]>
Commit | Line | Data |
---|---|---|
89647339 MHS |
1 | /** |
2 | * \file config.h | |
3 | * | |
4 | * \brief Configuration options (set of defines) | |
5 | * | |
6 | * Copyright (C) 2006-2014, Brainspark B.V. | |
7 | * | |
8 | * This file is part of PolarSSL (http://www.polarssl.org) | |
9 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> | |
10 | * | |
11 | * All rights reserved. | |
12 | * | |
13 | * This program is free software; you can redistribute it and/or modify | |
14 | * it under the terms of the GNU General Public License as published by | |
15 | * the Free Software Foundation; either version 2 of the License, or | |
16 | * (at your option) any later version. | |
17 | * | |
18 | * This program is distributed in the hope that it will be useful, | |
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | * GNU General Public License for more details. | |
22 | * | |
23 | * You should have received a copy of the GNU General Public License along | |
24 | * with this program; if not, write to the Free Software Foundation, Inc., | |
25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
26 | * | |
27 | * This set of compile-time options may be used to enable | |
28 | * or disable features selectively, and reduce the global | |
29 | * memory footprint. | |
30 | */ | |
31 | #ifndef POLARSSL_CONFIG_H | |
32 | #define POLARSSL_CONFIG_H | |
33 | ||
34 | #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) | |
35 | #define _CRT_SECURE_NO_DEPRECATE 1 | |
36 | #endif | |
37 | ||
38 | /** | |
39 | * \name SECTION: System support | |
40 | * | |
41 | * This section sets system specific settings. | |
42 | * \{ | |
43 | */ | |
44 | ||
45 | /** | |
46 | * \def POLARSSL_HAVE_INT8 | |
47 | * | |
48 | * The system uses 8-bit wide native integers. | |
49 | * | |
50 | * Uncomment if native integers are 8-bit wide. | |
51 | */ | |
52 | //#define POLARSSL_HAVE_INT8 | |
53 | ||
54 | /** | |
55 | * \def POLARSSL_HAVE_INT16 | |
56 | * | |
57 | * The system uses 16-bit wide native integers. | |
58 | * | |
59 | * Uncomment if native integers are 16-bit wide. | |
60 | */ | |
61 | //#define POLARSSL_HAVE_INT16 | |
62 | ||
63 | /** | |
64 | * \def POLARSSL_HAVE_LONGLONG | |
65 | * | |
66 | * The compiler supports the 'long long' type. | |
67 | * (Only used on 32-bit platforms) | |
68 | */ | |
69 | #define POLARSSL_HAVE_LONGLONG | |
70 | ||
71 | /** | |
72 | * \def POLARSSL_HAVE_ASM | |
73 | * | |
74 | * The compiler has support for asm(). | |
75 | * | |
76 | * Requires support for asm() in compiler. | |
77 | * | |
78 | * Used in: | |
79 | * library/timing.c | |
80 | * library/padlock.c | |
81 | * include/polarssl/bn_mul.h | |
82 | * | |
83 | * Comment to disable the use of assembly code. | |
84 | */ | |
d03fb293 | 85 | //#define POLARSSL_HAVE_ASM |
89647339 MHS |
86 | |
87 | /** | |
88 | * \def POLARSSL_HAVE_SSE2 | |
89 | * | |
90 | * CPU supports SSE2 instruction set. | |
91 | * | |
92 | * Uncomment if the CPU supports SSE2 (IA-32 specific). | |
93 | */ | |
94 | //#define POLARSSL_HAVE_SSE2 | |
95 | ||
96 | /** | |
97 | * \def POLARSSL_HAVE_TIME | |
98 | * | |
99 | * System has time.h and time() / localtime() / gettimeofday(). | |
100 | * | |
101 | * Comment if your system does not support time functions | |
102 | */ | |
103 | #define POLARSSL_HAVE_TIME | |
104 | ||
105 | /** | |
106 | * \def POLARSSL_HAVE_IPV6 | |
107 | * | |
108 | * System supports the basic socket interface for IPv6 (RFC 3493), | |
109 | * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage. | |
110 | * | |
111 | * Note: on Windows/MingW, XP or higher is required. | |
112 | * | |
113 | * Comment if your system does not support the IPv6 socket interface | |
114 | */ | |
115 | #define POLARSSL_HAVE_IPV6 | |
116 | ||
117 | /** | |
118 | * \def POLARSSL_PLATFORM_MEMORY | |
119 | * | |
120 | * Enable the memory allocation layer. | |
121 | * | |
122 | * By default PolarSSL uses the system-provided malloc() and free(). | |
123 | * This allows different allocators (self-implemented or provided) to be | |
124 | * provided to the platform abstraction layer. | |
125 | * | |
126 | * Enabling POLARSSL_PLATFORM_MEMORY will provide "platform_set_malloc_free()" | |
127 | * to allow you to set an alternative malloc() and free() function pointer. | |
128 | * | |
129 | * Requires: POLARSSL_PLATFORM_C | |
130 | * | |
131 | * Enable this layer to allow use of alternative memory allocators. | |
132 | */ | |
133 | //#define POLARSSL_PLATFORM_MEMORY | |
134 | ||
135 | /** | |
136 | * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS | |
137 | * | |
138 | * Do not assign standard functions in the platform layer (e.g. malloc() to | |
139 | * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF) | |
140 | * | |
141 | * This makes sure there are no linking errors on platforms that do not support | |
142 | * these functions. You will HAVE to provide alternatives, either at runtime | |
143 | * via the platform_set_xxx() functions or at compile time by setting | |
144 | * the POLARSSL_PLATFORM_STD_XXX defines. | |
145 | * | |
146 | * Requires: POLARSSL_PLATFORM_C | |
147 | * | |
148 | * Uncomment to prevent default assignment of standard functions in the | |
149 | * platform layer. | |
150 | */ | |
151 | //#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS | |
152 | ||
153 | /** | |
154 | * \def POLARSSL_PLATFORM_XXX_ALT | |
155 | * | |
156 | * Uncomment a macro to let PolarSSL support the function in the platform | |
157 | * abstraction layer. | |
158 | * | |
159 | * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, PolarSSL will | |
160 | * provide a function "platform_set_printf()" that allows you to set an | |
161 | * alternative printf function pointer. | |
162 | * | |
163 | * All these define require POLARSSL_PLATFORM_C to be defined! | |
164 | * | |
165 | * Uncomment a macro to enable alternate implementation of specific base | |
166 | * platform function | |
167 | */ | |
168 | //#define POLARSSL_PLATFORM_PRINTF_ALT | |
169 | //#define POLARSSL_PLATFORM_FPRINTF_ALT | |
170 | /* \} name SECTION: System support */ | |
171 | ||
172 | /** | |
173 | * \name SECTION: PolarSSL feature support | |
174 | * | |
175 | * This section sets support for features that are or are not needed | |
176 | * within the modules that are enabled. | |
177 | * \{ | |
178 | */ | |
179 | ||
180 | /** | |
181 | * \def POLARSSL_TIMING_ALT | |
182 | * | |
183 | * Uncomment to provide your own alternate implementation for hardclock(), | |
184 | * get_timer(), set_alarm() and m_sleep(). | |
185 | * | |
186 | * Only works if you have POLARSSL_TIMING_C enabled. | |
187 | * | |
188 | * You will need to provide a header "timing_alt.h" and an implementation at | |
189 | * compile time. | |
190 | */ | |
191 | //#define POLARSSL_TIMING_ALT | |
192 | ||
193 | /** | |
194 | * \def POLARSSL_XXX_ALT | |
195 | * | |
196 | * Uncomment a macro to let PolarSSL use your alternate core implementation of | |
197 | * a symmetric or hash algorithm (e.g. platform specific assembly optimized | |
198 | * implementations). Keep in mind that the function prototypes should remain | |
199 | * the same. | |
200 | * | |
201 | * Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer | |
202 | * provide the "struct aes_context" definition and omit the base function | |
203 | * declarations and implementations. "aes_alt.h" will be included from | |
204 | * "aes.h" to include the new function definitions. | |
205 | * | |
206 | * Uncomment a macro to enable alternate implementation for core algorithm | |
207 | * functions | |
208 | */ | |
209 | //#define POLARSSL_AES_ALT | |
210 | //#define POLARSSL_ARC4_ALT | |
211 | //#define POLARSSL_BLOWFISH_ALT | |
212 | //#define POLARSSL_CAMELLIA_ALT | |
213 | //#define POLARSSL_DES_ALT | |
214 | //#define POLARSSL_XTEA_ALT | |
215 | //#define POLARSSL_MD2_ALT | |
216 | //#define POLARSSL_MD4_ALT | |
217 | //#define POLARSSL_MD5_ALT | |
218 | //#define POLARSSL_RIPEMD160_ALT | |
219 | //#define POLARSSL_SHA1_ALT | |
220 | //#define POLARSSL_SHA256_ALT | |
221 | //#define POLARSSL_SHA512_ALT | |
222 | ||
223 | /** | |
224 | * \def POLARSSL_AES_ROM_TABLES | |
225 | * | |
226 | * Store the AES tables in ROM. | |
227 | * | |
228 | * Uncomment this macro to store the AES tables in ROM. | |
229 | * | |
230 | */ | |
231 | //#define POLARSSL_AES_ROM_TABLES | |
232 | ||
233 | /** | |
234 | * \def POLARSSL_CIPHER_MODE_CBC | |
235 | * | |
236 | * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. | |
237 | */ | |
238 | #define POLARSSL_CIPHER_MODE_CBC | |
239 | ||
240 | /** | |
241 | * \def POLARSSL_CIPHER_MODE_CFB | |
242 | * | |
243 | * Enable Cipher Feedback mode (CFB) for symmetric ciphers. | |
244 | */ | |
245 | #define POLARSSL_CIPHER_MODE_CFB | |
246 | ||
247 | /** | |
248 | * \def POLARSSL_CIPHER_MODE_CTR | |
249 | * | |
250 | * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. | |
251 | */ | |
252 | #define POLARSSL_CIPHER_MODE_CTR | |
253 | ||
254 | /** | |
255 | * \def POLARSSL_CIPHER_NULL_CIPHER | |
256 | * | |
257 | * Enable NULL cipher. | |
258 | * Warning: Only do so when you know what you are doing. This allows for | |
259 | * encryption or channels without any security! | |
260 | * | |
261 | * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable | |
262 | * the following ciphersuites: | |
263 | * TLS_ECDH_ECDSA_WITH_NULL_SHA | |
264 | * TLS_ECDH_RSA_WITH_NULL_SHA | |
265 | * TLS_ECDHE_ECDSA_WITH_NULL_SHA | |
266 | * TLS_ECDHE_RSA_WITH_NULL_SHA | |
267 | * TLS_ECDHE_PSK_WITH_NULL_SHA384 | |
268 | * TLS_ECDHE_PSK_WITH_NULL_SHA256 | |
269 | * TLS_ECDHE_PSK_WITH_NULL_SHA | |
270 | * TLS_DHE_PSK_WITH_NULL_SHA384 | |
271 | * TLS_DHE_PSK_WITH_NULL_SHA256 | |
272 | * TLS_DHE_PSK_WITH_NULL_SHA | |
273 | * TLS_RSA_WITH_NULL_SHA256 | |
274 | * TLS_RSA_WITH_NULL_SHA | |
275 | * TLS_RSA_WITH_NULL_MD5 | |
276 | * TLS_RSA_PSK_WITH_NULL_SHA384 | |
277 | * TLS_RSA_PSK_WITH_NULL_SHA256 | |
278 | * TLS_RSA_PSK_WITH_NULL_SHA | |
279 | * TLS_PSK_WITH_NULL_SHA384 | |
280 | * TLS_PSK_WITH_NULL_SHA256 | |
