Blame - include/mbedtls/check_config.h - mirror/mbed-tls

blob: 22ddaa80fde70fc0257cb5482f37f0e644a04c12 [file] [log] [blame]

Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	1	/**
Ronald Cron	e11ae17	2024-11-12 15:57:42 +0100	[diff] [blame]	2	* \file mbedtls/check_config.h
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	3	*
				4	* \brief Consistency checks for configuration options
Gilles Peskine	975e74c	2024-04-26 14:18:10 +0200	[diff] [blame]	5	*
				6	* This is an internal header. Do not include it directly.
				7	*
				8	* This header is included automatically by all public Mbed TLS headers
				9	* (via mbedtls/build_info.h). Do not include it directly in a configuration
				10	* file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE!
				11	* It would run at the wrong time due to missing derived symbols.
Darryl Green	a40a101	2018-01-05 15:33:17 +0000	[diff] [blame]	12	*/
				13	/*
Bence Szépkúti	1e14827	2020-08-07 13:07:28 +0200	[diff] [blame]	14	* Copyright The Mbed TLS Contributors
Dave Rodgman	16799db	2023-11-02 19:47:20 +0000	[diff] [blame]	15	* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	16	*/
				17
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	18	#ifndef MBEDTLS_CHECK_CONFIG_H
				19	#define MBEDTLS_CHECK_CONFIG_H
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	20
David Horstmann	1b84781	2022-11-14 15:40:46 +0000	[diff] [blame]	21	/* INDENT-OFF */
Gilles Peskine	690fb5e	2024-05-16 14:54:04 +0200	[diff] [blame]	22
				23	#if !defined(MBEDTLS_CONFIG_IS_FINALIZED)
				24	#warning "Do not include mbedtls/check_config.h manually! " \
				25	"This may cause spurious errors. " \
				26	"It is included automatically at the right point since Mbed TLS 3.0."
				27	#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */
				28
Jaeden Amero	197496a	2021-06-08 18:31:27 +0100	[diff] [blame]	29	#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
				30	#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
Manuel Pégourié-Gonnard	63e7eba	2015-07-28 14:17:48 +0200	[diff] [blame]	31	#endif
				32
Manuel Pégourié-Gonnard	60c793b	2015-06-18 20:52:58 +0200	[diff] [blame]	33	#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
				34	#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
				35	#endif
				36
Manuel Pégourié-Gonnard	7f22f34	2023-09-28 09:46:22 +0200	[diff] [blame]	37	/* Limitations on ECC curves acceleration: partial curve acceleration is only
				38	* supported with crypto excluding PK, X.509 or TLS.
				39	* Note: no need to check X.509 as it depends on PK. */
				40	#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) \|\| \
				41	defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) \|\| \
				42	defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) \|\| \
				43	defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) \|\| \
				44	defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) \|\| \
				45	defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) \|\| \
Manuel Pégourié-Gonnard	7f22f34	2023-09-28 09:46:22 +0200	[diff] [blame]	46	defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) \|\| \
				47	defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) \|\| \
				48	defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) \|\| \
				49	defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) \|\| \
				50	defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) \|\| \
				51	defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
				52	#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
Ronald Cron	e11ae17	2024-11-12 15:57:42 +0100	[diff] [blame]	53	#if defined(MBEDTLS_SSL_TLS_C)
Manuel Pégourié-Gonnard	7f22f34	2023-09-28 09:46:22 +0200	[diff] [blame]	54	#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md"
				55	#endif /* modules beyond what's supported */
				56	#endif /* not all curves accelerated */
				57	#endif /* some curve accelerated */
				58
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	59	#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
Valerio Setti	aa7cbd6	2023-07-07 17:22:17 +0200	[diff] [blame]	60	( !defined(MBEDTLS_CAN_ECDH) \|\| \
Elena Uziunaite	9c64764	2024-09-06 10:49:05 +0100	[diff] [blame]	61	!defined(PSA_HAVE_ALG_ECDSA_SIGN) \|\| \
