TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e11ae17c609f5b5602793874d9ec33f362e60bc8 / . / include / mbedtls / check_config.h
blob: 9deb14fc1fb5cf869025c739d02d80db5b5ff437 [file] [log] [blame]
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]1/**
Ronald Crone11ae172024-11-12 15:57:42 +0100[diff] [blame^]2 * \file mbedtls/check_config.h
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]3 *
4 * \brief Consistency checks for configuration options
Gilles Peskine975e74c2024-04-26 14:18:10 +0200[diff] [blame]5 *
6 * This is an internal header. Do not include it directly.
7 *
8 * This header is included automatically by all public Mbed TLS headers
9 * (via mbedtls/build_info.h). Do not include it directly in a configuration
10 * file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE!
11 * It would run at the wrong time due to missing derived symbols.
Darryl Greena40a1012018-01-05 15:33:17 +0000[diff] [blame]12 */
13/*
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]14 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]15 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]16 */
17
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]18#ifndef MBEDTLS_CHECK_CONFIG_H
19#define MBEDTLS_CHECK_CONFIG_H
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]20
David Horstmann1b847812022-11-14 15:40:46 +0000[diff] [blame]21/* *INDENT-OFF* */
Gilles Peskine690fb5e2024-05-16 14:54:04 +0200[diff] [blame]22
23#if !defined(MBEDTLS_CONFIG_IS_FINALIZED)
24#warning "Do not include mbedtls/check_config.h manually! " \
25 "This may cause spurious errors. " \
26 "It is included automatically at the right point since Mbed TLS 3.0."
27#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */
28
Jaeden Amero197496a2021-06-08 18:31:27 +0100[diff] [blame]29#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
30#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
Manuel Pégourié-Gonnard63e7eba2015-07-28 14:17:48 +0200[diff] [blame]31#endif
32
Manuel Pégourié-Gonnard60c793b2015-06-18 20:52:58 +0200[diff] [blame]33#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
34#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
35#endif
36
Manuel Pégourié-Gonnard7f22f342023-09-28 09:46:22 +0200[diff] [blame]37/* Limitations on ECC curves acceleration: partial curve acceleration is only
38 * supported with crypto excluding PK, X.509 or TLS.
39 * Note: no need to check X.509 as it depends on PK. */
40#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \
41 defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \
42 defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \
43 defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
44 defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
45 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
46 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
47 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
48 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
49 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
50 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
51 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
52 defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
53#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
Ronald Crone11ae172024-11-12 15:57:42 +0100[diff] [blame^]54#if defined(MBEDTLS_SSL_TLS_C)
Manuel Pégourié-Gonnard7f22f342023-09-28 09:46:22 +0200[diff] [blame]55#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md"
56#endif /* modules beyond what's supported */
57#endif /* not all curves accelerated */
58#endif /* some curve accelerated */
59
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]60#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
Valerio Settiaa7cbd62023-07-07 17:22:17 +0200[diff] [blame]61 ( !defined(MBEDTLS_CAN_ECDH) || \
Elena Uziunaite9c647642024-09-06 10:49:05 +0100[diff] [blame]62 !defined(PSA_HAVE_ALG_ECDSA_SIGN) || \
Gilles Peskine7ab66a62018-09-14 17:47:41 +0200[diff] [blame]63 !defined(MBEDTLS_X509_CRT_PARSE_C) )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]64#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]65#endif
66
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]67#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
Valerio Settiaa7cbd62023-07-07 17:22:17 +0200[diff] [blame]68 ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
Gilles Peskine7ab66a62018-09-14 17:47:41 +0200[diff] [blame]69 !defined(MBEDTLS_X509_CRT_PARSE_C) )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]70#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]71#endif
72
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]73#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
74#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]75#endif
76
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]77#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
Valerio Settiaa7cbd62023-07-07 17:22:17 +0200[diff] [blame]78 !defined(MBEDTLS_CAN_ECDH)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]80#endif
81
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]82#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
83 ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
84 !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
85#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]86#endif
87
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]88#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
