mbed TLS v2.2.0
config.h File Reference

Detailed Description

Compatibility names (set of defines)

Configuration options (set of defines)

Deprecated:
Use the new names directly instead

Copyright (C) 2006-2015, ARM Limited, All Rights Reserved SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This file is part of mbed TLS (https://tls.mbed.org)

Copyright (C) 2006-2015, ARM Limited, All Rights Reserved SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This file is part of mbed TLS (https://tls.mbed.org)

Definition in file config.h.

#include "check_config.h"
Include dependency graph for config.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

SECTION: System support

This section sets system specific settings.

#define MBEDTLS_HAVE_ASM
 The compiler has support for asm(). More...
 
#define MBEDTLS_HAVE_TIME
 System has time.h and time(). More...
 
#define MBEDTLS_HAVE_TIME_DATE
 System has time.h and time(), gmtime() and the clock is correct. More...
 
SECTION: mbed TLS feature support

This section sets support for features that are or are not needed within the modules that are enabled.

#define MBEDTLS_CIPHER_MODE_CBC
 Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. More...
 
#define MBEDTLS_CIPHER_MODE_CFB
 Enable Cipher Feedback mode (CFB) for symmetric ciphers. More...
 
#define MBEDTLS_CIPHER_MODE_CTR
 Enable Counter Block Cipher mode (CTR) for symmetric ciphers. More...
 
#define MBEDTLS_CIPHER_PADDING_PKCS7
 
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 
#define MBEDTLS_CIPHER_PADDING_ZEROS
 
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 Remove RC4 ciphersuites by default in SSL / TLS. More...
 
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
 
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
 
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
 
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
 
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
 
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
 
#define MBEDTLS_ECP_NIST_OPTIM
 Enable specific 'modulo p' routines for each NIST prime. More...
 
#define MBEDTLS_ECDSA_DETERMINISTIC
 Enable deterministic ECDSA (RFC 6979). More...
 
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 Enable the PSK based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
 Enable the DHE-PSK based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 Enable the RSA-PSK based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 Enable the RSA-only based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 Enable the DHE-RSA based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. More...
 
#define MBEDTLS_PK_PARSE_EC_EXTENDED
 Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480. More...
 
#define MBEDTLS_ERROR_STRERROR_DUMMY
 Enable a dummy error function to make use of mbedtls_strerror() in third party libraries easier when MBEDTLS_ERROR_C is disabled (no effect when MBEDTLS_ERROR_C is enabled). More...
 
#define MBEDTLS_GENPRIME
 Enable the prime-number generation code. More...
 
#define MBEDTLS_FS_IO
 Enable functions that use the filesystem. More...
 
#define MBEDTLS_PK_RSA_ALT_SUPPORT
 Support external private RSA keys (eg from a HSM) in the PK layer. More...
 
#define MBEDTLS_PKCS1_V15
 Enable support for PKCS#1 v1.5 encoding. More...
 
#define MBEDTLS_PKCS1_V21
 Enable support for PKCS#1 v2.1 encoding. More...
 
#define MBEDTLS_SELF_TEST
 Enable the checkup functions (*_self_test). More...
 
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
 Enable sending of alert messages in case of encountered errors as per RFC. More...
 
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
 Enable support for Encrypt-then-MAC, RFC 7366. More...
 
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 Enable support for Extended Master Secret, aka Session Hash (draft-ietf-tls-session-hash-02). More...
 
#define MBEDTLS_SSL_FALLBACK_SCSV
 Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). More...
 
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
 Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. More...
 
#define MBEDTLS_SSL_RENEGOTIATION
 Disable support for TLS renegotiation. More...
 
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 Enable support for RFC 6066 max_fragment_length extension in SSL. More...
 
#define MBEDTLS_SSL_PROTO_SSL3
 Enable support for SSL 3.0. More...
 
#define MBEDTLS_SSL_PROTO_TLS1
 Enable support for TLS 1.0. More...
 
#define MBEDTLS_SSL_PROTO_TLS1_1
 Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). More...
 
#define MBEDTLS_SSL_PROTO_TLS1_2
 Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). More...
 
#define MBEDTLS_SSL_PROTO_DTLS
 Enable support for DTLS (all available versions). More...
 
#define MBEDTLS_SSL_ALPN
 Enable support for RFC 7301 Application Layer Protocol Negotiation. More...
 
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
 Enable support for the anti-replay mechanism in DTLS. More...
 
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
 Enable support for HelloVerifyRequest on DTLS servers. More...
 
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 Enable server-side support for clients that reconnect from the same port. More...
 
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
 Enable support for a limit of records with bad MAC. More...
 
#define MBEDTLS_SSL_SESSION_TICKETS
 Enable support for RFC 5077 session tickets in SSL. More...
 
#define MBEDTLS_SSL_EXPORT_KEYS
 Enable support for exporting key block and master secret. More...
 
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
 Enable support for RFC 6066 server name indication (SNI) in SSL. More...
 
#define MBEDTLS_SSL_TRUNCATED_HMAC
 Enable support for RFC 6066 truncated HMAC in SSL. More...
 
#define MBEDTLS_VERSION_FEATURES
 Allow run-time checking of compile-time enabled features. More...
 
#define MBEDTLS_X509_CHECK_KEY_USAGE
 Enable verification of the keyUsage extension (CA and leaf certificates). More...
 
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
 Enable verification of the extendedKeyUsage extension (leaf certificates). More...
 
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 Enable parsing and verification of X.509 certificates, CRLs and CSRS signed with RSASSA-PSS (aka PKCS#1 v2.1). More...
 
SECTION: mbed TLS modules

This section enables or disables entire modules in mbed TLS

#define MBEDTLS_AESNI_C
 Enable AES-NI support on x86-64. More...
 
