include/mbedtls/config_adjust_ssl.h

0001 /**
0002  * \file mbedtls/config_adjust_ssl.h
0003  * \brief Adjust TLS configuration
0004  *
0005  * This is an internal header. Do not include it directly.
0006  *
0007  * Automatically enable certain dependencies. Generally, MBEDTLS_xxx
0008  * configurations need to be explicitly enabled by the user: enabling
0009  * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
0010  * compilation error. However, we do automatically enable certain options
0011  * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
0012  * used to identify parts of a module that are used by other module, and we
0013  * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
0014  * Another case is if A didn't depend on B in earlier versions, and we
0015  * want to use B in A but we need to preserve backward compatibility with
0016  * configurations that explicitly activate MBEDTLS_xxx_A but not
0017  * MBEDTLS_xxx_B.
0018  */
0019 /*
0020  *  Copyright The Mbed TLS Contributors
0021  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
0022  */
0023
0024 #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
0025 #define MBEDTLS_CONFIG_ADJUST_SSL_H
0026
0027 #if !defined(MBEDTLS_CONFIG_FILES_READ)
0028 #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
0029     "up to and including runtime errors such as buffer overflows. " \
0030     "If you're trying to fix a complaint from check_config.h, just remove " \
0031     "it from your configuration file: since Mbed TLS 3.0, it is included " \
0032     "automatically at the right point."
0033 #endif /* */
0034
0035 /* The following blocks make it easier to disable all of TLS,
0036  * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
0037  * key exchanges, options and extensions related to them. */
0038
0039 #if !defined(MBEDTLS_SSL_TLS_C)
0040 #undef MBEDTLS_SSL_CLI_C
0041 #undef MBEDTLS_SSL_SRV_C
0042 #undef MBEDTLS_SSL_PROTO_TLS1_3
0043 #undef MBEDTLS_SSL_PROTO_TLS1_2
0044 #undef MBEDTLS_SSL_PROTO_DTLS
0045 #endif
0046
0047 #if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS))
0048 #undef MBEDTLS_SSL_TICKET_C
0049 #endif
0050
0051 #if !defined(MBEDTLS_SSL_PROTO_DTLS)
0052 #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
0053 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID
0054 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
0055 #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
0056 #undef MBEDTLS_SSL_DTLS_SRTP
0057 #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
0058 #endif
0059
0060 #if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
0061 #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
0062 #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
0063 #undef MBEDTLS_SSL_RENEGOTIATION
0064 #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
0065 #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
0066 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
0067 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
0068 #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
0069 #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
0070 #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
0071 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
0072 #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
0073 #undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
0074 #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
0075 #endif
0076
0077 #if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
0078 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
0079 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
0080 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
0081 #undef MBEDTLS_SSL_EARLY_DATA
0082 #undef MBEDTLS_SSL_RECORD_SIZE_LIMIT
0083 #endif
0084
0085 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
0086     (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
0087     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
0088 #define MBEDTLS_SSL_TLS1_2_SOME_ECC
0089 #endif
0090
0091 #endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */