1883//#define MBEDTLS_ZLIB_SUPPORT
1884/* \} name SECTION: mbed TLS feature support */
1885
1905#define MBEDTLS_AESNI_C /* swyter: looks like these AMD64 improvements are behind an arch macro, better perf is always good */
1906
1980#define MBEDTLS_AES_C
1981
2008#define MBEDTLS_ARC4_C
2009
2022#define MBEDTLS_ASN1_PARSE_C
2023
2036#define MBEDTLS_ASN1_WRITE_C
2037
2048//#define MBEDTLS_BASE64_C
2049
2065#define MBEDTLS_BIGNUM_C
2066
2074#define MBEDTLS_BLOWFISH_C
2075
2129#define MBEDTLS_CAMELLIA_C
2130
2181//#define MBEDTLS_ARIA_C
2182
2195#define MBEDTLS_CCM_C
2196
2207//#define MBEDTLS_CERTS_C /* swyter: these test certs are completely useless */
2208
2216//#define MBEDTLS_CHACHA20_C /* ThFabba: we don't use this feature, no need to compile it */
2217
2227//#define MBEDTLS_CHACHAPOLY_C /* ThFabba: we don't use this feature, no need to compile it */
2228
2239#define MBEDTLS_CIPHER_C
2240
2252//#define MBEDTLS_CMAC_C
2253
2272#define MBEDTLS_CTR_DRBG_C
2273
2286//#define MBEDTLS_DEBUG_C /* swyter: we don't even need this level of verboseness, useful only when developing */
2287
2315#define MBEDTLS_DES_C
2316
2336#define MBEDTLS_DHM_C
2337
2352#define MBEDTLS_ECDH_C
2353
2367#define MBEDTLS_ECDSA_C
2368
2386//#define MBEDTLS_ECJPAKE_C
2387
2400#define MBEDTLS_ECP_C
2401
2414#define MBEDTLS_ENTROPY_C
2415
2426//#define MBEDTLS_ERROR_C /* swyter: we don't print user errors, so this trims some fat */
2427
2440#define MBEDTLS_GCM_C
2441
2463//#define MBEDTLS_HAVEGE_C
2464
2478//#define MBEDTLS_HKDF_C /* ThFabba: we don't use this feature, no need to compile it */
2479
2492#define MBEDTLS_HMAC_DRBG_C
2493
2505//#define MBEDTLS_NIST_KW_C /* ThFabba: we don't use this feature, no need to compile it */
2506
2517#define MBEDTLS_MD_C
2518
2534//#define MBEDTLS_MD2_C
2535
2551//#define MBEDTLS_MD4_C
2552
2573#define MBEDTLS_MD5_C
2574
2589//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
2590
2608//#define MBEDTLS_NET_C /* swyter: we don't use the network routines, in fact in schannel we replace them with our own shim to forward the managed network buffers */
2609
2631#define MBEDTLS_OID_C
2632
2645#define MBEDTLS_PADLOCK_C
2646
2663//#define MBEDTLS_PEM_PARSE_C /* swyter: we don't do any PEM decoding */
2664
2679//#define MBEDTLS_PEM_WRITE_C /* swyter: we don't do any PEM decoding */
2680
2695#define MBEDTLS_PK_C
2696
2710#define MBEDTLS_PK_PARSE_C
2711
2724//#define MBEDTLS_PK_WRITE_C /* swyter: we don't write any PK */
2725
2737#define MBEDTLS_PKCS5_C
2738
2752//#define MBEDTLS_PKCS11_C
2753
2768#define MBEDTLS_PKCS12_C
2769
2788#define MBEDTLS_PLATFORM_C
2789
2798//#define MBEDTLS_POLY1305_C /* ThFabba: we don't use this feature, no need to compile it */
2799
2809#define MBEDTLS_RIPEMD160_C
2810
2828#define MBEDTLS_RSA_C
2829
2850#define MBEDTLS_SHA1_C
2851
2867#define MBEDTLS_SHA256_C
2868
2882#define MBEDTLS_SHA512_C
2883
2894//#define MBEDTLS_SSL_CACHE_C /* swyter: we don't make use of this caching mechanism, as the WINE schannel API does not expose it */
2895
2904//#define MBEDTLS_SSL_COOKIE_C /* swyter: schannel does not support UDP sockets, DTLS is useless */
2905
2916#define MBEDTLS_SSL_TICKET_C
2917
2930#define MBEDTLS_SSL_CLI_C
2931
2944//#define MBEDTLS_SSL_SRV_C /* swyter: we don't need anything server-related */
2945
2960#define MBEDTLS_SSL_TLS_C
2961
2982//#define MBEDTLS_THREADING_C
2983
3005#define MBEDTLS_TIMING_C
3006
3016//#define MBEDTLS_VERSION_C /* swyter: we don't use these functions, so it's a waste of space */
3017
3033#define MBEDTLS_X509_USE_C
3034
3049#define MBEDTLS_X509_CRT_PARSE_C
3050
3063//#define MBEDTLS_X509_CRL_PARSE_C /* swyter: we don't verify certs directly */
3064
3077//#define MBEDTLS_X509_CSR_PARSE_C /* swyter: we don't verify certs directly */
3078
3090//#define MBEDTLS_X509_CREATE_C /* swyter: we don't create certs in schannel */
3091
3103//#define MBEDTLS_X509_CRT_WRITE_C /* swyter: we don't create certs in schannel */
3104
3116//#define MBEDTLS_X509_CSR_WRITE_C /* swyter: we don't create certs in schannel, this is for servers */
3117
3126#define MBEDTLS_XTEA_C
3127
3128/* \} name SECTION: mbed TLS modules */
3129
3145/* MPI / BIGNUM options */
3146//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */
3147//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
3148
3149/* CTR_DRBG options */
3150//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
3151//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
3152//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
3153//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
3154//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
3155
3156/* HMAC_DRBG options */
3157//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
3158//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
3159//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
3160//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
3161
3162/* ECP options */
3163//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
3164//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
3165//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
3166
3167/* Entropy options */
3168//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
3169//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
3170//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
3171
3172/* Memory buffer allocator options */
3173//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
3174
3175/* Platform options */
3176//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
3177//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
3178//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
3179//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
3180//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3181//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
3182//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
3183/* Note: your snprintf must correctly zero-terminate the buffer! */
3184//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
3185//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
3186//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
3187//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3188//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3189//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
3190
3191/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
3192/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
3193//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
3194//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
3195//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
3196//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3197//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
3198//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
3199//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
3200/* Note: your snprintf must correctly zero-terminate the buffer! */
3201//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
3202//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
3203//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
3204
3239//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
3240
3241/* SSL Cache options */
3242//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
3243//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
3244
3245/* SSL options */
3246
3271//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
3272
3296//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
3297
3320//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
3321
3337//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
3338
3339//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
3340//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
3341//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
3342
3355//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
3356
3357/* X509 options */
3358//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
3359//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
3360
3373// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
3374
3390#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
3391
3410//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
3411
3429//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
3430
3431/* \} name SECTION: Customisation configuration options */
3432
3433/* Target and application specific configurations
3434 *
3435 * Allow user to override any previous default.
3436 *
3437 */
3438#if defined(MBEDTLS_USER_CONFIG_FILE)
3439#include MBEDTLS_USER_CONFIG_FILE
3440#endif
3441
3442#include "check_config.h"
3443
3444#endif /* MBEDTLS_CONFIG_H */
Consistency checks for configuration options.