Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
Embed:
(wiki syntax)
Show/hide line numbers
config_orig.h
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * Copyright (C) 2006-2014, Brainspark B.V. 00007 * 00008 * This file is part of PolarSSL (http://www.polarssl.org) 00009 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00010 * 00011 * All rights reserved. 00012 * 00013 * This program is free software; you can redistribute it and/or modify 00014 * it under the terms of the GNU General Public License as published by 00015 * the Free Software Foundation; either version 2 of the License, or 00016 * (at your option) any later version. 00017 * 00018 * This program is distributed in the hope that it will be useful, 00019 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00020 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00021 * GNU General Public License for more details. 00022 * 00023 * You should have received a copy of the GNU General Public License along 00024 * with this program; if not, write to the Free Software Foundation, Inc., 00025 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00026 * 00027 * This set of compile-time options may be used to enable 00028 * or disable features selectively, and reduce the global 00029 * memory footprint. 00030 */ 00031 #ifndef POLARSSL_CONFIG_H 00032 #define POLARSSL_CONFIG_H 00033 00034 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00035 #define _CRT_SECURE_NO_DEPRECATE 1 00036 #endif 00037 00038 /** 00039 * \name SECTION: System support 00040 * 00041 * This section sets system specific settings. 00042 * \{ 00043 */ 00044 00045 /** 00046 * \def POLARSSL_HAVE_INT8 00047 * 00048 * The system uses 8-bit wide native integers. 00049 * 00050 * Uncomment if native integers are 8-bit wide. 00051 */ 00052 //#define POLARSSL_HAVE_INT8 00053 00054 /** 00055 * \def POLARSSL_HAVE_INT16 00056 * 00057 * The system uses 16-bit wide native integers. 00058 * 00059 * Uncomment if native integers are 16-bit wide. 00060 */ 00061 //#define POLARSSL_HAVE_INT16 00062 00063 /** 00064 * \def POLARSSL_HAVE_LONGLONG 00065 * 00066 * The compiler supports the 'long long' type. 00067 * (Only used on 32-bit platforms) 00068 */ 00069 #define POLARSSL_HAVE_LONGLONG 00070 00071 /** 00072 * \def POLARSSL_HAVE_ASM 00073 * 00074 * The compiler has support for asm(). 00075 * 00076 * Requires support for asm() in compiler. 00077 * 00078 * Used in: 00079 * library/timing.c 00080 * library/padlock.c 00081 * include/polarssl/bn_mul.h 00082 * 00083 * Comment to disable the use of assembly code. 00084 */ 00085 #define POLARSSL_HAVE_ASM 00086 00087 /** 00088 * \def POLARSSL_HAVE_SSE2 00089 * 00090 * CPU supports SSE2 instruction set. 00091 * 00092 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00093 */ 00094 //#define POLARSSL_HAVE_SSE2 00095 00096 /** 00097 * \def POLARSSL_HAVE_TIME 00098 * 00099 * System has time.h and time() / localtime() / gettimeofday(). 00100 * 00101 * Comment if your system does not support time functions 00102 */ 00103 #define POLARSSL_HAVE_TIME 00104 00105 /** 00106 * \def POLARSSL_HAVE_IPV6 00107 * 00108 * System supports the basic socket interface for IPv6 (RFC 3493), 00109 * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage. 00110 * 00111 * Note: on Windows/MingW, XP or higher is required. 00112 * 00113 * Comment if your system does not support the IPv6 socket interface 00114 */ 00115 #define POLARSSL_HAVE_IPV6 00116 00117 /** 00118 * \def POLARSSL_PLATFORM_MEMORY 00119 * 00120 * Enable the memory allocation layer. 00121 * 00122 * By default PolarSSL uses the system-provided malloc() and free(). 00123 * This allows different allocators (self-implemented or provided) to be 00124 * provided to the platform abstraction layer. 00125 * 00126 * Enabling POLARSSL_PLATFORM_MEMORY will provide "platform_set_malloc_free()" 00127 * to allow you to set an alternative malloc() and free() function pointer. 00128 * 00129 * Requires: POLARSSL_PLATFORM_C 00130 * 00131 * Enable this layer to allow use of alternative memory allocators. 00132 */ 00133 //#define POLARSSL_PLATFORM_MEMORY 00134 00135 /** 00136 * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS 00137 * 00138 * Do not assign standard functions in the platform layer (e.g. malloc() to 00139 * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF) 00140 * 00141 * This makes sure there are no linking errors on platforms that do not support 00142 * these functions. You will HAVE to provide alternatives, either at runtime 00143 * via the platform_set_xxx() functions or at compile time by setting 00144 * the POLARSSL_PLATFORM_STD_XXX defines. 00145 * 00146 * Requires: POLARSSL_PLATFORM_C 00147 * 00148 * Uncomment to prevent default assignment of standard functions in the 00149 * platform layer. 00150 */ 00151 //#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS 00152 00153 /** 00154 * \def POLARSSL_PLATFORM_XXX_ALT 00155 * 00156 * Uncomment a macro to let PolarSSL support the function in the platform 00157 * abstraction layer. 00158 * 00159 * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, PolarSSL will 00160 * provide a function "platform_set_printf()" that allows you to set an 00161 * alternative printf function pointer. 00162 * 00163 * All these define require POLARSSL_PLATFORM_C to be defined! 00164 * 00165 * Uncomment a macro to enable alternate implementation of specific base 00166 * platform function 00167 */ 00168 //#define POLARSSL_PLATFORM_PRINTF_ALT 00169 //#define POLARSSL_PLATFORM_FPRINTF_ALT 00170 /* \} name SECTION: System support */ 00171 00172 /** 00173 * \name SECTION: PolarSSL feature support 00174 * 00175 * This section sets support for features that are or are not needed 00176 * within the modules that are enabled. 00177 * \{ 00178 */ 00179 00180 /** 00181 * \def POLARSSL_TIMING_ALT 00182 * 00183 * Uncomment to provide your own alternate implementation for hardclock(), 00184 * get_timer(), set_alarm() and m_sleep(). 00185 * 00186 * Only works if you have POLARSSL_TIMING_C enabled. 00187 * 00188 * You will need to provide a header "timing_alt.h" and an implementation at 00189 * compile time. 00190 */ 00191 //#define POLARSSL_TIMING_ALT 00192 00193 /** 00194 * \def POLARSSL_XXX_ALT 00195 * 00196 * Uncomment a macro to let PolarSSL use your alternate core implementation of 00197 * a symmetric or hash algorithm (e.g. platform specific assembly optimized 00198 * implementations). Keep in mind that the function prototypes should remain 00199 * the same. 00200 * 00201 * Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer 00202 * provide the "struct aes_context" definition and omit the base function 00203 * declarations and implementations. "aes_alt.h" will be included from 00204 * "aes.h" to include the new function definitions. 00205 * 00206 * Uncomment a macro to enable alternate implementation for core algorithm 00207 * functions 00208 */ 00209 //#define POLARSSL_AES_ALT 00210 //#define POLARSSL_ARC4_ALT 00211 //#define POLARSSL_BLOWFISH_ALT 00212 //#define POLARSSL_CAMELLIA_ALT 00213 //#define POLARSSL_DES_ALT 00214 //#define POLARSSL_XTEA_ALT 00215 //#define POLARSSL_MD2_ALT 00216 //#define POLARSSL_MD4_ALT 00217 //#define POLARSSL_MD5_ALT 00218 //#define POLARSSL_RIPEMD160_ALT 00219 //#define POLARSSL_SHA1_ALT 00220 //#define POLARSSL_SHA256_ALT 00221 //#define POLARSSL_SHA512_ALT 00222 00223 /** 00224 * \def POLARSSL_AES_ROM_TABLES 00225 * 00226 * Store the AES tables in ROM. 00227 * 00228 * Uncomment this macro to store the AES tables in ROM. 00229 * 00230 */ 00231 //#define POLARSSL_AES_ROM_TABLES 00232 00233 /** 00234 * \def POLARSSL_CIPHER_MODE_CBC 00235 * 00236 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00237 */ 00238 #define POLARSSL_CIPHER_MODE_CBC 00239 00240 /** 00241 * \def POLARSSL_CIPHER_MODE_CFB 00242 * 00243 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00244 */ 00245 #define POLARSSL_CIPHER_MODE_CFB 00246 00247 /** 00248 * \def POLARSSL_CIPHER_MODE_CTR 00249 * 00250 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00251 */ 00252 #define POLARSSL_CIPHER_MODE_CTR 00253 00254 /** 00255 * \def POLARSSL_CIPHER_NULL_CIPHER 00256 * 00257 * Enable NULL cipher. 