281 | * TLS_PSK_WITH_NULL_SHA | |
282 | * | |
283 | * Uncomment this macro to enable the NULL cipher and ciphersuites | |
284 | */ | |
285 | //#define POLARSSL_CIPHER_NULL_CIPHER | |
286 | ||
287 | /** | |
288 | * \def POLARSSL_CIPHER_PADDING_XXX | |
289 | * | |
290 | * Uncomment or comment macros to add support for specific padding modes | |
291 | * in the cipher layer with cipher modes that support padding (e.g. CBC) | |
292 | * | |
293 | * If you disable all padding modes, only full blocks can be used with CBC. | |
294 | * | |
295 | * Enable padding modes in the cipher layer. | |
296 | */ | |
297 | #define POLARSSL_CIPHER_PADDING_PKCS7 | |
298 | #define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS | |
299 | #define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN | |
300 | #define POLARSSL_CIPHER_PADDING_ZEROS | |
301 | ||
302 | /** | |
303 | * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES | |
304 | * | |
305 | * Enable weak ciphersuites in SSL / TLS. | |
306 | * Warning: Only do so when you know what you are doing. This allows for | |
307 | * channels with virtually no security at all! | |
308 | * | |
309 | * This enables the following ciphersuites: | |
310 | * TLS_RSA_WITH_DES_CBC_SHA | |
311 | * TLS_DHE_RSA_WITH_DES_CBC_SHA | |
312 | * | |
313 | * Uncomment this macro to enable weak ciphersuites | |
314 | */ | |
315 | //#define POLARSSL_ENABLE_WEAK_CIPHERSUITES | |
316 | ||
317 | /** | |
318 | * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES | |
319 | * | |
320 | * Remove RC4 ciphersuites by default in SSL / TLS. | |
321 | * This flag removes the ciphersuites based on RC4 from the default list as | |
322 | * returned by ssl_list_ciphersuites(). However, it is still possible to | |
323 | * enable (some of) them with ssl_set_ciphersuites() by including them | |
324 | * explicitly. | |
325 | * | |
326 | * Uncomment this macro to remove RC4 ciphersuites by default. | |
327 | */ | |
328 | //#define POLARSSL_REMOVE_ARC4_CIPHERSUITES | |
329 | ||
330 | /** | |
331 | * \def POLARSSL_ECP_XXXX_ENABLED | |
332 | * | |
333 | * Enables specific curves within the Elliptic Curve module. | |
334 | * By default all supported curves are enabled. | |
335 | * | |
336 | * Comment macros to disable the curve and functions for it | |
337 | */ | |
338 | #define POLARSSL_ECP_DP_SECP192R1_ENABLED | |
339 | #define POLARSSL_ECP_DP_SECP224R1_ENABLED | |
340 | #define POLARSSL_ECP_DP_SECP256R1_ENABLED | |
341 | #define POLARSSL_ECP_DP_SECP384R1_ENABLED | |
342 | #define POLARSSL_ECP_DP_SECP521R1_ENABLED | |
343 | #define POLARSSL_ECP_DP_SECP192K1_ENABLED | |
344 | #define POLARSSL_ECP_DP_SECP224K1_ENABLED | |
345 | #define POLARSSL_ECP_DP_SECP256K1_ENABLED | |
346 | #define POLARSSL_ECP_DP_BP256R1_ENABLED | |
347 | #define POLARSSL_ECP_DP_BP384R1_ENABLED | |
348 | #define POLARSSL_ECP_DP_BP512R1_ENABLED | |
349 | //#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet! | |
350 | #define POLARSSL_ECP_DP_M255_ENABLED | |
351 | //#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet! | |
352 | //#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet! | |
353 | ||
354 | /** | |
355 | * \def POLARSSL_ECP_NIST_OPTIM | |
356 | * | |
357 | * Enable specific 'modulo p' routines for each NIST prime. | |
358 | * Depending on the prime and architecture, makes operations 4 to 8 times | |
359 | * faster on the corresponding curve. | |
360 | * | |
361 | * Comment this macro to disable NIST curves optimisation. | |
362 | */ | |
363 | #define POLARSSL_ECP_NIST_OPTIM | |
364 | ||
365 | /** | |
366 | * \def POLARSSL_ECDSA_DETERMINISTIC | |
367 | * | |
368 | * Enable deterministic ECDSA (RFC 6979). | |
369 | * Standard ECDSA is "fragile" in the sense that lack of entropy when signing | |
370 | * may result in a compromise of the long-term signing key. This is avoided by | |
371 | * the deterministic variant. | |
372 | * | |
373 | * Requires: POLARSSL_HMAC_DRBG_C | |
374 | * | |
375 | * Comment this macro to disable deterministic ECDSA. | |
376 | */ | |
377 | #define POLARSSL_ECDSA_DETERMINISTIC | |
378 | ||
379 | /** | |
380 | * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED | |
381 | * | |
382 | * Enable the PSK based ciphersuite modes in SSL / TLS. | |
383 | * | |
384 | * This enables the following ciphersuites (if other requisites are | |
385 | * enabled as well): | |
386 | * TLS_PSK_WITH_AES_256_GCM_SHA384 | |
387 | * TLS_PSK_WITH_AES_256_CBC_SHA384 | |
388 | * TLS_PSK_WITH_AES_256_CBC_SHA | |
389 | * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 | |
390 | * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 | |
391 | * TLS_PSK_WITH_AES_128_GCM_SHA256 | |
392 | * TLS_PSK_WITH_AES_128_CBC_SHA256 | |
393 | * TLS_PSK_WITH_AES_128_CBC_SHA | |
394 | * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 | |
395 | * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 | |
396 | * TLS_PSK_WITH_3DES_EDE_CBC_SHA | |
397 | * TLS_PSK_WITH_RC4_128_SHA | |
398 | */ | |
399 | #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED | |
400 | ||
401 | /** | |
402 | * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED | |
403 | * | |
404 | * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. | |
405 | * | |
406 | * Requires: POLARSSL_DHM_C | |
407 | * | |
408 | * This enables the following ciphersuites (if other requisites are | |
409 | * enabled as well): | |
410 | * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | |
411 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 | |
412 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA | |
413 | * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 | |
414 | * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 | |
415 | * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | |
416 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 | |
417 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA | |
418 | * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 | |
419 | * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 | |
420 | * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA | |
421 | * TLS_DHE_PSK_WITH_RC4_128_SHA | |
422 | */ | |
423 | #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED | |
424 | ||
425 | /** | |
426 | * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED | |
427 | * | |
428 | * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. | |
429 | * | |
430 | * Requires: POLARSSL_ECDH_C | |
431 | * | |
432 | * This enables the following ciphersuites (if other requisites are | |
433 | * enabled as well): | |
434 | * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 | |
435 | * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA | |
436 | * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 | |
437 | * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 | |
438 | * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA | |
439 | * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 | |
440 | * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA | |
441 | * TLS_ECDHE_PSK_WITH_RC4_128_SHA | |
442 | */ | |
443 | #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED | |
444 | ||
445 | /** | |
446 | * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED | |
447 | * | |
448 | * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. | |
449 | * | |
450 | * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, | |
451 | * POLARSSL_X509_CRT_PARSE_C | |
452 | * | |
453 | * This enables the following ciphersuites (if other requisites are | |
454 | * enabled as well): | |
455 | * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 | |
456 | * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 | |
457 | * TLS_RSA_PSK_WITH_AES_256_CBC_SHA | |
458 | * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 | |
459 | * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 | |
460 | * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 | |
461 | * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 | |
462 | * TLS_RSA_PSK_WITH_AES_128_CBC_SHA | |
463 | * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 | |
464 | * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 | |
465 | * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA | |
466 | * TLS_RSA_PSK_WITH_RC4_128_SHA | |
467 | */ | |
468 | #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED | |
469 | ||
470 | /** | |
471 | * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED | |
472 | * | |
473 | * Enable the RSA-only based ciphersuite modes in SSL / TLS. | |
474 | * | |
475 | * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, | |
476 | * POLARSSL_X509_CRT_PARSE_C | |
477 | * | |
478 | * This enables the following ciphersuites (if other requisites are | |
479 | * enabled as well): | |
480 | * TLS_RSA_WITH_AES_256_GCM_SHA384 | |
481 | * TLS_RSA_WITH_AES_256_CBC_SHA256 | |
482 | * TLS_RSA_WITH_AES_256_CBC_SHA | |
483 | * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 | |
484 | * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 | |
485 | * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | |
486 | * TLS_RSA_WITH_AES_128_GCM_SHA256 | |
487 | * TLS_RSA_WITH_AES_128_CBC_SHA256 | |
488 | * TLS_RSA_WITH_AES_128_CBC_SHA | |
489 | * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 | |
490 | * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 | |
491 | * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | |
492 | * TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
493 | * TLS_RSA_WITH_RC4_128_SHA | |
494 | * TLS_RSA_WITH_RC4_128_MD5 | |
495 | */ | |
496 | #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED | |
497 | ||
498 | /** | |
499 | * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED | |
500 | * | |
501 | * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. | |
502 | * | |
503 | * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, | |
504 | * POLARSSL_X509_CRT_PARSE_C | |
505 | * | |
506 | * This enables the following ciphersuites (if other requisites are | |
507 | * enabled as well): | |
508 | * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | |
509 | * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | |
510 | * TLS_DHE_RSA_WITH_AES_256_CBC_SHA | |
511 | * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 | |
512 | * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 | |
513 | * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | |
514 | * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | |
515 | * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | |
516 | * TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
517 | * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 | |
518 | * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 | |
519 | * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | |
520 | * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | |
521 | */ | |
522 | #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED | |
523 | ||
524 | /** | |
525 | * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED | |
526 | * | |
527 | * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. | |
528 | * | |
529 | * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, | |
530 | * POLARSSL_X509_CRT_PARSE_C | |
531 | * | |
532 | * This enables the following ciphersuites (if other requisites are | |
533 | * enabled as well): | |
534 | * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
535 | * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | |
536 | * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | |
537 | * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 | |
538 | * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 | |
539 | * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
540 | * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | |
541 | * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
542 | * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 | |
543 | * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 | |
544 | * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | |
545 | * TLS_ECDHE_RSA_WITH_RC4_128_SHA | |
546 | */ | |
547 | #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED | |
548 | ||
549 | /** | |
550 | * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | |
551 | * | |
552 | * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. | |
553 | * | |
554 | * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, | |
555 | * | |
556 | * This enables the following ciphersuites (if other requisites are | |
557 | * enabled as well): | |
558 | * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | |
559 | * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | |
560 | * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | |
561 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 | |
562 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 | |
563 | * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | |
564 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | |
565 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | |
566 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 | |
567 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 | |
568 | * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | |
569 | * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | |
570 | */ | |
571 | #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | |
572 | ||
573 | /** | |
574 | * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | |
575 | * | |
576 | * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. | |
577 | * | |
578 | * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C | |
579 | * | |
580 | * This enables the following ciphersuites (if other requisites are | |
581 | * enabled as well): | |
582 | * TLS_ECDH_ECDSA_WITH_RC4_128_SHA | |
583 | * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | |
584 | * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | |
585 | * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | |
586 | * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | |
587 | * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | |
588 | * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | |
589 | * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | |
590 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 | |
591 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 | |
592 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 | |
593 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 | |
594 | */ | |
595 | #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | |
596 | ||
597 | /** | |
598 | * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED | |
599 | * | |
600 | * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. | |
601 | * | |
602 | * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C | |
603 | * | |
604 | * This enables the following ciphersuites (if other requisites are | |
605 | * enabled as well): | |
606 | * TLS_ECDH_RSA_WITH_RC4_128_SHA | |
607 | * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | |
608 | * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | |
609 | * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | |
610 | * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | |
611 | * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | |
612 | * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | |
613 | * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | |
614 | * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 | |
615 | * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 | |
616 | * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 | |
617 | * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 | |
618 | */ | |
619 | #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED | |
620 | ||
621 | /** | |
622 | * \def POLARSSL_PK_PARSE_EC_EXTENDED | |
623 | * | |
624 | * Enhance support for reading EC keys using variants of SEC1 not allowed by | |
625 | * RFC 5915 and RFC 5480. | |
626 | * | |
627 | * Currently this means parsing the SpecifiedECDomain choice of EC | |
628 | * parameters (only known groups are supported, not arbitrary domains, to | |
629 | * avoid validation issues). | |
630 | * | |
631 | * Disable if you only need to support RFC 5915 + 5480 key formats. | |
632 | */ | |
633 | #define POLARSSL_PK_PARSE_EC_EXTENDED | |
634 | ||
635 | /** | |
636 | * \def POLARSSL_ERROR_STRERROR_BC | |
637 | * | |
638 | * Make available the backward compatible error_strerror() next to the | |
639 | * current polarssl_strerror(). | |
640 | * | |
641 | * For new code, it is recommended to use polarssl_strerror() instead and | |
642 | * disable this. | |
643 | * | |
644 | * Disable if you run into name conflicts and want to really remove the | |
645 | * error_strerror() | |
646 | */ | |
647 | #define POLARSSL_ERROR_STRERROR_BC | |
648 | ||
649 | /** | |
650 | * \def POLARSSL_ERROR_STRERROR_DUMMY | |
651 | * | |
652 | * Enable a dummy error function to make use of polarssl_strerror() in | |
653 | * third party libraries easier when POLARSSL_ERROR_C is disabled | |
654 | * (no effect when POLARSSL_ERROR_C is enabled). | |
655 | * | |
656 | * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're | |
657 | * not using polarssl_strerror() or error_strerror() in your application. | |
658 | * | |
659 | * Disable if you run into name conflicts and want to really remove the | |
660 | * polarssl_strerror() | |
661 | */ | |
662 | #define POLARSSL_ERROR_STRERROR_DUMMY | |
663 | ||
664 | /** | |
665 | * \def POLARSSL_GENPRIME | |
666 | * | |
667 | * Enable the prime-number generation code. | |
668 | * | |
669 | * Requires: POLARSSL_BIGNUM_C | |
670 | */ | |
671 | #define POLARSSL_GENPRIME | |
672 | ||
673 | /** | |
674 | * \def POLARSSL_FS_IO | |
675 | * | |
676 | * Enable functions that use the filesystem. | |
677 | */ | |
678 | #define POLARSSL_FS_IO | |
679 | ||
680 | /** | |
681 | * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES | |
682 | * | |
683 | * Do not add default entropy sources. These are the platform specific, | |
684 | * hardclock and HAVEGE based poll functions. | |
685 | * | |
686 | * This is useful to have more control over the added entropy sources in an | |
687 | * application. | |
688 | * | |
689 | * Uncomment this macro to prevent loading of default entropy functions. | |
690 | */ | |
691 | //#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES | |
692 | ||
693 | /** | |
694 | * \def POLARSSL_NO_PLATFORM_ENTROPY | |
695 | * | |
696 | * Do not use built-in platform entropy functions. | |
697 | * This is useful if your platform does not support | |
698 | * standards like the /dev/urandom or Windows CryptoAPI. | |
699 | * | |
700 | * Uncomment this macro to disable the built-in platform entropy functions. | |
701 | */ | |
702 | //#define POLARSSL_NO_PLATFORM_ENTROPY | |
703 | ||
704 | /** | |
705 | * \def POLARSSL_ENTROPY_FORCE_SHA256 | |
706 | * | |
707 | * Force the entropy accumulator to use a SHA-256 accumulator instead of the | |
708 | * default SHA-512 based one (if both are available). | |
709 | * | |
710 | * Requires: POLARSSL_SHA256_C | |
711 | * | |
712 | * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option | |
713 | * if you have performance concerns. | |
714 | * | |
715 | * This option is only useful if both POLARSSL_SHA256_C and | |
716 | * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used. | |
717 | */ | |
718 | //#define POLARSSL_ENTROPY_FORCE_SHA256 | |
719 | ||
720 | /** | |
721 | * \def POLARSSL_MEMORY_DEBUG | |
722 | * | |
723 | * Enable debugging of buffer allocator memory issues. Automatically prints | |
724 | * (to stderr) all (fatal) messages on memory allocation issues. Enables | |
725 | * function for 'debug output' of allocated memory. | |
726 | * | |
727 | * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C | |
728 | * | |
729 | * Uncomment this macro to let the buffer allocator print out error messages. | |
730 | */ | |
731 | //#define POLARSSL_MEMORY_DEBUG | |
732 | ||
733 | /** | |
734 | * \def POLARSSL_MEMORY_BACKTRACE | |
735 | * | |
736 | * Include backtrace information with each allocated block. | |
737 | * | |