Valerio Settiaa7cbd62023-07-07 17:22:17 +0200[diff] [blame]89 ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]90 !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
91#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]92#endif
93
Manuel Pégourié-Gonnard45bcb6a2023-03-10 11:40:48 +0100[diff] [blame]94#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
Valerio Settiaa7cbd62023-07-07 17:22:17 +0200[diff] [blame]95 ( !defined(MBEDTLS_CAN_ECDH) || \
Elena Uziunaite9c647642024-09-06 10:49:05 +0100[diff] [blame]96 !defined(PSA_HAVE_ALG_ECDSA_SIGN) || \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97 !defined(MBEDTLS_X509_CRT_PARSE_C) )
98#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]99#endif
100
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
102 ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
103 !defined(MBEDTLS_PKCS1_V15) )
104#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]105#endif
106
Manuel Pégourié-Gonnarde1f3faf2024-02-08 12:17:20 +0100[diff] [blame]107#if defined(MBEDTLS_USE_PSA_CRYPTO)
108#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
109 ( !defined(PSA_WANT_ALG_JPAKE) || \
110 !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
111 !defined(PSA_WANT_ECC_SECP_R1_256) )
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200[diff] [blame]112#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
113#endif
Manuel Pégourié-Gonnarde1f3faf2024-02-08 12:17:20 +0100[diff] [blame]114#else /* MBEDTLS_USE_PSA_CRYPTO */
115#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
116 ( !defined(MBEDTLS_ECJPAKE_C) || \
117 !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
118#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
119#endif
120#endif /* MBEDTLS_USE_PSA_CRYPTO */
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200[diff] [blame]121
Manuel Pégourié-Gonnard41bc8b62023-03-14 23:59:24 +0100[diff] [blame]122/* Use of EC J-PAKE in TLS requires SHA-256. */
Manuel Pégourié-Gonnard3c16abe2022-09-19 10:44:42 +0200[diff] [blame]123#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
Elena Uziunaitec0d69432024-08-20 14:53:19 +0100[diff] [blame]124 !defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard3c16abe2022-09-19 10:44:42 +0200[diff] [blame]125#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
126#endif
127
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]128#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
Manuel Pégourié-Gonnard49f64b42024-02-08 12:00:28 +0100[diff] [blame]129 !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
Elena Uziunaitec0d69432024-08-20 14:53:19 +0100[diff] [blame]130 !defined(PSA_WANT_ALG_SHA_256) && \
Elena Uziunaite05fe6e42024-09-03 16:52:28 +0100[diff] [blame]131 !defined(PSA_WANT_ALG_SHA_512) && \
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]132 !defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard49f64b42024-02-08 12:00:28 +0100[diff] [blame]133#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
Hanno Beckerfe4ef0c2019-02-26 11:43:09 +0000[diff] [blame]134#endif
135
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]136#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
137 ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
138#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
Manuel Pégourié-Gonnard9df5c962014-01-24 14:37:29 +0100[diff] [blame]139#endif
140
Manuel Pégourié-Gonnarda31ddb92023-03-22 00:13:50 +0100[diff] [blame]141/* TLS 1.3 requires separate HKDF parts from PSA,
142 * and at least one ciphersuite, so at least SHA-256 or SHA-384
143 * from PSA to use with HKDF.
144 *
145 * Note: for dependencies common with TLS 1.2 (running handshake hash),
146 * see MBEDTLS_SSL_TLS_C. */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]147#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
Antonio de Angelis7889fe72024-02-07 13:01:33 +0000[diff] [blame]148 !(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
Manuel Pégourié-Gonnarda31ddb92023-03-22 00:13:50 +0100[diff] [blame]149 defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
150 defined(PSA_WANT_ALG_HKDF_EXPAND) && \
151 (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)))
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]152#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
Hanno Becker6055a172020-06-02 06:20:23 +0100[diff] [blame]153#endif
154
Ronald Crond8d2ea52022-10-04 15:48:06 +0200[diff] [blame]155#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
Valerio Settia15078b2023-07-06 14:52:45 +0200[diff] [blame]156#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
157 defined(MBEDTLS_X509_CRT_PARSE_C) && \
Elena Uziunaite9c647642024-09-06 10:49:05 +0100[diff] [blame]158 ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) )
Ronald Crond8d2ea52022-10-04 15:48:06 +0200[diff] [blame]159#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites"
160#endif
161#endif
162
163#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
Przemek Stekielce05f542023-06-15 16:44:08 +0200[diff] [blame]164#if !( defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) )
Ronald Crond8d2ea52022-10-04 15:48:06 +0200[diff] [blame]165#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
166#endif
167#endif
168
Tom Cosgroveafb2fe12022-06-29 16:36:12 +0100[diff] [blame]169/*
170 * The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE.