Gilles Peskine	7ab66a6	2018-09-14 17:47:41 +0200	[diff] [blame]	62	!defined(MBEDTLS_X509_CRT_PARSE_C) )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	63	#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	64	#endif
				65
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	66	#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
Valerio Setti	aa7cbd6	2023-07-07 17:22:17 +0200	[diff] [blame]	67	( !defined(MBEDTLS_CAN_ECDH) \|\| !defined(MBEDTLS_RSA_C) \|\| \
Gilles Peskine	7ab66a6	2018-09-14 17:47:41 +0200	[diff] [blame]	68	!defined(MBEDTLS_X509_CRT_PARSE_C) )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	69	#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	70	#endif
				71
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	72	#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
Valerio Setti	aa7cbd6	2023-07-07 17:22:17 +0200	[diff] [blame]	73	!defined(MBEDTLS_CAN_ECDH)
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	74	#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	75	#endif
				76
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	77	#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
Valerio Setti	aa7cbd6	2023-07-07 17:22:17 +0200	[diff] [blame]	78	( !defined(MBEDTLS_CAN_ECDH) \|\| !defined(MBEDTLS_RSA_C) \|\| \
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	79	!defined(MBEDTLS_X509_CRT_PARSE_C) \|\| !defined(MBEDTLS_PKCS1_V15) )
				80	#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	81	#endif
				82
Manuel Pégourié-Gonnard	45bcb6a	2023-03-10 11:40:48 +0100	[diff] [blame]	83	#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
Valerio Setti	aa7cbd6	2023-07-07 17:22:17 +0200	[diff] [blame]	84	( !defined(MBEDTLS_CAN_ECDH) \|\| \
Elena Uziunaite	9c64764	2024-09-06 10:49:05 +0100	[diff] [blame]	85	!defined(PSA_HAVE_ALG_ECDSA_SIGN) \|\| \
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	86	!defined(MBEDTLS_X509_CRT_PARSE_C) )
				87	#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	88	#endif
				89
Manuel Pégourié-Gonnard	e1f3faf	2024-02-08 12:17:20 +0100	[diff] [blame]	90	#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
				91	( !defined(PSA_WANT_ALG_JPAKE) \|\| \
				92	!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) \|\| \
				93	!defined(PSA_WANT_ECC_SECP_R1_256) )
Manuel Pégourié-Gonnard	557535d	2015-09-15 17:53:32 +0200	[diff] [blame]	94	#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
				95	#endif
				96
Manuel Pégourié-Gonnard	41bc8b6	2023-03-14 23:59:24 +0100	[diff] [blame]	97	/* Use of EC J-PAKE in TLS requires SHA-256. */
Manuel Pégourié-Gonnard	3c16abe	2022-09-19 10:44:42 +0200	[diff] [blame]	98	#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
Elena Uziunaite	c0d6943	2024-08-20 14:53:19 +0100	[diff] [blame]	99	!defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard	3c16abe	2022-09-19 10:44:42 +0200	[diff] [blame]	100	#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
				101	#endif
				102
Gilles Peskine	eccd888	2020-03-10 12:19:08 +0100	[diff] [blame]	103	#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
Manuel Pégourié-Gonnard	49f64b4	2024-02-08 12:00:28 +0100	[diff] [blame]	104	!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
Elena Uziunaite	c0d6943	2024-08-20 14:53:19 +0100	[diff] [blame]	105	!defined(PSA_WANT_ALG_SHA_256) && \
Elena Uziunaite	05fe6e4	2024-09-03 16:52:28 +0100	[diff] [blame]	106	!defined(PSA_WANT_ALG_SHA_512) && \
Elena Uziunaite	9fc5be0	2024-09-04 18:12:59 +0100	[diff] [blame]	107	!defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard	49f64b4	2024-02-08 12:00:28 +0100	[diff] [blame]	108	#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
Hanno Becker	fe4ef0c	2019-02-26 11:43:09 +0000	[diff] [blame]	109	#endif
				110
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	111	#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
				112	( !defined(MBEDTLS_RSA_C) \|\| !defined(MBEDTLS_PKCS1_V21) )
				113	#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
Manuel Pégourié-Gonnard	9df5c96	2014-01-24 14:37:29 +0100	[diff] [blame]	114	#endif
				115
Manuel Pégourié-Gonnard	a31ddb9	2023-03-22 00:13:50 +0100	[diff] [blame]	116	/* TLS 1.3 requires separate HKDF parts from PSA,
				117	* and at least one ciphersuite, so at least SHA-256 or SHA-384
				118	* from PSA to use with HKDF.