738 | * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C | |
739 | * GLIBC-compatible backtrace() an backtrace_symbols() support | |
740 | * | |
741 | * Uncomment this macro to include backtrace information | |
742 | */ | |
743 | //#define POLARSSL_MEMORY_BACKTRACE | |
744 | ||
745 | /** | |
746 | * \def POLARSSL_PKCS1_V15 | |
747 | * | |
748 | * Enable support for PKCS#1 v1.5 encoding. | |
749 | * | |
750 | * Requires: POLARSSL_RSA_C | |
751 | * | |
752 | * This enables support for PKCS#1 v1.5 operations. | |
753 | */ | |
754 | #define POLARSSL_PKCS1_V15 | |
755 | ||
756 | /** | |
757 | * \def POLARSSL_PKCS1_V21 | |
758 | * | |
759 | * Enable support for PKCS#1 v2.1 encoding. | |
760 | * | |
761 | * Requires: POLARSSL_MD_C, POLARSSL_RSA_C | |
762 | * | |
763 | * This enables support for RSAES-OAEP and RSASSA-PSS operations. | |
764 | */ | |
d03fb293 | 765 | //#define POLARSSL_PKCS1_V21 |
89647339 MHS |
766 | |
767 | /** | |
768 | * \def POLARSSL_RSA_NO_CRT | |
769 | * | |
770 | * Do not use the Chinese Remainder Theorem for the RSA private operation. | |
771 | * | |
772 | * Uncomment this macro to disable the use of CRT in RSA. | |
773 | * | |
774 | */ | |
775 | //#define POLARSSL_RSA_NO_CRT | |
776 | ||
777 | /** | |
778 | * \def POLARSSL_SELF_TEST | |
779 | * | |
780 | * Enable the checkup functions (*_self_test). | |
781 | */ | |
782 | #define POLARSSL_SELF_TEST | |
783 | ||
784 | /** | |
785 | * \def POLARSSL_SSL_ALL_ALERT_MESSAGES | |
786 | * | |
787 | * Enable sending of alert messages in case of encountered errors as per RFC. | |
788 | * If you choose not to send the alert messages, PolarSSL can still communicate | |
789 | * with other servers, only debugging of failures is harder. | |
790 | * | |
791 | * The advantage of not sending alert messages, is that no information is given | |
792 | * about reasons for failures thus preventing adversaries of gaining intel. | |
793 | * | |
794 | * Enable sending of all alert messages | |
795 | */ | |
796 | #define POLARSSL_SSL_ALERT_MESSAGES | |
797 | ||
798 | /** | |
799 | * \def POLARSSL_SSL_DEBUG_ALL | |
800 | * | |
801 | * Enable the debug messages in SSL module for all issues. | |
802 | * Debug messages have been disabled in some places to prevent timing | |
803 | * attacks due to (unbalanced) debugging function calls. | |
804 | * | |
805 | * If you need all error reporting you should enable this during debugging, | |
806 | * but remove this for production servers that should log as well. | |
807 | * | |
808 | * Uncomment this macro to report all debug messages on errors introducing | |
809 | * a timing side-channel. | |
810 | * | |
811 | */ | |
812 | //#define POLARSSL_SSL_DEBUG_ALL | |
813 | ||
814 | /** | |
815 | * \def POLARSSL_SSL_HW_RECORD_ACCEL | |
816 | * | |
817 | * Enable hooking functions in SSL module for hardware acceleration of | |
818 | * individual records. | |
819 | * | |
820 | * Uncomment this macro to enable hooking functions. | |
821 | */ | |
822 | //#define POLARSSL_SSL_HW_RECORD_ACCEL | |
823 | ||
824 | /** | |
825 | * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO | |
826 | * | |
827 | * Enable support for receiving and parsing SSLv2 Client Hello messages for the | |
828 | * SSL Server module (POLARSSL_SSL_SRV_C). | |
829 | * | |
830 | * Comment this macro to disable support for SSLv2 Client Hello messages. | |
831 | */ | |
832 | #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO | |
833 | ||
834 | /** | |
835 | * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE | |
836 | * | |
837 | * Pick the ciphersuite according to the client's preferences rather than ours | |
838 | * in the SSL Server module (POLARSSL_SSL_SRV_C). | |
839 | * | |
840 | * Uncomment this macro to respect client's ciphersuite order | |
841 | */ | |
842 | //#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE | |
843 | ||
844 | /** | |
845 | * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH | |
846 | * | |
847 | * Enable support for RFC 6066 max_fragment_length extension in SSL. | |
848 | * | |
849 | * Comment this macro to disable support for the max_fragment_length extension | |
850 | */ | |
851 | #define POLARSSL_SSL_MAX_FRAGMENT_LENGTH | |
852 | ||
853 | /** | |
854 | * \def POLARSSL_SSL_PROTO_SSL3 | |
855 | * | |
856 | * Enable support for SSL 3.0. | |
857 | * | |
858 | * Requires: POLARSSL_MD5_C | |
859 | * POLARSSL_SHA1_C | |
860 | * | |
861 | * Comment this macro to disable support for SSL 3.0 | |
862 | */ | |
863 | #define POLARSSL_SSL_PROTO_SSL3 | |
864 | ||
865 | /** | |
866 | * \def POLARSSL_SSL_PROTO_TLS1 | |
867 | * | |
868 | * Enable support for TLS 1.0. | |
869 | * | |
870 | * Requires: POLARSSL_MD5_C | |
871 | * POLARSSL_SHA1_C | |
872 | * | |
873 | * Comment this macro to disable support for TLS 1.0 | |
874 | */ | |
875 | #define POLARSSL_SSL_PROTO_TLS1 | |
876 | ||
877 | /** | |
878 | * \def POLARSSL_SSL_PROTO_TLS1_1 | |
879 | * | |
880 | * Enable support for TLS 1.1. | |
881 | * | |
882 | * Requires: POLARSSL_MD5_C | |
883 | * POLARSSL_SHA1_C | |
884 | * | |
885 | * Comment this macro to disable support for TLS 1.1 | |
886 | */ | |
887 | #define POLARSSL_SSL_PROTO_TLS1_1 | |
888 | ||
889 | /** | |
890 | * \def POLARSSL_SSL_PROTO_TLS1_2 | |
891 | * | |
892 | * Enable support for TLS 1.2. | |
893 | * | |
894 | * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C | |
895 | * (Depends on ciphersuites) | |
896 | * | |
897 | * Comment this macro to disable support for TLS 1.2 | |
898 | */ | |
899 | #define POLARSSL_SSL_PROTO_TLS1_2 | |
900 | ||
901 | /** | |
902 | * \def POLARSSL_SSL_ALPN | |
903 | * | |
904 | * Enable support for Application Layer Protocol Negotiation. | |
905 | * draft-ietf-tls-applayerprotoneg-05 | |
906 | * | |
907 | * Comment this macro to disable support for ALPN. | |
908 | */ | |
909 | #define POLARSSL_SSL_ALPN | |
910 | ||
911 | /** | |
912 | * \def POLARSSL_SSL_SESSION_TICKETS | |
913 | * | |
914 | * Enable support for RFC 5077 session tickets in SSL. | |
915 | * | |
916 | * Requires: POLARSSL_AES_C | |
917 | * POLARSSL_SHA256_C | |
918 | * POLARSSL_CIPHER_MODE_CBC | |
919 | * | |
920 | * Comment this macro to disable support for SSL session tickets | |
921 | */ | |
922 | #define POLARSSL_SSL_SESSION_TICKETS | |
923 | ||
924 | /** | |
925 | * \def POLARSSL_SSL_SERVER_NAME_INDICATION | |
926 | * | |
927 | * Enable support for RFC 6066 server name indication (SNI) in SSL. | |
928 | * | |
929 | * Comment this macro to disable support for server name indication in SSL | |
930 | */ | |
931 | #define POLARSSL_SSL_SERVER_NAME_INDICATION | |
932 | ||
933 | /** | |
934 | * \def POLARSSL_SSL_TRUNCATED_HMAC | |
935 | * | |
936 | * Enable support for RFC 6066 truncated HMAC in SSL. | |
937 | * | |
938 | * Comment this macro to disable support for truncated HMAC in SSL | |
939 | */ | |
940 | #define POLARSSL_SSL_TRUNCATED_HMAC | |
941 | ||
942 | /** | |
943 | * \def POLARSSL_SSL_SET_CURVES | |
944 | * | |
945 | * Enable ssl_set_curves(). | |
946 | * | |
947 | * This is disabled by default since it breaks binary compatibility with the | |
948 | * 1.3.x line. If you choose to enable it, you will need to rebuild your | |
949 | * application against the new header files, relinking will not be enough. | |
950 | * It will be enabled by default, or no longer an option, in the 1.4 branch. | |
951 | * | |
952 | * Uncomment to make ssl_set_curves() available. | |
953 | */ | |
954 | //#define POLARSSL_SSL_SET_CURVES | |
955 | ||
956 | /** | |
957 | * \def POLARSSL_THREADING_ALT | |
958 | * | |
959 | * Provide your own alternate threading implementation. | |
960 | * | |
961 | * Requires: POLARSSL_THREADING_C | |
962 | * | |
963 | * Uncomment this to allow your own alternate threading implementation. | |
964 | */ | |
965 | //#define POLARSSL_THREADING_ALT | |
966 | ||
967 | /** | |
968 | * \def POLARSSL_THREADING_PTHREAD | |
969 | * | |
970 | * Enable the pthread wrapper layer for the threading layer. | |
971 | * | |
972 | * Requires: POLARSSL_THREADING_C | |
973 | * | |
974 | * Uncomment this to enable pthread mutexes. | |
975 | */ | |
976 | //#define POLARSSL_THREADING_PTHREAD | |
977 | ||
978 | /** | |
979 | * \def POLARSSL_VERSION_FEATURES | |
980 | * | |
981 | * Allow run-time checking of compile-time enabled features. Thus allowing users | |
982 | * to check at run-time if the library is for instance compiled with threading | |
983 | * support via version_check_feature(). | |
984 | * | |
985 | * Requires: POLARSSL_VERSION_C | |
986 | * | |
987 | * Comment this to disable run-time checking and save ROM space | |
988 | */ | |
989 | #define POLARSSL_VERSION_FEATURES | |
990 | ||
991 | /** | |
992 | * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 | |
993 | * | |
994 | * If set, the X509 parser will not break-off when parsing an X509 certificate | |
995 | * and encountering an extension in a v1 or v2 certificate. | |
996 | * | |
997 | * Uncomment to prevent an error. | |
998 | */ | |
999 | //#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 | |
1000 | ||
1001 | /** | |
1002 | * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION | |
1003 | * | |
1004 | * If set, the X509 parser will not break-off when parsing an X509 certificate | |
1005 | * and encountering an unknown critical extension. | |
1006 | * | |
1007 | * Uncomment to prevent an error. | |
1008 | */ | |
1009 | //#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION | |
1010 | ||
1011 | /** | |
1012 | * \def POLARSSL_X509_CHECK_KEY_USAGE | |
1013 | * | |
1014 | * Enable verification of the keyUsage extension (CA and leaf certificates). | |
1015 | * | |
1016 | * Disabling this avoids problems with mis-issued and/or misused | |
1017 | * (intermediate) CA and leaf certificates. | |
1018 | * | |
1019 | * \warning Depending on your PKI use, disabling this can be a security risk! | |
1020 | * | |
1021 | * Comment to skip keyUsage checking for both CA and leaf certificates. | |
1022 | */ | |
1023 | #define POLARSSL_X509_CHECK_KEY_USAGE | |
1024 | ||
1025 | /** | |