00258 * Warning: Only do so when you know what you are doing. This allows for 00259 * encryption or channels without any security! 00260 * 00261 * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable 00262 * the following ciphersuites: 00263 * TLS_ECDH_ECDSA_WITH_NULL_SHA 00264 * TLS_ECDH_RSA_WITH_NULL_SHA 00265 * TLS_ECDHE_ECDSA_WITH_NULL_SHA 00266 * TLS_ECDHE_RSA_WITH_NULL_SHA 00267 * TLS_ECDHE_PSK_WITH_NULL_SHA384 00268 * TLS_ECDHE_PSK_WITH_NULL_SHA256 00269 * TLS_ECDHE_PSK_WITH_NULL_SHA 00270 * TLS_DHE_PSK_WITH_NULL_SHA384 00271 * TLS_DHE_PSK_WITH_NULL_SHA256 00272 * TLS_DHE_PSK_WITH_NULL_SHA 00273 * TLS_RSA_WITH_NULL_SHA256 00274 * TLS_RSA_WITH_NULL_SHA 00275 * TLS_RSA_WITH_NULL_MD5 00276 * TLS_RSA_PSK_WITH_NULL_SHA384 00277 * TLS_RSA_PSK_WITH_NULL_SHA256 00278 * TLS_RSA_PSK_WITH_NULL_SHA 00279 * TLS_PSK_WITH_NULL_SHA384 00280 * TLS_PSK_WITH_NULL_SHA256 00281 * TLS_PSK_WITH_NULL_SHA 00282 * 00283 * Uncomment this macro to enable the NULL cipher and ciphersuites 00284 */ 00285 //#define POLARSSL_CIPHER_NULL_CIPHER 00286 00287 /** 00288 * \def POLARSSL_CIPHER_PADDING_XXX 00289 * 00290 * Uncomment or comment macros to add support for specific padding modes 00291 * in the cipher layer with cipher modes that support padding (e.g. CBC) 00292 * 00293 * If you disable all padding modes, only full blocks can be used with CBC. 00294 * 00295 * Enable padding modes in the cipher layer. 00296 */ 00297 #define POLARSSL_CIPHER_PADDING_PKCS7 00298 #define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS 00299 #define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN 00300 #define POLARSSL_CIPHER_PADDING_ZEROS 00301 00302 /** 00303 * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES 00304 * 00305 * Enable weak ciphersuites in SSL / TLS. 00306 * Warning: Only do so when you know what you are doing. This allows for 00307 * channels with virtually no security at all! 00308 * 00309 * This enables the following ciphersuites: 00310 * TLS_RSA_WITH_DES_CBC_SHA 00311 * TLS_DHE_RSA_WITH_DES_CBC_SHA 00312 * 00313 * Uncomment this macro to enable weak ciphersuites 00314 */ 00315 //#define POLARSSL_ENABLE_WEAK_CIPHERSUITES 00316 00317 /** 00318 * \def POLARSSL_ECP_XXXX_ENABLED 00319 * 00320 * Enables specific curves within the Elliptic Curve module. 00321 * By default all supported curves are enabled. 00322 * 00323 * Comment macros to disable the curve and functions for it 00324 */ 00325 #define POLARSSL_ECP_DP_SECP192R1_ENABLED 00326 #define POLARSSL_ECP_DP_SECP224R1_ENABLED 00327 #define POLARSSL_ECP_DP_SECP256R1_ENABLED 00328 #define POLARSSL_ECP_DP_SECP384R1_ENABLED 00329 #define POLARSSL_ECP_DP_SECP521R1_ENABLED 00330 #define POLARSSL_ECP_DP_SECP192K1_ENABLED 00331 #define POLARSSL_ECP_DP_SECP224K1_ENABLED 00332 #define POLARSSL_ECP_DP_SECP256K1_ENABLED 00333 #define POLARSSL_ECP_DP_BP256R1_ENABLED 00334 #define POLARSSL_ECP_DP_BP384R1_ENABLED 00335 #define POLARSSL_ECP_DP_BP512R1_ENABLED 00336 //#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet! 00337 #define POLARSSL_ECP_DP_M255_ENABLED 00338 //#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet! 00339 //#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet! 00340 00341 /** 00342 * \def POLARSSL_ECP_NIST_OPTIM 00343 * 00344 * Enable specific 'modulo p' routines for each NIST prime. 00345 * Depending on the prime and architecture, makes operations 4 to 8 times 00346 * faster on the corresponding curve. 00347 * 00348 * Comment this macro to disable NIST curves optimisation. 00349 */ 00350 #define POLARSSL_ECP_NIST_OPTIM 00351 00352 /** 00353 * \def POLARSSL_ECDSA_DETERMINISTIC 00354 * 00355 * Enable deterministic ECDSA (RFC 6979). 00356 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00357 * may result in a compromise of the long-term signing key. This is avoided by 00358 * the deterministic variant. 00359 * 00360 * Requires: POLARSSL_HMAC_DRBG_C 00361 * 00362 * Comment this macro to disable deterministic ECDSA. 00363 */ 00364 #define POLARSSL_ECDSA_DETERMINISTIC 00365 00366 /** 00367 * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED 00368 * 00369 * Enable the PSK based ciphersuite modes in SSL / TLS. 00370 * 00371 * This enables the following ciphersuites (if other requisites are 00372 * enabled as well): 00373 * TLS_PSK_WITH_AES_256_GCM_SHA384 00374 * TLS_PSK_WITH_AES_256_CBC_SHA384 00375 * TLS_PSK_WITH_AES_256_CBC_SHA 00376 * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00377 * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00378 * TLS_PSK_WITH_AES_128_GCM_SHA256 00379 * TLS_PSK_WITH_AES_128_CBC_SHA256 00380 * TLS_PSK_WITH_AES_128_CBC_SHA 00381 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00382 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00383 * TLS_PSK_WITH_3DES_EDE_CBC_SHA 00384 * TLS_PSK_WITH_RC4_128_SHA 00385 */ 00386 #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED 00387 00388 /** 00389 * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED 00390 * 00391 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00392 * 00393 * Requires: POLARSSL_DHM_C 00394 * 00395 * This enables the following ciphersuites (if other requisites are 00396 * enabled as well): 00397 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00398 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00399 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00400 * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00401 * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00402 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00403 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00404 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00405 * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00406 * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00407 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00408 * TLS_DHE_PSK_WITH_RC4_128_SHA 00409 */ 00410 #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED 00411 00412 /** 00413 * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00414 * 00415 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00416 * 00417 * Requires: POLARSSL_ECDH_C 00418 * 00419 * This enables the following ciphersuites (if other requisites are 00420 * enabled as well): 00421 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00422 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00423 * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00424 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00425 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00426 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00427 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00428 * TLS_ECDHE_PSK_WITH_RC4_128_SHA 00429 */ 00430 #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00431 00432 /** 00433 * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED 00434 * 00435 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00436 * 00437 * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00438 * POLARSSL_X509_CRT_PARSE_C 00439 * 00440 * This enables the following ciphersuites (if other requisites are 00441 * enabled as well): 00442 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00443 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00444 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00445 * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00446 * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00447 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00448 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00449 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00450 * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00451 * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00452 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00453 * TLS_RSA_PSK_WITH_RC4_128_SHA 00454 */ 00455 #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED 00456 00457 /** 00458 * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED 00459 * 00460 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00461 * 00462 * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00463 * POLARSSL_X509_CRT_PARSE_C 00464 * 00465 * This enables the following ciphersuites (if other requisites are 00466 * enabled as well): 00467 * TLS_RSA_WITH_AES_256_GCM_SHA384 00468 * TLS_RSA_WITH_AES_256_CBC_SHA256 00469 * TLS_RSA_WITH_AES_256_CBC_SHA 00470 * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00471 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00472 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00473 * TLS_RSA_WITH_AES_128_GCM_SHA256 00474 * TLS_RSA_WITH_AES_128_CBC_SHA256 00475 * TLS_RSA_WITH_AES_128_CBC_SHA 00476 * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00477 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00478 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00479 * TLS_RSA_WITH_3DES_EDE_CBC_SHA 00480 * TLS_RSA_WITH_RC4_128_SHA 00481 * TLS_RSA_WITH_RC4_128_MD5 00482 */ 00483 #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED 00484 00485 /** 00486 * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED 00487 * 00488 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00489 * 00490 * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00491 * POLARSSL_X509_CRT_PARSE_C 00492 * 00493 * This enables the following ciphersuites (if other requisites are 00494 * enabled as well): 00495 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00496 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00497 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00498 * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00499 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00500 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00501 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00502 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00503 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00504 * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00505 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00506 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00507 * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00508 */ 00509 #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED 00510 00511 /** 00512 * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00513 * 00514 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00515 * 00516 * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00517 * POLARSSL_X509_CRT_PARSE_C 00518 * 00519 * This enables the following ciphersuites (if other requisites are 00520 * enabled as well): 00521 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00522 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00523 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00524 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00525 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00526 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00527 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00528 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00529 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00530 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00531 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00532 * TLS_ECDHE_RSA_WITH_RC4_128_SHA 00533 */ 00534 #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00535 00536 /** 00537 * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00538 * 00539 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00540 * 00541 * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, 00542 * 00543 * This enables the following ciphersuites (if other requisites are 00544 * enabled as well): 00545 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00546 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00547 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00548 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00549 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00550 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00551 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00552 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00553 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00554 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00555 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00556 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00557 */ 00558 #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00559 00560 /** 00561 * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00562 * 00563 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00564 * 00565 * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C 00566 * 00567 * This enables the following ciphersuites (if other requisites are 00568 * enabled as well): 00569 * TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00570 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00571 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00572 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00573 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00574 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00575 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00576 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00577 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00578 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00579 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00580 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00581 */ 00582 #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00583 00584 /** 00585 * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED 00586 * 00587 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00588 * 00589 * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C 00590 * 00591 * This enables the following ciphersuites (if other requisites are 00592 * enabled as well): 00593 * TLS_ECDH_RSA_WITH_RC4_128_SHA 00594 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00595 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00596 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00597 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00598 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00599 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00600 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00601 * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00602 * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00603 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00604 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00605 */ 00606 #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED 00607 00608 /** 00609 * \def POLARSSL_PK_PARSE_EC_EXTENDED 00610 * 00611 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00612 * RFC 5915 and RFC 5480. 00613 * 00614 * Currently this means parsing the SpecifiedECDomain choice of EC 00615 * parameters (only known groups are supported, not arbitrary domains, to 00616 * avoid validation issues). 00617 * 00618 * Disable if you only need to support RFC 5915 + 5480 key formats. 