171 */
172#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
173#error "MBEDTLS_SSL_PROTO_TLS1_3 defined without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
174#endif
175
TRodziewicz0f82ec62021-05-12 17:49:18 +0200[diff] [blame]176#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
Simon Butcher432e7022019-04-11 18:56:18 +0100[diff] [blame]177 !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
178 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
179 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
180 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
181 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
182 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
183 defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
184 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
Simon Butcher432e7022019-04-11 18:56:18 +0100[diff] [blame]185 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
186 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
187#error "One or more versions of the TLS protocol are enabled " \
188 "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
189#endif
190
Xiaokang Qian95a07302022-10-25 02:56:00 +0000[diff] [blame]191#if defined(MBEDTLS_SSL_EARLY_DATA) && \
Xiaokang Qian402bb1e2022-11-10 10:38:17 +0000[diff] [blame]192 ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \
193 ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
194 !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) )
Xiaokang Qian95a07302022-10-25 02:56:00 +0000[diff] [blame]195#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
196#endif
197
Jerry Yu16f68532022-11-05 10:50:06 +0800[diff] [blame]198#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
Tom Cosgrove3b4471e2023-09-14 12:59:50 +0100[diff] [blame]199 defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \
200 ((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) || \
201 (MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX))
202#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)"
Jerry Yu16f68532022-11-05 10:50:06 +0800[diff] [blame]203#endif
204
Manuel Pégourié-Gonnard5a8d56d2015-05-13 10:10:00 +0200[diff] [blame]205#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
Manuel Pégourié-Gonnard5a8d56d2015-05-13 10:10:00 +0200[diff] [blame]206 !defined(MBEDTLS_SSL_PROTO_TLS1_2)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]207#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
Manuel Pégourié-Gonnard0b1ff292014-02-06 13:04:16 +0100[diff] [blame]208#endif
209
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]210#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
211#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]212#endif
213
Valerio Settia4bb0fa2023-01-03 15:36:25 +0100[diff] [blame]214#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && !defined(MBEDTLS_X509_CRT_PARSE_C)
215#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites"
216#endif
217
Valerio Settid531dab2023-10-27 11:49:22 +0200[diff] [blame]218#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \
219 defined(MBEDTLS_USE_PSA_CRYPTO))
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]220#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]221#endif
222
Manuel Pégourié-Gonnarda31ddb92023-03-22 00:13:50 +0100[diff] [blame]223/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */
Elena Uziunaitefeb105c2024-09-05 13:08:59 +0100[diff] [blame]224#if defined(MBEDTLS_SSL_TLS_C) && \
Elena Uziunaitec0d69432024-08-20 14:53:19 +0100[diff] [blame]225 !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))
Manuel Pégourié-Gonnard70a1b6d2023-03-24 10:30:40 +0100[diff] [blame]226#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
Manuel Pégourié-Gonnarda31ddb92023-03-22 00:13:50 +0100[diff] [blame]227#endif
Manuel Pégourié-Gonnarda31ddb92023-03-22 00:13:50 +0100[diff] [blame]228
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]229#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
230#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]231#endif
232
Jerry Yue0a64122021-12-23 11:06:26 +0800[diff] [blame]233#if defined(MBEDTLS_SSL_TLS_C) && \
234 !( defined(MBEDTLS_SSL_PROTO_TLS1_2) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]235#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]236#endif
237
Manuel Pégourié-Gonnarde057d3b2015-05-20 10:59:43 +0200[diff] [blame]238#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]239#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
Manuel Pégourié-Gonnard82202f02014-07-23 00:28:58 +0200[diff] [blame]240#endif
241
Manuel Pégourié-Gonnard62c74bb2015-09-08 17:50:29 +0200[diff] [blame]242#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
Manuel Pégourié-Gonnardddfe5d22015-09-09 12:46:16 +0200[diff] [blame]243 !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
Manuel Pégourié-Gonnard62c74bb2015-09-08 17:50:29 +0200[diff] [blame]244#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites"
245#endif
246
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]247#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
248 ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
249#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
Manuel Pégourié-Gonnard8464a462014-09-24 14:05:32 +0200[diff] [blame]250#endif