1026 | * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE | |
1027 | * | |
1028 | * Enable verification of the extendedKeyUsage extension (leaf certificates). | |
1029 | * | |
1030 | * Disabling this avoids problems with mis-issued and/or misused certificates. | |
1031 | * | |
1032 | * \warning Depending on your PKI use, disabling this can be a security risk! | |
1033 | * | |
1034 | * Comment to skip extendedKeyUsage checking for certificates. | |
1035 | */ | |
1036 | #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE | |
1037 | ||
1038 | /** | |
1039 | * \def POLARSSL_X509_RSASSA_PSS_SUPPORT | |
1040 | * | |
1041 | * Enable parsing and verification of X.509 certificates, CRLs and CSRS | |
1042 | * signed with RSASSA-PSS (aka PKCS#1 v2.1). | |
1043 | * | |
1044 | * Comment this macro to disallow using RSASSA-PSS in certificates. | |
1045 | */ | |
1046 | #define POLARSSL_X509_RSASSA_PSS_SUPPORT | |
1047 | ||
1048 | /** | |
1049 | * \def POLARSSL_ZLIB_SUPPORT | |
1050 | * | |
1051 | * If set, the SSL/TLS module uses ZLIB to support compression and | |
1052 | * decompression of packet data. | |
1053 | * | |
1054 | * \warning TLS-level compression MAY REDUCE SECURITY! See for example the | |
1055 | * CRIME attack. Before enabling this option, you should examine with care if | |
1056 | * CRIME or similar exploits may be a applicable to your use case. | |
1057 | * | |
1058 | * Used in: library/ssl_tls.c | |
1059 | * library/ssl_cli.c | |
1060 | * library/ssl_srv.c | |
1061 | * | |
1062 | * This feature requires zlib library and headers to be present. | |
1063 | * | |
1064 | * Uncomment to enable use of ZLIB | |
1065 | */ | |
1066 | //#define POLARSSL_ZLIB_SUPPORT | |
1067 | /* \} name SECTION: PolarSSL feature support */ | |
1068 | ||
1069 | /** | |
1070 | * \name SECTION: PolarSSL modules | |
1071 | * | |
1072 | * This section enables or disables entire modules in PolarSSL | |
1073 | * \{ | |
1074 | */ | |
1075 | ||
1076 | /** | |
1077 | * \def POLARSSL_AESNI_C | |
1078 | * | |
1079 | * Enable AES-NI support on x86-64. | |
1080 | * | |
1081 | * Module: library/aesni.c | |
1082 | * Caller: library/aes.c | |
1083 | * | |
1084 | * Requires: POLARSSL_HAVE_ASM | |
1085 | * | |
1086 | * This modules adds support for the AES-NI instructions on x86-64 | |
1087 | */ | |
1088 | //#define POLARSSL_AESNI_C | |
1089 | ||
1090 | /** | |
1091 | * \def POLARSSL_AES_C | |
1092 | * | |
1093 | * Enable the AES block cipher. | |
1094 | * | |
1095 | * Module: library/aes.c | |
1096 | * Caller: library/ssl_tls.c | |
1097 | * library/pem.c | |
1098 | * library/ctr_drbg.c | |
1099 | * | |
1100 | * This module enables the following ciphersuites (if other requisites are | |
1101 | * enabled as well): | |
1102 | * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | |
1103 | * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | |
1104 | * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | |
1105 | * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | |
1106 | * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | |
1107 | * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | |
1108 | * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | |
1109 | * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | |
1110 | * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | |
1111 | * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | |
1112 | * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | |
1113 | * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | |
1114 | * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | |
1115 | * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
1116 | * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | |
1117 | * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | |
1118 | * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | |
1119 | * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | |
1120 | * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | |
1121 | * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | |
1122 | * TLS_DHE_RSA_WITH_AES_256_CBC_SHA | |
1123 | * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | |
1124 | * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
1125 | * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | |
1126 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | |
1127 | * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | |
1128 | * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | |
1129 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | |
1130 | * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
1131 | * TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
1132 | * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | |
1133 | * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 | |
1134 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 | |
1135 | * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA | |
1136 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA | |
1137 | * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | |
1138 | * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 | |
1139 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 | |
1140 | * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA | |
1141 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA | |
1142 | * TLS_RSA_WITH_AES_256_GCM_SHA384 | |
1143 | * TLS_RSA_WITH_AES_256_CBC_SHA256 | |
1144 | * TLS_RSA_WITH_AES_256_CBC_SHA | |
1145 | * TLS_RSA_WITH_AES_128_GCM_SHA256 | |
1146 | * TLS_RSA_WITH_AES_128_CBC_SHA256 | |
1147 | * TLS_RSA_WITH_AES_128_CBC_SHA | |
1148 | * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 | |
1149 | * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 | |
1150 | * TLS_RSA_PSK_WITH_AES_256_CBC_SHA | |
1151 | * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 | |
1152 | * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 | |
1153 | * TLS_RSA_PSK_WITH_AES_128_CBC_SHA | |
1154 | * TLS_PSK_WITH_AES_256_GCM_SHA384 | |
1155 | * TLS_PSK_WITH_AES_256_CBC_SHA384 | |
1156 | * TLS_PSK_WITH_AES_256_CBC_SHA | |
1157 | * TLS_PSK_WITH_AES_128_GCM_SHA256 | |
1158 | * TLS_PSK_WITH_AES_128_CBC_SHA256 | |
1159 | * TLS_PSK_WITH_AES_128_CBC_SHA | |
1160 | * | |
1161 | * PEM_PARSE uses AES for decrypting encrypted keys. | |
1162 | */ | |
1163 | #define POLARSSL_AES_C | |
1164 | ||
1165 | /** | |
1166 | * \def POLARSSL_ARC4_C | |
1167 | * | |
1168 | * Enable the ARCFOUR stream cipher. | |
1169 | * | |
1170 | * Module: library/arc4.c | |
1171 | * Caller: library/ssl_tls.c | |
1172 | * | |
1173 | * This module enables the following ciphersuites (if other requisites are | |
1174 | * enabled as well): | |
1175 | * TLS_ECDH_ECDSA_WITH_RC4_128_SHA | |
1176 | * TLS_ECDH_RSA_WITH_RC4_128_SHA | |
1177 | * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | |
1178 | * TLS_ECDHE_RSA_WITH_RC4_128_SHA | |
1179 | * TLS_ECDHE_PSK_WITH_RC4_128_SHA | |
1180 | * TLS_DHE_PSK_WITH_RC4_128_SHA | |
1181 | * TLS_RSA_WITH_RC4_128_SHA | |
1182 | * TLS_RSA_WITH_RC4_128_MD5 | |
1183 | * TLS_RSA_PSK_WITH_RC4_128_SHA | |
1184 | * TLS_PSK_WITH_RC4_128_SHA | |
1185 | */ | |
1186 | #define POLARSSL_ARC4_C | |
1187 | ||
1188 | /** | |
1189 | * \def POLARSSL_ASN1_PARSE_C | |
1190 | * | |
1191 | * Enable the generic ASN1 parser. | |
1192 | * | |
1193 | * Module: library/asn1.c | |
1194 | * Caller: library/x509.c | |
1195 | * library/dhm.c | |
1196 | * library/pkcs12.c | |
1197 | * library/pkcs5.c | |
1198 | * library/pkparse.c | |
1199 | */ | |
1200 | #define POLARSSL_ASN1_PARSE_C | |
1201 | ||
1202 | /** | |
1203 | * \def POLARSSL_ASN1_WRITE_C | |
1204 | * | |
1205 | * Enable the generic ASN1 writer. | |
1206 | * | |
1207 | * Module: library/asn1write.c | |
1208 | * Caller: library/ecdsa.c | |
1209 | * library/pkwrite.c | |
1210 | * library/x509_create.c | |
1211 | * library/x509write_crt.c | |
1212 | * library/x509write_csr.c | |
1213 | */ | |
1214 | #define POLARSSL_ASN1_WRITE_C | |
1215 | ||
1216 | /** | |
1217 | * \def POLARSSL_BASE64_C | |
1218 | * | |
1219 | * Enable the Base64 module. | |
1220 | * | |
1221 | * Module: library/base64.c | |
1222 | * Caller: library/pem.c | |
1223 | * | |
1224 | * This module is required for PEM support (required by X.509). | |
1225 | */ | |
1226 | #define POLARSSL_BASE64_C | |
1227 | ||
1228 | /** | |
1229 | * \def POLARSSL_BIGNUM_C | |
1230 | * | |
1231 | * Enable the multi-precision integer library. | |
1232 | * | |
1233 | * Module: library/bignum.c | |
1234 | * Caller: library/dhm.c | |
1235 | * library/ecp.c | |
1236 | * library/ecdsa.c | |
1237 | * library/rsa.c | |
1238 | * library/ssl_tls.c | |
1239 | * | |
1240 | * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. | |
1241 | */ | |
1242 | #define POLARSSL_BIGNUM_C | |
1243 | ||
1244 | /** | |
1245 | * \def POLARSSL_BLOWFISH_C | |
1246 | * | |
1247 | * Enable the Blowfish block cipher. | |
1248 | * | |
1249 | * Module: library/blowfish.c | |
1250 | */ | |
1251 | #define POLARSSL_BLOWFISH_C | |
1252 | ||
1253 | /** | |
1254 | * \def POLARSSL_CAMELLIA_C | |
1255 | * | |
1256 | * Enable the Camellia block cipher. | |
1257 | * | |
1258 | * Module: library/camellia.c | |
1259 | * Caller: library/ssl_tls.c | |
1260 | * | |
1261 | * This module enables the following ciphersuites (if other requisites are | |
1262 | * enabled as well): | |
1263 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 | |
1264 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 | |
1265 | * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 | |
1266 | * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 | |
1267 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 | |
1268 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 | |
1269 | * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 | |
1270 | * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 | |
1271 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 | |
1272 | * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 | |
1273 | * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 | |
1274 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 | |