00619 */ 00620 #define POLARSSL_PK_PARSE_EC_EXTENDED 00621 00622 /** 00623 * \def POLARSSL_ERROR_STRERROR_BC 00624 * 00625 * Make available the backward compatible error_strerror() next to the 00626 * current polarssl_strerror(). 00627 * 00628 * Disable if you run into name conflicts and want to really remove the 00629 * error_strerror() 00630 */ 00631 #define POLARSSL_ERROR_STRERROR_BC 00632 00633 /** 00634 * \def POLARSSL_ERROR_STRERROR_DUMMY 00635 * 00636 * Enable a dummy error function to make use of polarssl_strerror() in 00637 * third party libraries easier. 00638 * 00639 * Disable if you run into name conflicts and want to really remove the 00640 * polarssl_strerror() 00641 */ 00642 #define POLARSSL_ERROR_STRERROR_DUMMY 00643 00644 /** 00645 * \def POLARSSL_GENPRIME 00646 * 00647 * Enable the prime-number generation code. 00648 * 00649 * Requires: POLARSSL_BIGNUM_C 00650 */ 00651 #define POLARSSL_GENPRIME 00652 00653 /** 00654 * \def POLARSSL_FS_IO 00655 * 00656 * Enable functions that use the filesystem. 00657 */ 00658 #define POLARSSL_FS_IO 00659 00660 /** 00661 * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES 00662 * 00663 * Do not add default entropy sources. These are the platform specific, 00664 * hardclock and HAVEGE based poll functions. 00665 * 00666 * This is useful to have more control over the added entropy sources in an 00667 * application. 00668 * 00669 * Uncomment this macro to prevent loading of default entropy functions. 00670 */ 00671 //#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES 00672 00673 /** 00674 * \def POLARSSL_NO_PLATFORM_ENTROPY 00675 * 00676 * Do not use built-in platform entropy functions. 00677 * This is useful if your platform does not support 00678 * standards like the /dev/urandom or Windows CryptoAPI. 00679 * 00680 * Uncomment this macro to disable the built-in platform entropy functions. 00681 */ 00682 //#define POLARSSL_NO_PLATFORM_ENTROPY 00683 00684 /** 00685 * \def POLARSSL_ENTROPY_FORCE_SHA256 00686 * 00687 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00688 * default SHA-512 based one (if both are available). 00689 * 00690 * Requires: POLARSSL_SHA256_C 00691 * 00692 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00693 * if you have performance concerns. 00694 * 00695 * This option is only useful if both POLARSSL_SHA256_C and 00696 * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used. 00697 */ 00698 //#define POLARSSL_ENTROPY_FORCE_SHA256 00699 00700 /** 00701 * \def POLARSSL_MEMORY_DEBUG 00702 * 00703 * Enable debugging of buffer allocator memory issues. Automatically prints 00704 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00705 * function for 'debug output' of allocated memory. 00706 * 00707 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C 00708 * 00709 * Uncomment this macro to let the buffer allocator print out error messages. 00710 */ 00711 //#define POLARSSL_MEMORY_DEBUG 00712 00713 /** 00714 * \def POLARSSL_MEMORY_BACKTRACE 00715 * 00716 * Include backtrace information with each allocated block. 00717 * 00718 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C 00719 * GLIBC-compatible backtrace() an backtrace_symbols() support 00720 * 00721 * Uncomment this macro to include backtrace information 00722 */ 00723 //#define POLARSSL_MEMORY_BACKTRACE 00724 00725 /** 00726 * \def POLARSSL_PKCS1_V15 00727 * 00728 * Enable support for PKCS#1 v1.5 encoding. 00729 * 00730 * Requires: POLARSSL_RSA_C 00731 * 00732 * This enables support for PKCS#1 v1.5 operations. 00733 */ 00734 #define POLARSSL_PKCS1_V15 00735 00736 /** 00737 * \def POLARSSL_PKCS1_V21 00738 * 00739 * Enable support for PKCS#1 v2.1 encoding. 00740 * 00741 * Requires: POLARSSL_MD_C, POLARSSL_RSA_C 00742 * 00743 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00744 */ 00745 #define POLARSSL_PKCS1_V21 00746 00747 /** 00748 * \def POLARSSL_RSA_NO_CRT 00749 * 00750 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00751 * 00752 * Uncomment this macro to disable the use of CRT in RSA. 00753 * 00754 */ 00755 //#define POLARSSL_RSA_NO_CRT 00756 00757 /** 00758 * \def POLARSSL_SELF_TEST 00759 * 00760 * Enable the checkup functions (*_self_test). 00761 */ 00762 #define POLARSSL_SELF_TEST 00763 00764 /** 00765 * \def POLARSSL_SSL_ALL_ALERT_MESSAGES 00766 * 00767 * Enable sending of alert messages in case of encountered errors as per RFC. 00768 * If you choose not to send the alert messages, PolarSSL can still communicate 00769 * with other servers, only debugging of failures is harder. 00770 * 00771 * The advantage of not sending alert messages, is that no information is given 00772 * about reasons for failures thus preventing adversaries of gaining intel. 00773 * 00774 * Enable sending of all alert messages 00775 */ 00776 #define POLARSSL_SSL_ALERT_MESSAGES 00777 00778 /** 00779 * \def POLARSSL_SSL_DEBUG_ALL 00780 * 00781 * Enable the debug messages in SSL module for all issues. 00782 * Debug messages have been disabled in some places to prevent timing 00783 * attacks due to (unbalanced) debugging function calls. 00784 * 00785 * If you need all error reporting you should enable this during debugging, 00786 * but remove this for production servers that should log as well. 00787 * 00788 * Uncomment this macro to report all debug messages on errors introducing 00789 * a timing side-channel. 00790 * 00791 */ 00792 //#define POLARSSL_SSL_DEBUG_ALL 00793 00794 /** 00795 * \def POLARSSL_SSL_HW_RECORD_ACCEL 00796 * 00797 * Enable hooking functions in SSL module for hardware acceleration of 00798 * individual records. 00799 * 00800 * Uncomment this macro to enable hooking functions. 00801 */ 00802 //#define POLARSSL_SSL_HW_RECORD_ACCEL 00803 00804 /** 00805 * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 00806 * 00807 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 00808 * SSL Server module (POLARSSL_SSL_SRV_C). 00809 * 00810 * Comment this macro to disable support for SSLv2 Client Hello messages. 00811 */ 00812 #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 00813 00814 /** 00815 * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE 00816 * 00817 * Pick the ciphersuite according to the client's preferences rather than ours 00818 * in the SSL Server module (POLARSSL_SSL_SRV_C). 00819 * 00820 * Uncomment this macro to respect client's ciphersuite order 00821 */ 00822 //#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE 00823 00824 /** 00825 * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH 00826 * 00827 * Enable support for RFC 6066 max_fragment_length extension in SSL. 00828 * 00829 * Comment this macro to disable support for the max_fragment_length extension 00830 */ 00831 #define POLARSSL_SSL_MAX_FRAGMENT_LENGTH 00832 00833 /** 00834 * \def POLARSSL_SSL_PROTO_SSL3 00835 * 00836 * Enable support for SSL 3.0. 00837 * 00838 * Requires: POLARSSL_MD5_C 00839 * POLARSSL_SHA1_C 00840 * 00841 * Comment this macro to disable support for SSL 3.0 00842 */ 00843 #define POLARSSL_SSL_PROTO_SSL3 00844 00845 /** 00846 * \def POLARSSL_SSL_PROTO_TLS1 00847 * 00848 * Enable support for TLS 1.0. 00849 * 00850 * Requires: POLARSSL_MD5_C 00851 * POLARSSL_SHA1_C 00852 * 00853 * Comment this macro to disable support for TLS 1.0 00854 */ 00855 #define POLARSSL_SSL_PROTO_TLS1 00856 00857 /** 00858 * \def POLARSSL_SSL_PROTO_TLS1_1 00859 * 00860 * Enable support for TLS 1.1. 00861 * 00862 * Requires: POLARSSL_MD5_C 00863 * POLARSSL_SHA1_C 00864 * 00865 * Comment this macro to disable support for TLS 1.1 00866 */ 00867 #define POLARSSL_SSL_PROTO_TLS1_1 00868 00869 /** 00870 * \def POLARSSL_SSL_PROTO_TLS1_2 00871 * 00872 * Enable support for TLS 1.2. 