				119	*
				120	* Note: for dependencies common with TLS 1.2 (running handshake hash),
				121	* see MBEDTLS_SSL_TLS_C. */
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	122	#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
Antonio de Angelis	7889fe7	2024-02-07 13:01:33 +0000	[diff] [blame]	123	!(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
Manuel Pégourié-Gonnard	a31ddb9	2023-03-22 00:13:50 +0100	[diff] [blame]	124	defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
				125	defined(PSA_WANT_ALG_HKDF_EXPAND) && \
				126	(defined(PSA_WANT_ALG_SHA_256) \|\| defined(PSA_WANT_ALG_SHA_384)))
Ronald Cron	6f135e1	2021-12-08 16:57:54 +0100	[diff] [blame]	127	#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
Hanno Becker	6055a17	2020-06-02 06:20:23 +0100	[diff] [blame]	128	#endif
				129
Ronald Cron	d8d2ea5	2022-10-04 15:48:06 +0200	[diff] [blame]	130	#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
Valerio Setti	a15078b	2023-07-06 14:52:45 +0200	[diff] [blame]	131	#if !( (defined(PSA_WANT_ALG_ECDH) \|\| defined(PSA_WANT_ALG_FFDH)) && \
				132	defined(MBEDTLS_X509_CRT_PARSE_C) && \
Elena Uziunaite	9c64764	2024-09-06 10:49:05 +0100	[diff] [blame]	133	( defined(PSA_HAVE_ALG_ECDSA_SIGN) \|\| defined(MBEDTLS_PKCS1_V21) ) )
Ronald Cron	d8d2ea5	2022-10-04 15:48:06 +0200	[diff] [blame]	134	#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites"
				135	#endif
				136	#endif
				137
				138	#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
Przemek Stekiel	ce05f54	2023-06-15 16:44:08 +0200	[diff] [blame]	139	#if !( defined(PSA_WANT_ALG_ECDH) \|\| defined(PSA_WANT_ALG_FFDH) )
Ronald Cron	d8d2ea5	2022-10-04 15:48:06 +0200	[diff] [blame]	140	#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
				141	#endif
				142	#endif
				143
Tom Cosgrove	afb2fe1	2022-06-29 16:36:12 +0100	[diff] [blame]	144	/*
				145	* The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE.
				146	*/
				147	#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
				148	#error "MBEDTLS_SSL_PROTO_TLS1_3 defined without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
				149	#endif
				150
TRodziewicz	0f82ec6	2021-05-12 17:49:18 +0200	[diff] [blame]	151	#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
Gabor Mezei	e1e2730	2025-02-26 18:06:05 +0100	[diff] [blame]	152	!(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) \|\| \
Simon Butcher	432e702	2019-04-11 18:56:18 +0100	[diff] [blame]	153	defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) \|\| \
				154	defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) \|\| \
				155	defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) \|\| \
				156	defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) \|\| \
Simon Butcher	432e702	2019-04-11 18:56:18 +0100	[diff] [blame]	157	defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) \|\| \
				158	defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
				159	#error "One or more versions of the TLS protocol are enabled " \
				160	"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
				161	#endif
				162
Harry Ramsey	2547ae9	2025-01-20 10:04:53 +0000	[diff] [blame]	163	#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
				164	!(defined(PSA_WANT_ALG_SHA_1) \|\| defined(PSA_WANT_ALG_SHA_256) \|\| defined(PSA_WANT_ALG_SHA_512))
				165	#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
				166	#endif
				167
Xiaokang Qian	95a0730	2022-10-25 02:56:00 +0000	[diff] [blame]	168	#if defined(MBEDTLS_SSL_EARLY_DATA) && \
Xiaokang Qian	402bb1e	2022-11-10 10:38:17 +0000	[diff] [blame]	169	( !defined(MBEDTLS_SSL_SESSION_TICKETS) \|\| \
				170	( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
				171	!defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) )
Xiaokang Qian	95a0730	2022-10-25 02:56:00 +0000	[diff] [blame]	172	#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
				173	#endif
				174
Jerry Yu	16f6853	2022-11-05 10:50:06 +0800	[diff] [blame]	175	#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
Tom Cosgrove	3b4471e	2023-09-14 12:59:50 +0100	[diff] [blame]	176	defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \
				177	((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) \|\| \
				178	(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX))
				179	#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)"
Jerry Yu	16f6853	2022-11-05 10:50:06 +0800	[diff] [blame]	180	#endif
				181
Manuel Pégourié-Gonnard	5a8d56d	2015-05-13 10:10:00 +0200	[diff] [blame]	182	#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