251
Gilles Peskined3d02902020-03-04 21:35:27 +0100[diff] [blame]252#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
253 ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
254#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
255#endif
256
257#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
258 defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \
259 MBEDTLS_SSL_CID_IN_LEN_MAX > 255
260#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
261#endif
262
263#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
264 defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \
265 MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
266#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
267#endif
268
Hannes Tschofenig88e55662022-11-23 10:14:54 +0100[diff] [blame]269#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \
270 !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Tom Cosgrove1797b052022-12-04 17:19:59 +0000[diff] [blame]271#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites"
Hannes Tschofenigfd6cca42021-10-12 09:22:33 +0200[diff] [blame]272#endif
273
Hannes Tschofenigb2e66152022-11-23 10:53:44 +0100[diff] [blame]274#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0
275#if defined(MBEDTLS_DEPRECATED_REMOVED)
276#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
277#elif defined(MBEDTLS_DEPRECATED_WARNING)
278#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
279#endif
280#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */
Hannes Tschofenigfd6cca42021-10-12 09:22:33 +0200[diff] [blame]281
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]282#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]283 !defined(MBEDTLS_SSL_PROTO_TLS1_2)
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800[diff] [blame]284#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]285#endif
286
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]287#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]288 !defined(MBEDTLS_SSL_PROTO_TLS1_2)
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800[diff] [blame]289#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
Manuel Pégourié-Gonnard769c6b62014-10-28 14:13:55 +0100[diff] [blame]290#endif
291
Gilles Peskine7d3186d2022-08-12 22:43:18 +0200[diff] [blame]292#if defined(MBEDTLS_SSL_RENEGOTIATION) && \
293 !defined(MBEDTLS_SSL_PROTO_TLS1_2)
294#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites"
295#endif
296
Przemek Stekiela09f8352022-05-12 09:34:28 +0200[diff] [blame]297#if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \
298 !defined(MBEDTLS_USE_PSA_CRYPTO) )
299#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]300#endif
301
Przemek Stekiel52a428b2022-10-10 08:47:13 +0200[diff] [blame]302#if defined(MBEDTLS_SSL_TICKET_C) && \
Elena Uziunaitec0d69432024-08-20 14:53:19 +0100[diff] [blame]303 !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \
304 defined(PSA_WANT_ALG_CHACHA20_POLY1305) )
Przemek Stekield61a4d32022-10-11 09:40:40 +0200[diff] [blame]305#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
Przemek Stekiel52a428b2022-10-10 08:47:13 +0200[diff] [blame]306#endif
307
Jerry Yu9750f812022-07-20 11:04:50 +0800[diff] [blame]308#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) && \
309 MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH >= 256
310#error "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH must be less than 256"
Jerry Yu08aed4d2022-07-20 10:36:12 +0800[diff] [blame]311#endif
312
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]313#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
314 !defined(MBEDTLS_X509_CRT_PARSE_C)
315#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]316#endif
317
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]318#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
319#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]320#endif
321
Valerio Settic6aeb0d2023-07-27 10:10:28 +0200[diff] [blame]322#if defined(MBEDTLS_X509_USE_C) && \
323 (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
Przemek Stekiel10836a02022-08-19 08:45:34 +0200[diff] [blame]324 !defined(MBEDTLS_PK_PARSE_C) || \
Przemek Stekiel278b6672022-08-03 09:50:38 +0200[diff] [blame]325 ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]326#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]327#endif
328
Valerio Settic6aeb0d2023-07-27 10:10:28 +0200[diff] [blame]329#if defined(MBEDTLS_X509_CREATE_C) && \
330 (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
Przemek Stekiel10836a02022-08-19 08:45:34 +0200[diff] [blame]331 !defined(MBEDTLS_PK_PARSE_C) || \
Przemek Stekiel278b6672022-08-03 09:50:38 +0200[diff] [blame]332 ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]333#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]334#endif
335
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]336#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
337#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]338#endif
339
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]340#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
341#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]342#endif
343
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]344#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