00873 * 00874 * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C 00875 * (Depends on ciphersuites) 00876 * 00877 * Comment this macro to disable support for TLS 1.2 00878 */ 00879 #define POLARSSL_SSL_PROTO_TLS1_2 00880 00881 /** 00882 * \def POLARSSL_SSL_ALPN 00883 * 00884 * Enable support for Application Layer Protocol Negotiation. 00885 * draft-ietf-tls-applayerprotoneg-05 00886 * 00887 * Comment this macro to disable support for ALPN. 00888 */ 00889 #define POLARSSL_SSL_ALPN 00890 00891 /** 00892 * \def POLARSSL_SSL_SESSION_TICKETS 00893 * 00894 * Enable support for RFC 5077 session tickets in SSL. 00895 * 00896 * Requires: POLARSSL_AES_C 00897 * POLARSSL_SHA256_C 00898 * POLARSSL_CIPHER_MODE_CBC 00899 * 00900 * Comment this macro to disable support for SSL session tickets 00901 */ 00902 #define POLARSSL_SSL_SESSION_TICKETS 00903 00904 /** 00905 * \def POLARSSL_SSL_SERVER_NAME_INDICATION 00906 * 00907 * Enable support for RFC 6066 server name indication (SNI) in SSL. 00908 * 00909 * Comment this macro to disable support for server name indication in SSL 00910 */ 00911 #define POLARSSL_SSL_SERVER_NAME_INDICATION 00912 00913 /** 00914 * \def POLARSSL_SSL_TRUNCATED_HMAC 00915 * 00916 * Enable support for RFC 6066 truncated HMAC in SSL. 00917 * 00918 * Comment this macro to disable support for truncated HMAC in SSL 00919 */ 00920 #define POLARSSL_SSL_TRUNCATED_HMAC 00921 00922 /** 00923 * \def POLARSSL_SSL_SET_CURVES 00924 * 00925 * Enable ssl_set_curves(). 00926 * 00927 * This is disabled by default since it breaks binary compatibility with the 00928 * 1.3.x line. If you choose to enable it, you will need to rebuild your 00929 * application against the new header files, relinking will not be enough. 00930 * It will be enabled by default, or no longer an option, in the 1.4 branch. 00931 * 00932 * Uncomment to make ssl_set_curves() available. 00933 */ 00934 //#define POLARSSL_SSL_SET_CURVES 00935 00936 /** 00937 * \def POLARSSL_THREADING_ALT 00938 * 00939 * Provide your own alternate threading implementation. 00940 * 00941 * Requires: POLARSSL_THREADING_C 00942 * 00943 * Uncomment this to allow your own alternate threading implementation. 00944 */ 00945 //#define POLARSSL_THREADING_ALT 00946 00947 /** 00948 * \def POLARSSL_THREADING_PTHREAD 00949 * 00950 * Enable the pthread wrapper layer for the threading layer. 00951 * 00952 * Requires: POLARSSL_THREADING_C 00953 * 00954 * Uncomment this to enable pthread mutexes. 00955 */ 00956 //#define POLARSSL_THREADING_PTHREAD 00957 00958 /** 00959 * \def POLARSSL_VERSION_FEATURES 00960 * 00961 * Allow run-time checking of compile-time enabled features. Thus allowing users 00962 * to check at run-time if the library is for instance compiled with threading 00963 * support via version_check_feature(). 00964 * 00965 * Requires: POLARSSL_VERSION_C 00966 * 00967 * Comment this to disable run-time checking and save ROM space 00968 */ 00969 #define POLARSSL_VERSION_FEATURES 00970 00971 /** 00972 * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 00973 * 00974 * If set, the X509 parser will not break-off when parsing an X509 certificate 00975 * and encountering an extension in a v1 or v2 certificate. 00976 * 00977 * Uncomment to prevent an error. 00978 */ 00979 //#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 00980 00981 /** 00982 * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 00983 * 00984 * If set, the X509 parser will not break-off when parsing an X509 certificate 00985 * and encountering an unknown critical extension. 00986 * 00987 * Uncomment to prevent an error. 00988 */ 00989 //#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 00990 00991 /** 00992 * \def POLARSSL_X509_CHECK_KEY_USAGE 00993 * 00994 * Enable verification of the keyUsage extension (CA and leaf certificates). 00995 * 00996 * Disabling this avoids problems with mis-issued and/or misused 00997 * (intermediate) CA and leaf certificates. 00998 * 00999 * \warning Depending on your PKI use, disabling this can be a security risk! 01000 * 01001 * Comment to skip keyUsage checking for both CA and leaf certificates. 01002 */ 01003 #define POLARSSL_X509_CHECK_KEY_USAGE 01004 01005 /** 01006 * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE 01007 * 01008 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01009 * 01010 * Disabling this avoids problems with mis-issued and/or misused certificates. 01011 * 01012 * \warning Depending on your PKI use, disabling this can be a security risk! 01013 * 01014 * Comment to skip extendedKeyUsage checking for certificates. 01015 */ 01016 #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE 01017 01018 /** 01019 * \def POLARSSL_ZLIB_SUPPORT 01020 * 01021 * If set, the SSL/TLS module uses ZLIB to support compression and 01022 * decompression of packet data. 01023 * 01024 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01025 * CRIME attack. Before enabling this option, you should examine with care if 01026 * CRIME or similar exploits may be a applicable to your use case. 01027 * 01028 * Used in: library/ssl_tls.c 01029 * library/ssl_cli.c 01030 * library/ssl_srv.c 01031 * 01032 * This feature requires zlib library and headers to be present. 01033 * 01034 * Uncomment to enable use of ZLIB 01035 */ 01036 //#define POLARSSL_ZLIB_SUPPORT 01037 /* \} name SECTION: PolarSSL feature support */ 01038 01039 /** 01040 * \name SECTION: PolarSSL modules 01041 * 01042 * This section enables or disables entire modules in PolarSSL 01043 * \{ 01044 */ 01045 01046 /** 01047 * \def POLARSSL_AESNI_C 01048 * 01049 * Enable AES-NI support on x86-64. 01050 * 01051 * Module: library/aesni.c 01052 * Caller: library/aes.c 01053 * 01054 * Requires: POLARSSL_HAVE_ASM 01055 * 01056 * This modules adds support for the AES-NI instructions on x86-64 01057 */ 01058 #define POLARSSL_AESNI_C 01059 01060 /** 01061 * \def POLARSSL_AES_C 01062 * 01063 * Enable the AES block cipher. 01064 * 01065 * Module: library/aes.c 01066 * Caller: library/ssl_tls.c 01067 * library/pem.c 01068 * library/ctr_drbg.c 01069 * 01070 * This module enables the following ciphersuites (if other requisites are 01071 * enabled as well): 01072 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01073 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01074 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01075 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01076 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01077 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01078 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01079 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01080 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01081 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01082 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01083 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01084 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01085 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01086 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01087 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01088 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01089 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01090 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01091 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01092 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01093 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01094 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01095 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01096 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01097 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01098 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01099 