Manuel Pégourié-Gonnard	5a8d56d	2015-05-13 10:10:00 +0200	[diff] [blame]	183	!defined(MBEDTLS_SSL_PROTO_TLS1_2)
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	184	#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
Manuel Pégourié-Gonnard	0b1ff29	2014-02-06 13:04:16 +0100	[diff] [blame]	185	#endif
				186
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	187	#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
				188	#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	189	#endif
				190
Valerio Setti	a4bb0fa	2023-01-03 15:36:25 +0100	[diff] [blame]	191	#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && !defined(MBEDTLS_X509_CRT_PARSE_C)
				192	#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites"
				193	#endif
				194
Manuel Pégourié-Gonnard	a31ddb9	2023-03-22 00:13:50 +0100	[diff] [blame]	195	/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */
Elena Uziunaite	feb105c	2024-09-05 13:08:59 +0100	[diff] [blame]	196	#if defined(MBEDTLS_SSL_TLS_C) && \
Elena Uziunaite	c0d6943	2024-08-20 14:53:19 +0100	[diff] [blame]	197	!(defined(PSA_WANT_ALG_SHA_256) \|\| defined(PSA_WANT_ALG_SHA_384))
Manuel Pégourié-Gonnard	70a1b6d	2023-03-24 10:30:40 +0100	[diff] [blame]	198	#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	a31ddb9	2023-03-22 00:13:50 +0100	[diff] [blame]	199	#endif
Manuel Pégourié-Gonnard	a31ddb9	2023-03-22 00:13:50 +0100	[diff] [blame]	200
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	201	#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
				202	#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	203	#endif
				204
Jerry Yu	e0a6412	2021-12-23 11:06:26 +0800	[diff] [blame]	205	#if defined(MBEDTLS_SSL_TLS_C) && \
				206	!( defined(MBEDTLS_SSL_PROTO_TLS1_2) \|\| defined(MBEDTLS_SSL_PROTO_TLS1_3) )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	207	#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	208	#endif
				209
Manuel Pégourié-Gonnard	e057d3b	2015-05-20 10:59:43 +0200	[diff] [blame]	210	#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	211	#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
Manuel Pégourié-Gonnard	82202f0	2014-07-23 00:28:58 +0200	[diff] [blame]	212	#endif
				213
Manuel Pégourié-Gonnard	62c74bb	2015-09-08 17:50:29 +0200	[diff] [blame]	214	#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
Manuel Pégourié-Gonnard	ddfe5d2	2015-09-09 12:46:16 +0200	[diff] [blame]	215	!defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
Manuel Pégourié-Gonnard	62c74bb	2015-09-08 17:50:29 +0200	[diff] [blame]	216	#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites"
				217	#endif
				218
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	219	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
				220	( !defined(MBEDTLS_SSL_TLS_C) \|\| !defined(MBEDTLS_SSL_PROTO_DTLS) )
				221	#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
Manuel Pégourié-Gonnard	8464a46	2014-09-24 14:05:32 +0200	[diff] [blame]	222	#endif
				223
Gilles Peskine	d3d0290	2020-03-04 21:35:27 +0100	[diff] [blame]	224	#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
				225	( !defined(MBEDTLS_SSL_TLS_C) \|\| !defined(MBEDTLS_SSL_PROTO_DTLS) )
				226	#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
				227	#endif
				228
				229	#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
				230	defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \
				231	MBEDTLS_SSL_CID_IN_LEN_MAX > 255
				232	#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
				233	#endif
				234
				235	#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
				236	defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \
				237	MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
				238	#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
				239	#endif
				240
Hannes Tschofenig	88e5566	2022-11-23 10:14:54 +0100	[diff] [blame]	241	#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \
				242	!defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
Tom Cosgrove	1797b05	2022-12-04 17:19:59 +0000	[diff] [blame]	243	#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites"
Hannes Tschofenig	fd6cca4	2021-10-12 09:22:33 +0200	[diff] [blame]	244	#endif
				245
Hannes Tschofenig	b2e6615	2022-11-23 10:53:44 +0100	[diff] [blame]	246	#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0
				247	#if defined(MBEDTLS_DEPRECATED_REMOVED)
				248	#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
				249	#elif defined(MBEDTLS_DEPRECATED_WARNING)
				250	#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
				251	#endif
				252	#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */
Hannes Tschofenig	fd6cca4	2021-10-12 09:22:33 +0200	[diff] [blame]	253