345#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]346#endif
347
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]348#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
349#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]350#endif
351
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]352#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
353#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard14d55952014-04-30 12:35:08 +0200[diff] [blame]354#endif
355
Valerio Settia4bb0fa2023-01-03 15:36:25 +0100[diff] [blame]356#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) && \
Valerio Setti8e45cdd2023-01-05 09:32:29 +0100[diff] [blame]357 ( !defined(MBEDTLS_X509_CRT_PARSE_C) )
Valerio Settia4bb0fa2023-01-03 15:36:25 +0100[diff] [blame]358#error "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK defined, but not all prerequisites"
359#endif
360
Ron Eldor3adb9922017-12-21 10:15:08 +0200[diff] [blame]361#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
362#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
363#endif
364
Andrzej Kurek557289b2020-10-21 15:12:39 +0200[diff] [blame]365#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) )
366#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
367#endif
368
Jan Bruckner151f6422023-02-10 12:45:19 +0100[diff] [blame]369#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && ( !defined(MBEDTLS_SSL_PROTO_TLS1_3) )
370#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites"
371#endif
372
Valerio Settie7bac172023-10-02 16:03:42 +0200[diff] [blame]373#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \
Elena Uziunaitec0d69432024-08-20 14:53:19 +0100[diff] [blame]374 !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \
375 defined(PSA_WANT_ALG_CHACHA20_POLY1305) )
Przemek Stekield582a012022-09-28 07:59:01 +0200[diff] [blame]376#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
377#endif
Gilles Peskinefa4e4b82021-04-21 18:45:41 +0200[diff] [blame]378
379/* Reject attempts to enable options that have been removed and that could
380 * cause a build to succeed but with features removed. */
381
382#if defined(MBEDTLS_HAVEGE_C) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]383#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/2599"
Gilles Peskinefa4e4b82021-04-21 18:45:41 +0200[diff] [blame]384#endif
385
386#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]387#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskinefa4e4b82021-04-21 18:45:41 +0200[diff] [blame]388#endif
389
390#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]391#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskinefa4e4b82021-04-21 18:45:41 +0200[diff] [blame]392#endif
393
394#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]395#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskinefa4e4b82021-04-21 18:45:41 +0200[diff] [blame]396#endif
397
398#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]399#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskinefa4e4b82021-04-21 18:45:41 +0200[diff] [blame]400#endif
401
402#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
Gilles Peskinecc26e3b2021-04-21 19:01:59 +0200[diff] [blame]403#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
Gilles Peskinefa4e4b82021-04-21 18:45:41 +0200[diff] [blame]404#endif
405
406#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]407#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskinefa4e4b82021-04-21 18:45:41 +0200[diff] [blame]408#endif
409
TRodziewiczcc707412021-05-14 15:08:04 +0200[diff] [blame]410#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]411#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4313"
TRodziewiczcc707412021-05-14 15:08:04 +0200[diff] [blame]412#endif
413
TRodziewicz4e57f4c2021-05-31 12:58:25 +0200[diff] [blame]414#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]415#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
TRodziewicz4e57f4c2021-05-31 12:58:25 +0200[diff] [blame]416#endif
417
418#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]419#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
TRodziewicz4e57f4c2021-05-31 12:58:25 +0200[diff] [blame]420#endif
421
Thomas Daubney4a7010d2021-06-15 12:54:14 +0100[diff] [blame]422#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
Dave Rodgman017a1992022-03-31 14:07:01 +0100[diff] [blame]423#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341"
Thomas Daubney4a7010d2021-06-15 12:54:14 +0100[diff] [blame]424#endif
425
Nayna Jainc9deb182020-11-16 19:03:12 +0000[diff] [blame]426#if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \
427 ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \
Valerio Settic6aeb0d2023-07-27 10:10:28 +0200[diff] [blame]428 ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \
429 ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \
Nick Child89e82e12022-11-09 10:36:10 -0600[diff] [blame]430 ( !defined(MBEDTLS_MD_C) ) )
Nayna Jainc9deb182020-11-16 19:03:12 +0000[diff] [blame]431#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
432#endif
433
David Horstmann1b847812022-11-14 15:40:46 +0000[diff] [blame]434/* *INDENT-ON* */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]435#endif /* MBEDTLS_CHECK_CONFIG_H */