/** * \file mbedtls/build_info.h * * \brief Build-time configuration info * * Include this file if you need to depend on the * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef MBEDTLS_BUILD_INFO_H #define MBEDTLS_BUILD_INFO_H /* * This set of compile-time defines can be used to determine the version number * of the Mbed TLS library used. Run-time variables for the same can be found in * version.h */ /** * The version number x.y.z is split into three parts. * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MINOR 4 #define MBEDTLS_VERSION_PATCH 1 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ #define MBEDTLS_VERSION_NUMBER 0x03040100 #define MBEDTLS_VERSION_STRING "3.4.1" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.1" #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif /* Define `inline` on some non-C99-compliant compilers. */ #if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/mbedtls_config.h" #else #include MBEDTLS_CONFIG_FILE #endif #if defined(MBEDTLS_CONFIG_VERSION) && ( \ MBEDTLS_CONFIG_VERSION < 0x03000000 || \ MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER) #error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported" #endif /* Target and application specific configurations * * Allow user to override any previous default. * */ #if defined(MBEDTLS_USER_CONFIG_FILE) #include MBEDTLS_USER_CONFIG_FILE #endif /* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined * to ensure a 128-bit key size in CTR_DRBG. */ #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && defined(MBEDTLS_CTR_DRBG_C) #define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY #endif /* Auto-enable MBEDTLS_MD_C if needed by a module that didn't require it * in a previous release, to ensure backwards compatibility. */ #if defined(MBEDTLS_PKCS5_C) #define MBEDTLS_MD_C #endif /* PSA crypto specific configuration options * - If config_psa.h reads a configuration option in preprocessor directive, * this symbol should be set before its inclusion. (e.g. MBEDTLS_MD_C) * - If config_psa.h writes a configuration option in conditional directive, * this symbol should be consulted after its inclusion. * (e.g. MBEDTLS_MD_LIGHT) */ #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \ defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ #include "mbedtls/config_psa.h" #endif /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. */ #if defined(MBEDTLS_MD_C) #define MBEDTLS_MD_LIGHT #endif /* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it * in a previous release, to ensure backwards compatibility. */ #if defined(MBEDTLS_ECJPAKE_C) || \ defined(MBEDTLS_PEM_PARSE_C) || \ defined(MBEDTLS_ENTROPY_C) || \ defined(MBEDTLS_PK_C) || \ defined(MBEDTLS_PKCS12_C) || \ defined(MBEDTLS_RSA_C) || \ defined(MBEDTLS_SSL_TLS_C) || \ defined(MBEDTLS_X509_USE_C) || \ defined(MBEDTLS_X509_CREATE_C) #define MBEDTLS_MD_LIGHT #endif /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols: * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well. * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because * these features are not supported in PSA so the only way to have them is * to enable the built-in solution. * Both of them are temporary dependencies: * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789 * - support for compressed points should also be added to PSA, but in this * case there is no associated issue to track it yet. * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation * still depends on ECP_LIGHT. * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will * be fixed by #7453. */ #if defined(MBEDTLS_ECP_C) || \ defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \ defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) #define MBEDTLS_ECP_LIGHT #endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while * in previous version compressed points were automatically supported as long * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions * are met. */ #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C) #define MBEDTLS_PK_PARSE_EC_COMPRESSED #endif /* Helper symbol to state that there is support for ECDH, either through * library implementation (ECDH_C) or through PSA. */ #if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) #define MBEDTLS_CAN_ECDH #endif /* PK module can achieve ECDSA functionalities by means of either software * implementations (ECDSA_C) or through a PSA driver. The following defines * are meant to list these capabilities in a general way which abstracts how * they are implemented under the hood. */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_ECDSA_C) #define MBEDTLS_PK_CAN_ECDSA_SIGN #define MBEDTLS_PK_CAN_ECDSA_VERIFY #endif /* MBEDTLS_ECDSA_C */ #else /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(PSA_WANT_ALG_ECDSA) #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) #define MBEDTLS_PK_CAN_ECDSA_SIGN #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #define MBEDTLS_PK_CAN_ECDSA_VERIFY #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #endif /* PSA_WANT_ALG_ECDSA */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) #define MBEDTLS_PK_CAN_ECDSA_SOME #endif /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT * is defined as well to include all PSA code. */ #if defined(MBEDTLS_PSA_CRYPTO_C) #define MBEDTLS_PSA_CRYPTO_CLIENT #endif /* MBEDTLS_PSA_CRYPTO_C */ /* The PK wrappers need pk_write functions to format RSA key objects * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */ #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) #define MBEDTLS_PK_C #define MBEDTLS_PK_WRITE_C #define MBEDTLS_PK_PARSE_C #endif /* Helper symbol to state that the PK module has support for EC keys. This * can either be provided through the legacy ECP solution or through the * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */ #if defined(MBEDTLS_ECP_C) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) #define MBEDTLS_PK_HAVE_ECC_KEYS #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ /* The following blocks make it easier to disable all of TLS, * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all * key exchanges, options and extensions related to them. */ #if !defined(MBEDTLS_SSL_TLS_C) #undef MBEDTLS_SSL_CLI_C #undef MBEDTLS_SSL_SRV_C #undef MBEDTLS_SSL_PROTO_TLS1_3 #undef MBEDTLS_SSL_PROTO_TLS1_2 #undef MBEDTLS_SSL_PROTO_DTLS #endif #if !defined(MBEDTLS_SSL_PROTO_DTLS) #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY #undef MBEDTLS_SSL_DTLS_CONNECTION_ID #undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY #undef MBEDTLS_SSL_DTLS_SRTP #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #endif #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET #undef MBEDTLS_SSL_RENEGOTIATION #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #endif #if !defined(MBEDTLS_SSL_PROTO_TLS1_3) #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_EARLY_DATA #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) #define MBEDTLS_SSL_TLS1_2_SOME_ECC #endif /* Make sure all configuration symbols are set before including check_config.h, * even the ones that are calculated programmatically. */ #include "mbedtls/check_config.h" #endif /* MBEDTLS_BUILD_INFO_H */