MBEDTLS_VERSION_FEATURES macro

\def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH When this option is enabled, the SSL buffer will be resized automatically based on the negotiated maximum fragment length in each direction. Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN Enable testing of the constant-flow nature of some sensitive functions with clang's MemorySanitizer. This causes some existing tests to also test this non-functional property of the code under test. This setting requires compiling with clang -fsanitize=memory. The test suites can then be run normally. \warning This macro is only used for extended testing; it is not considered part of the library's API, so it may change or disappear at any time. Uncomment to enable testing of the constant-flow nature of selected code. \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND Enable testing of the constant-flow nature of some sensitive functions with valgrind's memcheck tool. This causes some existing tests to also test this non-functional property of the code under test. This setting requires valgrind headers for building, and is only useful for testing if the tests suites are run with valgrind's memcheck. This can be done for an individual test suite with 'valgrind ./test_suite_xxx', or when using CMake, this can be done for all test suites with 'make memcheck'. \warning This macro is only used for extended testing; it is not considered part of the library's API, so it may change or disappear at any time. Uncomment to enable testing of the constant-flow nature of selected code. \def MBEDTLS_TEST_HOOKS Enable features for invasive testing such as introspection functions and hooks for fault injection. This enables additional unit tests. Merely enabling this feature should not change the behavior of the product. It only adds new code, and new branching points where the default behavior is the same as when this feature is disabled. However, this feature increases the attack surface: there is an added risk of vulnerabilities, and more gadgets that can make exploits easier. Therefore this feature must never be enabled in production. See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more information. Uncomment to enable invasive tests. \def MBEDTLS_THREADING_ALT Provide your own alternate threading implementation. Requires: MBEDTLS_THREADING_C Uncomment this to allow your own alternate threading implementation. \def MBEDTLS_THREADING_PTHREAD Enable the pthread wrapper layer for the threading layer. Requires: MBEDTLS_THREADING_C Uncomment this to enable pthread mutexes. \def MBEDTLS_USE_PSA_CRYPTO Make the X.509 and TLS libraries use PSA for cryptographic operations as much as possible, and enable new APIs for using keys handled by PSA Crypto. \warning If you enable this option, you need to call `psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK modules, except for the various mbedtls_xxx_init() functions which can be called at any time. Requires: MBEDTLS_PSA_CRYPTO_C. Uncomment this to enable internal use of PSA Crypto and new associated APIs. \def MBEDTLS_PSA_CRYPTO_CONFIG This setting allows support for cryptographic mechanisms through the PSA API to be configured separately from support through the mbedtls API. When this option is disabled, the PSA API exposes the cryptographic mechanisms that can be implemented on top of the `mbedtls_xxx` API configured with `MBEDTLS_XXX` symbols. When this option is enabled, the PSA API exposes the cryptographic mechanisms requested by the `PSA_WANT_XXX` symbols defined in include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are automatically enabled if required (i.e. if no PSA driver provides the mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols in mbedtls_config.h. If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies an alternative header to include instead of include/psa/crypto_config.h. \warning This option is experimental, in that the set of `PSA_WANT_XXX` symbols is not completely finalized yet, and the configuration tooling is not ideally adapted to having two separate configuration files. Future minor releases of Mbed TLS may make minor changes to those symbols, but we will endeavor to provide a transition path. Nonetheless, this option is considered mature enough to use in production, as long as you accept that you may need to make minor changes to psa/crypto_config.h when upgrading Mbed TLS. \def MBEDTLS_VERSION_FEATURES Allow run-time checking of compile-time enabled features. Thus allowing users to check at run-time if the library is for instance compiled with threading support via mbedtls_version_check_feature(). Requires: MBEDTLS_VERSION_C Comment this to disable run-time checking and save ROM space