mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-25 13:43:31 +00:00
7b7ecf5e0d
Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when MBEDTLS_PSA_CRYPTO_CONFIG is disabled. This didn't make sense and was an editorial mistake when adding it: it's meant as an addition to MBEDTLS_PSA_CRYPTO_CONFIG_FILE, so it should be included under the same conditions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
288 lines
10 KiB
C
288 lines
10 KiB
C
/**
|
|
* \file mbedtls/build_info.h
|
|
*
|
|
* \brief Build-time configuration info
|
|
*
|
|
* Include this file if you need to depend on the
|
|
* configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef MBEDTLS_BUILD_INFO_H
|
|
#define MBEDTLS_BUILD_INFO_H
|
|
|
|
/*
|
|
* This set of compile-time defines can be used to determine the version number
|
|
* of the Mbed TLS library used. Run-time variables for the same can be found in
|
|
* version.h
|
|
*/
|
|
|
|
/**
|
|
* The version number x.y.z is split into three parts.
|
|
* Major, Minor, Patchlevel
|
|
*/
|
|
#define MBEDTLS_VERSION_MAJOR 3
|
|
#define MBEDTLS_VERSION_MINOR 4
|
|
#define MBEDTLS_VERSION_PATCH 1
|
|
|
|
/**
|
|
* The single version number has the following structure:
|
|
* MMNNPP00
|
|
* Major version | Minor version | Patch version
|
|
*/
|
|
#define MBEDTLS_VERSION_NUMBER 0x03040100
|
|
#define MBEDTLS_VERSION_STRING "3.4.1"
|
|
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.1"
|
|
|
|
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
|
|
#define _CRT_SECURE_NO_DEPRECATE 1
|
|
#endif
|
|
|
|
/* Define `inline` on some non-C99-compliant compilers. */
|
|
#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
|
|
!defined(inline) && !defined(__cplusplus)
|
|
#define inline __inline
|
|
#endif
|
|
|
|
/* X.509, TLS and non-PSA crypto configuration */
|
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
#include "mbedtls/mbedtls_config.h"
|
|
#else
|
|
#include MBEDTLS_CONFIG_FILE
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_CONFIG_VERSION) && ( \
|
|
MBEDTLS_CONFIG_VERSION < 0x03000000 || \
|
|
MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER)
|
|
#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
|
|
#endif
|
|
|
|
/* Target and application specific configurations
|
|
*
|
|
* Allow user to override any previous default.
|
|
*
|
|
*/
|
|
#if defined(MBEDTLS_USER_CONFIG_FILE)
|
|
#include MBEDTLS_USER_CONFIG_FILE
|
|
#endif
|
|
|
|
/* PSA crypto configuration */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
|
|
#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
|
|
#else
|
|
#include "psa/crypto_config.h"
|
|
#endif
|
|
#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
|
|
#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
|
|
#endif
|
|
#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
|
|
|
|
/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
|
|
* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
|
|
* to ensure a 128-bit key size in CTR_DRBG.
|
|
*/
|
|
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && defined(MBEDTLS_CTR_DRBG_C)
|
|
#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
|
|
#endif
|
|
|
|
/* Auto-enable MBEDTLS_MD_C if needed by a module that didn't require it
|
|
* in a previous release, to ensure backwards compatibility.
|
|
*/
|
|
#if defined(MBEDTLS_PKCS5_C)
|
|
#define MBEDTLS_MD_C
|
|
#endif
|
|
|
|
/* PSA crypto specific configuration options
|
|
* - If config_psa.h reads a configuration option in preprocessor directive,
|
|
* this symbol should be set before its inclusion. (e.g. MBEDTLS_MD_C)
|
|
* - If config_psa.h writes a configuration option in conditional directive,
|
|
* this symbol should be consulted after its inclusion.
|
|
* (e.g. MBEDTLS_MD_LIGHT)
|
|
*/
|
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \
|
|
defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */
|
|
#include "mbedtls/config_psa.h"
|
|
#endif
|
|
|
|
/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
|
|
* This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
|
|
*/
|
|
#if defined(MBEDTLS_MD_C)
|
|
#define MBEDTLS_MD_LIGHT
|
|
#endif
|
|
|
|
/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
|
|
* in a previous release, to ensure backwards compatibility.