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	254	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	255	!defined(MBEDTLS_SSL_PROTO_TLS1_2)
Shaun Case	8b0ecbc	2021-12-20 21:14:10 -0800	[diff] [blame]	256	#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
Manuel Pégourié-Gonnard	699cafa	2014-10-27 13:57:03 +0100	[diff] [blame]	257	#endif
				258
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	259	#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	260	!defined(MBEDTLS_SSL_PROTO_TLS1_2)
Shaun Case	8b0ecbc	2021-12-20 21:14:10 -0800	[diff] [blame]	261	#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
Manuel Pégourié-Gonnard	769c6b6	2014-10-28 14:13:55 +0100	[diff] [blame]	262	#endif
				263
Gilles Peskine	7d3186d	2022-08-12 22:43:18 +0200	[diff] [blame]	264	#if defined(MBEDTLS_SSL_RENEGOTIATION) && \
				265	!defined(MBEDTLS_SSL_PROTO_TLS1_2)
				266	#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites"
				267	#endif
				268
Przemek Stekiel	52a428b	2022-10-10 08:47:13 +0200	[diff] [blame]	269	#if defined(MBEDTLS_SSL_TICKET_C) && \
Elena Uziunaite	c0d6943	2024-08-20 14:53:19 +0100	[diff] [blame]	270	!( defined(PSA_WANT_ALG_CCM) \|\| defined(PSA_WANT_ALG_GCM) \|\| \
				271	defined(PSA_WANT_ALG_CHACHA20_POLY1305) )
Przemek Stekiel	d61a4d3	2022-10-11 09:40:40 +0200	[diff] [blame]	272	#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
Przemek Stekiel	52a428b	2022-10-10 08:47:13 +0200	[diff] [blame]	273	#endif
				274
Jerry Yu	9750f81	2022-07-20 11:04:50 +0800	[diff] [blame]	275	#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) && \
				276	MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH >= 256
				277	#error "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH must be less than 256"
Jerry Yu	08aed4d	2022-07-20 10:36:12 +0800	[diff] [blame]	278	#endif
				279
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	280	#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
				281	!defined(MBEDTLS_X509_CRT_PARSE_C)
				282	#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	283	#endif
				284
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	285	#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
				286	#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	287	#endif
				288
Valerio Setti	c6aeb0d	2023-07-27 10:10:28 +0200	[diff] [blame]	289	#if defined(MBEDTLS_X509_USE_C) && \
Gilles Peskine	02ec585	2025-05-12 20:52:07 +0200	[diff] [blame]	290	(!defined(MBEDTLS_ASN1_PARSE_C) \|\| !defined(MBEDTLS_PK_PARSE_C))
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	291	#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	292	#endif
				293
Valerio Setti	c6aeb0d	2023-07-27 10:10:28 +0200	[diff] [blame]	294	#if defined(MBEDTLS_X509_CREATE_C) && \
Gilles Peskine	02ec585	2025-05-12 20:52:07 +0200	[diff] [blame]	295	(!defined(MBEDTLS_ASN1_WRITE_C) \|\| !defined(MBEDTLS_PK_PARSE_C))
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	296	#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	297	#endif
				298
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	299	#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
				300	#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	301	#endif
				302
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	303	#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
				304	#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	305	#endif
				306
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	307	#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
				308	#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	309	#endif
				310
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	311	#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
				312	#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	313	#endif
				314
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	315	#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
				316	#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
Manuel Pégourié-Gonnard	14d5595	2014-04-30 12:35:08 +0200	[diff] [blame]	317	#endif
				318
Valerio Setti	a4bb0fa	2023-01-03 15:36:25 +0100	[diff] [blame]	319	#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) && \
Valerio Setti	8e45cdd	2023-01-05 09:32:29 +0100	[diff] [blame]	320	( !defined(MBEDTLS_X509_CRT_PARSE_C) )
Valerio Setti	a4bb0fa	2023-01-03 15:36:25 +0100	[diff] [blame]	321	#error "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK defined, but not all prerequisites"
				322	#endif
				323
Ron Eldor	3adb992	2017-12-21 10:15:08 +0200	[diff] [blame]	324	#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