1275 | * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 | |
1276 | * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 | |
1277 | * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | |
1278 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 | |
1279 | * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 | |
1280 | * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 | |
1281 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 | |
1282 | * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 | |
1283 | * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 | |
1284 | * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | |
1285 | * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 | |
1286 | * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 | |
1287 | * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 | |
1288 | * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 | |
1289 | * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 | |
1290 | * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 | |
1291 | * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 | |
1292 | * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 | |
1293 | * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | |
1294 | * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 | |
1295 | * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 | |
1296 | * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | |
1297 | * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 | |
1298 | * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 | |
1299 | * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 | |
1300 | * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 | |
1301 | * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 | |
1302 | * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 | |
1303 | * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 | |
1304 | * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 | |
1305 | */ | |
1306 | #define POLARSSL_CAMELLIA_C | |
1307 | ||
1308 | /** | |
1309 | * \def POLARSSL_CCM_C | |
1310 | * | |
1311 | * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. | |
1312 | * | |
1313 | * Module: library/ccm.c | |
1314 | * | |
1315 | * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C | |
1316 | * | |
1317 | * This module enables the AES-CCM ciphersuites, if other requisites are | |
1318 | * enabled as well. | |
1319 | */ | |
1320 | #define POLARSSL_CCM_C | |
1321 | ||
1322 | /** | |
1323 | * \def POLARSSL_CERTS_C | |
1324 | * | |
1325 | * Enable the test certificates. | |
1326 | * | |
1327 | * Module: library/certs.c | |
1328 | * Caller: | |
1329 | * | |
1330 | * Requires: POLARSSL_PEM_PARSE_C | |
1331 | * | |
1332 | * This module is used for testing (ssl_client/server). | |
1333 | */ | |
1334 | #define POLARSSL_CERTS_C | |
1335 | ||
1336 | /** | |
1337 | * \def POLARSSL_CIPHER_C | |
1338 | * | |
1339 | * Enable the generic cipher layer. | |
1340 | * | |
1341 | * Module: library/cipher.c | |
1342 | * Caller: library/ssl_tls.c | |
1343 | * | |
1344 | * Uncomment to enable generic cipher wrappers. | |
1345 | */ | |
1346 | #define POLARSSL_CIPHER_C | |
1347 | ||
1348 | /** | |
1349 | * \def POLARSSL_CTR_DRBG_C | |
1350 | * | |
1351 | * Enable the CTR_DRBG AES-256-based random generator. | |
1352 | * | |
1353 | * Module: library/ctr_drbg.c | |
1354 | * Caller: | |
1355 | * | |
1356 | * Requires: POLARSSL_AES_C | |
1357 | * | |
1358 | * This module provides the CTR_DRBG AES-256 random number generator. | |
1359 | */ | |
1360 | #define POLARSSL_CTR_DRBG_C | |
1361 | ||
1362 | /** | |
1363 | * \def POLARSSL_DEBUG_C | |
1364 | * | |
1365 | * Enable the debug functions. | |
1366 | * | |
1367 | * Module: library/debug.c | |
1368 | * Caller: library/ssl_cli.c | |
1369 | * library/ssl_srv.c | |
1370 | * library/ssl_tls.c | |
1371 | * | |
1372 | * This module provides debugging functions. | |
1373 | */ | |
1374 | #define POLARSSL_DEBUG_C | |
1375 | ||
1376 | /** | |
1377 | * \def POLARSSL_DES_C | |
1378 | * | |
1379 | * Enable the DES block cipher. | |
1380 | * | |
1381 | * Module: library/des.c | |
1382 | * Caller: library/pem.c | |
1383 | * library/ssl_tls.c | |
1384 | * | |
1385 | * This module enables the following ciphersuites (if other requisites are | |
1386 | * enabled as well): | |
1387 | * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | |
1388 | * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | |
1389 | * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | |
1390 | * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | |
1391 | * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | |
1392 | * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA | |
1393 | * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA | |
1394 | * TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
1395 | * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA | |
1396 | * TLS_PSK_WITH_3DES_EDE_CBC_SHA | |
1397 | * | |
1398 | * PEM_PARSE uses DES/3DES for decrypting encrypted keys. | |
1399 | */ | |
1400 | #define POLARSSL_DES_C | |
1401 | ||
1402 | /** | |
1403 | * \def POLARSSL_DHM_C | |
1404 | * | |
1405 | * Enable the Diffie-Hellman-Merkle module. | |
1406 | * | |
1407 | * Module: library/dhm.c | |
1408 | * Caller: library/ssl_cli.c | |
1409 | * library/ssl_srv.c | |
1410 | * | |
1411 | * This module is used by the following key exchanges: | |
1412 | * DHE-RSA, DHE-PSK | |
1413 | */ | |
1414 | #define POLARSSL_DHM_C | |
1415 | ||
1416 | /** | |
1417 | * \def POLARSSL_ECDH_C | |
1418 | * | |
1419 | * Enable the elliptic curve Diffie-Hellman library. | |
1420 | * | |
1421 | * Module: library/ecdh.c | |
1422 | * Caller: library/ssl_cli.c | |
1423 | * library/ssl_srv.c | |
1424 | * | |
1425 | * This module is used by the following key exchanges: | |
1426 | * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK | |
1427 | * | |
1428 | * Requires: POLARSSL_ECP_C | |
1429 | */ | |
1430 | #define POLARSSL_ECDH_C | |
1431 | ||
1432 | /** | |
1433 | * \def POLARSSL_ECDSA_C | |
1434 | * | |
1435 | * Enable the elliptic curve DSA library. | |
1436 | * | |
1437 | * Module: library/ecdsa.c | |
1438 | * Caller: | |
1439 | * | |
1440 | * This module is used by the following key exchanges: | |
1441 | * ECDHE-ECDSA | |
1442 | * | |
1443 | * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C | |
1444 | */ | |
1445 | #define POLARSSL_ECDSA_C | |
1446 | ||
1447 | /** | |
1448 | * \def POLARSSL_ECP_C | |
1449 | * | |
1450 | * Enable the elliptic curve over GF(p) library. | |
1451 | * | |
1452 | * Module: library/ecp.c | |
1453 | * Caller: library/ecdh.c | |
1454 | * library/ecdsa.c | |
1455 | * | |
1456 | * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED | |
1457 | */ | |
1458 | #define POLARSSL_ECP_C | |
1459 | ||
1460 | /** | |
1461 | * \def POLARSSL_ENTROPY_C | |
1462 | * | |
1463 | * Enable the platform-specific entropy code. | |
1464 | * | |
1465 | * Module: library/entropy.c | |
1466 | * Caller: | |
1467 | * | |
1468 | * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C | |
1469 | * | |
1470 | * This module provides a generic entropy pool | |
1471 | */ | |
1472 | #define POLARSSL_ENTROPY_C | |
1473 | ||
1474 | /** | |
1475 | * \def POLARSSL_ERROR_C | |
1476 | * | |
1477 | * Enable error code to error string conversion. | |
1478 | * | |
1479 | * Module: library/error.c | |
1480 | * Caller: | |
1481 | * | |
1482 | * This module enables polarssl_strerror(). | |
1483 | */ | |
1484 | #define POLARSSL_ERROR_C | |
1485 | ||
1486 | /** | |
1487 | * \def POLARSSL_GCM_C | |
1488 | * | |
1489 | * Enable the Galois/Counter Mode (GCM) for AES. | |
1490 | * | |
1491 | * Module: library/gcm.c | |
1492 | * | |
1493 | * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C | |
1494 | * | |
1495 | * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other | |
1496 | * requisites are enabled as well. | |
1497 | */ | |
1498 | #define POLARSSL_GCM_C | |
1499 | ||
1500 | /** | |
1501 | * \def POLARSSL_HAVEGE_C | |
1502 | * | |
1503 | * Enable the HAVEGE random generator. | |
1504 | * | |
1505 | * Warning: the HAVEGE random generator is not suitable for virtualized | |
1506 | * environments | |
1507 | * | |
1508 | * Warning: the HAVEGE random generator is dependent on timing and specific | |
1509 | * processor traits. It is therefore not advised to use HAVEGE as | |
1510 | * your applications primary random generator or primary entropy pool | |
1511 | * input. As a secondary input to your entropy pool, it IS able add | |
1512 | * the (limited) extra entropy it provides. | |
1513 | * | |
1514 | * Module: library/havege.c | |
1515 | * Caller: | |
1516 | * | |
1517 | * Requires: POLARSSL_TIMING_C | |
1518 | * | |
1519 | * Uncomment to enable the HAVEGE random generator. | |
1520 | */ | |
1521 | //#define POLARSSL_HAVEGE_C | |
1522 | ||
1523 | /** | |
1524 | * \def POLARSSL_HMAC_DRBG_C | |
1525 | * | |
1526 | * Enable the HMAC_DRBG random generator. | |
1527 | * | |
1528 | * Module: library/hmac_drbg.c | |
1529 | * Caller: | |
1530 | * | |
1531 | * Requires: POLARSSL_MD_C | |
1532 | * | |
1533 | * Uncomment to enable the HMAC_DRBG random number geerator. | |
1534 | */ | |
1535 | #define POLARSSL_HMAC_DRBG_C | |
1536 | ||
1537 | /** | |
1538 | * \def POLARSSL_MD_C | |
1539 | * | |
1540 | * Enable the generic message digest layer. | |
1541 | * | |
1542 | * Module: library/md.c | |
1543 | * Caller: | |
1544 | * | |
1545 | * Uncomment to enable generic message digest wrappers. | |
1546 | */ | |
1547 | #define POLARSSL_MD_C | |
1548 | ||
1549 | /** | |
1550 | * \def POLARSSL_MD2_C | |
1551 | * | |
1552 | * Enable the MD2 hash algorithm. | |
1553 | * | |
1554 | * Module: library/md2.c | |
1555 | * Caller: | |
1556 | * | |
1557 | * Uncomment to enable support for (rare) MD2-signed X.509 certs. | |
1558 | */ | |
1559 | //#define POLARSSL_MD2_C | |
1560 | ||
1561 | /** | |
1562 | * \def POLARSSL_MD4_C | |
1563 | * | |
1564 | * Enable the MD4 hash algorithm. | |
1565 | * | |
1566 | * Module: library/md4.c | |