|
|
*/
|
|
#if defined(MBEDTLS_ECJPAKE_C) || \
|
|
defined(MBEDTLS_PEM_PARSE_C) || \
|
|
defined(MBEDTLS_ENTROPY_C) || \
|
|
defined(MBEDTLS_PK_C) || \
|
|
defined(MBEDTLS_PKCS12_C) || \
|
|
defined(MBEDTLS_RSA_C) || \
|
|
defined(MBEDTLS_SSL_TLS_C) || \
|
|
defined(MBEDTLS_X509_USE_C) || \
|
|
defined(MBEDTLS_X509_CREATE_C)
|
|
#define MBEDTLS_MD_LIGHT
|
|
#endif
|
|
|
|
/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
|
|
* - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
|
|
* for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
|
|
* some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
|
|
* - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
|
|
* these features are not supported in PSA so the only way to have them is
|
|
* to enable the built-in solution.
|
|
* Both of them are temporary dependencies:
|
|
* - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
|
|
* - support for compressed points should also be added to PSA, but in this
|
|
* case there is no associated issue to track it yet.
|
|
* - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
|
|
* still depends on ECP_LIGHT.
|
|
* - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
|
|
* be fixed by #7453.
|
|
*/
|
|
#if defined(MBEDTLS_ECP_C) || \
|
|
defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
|
|
defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
|
|
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
|
|
#define MBEDTLS_ECP_LIGHT
|
|
#endif
|
|
|
|
/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while
|
|
* in previous version compressed points were automatically supported as long
|
|
* as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
|
|
* compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
|
|
* are met. */
|
|
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
|
|
#define MBEDTLS_PK_PARSE_EC_COMPRESSED
|
|
#endif
|
|
|
|
/* Helper symbol to state that there is support for ECDH, either through
|
|
* library implementation (ECDH_C) or through PSA. */
|
|
#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
|
|
(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
|
|
#define MBEDTLS_CAN_ECDH
|
|
#endif
|
|
|
|
/* PK module can achieve ECDSA functionalities by means of either software
|
|
* implementations (ECDSA_C) or through a PSA driver. The following defines
|
|
* are meant to list these capabilities in a general way which abstracts how
|
|
* they are implemented under the hood. */
|
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
#if defined(MBEDTLS_ECDSA_C)
|
|
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
|
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
|
#endif /* MBEDTLS_ECDSA_C */
|
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
|
#if defined(PSA_WANT_ALG_ECDSA)
|
|
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
|
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
|
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
|
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
|
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
|
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
|
#endif /* PSA_WANT_ALG_ECDSA */
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
|
#define MBEDTLS_PK_CAN_ECDSA_SOME
|
|
#endif
|
|
|
|
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
|
|
* is defined as well to include all PSA code.
|
|
*/
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
|
#define MBEDTLS_PSA_CRYPTO_CLIENT
|
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
|
|
|
/* The PK wrappers need pk_write functions to format RSA key objects
|
|
* when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
|
|
* and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
|
|
#define MBEDTLS_PK_C
|
|
#define MBEDTLS_PK_WRITE_C
|
|
#define MBEDTLS_PK_PARSE_C
|
|
#endif
|
|
|
|
/* Helper symbol to state that the PK module has support for EC keys. This
|
|
* can either be provided through the legacy ECP solution or through the
|
|
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
|
|
#if defined(MBEDTLS_ECP_C) || \
|
|
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
|
|
#define MBEDTLS_PK_HAVE_ECC_KEYS
|
|
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
|
|
|
|
/* The following blocks make it easier to disable all of TLS,
|
|
* or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
|
|
* key exchanges, options and extensions related to them. */
|
|
|
|
#if !defined(MBEDTLS_SSL_TLS_C)
|
|
#undef MBEDTLS_SSL_CLI_C
|
|
#undef MBEDTLS_SSL_SRV_C
|
|
#undef MBEDTLS_SSL_PROTO_TLS1_3
|
|
#undef MBEDTLS_SSL_PROTO_TLS1_2
|
|
#undef MBEDTLS_SSL_PROTO_DTLS
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
|
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
#undef MBEDTLS_SSL_DTLS_SRTP
|
|
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
|
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
|
#undef MBEDTLS_SSL_RENEGOTIATION
|
|
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
#undef MBEDTLS_SSL_EARLY_DATA
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
|
(defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
|
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
|
|
#define MBEDTLS_SSL_TLS1_2_SOME_ECC
|
|
#endif
|
|
|
|
/* Make sure all configuration symbols are set before including check_config.h,
|
|
* even the ones that are calculated programmatically. */
|
|
#include "mbedtls/check_config.h"
|
|
|
|
#endif /* MBEDTLS_BUILD_INFO_H */
|