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01100 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01101 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01102 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01103 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01104 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01105 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01106 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01107 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01108 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01109 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01110 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01111 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01112 * TLS_RSA_WITH_AES_256_GCM_SHA384 01113 * TLS_RSA_WITH_AES_256_CBC_SHA256 01114 * TLS_RSA_WITH_AES_256_CBC_SHA 01115 * TLS_RSA_WITH_AES_128_GCM_SHA256 01116 * TLS_RSA_WITH_AES_128_CBC_SHA256 01117 * TLS_RSA_WITH_AES_128_CBC_SHA 01118 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01119 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01120 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01121 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01122 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01123 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01124 * TLS_PSK_WITH_AES_256_GCM_SHA384 01125 * TLS_PSK_WITH_AES_256_CBC_SHA384 01126 * TLS_PSK_WITH_AES_256_CBC_SHA 01127 * TLS_PSK_WITH_AES_128_GCM_SHA256 01128 * TLS_PSK_WITH_AES_128_CBC_SHA256 01129 * TLS_PSK_WITH_AES_128_CBC_SHA 01130 * 01131 * PEM_PARSE uses AES for decrypting encrypted keys. 01132 */ 01133 #define POLARSSL_AES_C 01134 01135 /** 01136 * \def POLARSSL_ARC4_C 01137 * 01138 * Enable the ARCFOUR stream cipher. 01139 * 01140 * Module: library/arc4.c 01141 * Caller: library/ssl_tls.c 01142 * 01143 * This module enables the following ciphersuites (if other requisites are 01144 * enabled as well): 01145 * TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01146 * TLS_ECDH_RSA_WITH_RC4_128_SHA 01147 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01148 * TLS_ECDHE_RSA_WITH_RC4_128_SHA 01149 * TLS_ECDHE_PSK_WITH_RC4_128_SHA 01150 * TLS_DHE_PSK_WITH_RC4_128_SHA 01151 * TLS_RSA_WITH_RC4_128_SHA 01152 * TLS_RSA_WITH_RC4_128_MD5 01153 * TLS_RSA_PSK_WITH_RC4_128_SHA 01154 * TLS_PSK_WITH_RC4_128_SHA 01155 */ 01156 #define POLARSSL_ARC4_C 01157 01158 /** 01159 * \def POLARSSL_ASN1_PARSE_C 01160 * 01161 * Enable the generic ASN1 parser. 01162 * 01163 * Module: library/asn1.c 01164 * Caller: library/x509.c 01165 * library/dhm.c 01166 * library/pkcs12.c 01167 * library/pkcs5.c 01168 * library/pkparse.c 01169 */ 01170 #define POLARSSL_ASN1_PARSE_C 01171 01172 /** 01173 * \def POLARSSL_ASN1_WRITE_C 01174 * 01175 * Enable the generic ASN1 writer. 01176 * 01177 * Module: library/asn1write.c 01178 * Caller: library/ecdsa.c 01179 * library/pkwrite.c 01180 * library/x509_create.c 01181 * library/x509write_crt.c 01182 * library/x509write_csr.c 01183 */ 01184 #define POLARSSL_ASN1_WRITE_C 01185 01186 /** 01187 * \def POLARSSL_BASE64_C 01188 * 01189 * Enable the Base64 module. 01190 * 01191 * Module: library/base64.c 01192 * Caller: library/pem.c 01193 * 01194 * This module is required for PEM support (required by X.509). 01195 */ 01196 #define POLARSSL_BASE64_C 01197 01198 /** 01199 * \def POLARSSL_BIGNUM_C 01200 * 01201 * Enable the multi-precision integer library. 01202 * 01203 * Module: library/bignum.c 01204 * Caller: library/dhm.c 01205 * library/ecp.c 01206 * library/rsa.c 01207 * library/ssl_tls.c 01208 * 01209 * This module is required for RSA and DHM support. 01210 */ 01211 #define POLARSSL_BIGNUM_C 01212 01213 /** 01214 * \def POLARSSL_BLOWFISH_C 01215 * 01216 * Enable the Blowfish block cipher. 01217 * 01218 * Module: library/blowfish.c 01219 */ 01220 #define POLARSSL_BLOWFISH_C 01221 01222 /** 01223 * \def POLARSSL_CAMELLIA_C 01224 * 01225 * Enable the Camellia block cipher. 01226 * 01227 * Module: library/camellia.c 01228 * Caller: library/ssl_tls.c 01229 * 01230 * This module enables the following ciphersuites (if other requisites are 01231 * enabled as well): 01232 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01233 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01234 * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01235 * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01236 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01237 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01238 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01239 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01240 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01241 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01242 * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01243 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01244 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01245 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01246 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01247 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01248 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01249 * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01250 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01251 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01252 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01253 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01254 * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01255 * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01256 * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01257 * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01258 * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01259 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01260 * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01261 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01262 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01263 * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01264 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01265 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01266 * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01267 * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01268 * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01269 * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01270 * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01271 * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01272 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01273 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01274 */ 01275 #define POLARSSL_CAMELLIA_C 01276 01277 /** 01278 * \def POLARSSL_CERTS_C 01279 * 01280 * Enable the test certificates. 01281 * 01282 * Module: library/certs.c 01283 * Caller: 01284 * 01285 * Requires: POLARSSL_PEM_PARSE_C 01286 * 01287 * This module is used for testing (ssl_client/server). 01288 */ 01289 #define POLARSSL_CERTS_C 01290 01291 /** 01292 * \def POLARSSL_CIPHER_C 01293 * 01294 * Enable the generic cipher layer. 01295 * 01296 * Module: library/cipher.c 01297 * Caller: library/ssl_tls.c 01298 * 01299 * Uncomment to enable generic cipher wrappers. 01300 */ 01301 #define POLARSSL_CIPHER_C 01302 01303 /** 01304 * \def POLARSSL_CTR_DRBG_C 01305 * 01306 * Enable the CTR_DRBG AES-256-based random generator. 01307 * 01308 * Module: library/ctr_drbg.c 01309 * Caller: 01310 * 01311 * Requires: POLARSSL_AES_C 01312 * 01313 * This module provides the CTR_DRBG AES-256 random number generator. 01314 */ 01315 #define POLARSSL_CTR_DRBG_C 01316 01317 /** 01318 * \def POLARSSL_DEBUG_C 01319 * 01320 * Enable the debug functions. 