1567 | * Caller: | |
1568 | * | |
1569 | * Uncomment to enable support for (rare) MD4-signed X.509 certs. | |
1570 | */ | |
1571 | //#define POLARSSL_MD4_C | |
1572 | ||
1573 | /** | |
1574 | * \def POLARSSL_MD5_C | |
1575 | * | |
1576 | * Enable the MD5 hash algorithm. | |
1577 | * | |
1578 | * Module: library/md5.c | |
1579 | * Caller: library/md.c | |
1580 | * library/pem.c | |
1581 | * library/ssl_tls.c | |
1582 | * | |
1583 | * This module is required for SSL/TLS and X.509. | |
1584 | * PEM_PARSE uses MD5 for decrypting encrypted keys. | |
1585 | */ | |
1586 | #define POLARSSL_MD5_C | |
1587 | ||
1588 | /** | |
1589 | * \def POLARSSL_MEMORY_C | |
1590 | * Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead. | |
1591 | */ | |
1592 | //#define POLARSSL_MEMORY_C | |
1593 | ||
1594 | /** | |
1595 | * \def POLARSSL_MEMORY_BUFFER_ALLOC_C | |
1596 | * | |
1597 | * Enable the buffer allocator implementation that makes use of a (stack) | |
1598 | * based buffer to 'allocate' dynamic memory. (replaces malloc() and free() | |
1599 | * calls) | |
1600 | * | |
1601 | * Module: library/memory_buffer_alloc.c | |
1602 | * | |
1603 | * Requires: POLARSSL_PLATFORM_C | |
1604 | * POLARSSL_PLATFORM_MEMORY (to use it within PolarSSL) | |
1605 | * | |
1606 | * Enable this module to enable the buffer memory allocator. | |
1607 | */ | |
1608 | //#define POLARSSL_MEMORY_BUFFER_ALLOC_C | |
1609 | ||
1610 | /** | |
1611 | * \def POLARSSL_NET_C | |
1612 | * | |
1613 | * Enable the TCP/IP networking routines. | |
1614 | * | |
1615 | * Module: library/net.c | |
1616 | * | |
1617 | * This module provides TCP/IP networking routines. | |
1618 | */ | |
1619 | #define POLARSSL_NET_C | |
1620 | ||
1621 | /** | |
1622 | * \def POLARSSL_OID_C | |
1623 | * | |
1624 | * Enable the OID database. | |
1625 | * | |
1626 | * Module: library/oid.c | |
1627 | * Caller: library/asn1write.c | |
1628 | * library/pkcs5.c | |
1629 | * library/pkparse.c | |
1630 | * library/pkwrite.c | |
1631 | * library/rsa.c | |
1632 | * library/x509.c | |
1633 | * library/x509_create.c | |
1634 | * library/x509_crl.c | |
1635 | * library/x509_crt.c | |
1636 | * library/x509_csr.c | |
1637 | * library/x509write_crt.c | |
1638 | * library/x509write_csr.c | |
1639 | * | |
1640 | * This modules translates between OIDs and internal values. | |
1641 | */ | |
1642 | #define POLARSSL_OID_C | |
1643 | ||
1644 | /** | |
1645 | * \def POLARSSL_PADLOCK_C | |
1646 | * | |
1647 | * Enable VIA Padlock support on x86. | |
1648 | * | |
1649 | * Module: library/padlock.c | |
1650 | * Caller: library/aes.c | |
1651 | * | |
1652 | * Requires: POLARSSL_HAVE_ASM | |
1653 | * | |
1654 | * This modules adds support for the VIA PadLock on x86. | |
1655 | */ | |
1656 | //#define POLARSSL_PADLOCK_C | |
1657 | ||
1658 | /** | |
1659 | * \def POLARSSL_PBKDF2_C | |
1660 | * | |
1661 | * Enable PKCS#5 PBKDF2 key derivation function. | |
1662 | * DEPRECATED: Use POLARSSL_PKCS5_C instead | |
1663 | * | |
1664 | * Module: library/pbkdf2.c | |
1665 | * | |
1666 | * Requires: POLARSSL_PKCS5_C | |
1667 | * | |
1668 | * This module adds support for the PKCS#5 PBKDF2 key derivation function. | |
1669 | */ | |
1670 | #define POLARSSL_PBKDF2_C | |
1671 | ||
1672 | /** | |
1673 | * \def POLARSSL_PEM_PARSE_C | |
1674 | * | |
1675 | * Enable PEM decoding / parsing. | |
1676 | * | |
1677 | * Module: library/pem.c | |
1678 | * Caller: library/dhm.c | |
1679 | * library/pkparse.c | |
1680 | * library/x509_crl.c | |
1681 | * library/x509_crt.c | |
1682 | * library/x509_csr.c | |
1683 | * | |
1684 | * Requires: POLARSSL_BASE64_C | |
1685 | * | |
1686 | * This modules adds support for decoding / parsing PEM files. | |
1687 | */ | |
1688 | #define POLARSSL_PEM_PARSE_C | |
1689 | ||
1690 | /** | |
1691 | * \def POLARSSL_PEM_WRITE_C | |
1692 | * | |
1693 | * Enable PEM encoding / writing. | |
1694 | * | |
1695 | * Module: library/pem.c | |
1696 | * Caller: library/pkwrite.c | |
1697 | * library/x509write_crt.c | |
1698 | * library/x509write_csr.c | |
1699 | * | |
1700 | * Requires: POLARSSL_BASE64_C | |
1701 | * | |
1702 | * This modules adds support for encoding / writing PEM files. | |
1703 | */ | |
1704 | #define POLARSSL_PEM_WRITE_C | |
1705 | ||
1706 | /** | |
1707 | * \def POLARSSL_PK_C | |
1708 | * | |
1709 | * Enable the generic public (asymetric) key layer. | |
1710 | * | |
1711 | * Module: library/pk.c | |
1712 | * Caller: library/ssl_tls.c | |
1713 | * library/ssl_cli.c | |
1714 | * library/ssl_srv.c | |
1715 | * | |
1716 | * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C | |
1717 | * | |
1718 | * Uncomment to enable generic public key wrappers. | |
1719 | */ | |
1720 | #define POLARSSL_PK_C | |
1721 | ||
1722 | /** | |
1723 | * \def POLARSSL_PK_PARSE_C | |
1724 | * | |
1725 | * Enable the generic public (asymetric) key parser. | |
1726 | * | |
1727 | * Module: library/pkparse.c | |
1728 | * Caller: library/x509_crt.c | |
1729 | * library/x509_csr.c | |
1730 | * | |
1731 | * Requires: POLARSSL_PK_C | |
1732 | * | |
1733 | * Uncomment to enable generic public key parse functions. | |
1734 | */ | |
1735 | #define POLARSSL_PK_PARSE_C | |
1736 | ||
1737 | /** | |
1738 | * \def POLARSSL_PK_WRITE_C | |
1739 | * | |
1740 | * Enable the generic public (asymetric) key writer. | |
1741 | * | |
1742 | * Module: library/pkwrite.c | |
1743 | * Caller: library/x509write.c | |
1744 | * | |
1745 | * Requires: POLARSSL_PK_C | |
1746 | * | |
1747 | * Uncomment to enable generic public key write functions. | |
1748 | */ | |
1749 | #define POLARSSL_PK_WRITE_C | |
1750 | ||
1751 | /** | |
1752 | * \def POLARSSL_PKCS5_C | |
1753 | * | |
1754 | * Enable PKCS#5 functions. | |
1755 | * | |
1756 | * Module: library/pkcs5.c | |
1757 | * | |
1758 | * Requires: POLARSSL_MD_C | |
1759 | * | |
1760 | * This module adds support for the PKCS#5 functions. | |
1761 | */ | |
1762 | #define POLARSSL_PKCS5_C | |
1763 | ||
1764 | /** | |
1765 | * \def POLARSSL_PKCS11_C | |
1766 | * | |
1767 | * Enable wrapper for PKCS#11 smartcard support. | |
1768 | * | |
1769 | * Module: library/pkcs11.c | |
1770 | * Caller: library/pk.c | |
1771 | * | |
1772 | * Requires: POLARSSL_PK_C | |
1773 | * | |
1774 | * This module enables SSL/TLS PKCS #11 smartcard support. | |
1775 | * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) | |
1776 | */ | |
1777 | //#define POLARSSL_PKCS11_C | |
1778 | ||
1779 | /** | |
1780 | * \def POLARSSL_PKCS12_C | |
1781 | * | |
1782 | * Enable PKCS#12 PBE functions. | |
1783 | * Adds algorithms for parsing PKCS#8 encrypted private keys | |
1784 | * | |
1785 | * Module: library/pkcs12.c | |
1786 | * Caller: library/pkparse.c | |
1787 | * | |
1788 | * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C | |
1789 | * Can use: POLARSSL_ARC4_C | |
1790 | * | |
1791 | * This module enables PKCS#12 functions. | |
1792 | */ | |
1793 | #define POLARSSL_PKCS12_C | |
1794 | ||
1795 | /** | |
1796 | * \def POLARSSL_PLATFORM_C | |
1797 | * | |
1798 | * Enable the platform abstraction layer that allows you to re-assign | |
1799 | * functions like malloc(), free(), printf(), fprintf() | |
1800 | * | |
1801 | * Module: library/platform.c | |
1802 | * Caller: Most other .c files | |
1803 | * | |
1804 | * This module enables abstraction of common (libc) functions. | |
1805 | */ | |
1806 | //#define POLARSSL_PLATFORM_C | |
1807 | ||
1808 | /** | |
1809 | * \def POLARSSL_RIPEMD160_C | |
1810 | * | |
1811 | * Enable the RIPEMD-160 hash algorithm. | |
1812 | * | |
1813 | * Module: library/ripemd160.c | |
1814 | * Caller: library/md.c | |
1815 | * | |
1816 | */ | |
1817 | #define POLARSSL_RIPEMD160_C | |
1818 | ||
1819 | /** | |
1820 | * \def POLARSSL_RSA_C | |
1821 | * | |
1822 | * Enable the RSA public-key cryptosystem. | |
1823 | * | |
1824 | * Module: library/rsa.c | |
1825 | * Caller: library/ssl_cli.c | |
1826 | * library/ssl_srv.c | |
1827 | * library/ssl_tls.c | |
1828 | * library/x509.c | |
1829 | * | |
1830 | * This module is used by the following key exchanges: | |
1831 | * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK | |
1832 | * | |
1833 | * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C | |
1834 | */ | |
1835 | #define POLARSSL_RSA_C | |
1836 | ||
1837 | /** | |
1838 | * \def POLARSSL_SHA1_C | |
1839 | * | |
1840 | * Enable the SHA1 cryptographic hash algorithm. | |
1841 | * | |
1842 | * Module: library/sha1.c | |
1843 | * Caller: library/md.c | |
1844 | * library/ssl_cli.c | |
1845 | * library/ssl_srv.c | |
1846 | * library/ssl_tls.c | |
1847 | * library/x509write_crt.c | |
1848 | * | |
1849 | * This module is required for SSL/TLS and SHA1-signed certificates. | |
1850 | */ | |
1851 | #define POLARSSL_SHA1_C | |
1852 | ||
1853 | /** | |
1854 | * \def POLARSSL_SHA256_C | |
1855 | * | |
1856 | * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. | |
1857 | * (Used to be POLARSSL_SHA2_C) | |
1858 | * | |
1859 | * Module: library/sha256.c | |
1860 | * Caller: library/entropy.c | |
1861 | * library/md.c | |
1862 | * library/ssl_cli.c | |
1863 | * library/ssl_srv.c | |
1864 | * library/ssl_tls.c | |
1865 | * | |
1866 | * This module adds support for SHA-224 and SHA-256. | |
1867 | * This module is required for the SSL/TLS 1.2 PRF function. | |
1868 | */ | |
1869 | #define POLARSSL_SHA256_C | |
1870 | ||
1871 | /** | |
1872 | * \def POLARSSL_SHA512_C | |
1873 | * | |
1874 | * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. | |
1875 | * (Used to be POLARSSL_SHA4_C) | |
1876 | * | |
1877 | * Module: library/sha512.c | |
1878 | * Caller: library/entropy.c | |
1879 | * library/md.c | |
1880 | * library/ssl_cli.c | |
1881 | * library/ssl_srv.c | |
1882 | * | |
1883 | * This module adds support for SHA-384 and SHA-512. | |
1884 | */ | |
1885 | #define POLARSSL_SHA512_C | |
1886 | ||
1887 | /** | |
1888 | * \def POLARSSL_SSL_CACHE_C | |
1889 | * | |
1890 | * Enable simple SSL cache implementation. | |
1891 | * | |
1892 | * Module: library/ssl_cache.c | |
1893 | * Caller: | |
1894 | * | |
1895 | * Requires: POLARSSL_SSL_CACHE_C | |
1896 | */ | |
