Detailed Description
Compatibility names (set of defines)
Configuration options (set of defines)
- Deprecated:
- Use the new names directly instead
Copyright (C) 2006-2015, ARM Limited, All Rights Reserved SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This file is part of mbed TLS (https://tls.mbed.org)
Copyright (C) 2006-2015, ARM Limited, All Rights Reserved SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This file is part of mbed TLS (https://tls.mbed.org)
Definition in file config.h.
#include "check_config.h"
Include dependency graph for config.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Macros | |
SECTION: System support | |
This section sets system specific settings. | |
| #define | MBEDTLS_HAVE_ASM |
| The compiler has support for asm(). More... | |
| #define | MBEDTLS_HAVE_TIME |
| System has time.h and time(). More... | |
| #define | MBEDTLS_HAVE_TIME_DATE |
| System has time.h and time(), gmtime() and the clock is correct. More... | |
SECTION: mbed TLS feature support | |
This section sets support for features that are or are not needed within the modules that are enabled. | |
| #define | MBEDTLS_CIPHER_MODE_CBC |
| Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. More... | |
| #define | MBEDTLS_CIPHER_MODE_CFB |
| Enable Cipher Feedback mode (CFB) for symmetric ciphers. More... | |
| #define | MBEDTLS_CIPHER_MODE_CTR |
| Enable Counter Block Cipher mode (CTR) for symmetric ciphers. More... | |
| #define | MBEDTLS_CIPHER_PADDING_PKCS7 |
| #define | MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS |
| #define | MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN |
| #define | MBEDTLS_CIPHER_PADDING_ZEROS |
| #define | MBEDTLS_REMOVE_ARC4_CIPHERSUITES |
| Remove RC4 ciphersuites by default in SSL / TLS. More... | |
| #define | MBEDTLS_ECP_DP_SECP192R1_ENABLED |
| #define | MBEDTLS_ECP_DP_SECP224R1_ENABLED |
| #define | MBEDTLS_ECP_DP_SECP256R1_ENABLED |
| #define | MBEDTLS_ECP_DP_SECP384R1_ENABLED |
| #define | MBEDTLS_ECP_DP_SECP521R1_ENABLED |
| #define | MBEDTLS_ECP_DP_SECP192K1_ENABLED |
| #define | MBEDTLS_ECP_DP_SECP224K1_ENABLED |
| #define | MBEDTLS_ECP_DP_SECP256K1_ENABLED |
| #define | MBEDTLS_ECP_DP_BP256R1_ENABLED |
| #define | MBEDTLS_ECP_DP_BP384R1_ENABLED |
| #define | MBEDTLS_ECP_DP_BP512R1_ENABLED |
| #define | MBEDTLS_ECP_DP_CURVE25519_ENABLED |
| #define | MBEDTLS_ECP_NIST_OPTIM |
| Enable specific 'modulo p' routines for each NIST prime. More... | |
| #define | MBEDTLS_ECDSA_DETERMINISTIC |
| Enable deterministic ECDSA (RFC 6979). More... | |
| #define | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED |
| Enable the PSK based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED |
| Enable the DHE-PSK based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
| Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED |
| Enable the RSA-PSK based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED |
| Enable the RSA-only based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED |
| Enable the DHE-RSA based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
| Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
| Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED |
| Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. More... | |
| #define | MBEDTLS_PK_PARSE_EC_EXTENDED |
| Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480. More... | |
| #define | MBEDTLS_ERROR_STRERROR_DUMMY |
| Enable a dummy error function to make use of mbedtls_strerror() in third party libraries easier when MBEDTLS_ERROR_C is disabled (no effect when MBEDTLS_ERROR_C is enabled). More... | |
| #define | MBEDTLS_GENPRIME |
| Enable the prime-number generation code. More... | |
| #define | MBEDTLS_FS_IO |
| Enable functions that use the filesystem. More... | |
| #define | MBEDTLS_PK_RSA_ALT_SUPPORT |
| Support external private RSA keys (eg from a HSM) in the PK layer. More... | |
| #define | MBEDTLS_PKCS1_V15 |
| Enable support for PKCS#1 v1.5 encoding. More... | |
| #define | MBEDTLS_PKCS1_V21 |
| Enable support for PKCS#1 v2.1 encoding. More... | |