01321 * 01322 * Module: library/debug.c 01323 * Caller: library/ssl_cli.c 01324 * library/ssl_srv.c 01325 * library/ssl_tls.c 01326 * 01327 * This module provides debugging functions. 01328 */ 01329 #define POLARSSL_DEBUG_C 01330 01331 /** 01332 * \def POLARSSL_DES_C 01333 * 01334 * Enable the DES block cipher. 01335 * 01336 * Module: library/des.c 01337 * Caller: library/pem.c 01338 * library/ssl_tls.c 01339 * 01340 * This module enables the following ciphersuites (if other requisites are 01341 * enabled as well): 01342 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01343 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01344 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01345 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01346 * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01347 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01348 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01349 * TLS_RSA_WITH_3DES_EDE_CBC_SHA 01350 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01351 * TLS_PSK_WITH_3DES_EDE_CBC_SHA 01352 * 01353 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01354 */ 01355 #define POLARSSL_DES_C 01356 01357 /** 01358 * \def POLARSSL_DHM_C 01359 * 01360 * Enable the Diffie-Hellman-Merkle module. 01361 * 01362 * Module: library/dhm.c 01363 * Caller: library/ssl_cli.c 01364 * library/ssl_srv.c 01365 * 01366 * This module is used by the following key exchanges: 01367 * DHE-RSA, DHE-PSK 01368 */ 01369 #define POLARSSL_DHM_C 01370 01371 /** 01372 * \def POLARSSL_ECDH_C 01373 * 01374 * Enable the elliptic curve Diffie-Hellman library. 01375 * 01376 * Module: library/ecdh.c 01377 * Caller: library/ssl_cli.c 01378 * library/ssl_srv.c 01379 * 01380 * This module is used by the following key exchanges: 01381 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01382 * 01383 * Requires: POLARSSL_ECP_C 01384 */ 01385 #define POLARSSL_ECDH_C 01386 01387 /** 01388 * \def POLARSSL_ECDSA_C 01389 * 01390 * Enable the elliptic curve DSA library. 01391 * 01392 * Module: library/ecdsa.c 01393 * Caller: 01394 * 01395 * This module is used by the following key exchanges: 01396 * ECDHE-ECDSA 01397 * 01398 * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C 01399 */ 01400 #define POLARSSL_ECDSA_C 01401 01402 /** 01403 * \def POLARSSL_ECP_C 01404 * 01405 * Enable the elliptic curve over GF(p) library. 01406 * 01407 * Module: library/ecp.c 01408 * Caller: library/ecdh.c 01409 * library/ecdsa.c 01410 * 01411 * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED 01412 */ 01413 #define POLARSSL_ECP_C 01414 01415 /** 01416 * \def POLARSSL_ENTROPY_C 01417 * 01418 * Enable the platform-specific entropy code. 01419 * 01420 * Module: library/entropy.c 01421 * Caller: 01422 * 01423 * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C 01424 * 01425 * This module provides a generic entropy pool 01426 */ 01427 #define POLARSSL_ENTROPY_C 01428 01429 /** 01430 * \def POLARSSL_ERROR_C 01431 * 01432 * Enable error code to error string conversion. 01433 * 01434 * Module: library/error.c 01435 * Caller: 01436 * 01437 * This module enables polarssl_strerror(). 01438 */ 01439 #define POLARSSL_ERROR_C 01440 01441 /** 01442 * \def POLARSSL_GCM_C 01443 * 01444 * Enable the Galois/Counter Mode (GCM) for AES. 01445 * 01446 * Module: library/gcm.c 01447 * 01448 * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C 01449 * 01450 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01451 * requisites are enabled as well. 01452 */ 01453 #define POLARSSL_GCM_C 01454 01455 /** 01456 * \def POLARSSL_HAVEGE_C 01457 * 01458 * Enable the HAVEGE random generator. 01459 * 01460 * Warning: the HAVEGE random generator is not suitable for virtualized 01461 * environments 01462 * 01463 * Warning: the HAVEGE random generator is dependent on timing and specific 01464 * processor traits. It is therefore not advised to use HAVEGE as 01465 * your applications primary random generator or primary entropy pool 01466 * input. As a secondary input to your entropy pool, it IS able add 01467 * the (limited) extra entropy it provides. 01468 * 01469 * Module: library/havege.c 01470 * Caller: 01471 * 01472 * Requires: POLARSSL_TIMING_C 01473 * 01474 * Uncomment to enable the HAVEGE random generator. 01475 */ 01476 //#define POLARSSL_HAVEGE_C 01477 01478 /** 01479 * \def POLARSSL_HMAC_DRBG_C 01480 * 01481 * Enable the HMAC_DRBG random generator. 01482 * 01483 * Module: library/hmac_drbg.c 01484 * Caller: 01485 * 01486 * Requires: POLARSSL_MD_C 01487 * 01488 * Uncomment to enable the HMAC_DRBG random number geerator. 01489 */ 01490 #define POLARSSL_HMAC_DRBG_C 01491 01492 /** 01493 * \def POLARSSL_MD_C 01494 * 01495 * Enable the generic message digest layer. 01496 * 01497 * Module: library/md.c 01498 * Caller: 01499 * 01500 * Uncomment to enable generic message digest wrappers. 01501 */ 01502 #define POLARSSL_MD_C 01503 01504 /** 01505 * \def POLARSSL_MD2_C 01506 * 01507 * Enable the MD2 hash algorithm. 01508 * 01509 * Module: library/md2.c 01510 * Caller: 01511 * 01512 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01513 */ 01514 //#define POLARSSL_MD2_C 01515 01516 /** 01517 * \def POLARSSL_MD4_C 01518 * 01519 * Enable the MD4 hash algorithm. 01520 * 01521 * Module: library/md4.c 01522 * Caller: 01523 * 01524 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01525 */ 01526 //#define POLARSSL_MD4_C 01527 01528 /** 01529 * \def POLARSSL_MD5_C 01530 * 01531 * Enable the MD5 hash algorithm. 01532 * 01533 * Module: library/md5.c 01534 * Caller: library/md.c 01535 * library/pem.c 01536 * library/ssl_tls.c 01537 * 01538 * This module is required for SSL/TLS and X.509. 01539 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01540 */ 01541 #define POLARSSL_MD5_C 01542 01543 /** 01544 * \def POLARSSL_MEMORY_C 01545 * Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead. 01546 */ 01547 //#define POLARSSL_MEMORY_C 01548 01549 /** 01550 * \def POLARSSL_MEMORY_BUFFER_ALLOC_C 01551 * 01552 * Enable the buffer allocator implementation that makes use of a (stack) 01553 * based buffer to 'allocate' dynamic memory. (replaces malloc() and free() 01554 * calls) 01555 * 01556 * Module: library/memory_buffer_alloc.c 01557 * 01558 * Requires: POLARSSL_PLATFORM_C 01559 * POLARSSL_PLATFORM_MEMORY (to use it within PolarSSL) 01560 * 01561 * Enable this module to enable the buffer memory allocator. 01562 */ 01563 //#define POLARSSL_MEMORY_BUFFER_ALLOC_C 01564 01565 /** 01566 * \def POLARSSL_NET_C 01567 * 01568 * Enable the TCP/IP networking routines. 01569 * 01570 * Module: library/net.c 01571 * 01572 * This module provides TCP/IP networking routines. 01573 */ 01574 #define POLARSSL_NET_C 01575 01576 /** 01577 * \def POLARSSL_OID_C 01578 * 01579 * Enable the OID database. 01580 * 01581 * Module: library/oid.c 01582 * Caller: library/asn1write.c 01583 * library/pkcs5.c 01584 * library/pkparse.c 01585 * library/pkwrite.c 01586 * library/rsa.c 01587 * library/x509.c 01588 * library/x509_create.c 01589 * library/x509_crl.c 01590 * library/x509_crt.c 01591 * library/x509_csr.c 01592 * library/x509write_crt.c 01593 * library/x509write_csr.c 01594 * 01595 * This modules translates between OIDs and internal values. 01596 */ 01597 #define POLARSSL_OID_C 01598 01599 /** 01600 * \def POLARSSL_PADLOCK_C 01601 * 01602 * Enable VIA Padlock support on x86. 01603 * 01604 * Module: library/padlock.c 01605 * Caller: library/aes.c 01606 * 01607 * Requires: POLARSSL_HAVE_ASM 01608 * 01609 * This modules adds support for the VIA PadLock on x86. 01610 */ 01611 #define POLARSSL_PADLOCK_C 01612 01613 /** 01614 * \def POLARSSL_PBKDF2_C 01615 * 01616 * Enable PKCS#5 PBKDF2 key derivation function. 