1897 | #define POLARSSL_SSL_CACHE_C | |
1898 | ||
1899 | /** | |
1900 | * \def POLARSSL_SSL_CLI_C | |
1901 | * | |
1902 | * Enable the SSL/TLS client code. | |
1903 | * | |
1904 | * Module: library/ssl_cli.c | |
1905 | * Caller: | |
1906 | * | |
1907 | * Requires: POLARSSL_SSL_TLS_C | |
1908 | * | |
1909 | * This module is required for SSL/TLS client support. | |
1910 | */ | |
1911 | #define POLARSSL_SSL_CLI_C | |
1912 | ||
1913 | /** | |
1914 | * \def POLARSSL_SSL_SRV_C | |
1915 | * | |
1916 | * Enable the SSL/TLS server code. | |
1917 | * | |
1918 | * Module: library/ssl_srv.c | |
1919 | * Caller: | |
1920 | * | |
1921 | * Requires: POLARSSL_SSL_TLS_C | |
1922 | * | |
1923 | * This module is required for SSL/TLS server support. | |
1924 | */ | |
1925 | #define POLARSSL_SSL_SRV_C | |
1926 | ||
1927 | /** | |
1928 | * \def POLARSSL_SSL_TLS_C | |
1929 | * | |
1930 | * Enable the generic SSL/TLS code. | |
1931 | * | |
1932 | * Module: library/ssl_tls.c | |
1933 | * Caller: library/ssl_cli.c | |
1934 | * library/ssl_srv.c | |
1935 | * | |
1936 | * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C | |
1937 | * and at least one of the POLARSSL_SSL_PROTO_* defines | |
1938 | * | |
1939 | * This module is required for SSL/TLS. | |
1940 | */ | |
1941 | #define POLARSSL_SSL_TLS_C | |
1942 | ||
1943 | /** | |
1944 | * \def POLARSSL_THREADING_C | |
1945 | * | |
1946 | * Enable the threading abstraction layer. | |
1947 | * By default PolarSSL assumes it is used in a non-threaded environment or that | |
1948 | * contexts are not shared between threads. If you do intend to use contexts | |
1949 | * between threads, you will need to enable this layer to prevent race | |
1950 | * conditions. | |
1951 | * | |
1952 | * Module: library/threading.c | |
1953 | * | |
1954 | * This allows different threading implementations (self-implemented or | |
1955 | * provided). | |
1956 | * | |
1957 | * You will have to enable either POLARSSL_THREADING_ALT or | |
1958 | * POLARSSL_THREADING_PTHREAD. | |
1959 | * | |
1960 | * Enable this layer to allow use of mutexes within PolarSSL | |
1961 | */ | |
1962 | //#define POLARSSL_THREADING_C | |
1963 | ||
1964 | /** | |
1965 | * \def POLARSSL_TIMING_C | |
1966 | * | |
1967 | * Enable the portable timing interface. | |
1968 | * | |
1969 | * Module: library/timing.c | |
1970 | * Caller: library/havege.c | |
1971 | * | |
1972 | * This module is used by the HAVEGE random number generator. | |
1973 | */ | |
1974 | #define POLARSSL_TIMING_C | |
1975 | ||
1976 | /** | |
1977 | * \def POLARSSL_VERSION_C | |
1978 | * | |
1979 | * Enable run-time version information. | |
1980 | * | |
1981 | * Module: library/version.c | |
1982 | * | |
1983 | * This module provides run-time version information. | |
1984 | */ | |
1985 | #define POLARSSL_VERSION_C | |
1986 | ||
1987 | /** | |
1988 | * \def POLARSSL_X509_USE_C | |
1989 | * | |
1990 | * Enable X.509 core for using certificates. | |
1991 | * | |
1992 | * Module: library/x509.c | |
1993 | * Caller: library/x509_crl.c | |
1994 | * library/x509_crt.c | |
1995 | * library/x509_csr.c | |
1996 | * | |
1997 | * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C, | |
1998 | * POLARSSL_PK_PARSE_C | |
1999 | * | |
2000 | * This module is required for the X.509 parsing modules. | |
2001 | */ | |
2002 | #define POLARSSL_X509_USE_C | |
2003 | ||
2004 | /** | |
2005 | * \def POLARSSL_X509_CRT_PARSE_C | |
2006 | * | |
2007 | * Enable X.509 certificate parsing. | |
2008 | * | |
2009 | * Module: library/x509_crt.c | |
2010 | * Caller: library/ssl_cli.c | |
2011 | * library/ssl_srv.c | |
2012 | * library/ssl_tls.c | |
2013 | * | |
2014 | * Requires: POLARSSL_X509_USE_C | |
2015 | * | |
2016 | * This module is required for X.509 certificate parsing. | |
2017 | */ | |
2018 | #define POLARSSL_X509_CRT_PARSE_C | |
2019 | ||
2020 | /** | |
2021 | * \def POLARSSL_X509_CRL_PARSE_C | |
2022 | * | |
2023 | * Enable X.509 CRL parsing. | |
2024 | * | |
2025 | * Module: library/x509_crl.c | |
2026 | * Caller: library/x509_crt.c | |
2027 | * | |
2028 | * Requires: POLARSSL_X509_USE_C | |
2029 | * | |
2030 | * This module is required for X.509 CRL parsing. | |
2031 | */ | |
2032 | #define POLARSSL_X509_CRL_PARSE_C | |
2033 | ||
2034 | /** | |
2035 | * \def POLARSSL_X509_CSR_PARSE_C | |
2036 | * | |
2037 | * Enable X.509 Certificate Signing Request (CSR) parsing. | |
2038 | * | |
2039 | * Module: library/x509_csr.c | |
2040 | * Caller: library/x509_crt_write.c | |
2041 | * | |
2042 | * Requires: POLARSSL_X509_USE_C | |
2043 | * | |
2044 | * This module is used for reading X.509 certificate request. | |
2045 | */ | |
2046 | #define POLARSSL_X509_CSR_PARSE_C | |
2047 | ||
2048 | /** | |
2049 | * \def POLARSSL_X509_CREATE_C | |
2050 | * | |
2051 | * Enable X.509 core for creating certificates. | |
2052 | * | |
2053 | * Module: library/x509_create.c | |
2054 | * | |
2055 | * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C | |
2056 | * | |
2057 | * This module is the basis for creating X.509 certificates and CSRs. | |
2058 | */ | |
2059 | #define POLARSSL_X509_CREATE_C | |
2060 | ||
2061 | /** | |
2062 | * \def POLARSSL_X509_CRT_WRITE_C | |
2063 | * | |
2064 | * Enable creating X.509 certificates. | |
2065 | * | |
2066 | * Module: library/x509_crt_write.c | |
2067 | * | |
2068 | * Requires: POLARSSL_CREATE_C | |
2069 | * | |
2070 | * This module is required for X.509 certificate creation. | |
2071 | */ | |
2072 | #define POLARSSL_X509_CRT_WRITE_C | |
2073 | ||
2074 | /** | |
2075 | * \def POLARSSL_X509_CSR_WRITE_C | |
2076 | * | |
2077 | * Enable creating X.509 Certificate Signing Requests (CSR). | |
2078 | * | |
2079 | * Module: library/x509_csr_write.c | |
2080 | * | |
2081 | * Requires: POLARSSL_CREATE_C | |
2082 | * | |
2083 | * This module is required for X.509 certificate request writing. | |
2084 | */ | |
2085 | #define POLARSSL_X509_CSR_WRITE_C | |
2086 | ||
2087 | /** | |
2088 | * \def POLARSSL_XTEA_C | |
2089 | * | |
2090 | * Enable the XTEA block cipher. | |
2091 | * | |
2092 | * Module: library/xtea.c | |
2093 | * Caller: | |
2094 | */ | |
2095 | #define POLARSSL_XTEA_C | |
2096 | ||
2097 | /* \} name SECTION: PolarSSL modules */ | |
2098 | ||
2099 | /** | |
2100 | * \name SECTION: Module configuration options | |
2101 | * | |
2102 | * This section allows for the setting of module specific sizes and | |
2103 | * configuration options. The default values are already present in the | |
2104 | * relevant header files and should suffice for the regular use cases. | |
2105 | * | |
2106 | * Our advice is to enable options and change their values here | |
2107 | * only if you have a good reason and know the consequences. | |
2108 | * | |
2109 | * Please check the respective header file for documentation on these | |
2110 | * parameters (to prevent duplicate documentation). | |
2111 | * \{ | |
2112 | */ | |
2113 | ||
2114 | /* MPI / BIGNUM options */ | |
2115 | //#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ | |
2116 | //#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ | |
2117 | ||
2118 | /* CTR_DRBG options */ | |
2119 | //#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ | |
2120 | //#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ | |
2121 | //#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ | |
2122 | //#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ | |
2123 | //#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ | |
2124 | ||
2125 | /* HMAC_DRBG options */ | |
2126 | //#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ | |
2127 | //#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ | |
2128 | //#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ | |
2129 | //#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ | |
2130 | ||
2131 | /* ECP options */ | |
2132 | //#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ | |
2133 | //#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ | |
2134 | //#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ | |
2135 | ||
2136 | /* Entropy options */ | |
2137 | //#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ | |
2138 | //#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ | |
2139 | ||
2140 | /* Memory buffer allocator options */ | |
2141 | //#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ | |
2142 | ||
2143 | /* Platform options */ | |
2144 | //#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ | |
2145 | //#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ | |
2146 | //#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ | |
2147 | //#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ | |
2148 | //#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ | |
2149 | ||
2150 | /* SSL Cache options */ | |
2151 | //#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ | |
2152 | //#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ | |
2153 | ||
2154 | /* SSL options */ | |
2155 | //#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ | |
2156 | //#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ | |
2157 | //#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ | |
2158 | ||
2159 | /** | |
2160 | * Complete list of ciphersuites to use, in order of preference. | |
2161 | * | |
2162 | * \warning No dependency checking is done on that field! This option can only | |
2163 | * be used to restrict the set of available ciphersuites. It is your | |
2164 | * responsibility to make sure the needed modules are active. | |
2165 | * | |
2166 | * Use this to save a few hundred bytes of ROM (default ordering of all | |
2167 | * available ciphersuites) and a few to a few hundred bytes of RAM. | |
2168 | * | |
2169 | * The value below is only an example, not the default. | |
2170 | */ | |
2171 | //#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | |
2172 | ||
2173 | /* Debug options */ | |
2174 | //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */ | |
2175 | ||
2176 | /* \} name SECTION: Module configuration options */ | |
2177 | ||
2178 | ||
2179 | #endif /* POLARSSL_CONFIG_H */ |