| #define | MBEDTLS_SELF_TEST |
| Enable the checkup functions (*_self_test). More... | |
| #define | MBEDTLS_SSL_ALL_ALERT_MESSAGES |
| Enable sending of alert messages in case of encountered errors as per RFC. More... | |
| #define | MBEDTLS_SSL_ENCRYPT_THEN_MAC |
| Enable support for Encrypt-then-MAC, RFC 7366. More... | |
| #define | MBEDTLS_SSL_EXTENDED_MASTER_SECRET |
| Enable support for Extended Master Secret, aka Session Hash (draft-ietf-tls-session-hash-02). More... | |
| #define | MBEDTLS_SSL_FALLBACK_SCSV |
| Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). More... | |
| #define | MBEDTLS_SSL_CBC_RECORD_SPLITTING |
| Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. More... | |
| #define | MBEDTLS_SSL_RENEGOTIATION |
| Disable support for TLS renegotiation. More... | |
| #define | MBEDTLS_SSL_MAX_FRAGMENT_LENGTH |
| Enable support for RFC 6066 max_fragment_length extension in SSL. More... | |
| #define | MBEDTLS_SSL_PROTO_SSL3 |
| Enable support for SSL 3.0. More... | |
| #define | MBEDTLS_SSL_PROTO_TLS1 |
| Enable support for TLS 1.0. More... | |
| #define | MBEDTLS_SSL_PROTO_TLS1_1 |
| Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). More... | |
| #define | MBEDTLS_SSL_PROTO_TLS1_2 |
| Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). More... | |
| #define | MBEDTLS_SSL_PROTO_DTLS |
| Enable support for DTLS (all available versions). More... | |
| #define | MBEDTLS_SSL_ALPN |
| Enable support for RFC 7301 Application Layer Protocol Negotiation. More... | |
| #define | MBEDTLS_SSL_DTLS_ANTI_REPLAY |
| Enable support for the anti-replay mechanism in DTLS. More... | |
| #define | MBEDTLS_SSL_DTLS_HELLO_VERIFY |
| Enable support for HelloVerifyRequest on DTLS servers. More... | |
| #define | MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE |
| Enable server-side support for clients that reconnect from the same port. More... | |
| #define | MBEDTLS_SSL_DTLS_BADMAC_LIMIT |
| Enable support for a limit of records with bad MAC. More... | |
| #define | MBEDTLS_SSL_SESSION_TICKETS |
| Enable support for RFC 5077 session tickets in SSL. More... | |
| #define | MBEDTLS_SSL_EXPORT_KEYS |
| Enable support for exporting key block and master secret. More... | |
| #define | MBEDTLS_SSL_SERVER_NAME_INDICATION |
| Enable support for RFC 6066 server name indication (SNI) in SSL. More... | |
| #define | MBEDTLS_SSL_TRUNCATED_HMAC |
| Enable support for RFC 6066 truncated HMAC in SSL. More... | |
| #define | MBEDTLS_VERSION_FEATURES |
| Allow run-time checking of compile-time enabled features. More... | |
| #define | MBEDTLS_X509_CHECK_KEY_USAGE |
| Enable verification of the keyUsage extension (CA and leaf certificates). More... | |
| #define | MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE |
| Enable verification of the extendedKeyUsage extension (leaf certificates). More... | |
| #define | MBEDTLS_X509_RSASSA_PSS_SUPPORT |
| Enable parsing and verification of X.509 certificates, CRLs and CSRS signed with RSASSA-PSS (aka PKCS#1 v2.1). More... | |
SECTION: mbed TLS modules | |
This section enables or disables entire modules in mbed TLS | |
| #define | MBEDTLS_AESNI_C |
| Enable AES-NI support on x86-64. More... | |
| #define | MBEDTLS_AES_C |
| Enable the AES block cipher. More... | |
| #define | MBEDTLS_ARC4_C |
| Enable the ARCFOUR stream cipher. More... | |
| #define | MBEDTLS_ASN1_PARSE_C |
| Enable the generic ASN1 parser. More... | |
| #define | MBEDTLS_ASN1_WRITE_C |
| Enable the generic ASN1 writer. More... | |
| #define | MBEDTLS_BASE64_C |
| Enable the Base64 module. More... | |
| #define | MBEDTLS_BIGNUM_C |
| Enable the multi-precision integer library. More... | |
| #define | MBEDTLS_BLOWFISH_C |
| Enable the Blowfish block cipher. More... | |
| #define | MBEDTLS_CAMELLIA_C |
| Enable the Camellia block cipher. More... | |
| #define | MBEDTLS_CCM_C |
| Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. More... | |
| #define | MBEDTLS_CERTS_C |
| Enable the test certificates. More... | |
| #define | MBEDTLS_CIPHER_C |