				325	#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
				326	#endif
				327
Andrzej Kurek	557289b	2020-10-21 15:12:39 +0200	[diff] [blame]	328	#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) )
				329	#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
				330	#endif
				331
Jan Bruckner	151f642	2023-02-10 12:45:19 +0100	[diff] [blame]	332	#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && ( !defined(MBEDTLS_SSL_PROTO_TLS1_3) )
				333	#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites"
				334	#endif
				335
Valerio Setti	e7bac17	2023-10-02 16:03:42 +0200	[diff] [blame]	336	#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \
Elena Uziunaite	c0d6943	2024-08-20 14:53:19 +0100	[diff] [blame]	337	!( defined(PSA_WANT_ALG_CCM) \|\| defined(PSA_WANT_ALG_GCM) \|\| \
				338	defined(PSA_WANT_ALG_CHACHA20_POLY1305) )
Przemek Stekiel	d582a01	2022-09-28 07:59:01 +0200	[diff] [blame]	339	#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
				340	#endif
Gilles Peskine	fa4e4b8	2021-04-21 18:45:41 +0200	[diff] [blame]	341
				342	/* Reject attempts to enable options that have been removed and that could
				343	* cause a build to succeed but with features removed. */
				344
				345	#if defined(MBEDTLS_HAVEGE_C) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	346	#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/2599"
Gilles Peskine	fa4e4b8	2021-04-21 18:45:41 +0200	[diff] [blame]	347	#endif
				348
				349	#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	350	#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskine	fa4e4b8	2021-04-21 18:45:41 +0200	[diff] [blame]	351	#endif
				352
				353	#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	354	#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskine	fa4e4b8	2021-04-21 18:45:41 +0200	[diff] [blame]	355	#endif
				356
				357	#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	358	#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskine	fa4e4b8	2021-04-21 18:45:41 +0200	[diff] [blame]	359	#endif
				360
				361	#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	362	#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskine	fa4e4b8	2021-04-21 18:45:41 +0200	[diff] [blame]	363	#endif
				364
				365	#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
Gilles Peskine	cc26e3b	2021-04-21 19:01:59 +0200	[diff] [blame]	366	#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
Gilles Peskine	fa4e4b8	2021-04-21 18:45:41 +0200	[diff] [blame]	367	#endif
				368
				369	#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	370	#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
Gilles Peskine	fa4e4b8	2021-04-21 18:45:41 +0200	[diff] [blame]	371	#endif
				372
TRodziewicz	cc70741	2021-05-14 15:08:04 +0200	[diff] [blame]	373	#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	374	#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4313"
TRodziewicz	cc70741	2021-05-14 15:08:04 +0200	[diff] [blame]	375	#endif
				376
TRodziewicz	4e57f4c	2021-05-31 12:58:25 +0200	[diff] [blame]	377	#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	378	#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
TRodziewicz	4e57f4c	2021-05-31 12:58:25 +0200	[diff] [blame]	379	#endif
				380
				381	#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	382	#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
TRodziewicz	4e57f4c	2021-05-31 12:58:25 +0200	[diff] [blame]	383	#endif
				384
Thomas Daubney	4a7010d	2021-06-15 12:54:14 +0100	[diff] [blame]	385	#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
Dave Rodgman	017a199	2022-03-31 14:07:01 +0100	[diff] [blame]	386	#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341"
Thomas Daubney	4a7010d	2021-06-15 12:54:14 +0100	[diff] [blame]	387	#endif
				388
Nayna Jain	c9deb18	2020-11-16 19:03:12 +0000	[diff] [blame]	389	#if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) \|\| \
Gilles Peskine	02ec585	2025-05-12 20:52:07 +0200	[diff] [blame]	390	( !defined(MBEDTLS_PK_PARSE_C) ) \|\| \
Valerio Setti	c6aeb0d	2023-07-27 10:10:28 +0200	[diff] [blame]	391	( !defined(MBEDTLS_X509_CRT_PARSE_C) ) \|\| \
				392	( !defined(MBEDTLS_X509_CRL_PARSE_C) ) \|\| \
Nick Child	89e82e1	2022-11-09 10:36:10 -0600	[diff] [blame]	393	( !defined(MBEDTLS_MD_C) ) )
Nayna Jain	c9deb18	2020-11-16 19:03:12 +0000	[diff] [blame]	394	#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
				395	#endif
				396
David Horstmann	1b84781	2022-11-14 15:40:46 +0000	[diff] [blame]	397	/* INDENT-ON */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	398	#endif /* MBEDTLS_CHECK_CONFIG_H */