#define MBEDTLS_AES_C
 Enable the AES block cipher. More...
 
#define MBEDTLS_ARC4_C
 Enable the ARCFOUR stream cipher. More...
 
#define MBEDTLS_ASN1_PARSE_C
 Enable the generic ASN1 parser. More...
 
#define MBEDTLS_ASN1_WRITE_C
 Enable the generic ASN1 writer. More...
 
#define MBEDTLS_BASE64_C
 Enable the Base64 module. More...
 
#define MBEDTLS_BIGNUM_C
 Enable the multi-precision integer library. More...
 
#define MBEDTLS_BLOWFISH_C
 Enable the Blowfish block cipher. More...
 
#define MBEDTLS_CAMELLIA_C
 Enable the Camellia block cipher. More...
 
#define MBEDTLS_CCM_C
 Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. More...
 
#define MBEDTLS_CERTS_C
 Enable the test certificates. More...
 
#define MBEDTLS_CIPHER_C
 Enable the generic cipher layer. More...
 
#define MBEDTLS_CTR_DRBG_C
 Enable the CTR_DRBG AES-256-based random generator. More...
 
#define MBEDTLS_DEBUG_C
 Enable the debug functions. More...
 
#define MBEDTLS_DES_C
 Enable the DES block cipher. More...
 
#define MBEDTLS_DHM_C
 Enable the Diffie-Hellman-Merkle module. More...
 
#define MBEDTLS_ECDH_C
 Enable the elliptic curve Diffie-Hellman library. More...
 
#define MBEDTLS_ECDSA_C
 Enable the elliptic curve DSA library. More...
 
#define MBEDTLS_ECP_C
 Enable the elliptic curve over GF(p) library. More...
 
#define MBEDTLS_ENTROPY_C
 Enable the platform-specific entropy code. More...
 
#define MBEDTLS_ERROR_C
 Enable error code to error string conversion. More...
 
#define MBEDTLS_GCM_C
 Enable the Galois/Counter Mode (GCM) for AES. More...
 
#define MBEDTLS_HMAC_DRBG_C
 Enable the HMAC_DRBG random generator. More...
 
#define MBEDTLS_MD_C
 Enable the generic message digest layer. More...
 
#define MBEDTLS_MD5_C
 Enable the MD5 hash algorithm. More...
 
#define MBEDTLS_NET_C
 Enable the TCP/IP networking routines. More...
 
#define MBEDTLS_OID_C
 Enable the OID database. More...
 
#define MBEDTLS_PADLOCK_C
 Enable VIA Padlock support on x86. More...
 
#define MBEDTLS_PEM_PARSE_C
 Enable PEM decoding / parsing. More...
 
#define MBEDTLS_PEM_WRITE_C
 Enable PEM encoding / writing. More...
 
#define MBEDTLS_PK_C
 Enable the generic public (asymetric) key layer. More...
 
#define MBEDTLS_PK_PARSE_C
 Enable the generic public (asymetric) key parser. More...
 
#define MBEDTLS_PK_WRITE_C
 Enable the generic public (asymetric) key writer. More...
 
#define MBEDTLS_PKCS5_C
 Enable PKCS#5 functions. More...
 
#define MBEDTLS_PKCS12_C
 Enable PKCS#12 PBE functions. More...
 
#define MBEDTLS_PLATFORM_C
 Enable the platform abstraction layer that allows you to re-assign functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). More...
 
#define MBEDTLS_RIPEMD160_C
 Enable the RIPEMD-160 hash algorithm. More...
 
#define MBEDTLS_RSA_C
 Enable the RSA public-key cryptosystem. More...
 
#define MBEDTLS_SHA1_C
 Enable the SHA1 cryptographic hash algorithm. More...
 
#define MBEDTLS_SHA256_C
 Enable the SHA-224 and SHA-256 cryptographic hash algorithms. More...
 
#define MBEDTLS_SHA512_C
 Enable the SHA-384 and SHA-512 cryptographic hash algorithms. More...
 
#define MBEDTLS_SSL_CACHE_C
 Enable simple SSL cache implementation. More...
 
#define MBEDTLS_SSL_COOKIE_C
 Enable basic implementation of DTLS cookies for hello verification. More...
 
#define MBEDTLS_SSL_TICKET_C
 Enable an implementation of TLS server-side callbacks for session tickets. More...
 
#define MBEDTLS_SSL_CLI_C
 Enable the SSL/TLS client code. More...
 
#define MBEDTLS_SSL_SRV_C
 Enable the SSL/TLS server code. More...
 
#define MBEDTLS_SSL_TLS_C
 Enable the generic SSL/TLS code. More...
 
#define MBEDTLS_TIMING_C
 Enable the portable timing interface. More...
 
#define MBEDTLS_VERSION_C
 Enable run-time version information. More...
 
#define MBEDTLS_X509_USE_C
 Enable X.509 core for using certificates. More...
 
#define MBEDTLS_X509_CRT_PARSE_C
 Enable X.509 certificate parsing. More...
 
#define MBEDTLS_X509_CRL_PARSE_C
 Enable X.509 CRL parsing. More...
 
#define MBEDTLS_X509_CSR_PARSE_C
 Enable X.509 Certificate Signing Request (CSR) parsing. More...
 
#define MBEDTLS_X509_CREATE_C
 Enable X.509 core for creating certificates. More...
 
#define MBEDTLS_X509_CRT_WRITE_C
 Enable creating X.509 certificates. More...
 
#define MBEDTLS_X509_CSR_WRITE_C
 Enable creating X.509 Certificate Signing Requests (CSR). More...
 
#define MBEDTLS_XTEA_C
 Enable the XTEA block cipher. More...