| Enable the generic cipher layer. More... | |
| #define | MBEDTLS_CTR_DRBG_C |
| Enable the CTR_DRBG AES-256-based random generator. More... | |
| #define | MBEDTLS_DEBUG_C |
| Enable the debug functions. More... | |
| #define | MBEDTLS_DES_C |
| Enable the DES block cipher. More... | |
| #define | MBEDTLS_DHM_C |
| Enable the Diffie-Hellman-Merkle module. More... | |
| #define | MBEDTLS_ECDH_C |
| Enable the elliptic curve Diffie-Hellman library. More... | |
| #define | MBEDTLS_ECDSA_C |
| Enable the elliptic curve DSA library. More... | |
| #define | MBEDTLS_ECP_C |
| Enable the elliptic curve over GF(p) library. More... | |
| #define | MBEDTLS_ENTROPY_C |
| Enable the platform-specific entropy code. More... | |
| #define | MBEDTLS_ERROR_C |
| Enable error code to error string conversion. More... | |
| #define | MBEDTLS_GCM_C |
| Enable the Galois/Counter Mode (GCM) for AES. More... | |
| #define | MBEDTLS_HMAC_DRBG_C |
| Enable the HMAC_DRBG random generator. More... | |
| #define | MBEDTLS_MD_C |
| Enable the generic message digest layer. More... | |
| #define | MBEDTLS_MD5_C |
| Enable the MD5 hash algorithm. More... | |
| #define | MBEDTLS_NET_C |
| Enable the TCP/IP networking routines. More... | |
| #define | MBEDTLS_OID_C |
| Enable the OID database. More... | |
| #define | MBEDTLS_PADLOCK_C |
| Enable VIA Padlock support on x86. More... | |
| #define | MBEDTLS_PEM_PARSE_C |
| Enable PEM decoding / parsing. More... | |
| #define | MBEDTLS_PEM_WRITE_C |
| Enable PEM encoding / writing. More... | |
| #define | MBEDTLS_PK_C |
| Enable the generic public (asymetric) key layer. More... | |
| #define | MBEDTLS_PK_PARSE_C |
| Enable the generic public (asymetric) key parser. More... | |
| #define | MBEDTLS_PK_WRITE_C |
| Enable the generic public (asymetric) key writer. More... | |
| #define | MBEDTLS_PKCS5_C |
| Enable PKCS#5 functions. More... | |
| #define | MBEDTLS_PKCS12_C |
| Enable PKCS#12 PBE functions. More... | |
| #define | MBEDTLS_PLATFORM_C |
| Enable the platform abstraction layer that allows you to re-assign functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). More... | |
| #define | MBEDTLS_RIPEMD160_C |
| Enable the RIPEMD-160 hash algorithm. More... | |
| #define | MBEDTLS_RSA_C |
| Enable the RSA public-key cryptosystem. More... | |
| #define | MBEDTLS_SHA1_C |
| Enable the SHA1 cryptographic hash algorithm. More... | |
| #define | MBEDTLS_SHA256_C |
| Enable the SHA-224 and SHA-256 cryptographic hash algorithms. More... | |
| #define | MBEDTLS_SHA512_C |
| Enable the SHA-384 and SHA-512 cryptographic hash algorithms. More... | |
| #define | MBEDTLS_SSL_CACHE_C |
| Enable simple SSL cache implementation. More... | |
| #define | MBEDTLS_SSL_COOKIE_C |
| Enable basic implementation of DTLS cookies for hello verification. More... | |
| #define | MBEDTLS_SSL_TICKET_C |
| Enable an implementation of TLS server-side callbacks for session tickets. More... | |
| #define | MBEDTLS_SSL_CLI_C |
| Enable the SSL/TLS client code. More... | |
| #define | MBEDTLS_SSL_SRV_C |
| Enable the SSL/TLS server code. More... | |
| #define | MBEDTLS_SSL_TLS_C |
| Enable the generic SSL/TLS code. More... | |
| #define | MBEDTLS_TIMING_C |
| Enable the portable timing interface. More... | |
| #define | MBEDTLS_VERSION_C |
| Enable run-time version information. More... | |
| #define | MBEDTLS_X509_USE_C |
| Enable X.509 core for using certificates. More... | |
| #define | MBEDTLS_X509_CRT_PARSE_C |
| Enable X.509 certificate parsing. More... | |
| #define | MBEDTLS_X509_CRL_PARSE_C |
| Enable X.509 CRL parsing. More... | |
| #define | MBEDTLS_X509_CSR_PARSE_C |
| Enable X.509 Certificate Signing Request (CSR) parsing. More... | |
| #define | MBEDTLS_X509_CREATE_C |
| Enable X.509 core for creating certificates. More... | |
| #define | MBEDTLS_X509_CRT_WRITE_C |
| Enable creating X.509 certificates. More... | |
| #define | MBEDTLS_X509_CSR_WRITE_C |
| Enable creating X.509 Certificate Signing Requests (CSR). More... | |
| #define | MBEDTLS_XTEA_C |
| Enable the XTEA block cipher. More... | |