01617 * DEPRECATED: Use POLARSSL_PKCS5_C instead 01618 * 01619 * Module: library/pbkdf2.c 01620 * 01621 * Requires: POLARSSL_PKCS5_C 01622 * 01623 * This module adds support for the PKCS#5 PBKDF2 key derivation function. 01624 */ 01625 #define POLARSSL_PBKDF2_C 01626 01627 /** 01628 * \def POLARSSL_PEM_PARSE_C 01629 * 01630 * Enable PEM decoding / parsing. 01631 * 01632 * Module: library/pem.c 01633 * Caller: library/dhm.c 01634 * library/pkparse.c 01635 * library/x509_crl.c 01636 * library/x509_crt.c 01637 * library/x509_csr.c 01638 * 01639 * Requires: POLARSSL_BASE64_C 01640 * 01641 * This modules adds support for decoding / parsing PEM files. 01642 */ 01643 #define POLARSSL_PEM_PARSE_C 01644 01645 /** 01646 * \def POLARSSL_PEM_WRITE_C 01647 * 01648 * Enable PEM encoding / writing. 01649 * 01650 * Module: library/pem.c 01651 * Caller: library/pkwrite.c 01652 * library/x509write_crt.c 01653 * library/x509write_csr.c 01654 * 01655 * Requires: POLARSSL_BASE64_C 01656 * 01657 * This modules adds support for encoding / writing PEM files. 01658 */ 01659 #define POLARSSL_PEM_WRITE_C 01660 01661 /** 01662 * \def POLARSSL_PK_C 01663 * 01664 * Enable the generic public (asymetric) key layer. 01665 * 01666 * Module: library/pk.c 01667 * Caller: library/ssl_tls.c 01668 * library/ssl_cli.c 01669 * library/ssl_srv.c 01670 * 01671 * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C 01672 * 01673 * Uncomment to enable generic public key wrappers. 01674 */ 01675 #define POLARSSL_PK_C 01676 01677 /** 01678 * \def POLARSSL_PK_PARSE_C 01679 * 01680 * Enable the generic public (asymetric) key parser. 01681 * 01682 * Module: library/pkparse.c 01683 * Caller: library/x509_crt.c 01684 * library/x509_csr.c 01685 * 01686 * Requires: POLARSSL_PK_C 01687 * 01688 * Uncomment to enable generic public key parse functions. 01689 */ 01690 #define POLARSSL_PK_PARSE_C 01691 01692 /** 01693 * \def POLARSSL_PK_WRITE_C 01694 * 01695 * Enable the generic public (asymetric) key writer. 01696 * 01697 * Module: library/pkwrite.c 01698 * Caller: library/x509write.c 01699 * 01700 * Requires: POLARSSL_PK_C 01701 * 01702 * Uncomment to enable generic public key write functions. 01703 */ 01704 #define POLARSSL_PK_WRITE_C 01705 01706 /** 01707 * \def POLARSSL_PKCS5_C 01708 * 01709 * Enable PKCS#5 functions. 01710 * 01711 * Module: library/pkcs5.c 01712 * 01713 * Requires: POLARSSL_MD_C 01714 * 01715 * This module adds support for the PKCS#5 functions. 01716 */ 01717 #define POLARSSL_PKCS5_C 01718 01719 /** 01720 * \def POLARSSL_PKCS11_C 01721 * 01722 * Enable wrapper for PKCS#11 smartcard support. 01723 * 01724 * Module: library/pkcs11.c 01725 * Caller: library/pk.c 01726 * 01727 * Requires: POLARSSL_PK_C 01728 * 01729 * This module enables SSL/TLS PKCS #11 smartcard support. 01730 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 01731 */ 01732 //#define POLARSSL_PKCS11_C 01733 01734 /** 01735 * \def POLARSSL_PKCS12_C 01736 * 01737 * Enable PKCS#12 PBE functions. 01738 * Adds algorithms for parsing PKCS#8 encrypted private keys 01739 * 01740 * Module: library/pkcs12.c 01741 * Caller: library/pkparse.c 01742 * 01743 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C 01744 * Can use: POLARSSL_ARC4_C 01745 * 01746 * This module enables PKCS#12 functions. 01747 */ 01748 #define POLARSSL_PKCS12_C 01749 01750 /** 01751 * \def POLARSSL_PLATFORM_C 01752 * 01753 * Enable the platform abstraction layer that allows you to re-assign 01754 * functions like malloc(), free(), printf(), fprintf() 01755 * 01756 * Module: library/platform.c 01757 * Caller: Most other .c files 01758 * 01759 * This module enables abstraction of common (libc) functions. 01760 */ 01761 #define POLARSSL_PLATFORM_C 01762 01763 /** 01764 * \def POLARSSL_RIPEMD160_C 01765 * 01766 * Enable the RIPEMD-160 hash algorithm. 01767 * 01768 * Module: library/ripemd160.c 01769 * Caller: library/md.c 01770 * 01771 */ 01772 #define POLARSSL_RIPEMD160_C 01773 01774 /** 01775 * \def POLARSSL_RSA_C 01776 * 01777 * Enable the RSA public-key cryptosystem. 01778 * 01779 * Module: library/rsa.c 01780 * Caller: library/ssl_cli.c 01781 * library/ssl_srv.c 01782 * library/ssl_tls.c 01783 * library/x509.c 01784 * 01785 * This module is used by the following key exchanges: 01786 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 01787 * 01788 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C 01789 */ 01790 #define POLARSSL_RSA_C 01791 01792 /** 01793 * \def POLARSSL_SHA1_C 01794 * 01795 * Enable the SHA1 cryptographic hash algorithm. 01796 * 01797 * Module: library/sha1.c 01798 * Caller: library/md.c 01799 * library/ssl_cli.c 01800 * library/ssl_srv.c 01801 * library/ssl_tls.c 01802 * library/x509write_crt.c 01803 * 01804 * This module is required for SSL/TLS and SHA1-signed certificates. 01805 */ 01806 #define POLARSSL_SHA1_C 01807 01808 /** 01809 * \def POLARSSL_SHA256_C 01810 * 01811 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 01812 * (Used to be POLARSSL_SHA2_C) 01813 * 01814 * Module: library/sha256.c 01815 * Caller: library/entropy.c 01816 * library/md.c 01817 * library/ssl_cli.c 01818 * library/ssl_srv.c 01819 * library/ssl_tls.c 01820 * 01821 * This module adds support for SHA-224 and SHA-256. 01822 * This module is required for the SSL/TLS 1.2 PRF function. 01823 */ 01824 #define POLARSSL_SHA256_C 01825 01826 /** 01827 * \def POLARSSL_SHA512_C 01828 * 01829 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 01830 * (Used to be POLARSSL_SHA4_C) 01831 * 01832 * Module: library/sha512.c 01833 * Caller: library/entropy.c 01834 * library/md.c 01835 * library/ssl_cli.c 01836 * library/ssl_srv.c 01837 * 01838 * This module adds support for SHA-384 and SHA-512. 01839 */ 01840 #define POLARSSL_SHA512_C 01841 01842 /** 01843 * \def POLARSSL_SSL_CACHE_C 01844 * 01845 * Enable simple SSL cache implementation. 01846 * 01847 * Module: library/ssl_cache.c 01848 * Caller: 01849 * 01850 * Requires: POLARSSL_SSL_CACHE_C 01851 */ 01852 #define POLARSSL_SSL_CACHE_C 01853 01854 /** 01855 * \def POLARSSL_SSL_CLI_C 01856 * 01857 * Enable the SSL/TLS client code. 01858 * 01859 * Module: library/ssl_cli.c 01860 * Caller: 01861 * 01862 * Requires: POLARSSL_SSL_TLS_C 01863 * 01864 * This module is required for SSL/TLS client support. 01865 */ 01866 #define POLARSSL_SSL_CLI_C 01867 01868 /** 01869 * \def POLARSSL_SSL_SRV_C 01870 * 01871 * Enable the SSL/TLS server code. 01872 * 01873 * Module: library/ssl_srv.c 01874 * Caller: 01875 * 01876 * Requires: POLARSSL_SSL_TLS_C 01877 * 01878 * This module is required for SSL/TLS server support. 01879 */ 01880 #define POLARSSL_SSL_SRV_C 01881 01882 /** 01883 * \def POLARSSL_SSL_TLS_C 01884 * 01885 * Enable the generic SSL/TLS code. 01886 * 01887 * Module: library/ssl_tls.c 01888 * Caller: library/ssl_cli.c 01889 * library/ssl_srv.c 01890 * 01891 * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C 01892 * and at least one of the POLARSSL_SSL_PROTO_* defines 01893 * 01894 * This module is required for SSL/TLS. 01895 */ 01896 #define POLARSSL_SSL_TLS_C 01897 01898 /** 01899 * \def POLARSSL_THREADING_C 01900 * 01901 * Enable the threading abstraction layer. 01902 * By default PolarSSL assumes it is used in a non-threaded environment or that 01903 * contexts are not shared between threads. If you do intend to use contexts 01904 * between threads, you will need to enable this layer to prevent race 01905 * conditions. 01906 * 01907 * Module: library/threading.c 01908 * 01909 * This allows different threading implementations (self-implemented or 01910 * provided). 01911 * 01912 * You will have to enable either POLARSSL_THREADING_ALT or 01913 * POLARSSL_THREADING_PTHREAD. 01914 * 01915 * Enable this layer to allow use of mutexes within PolarSSL 01916 */ 01917 //#define POLARSSL_THREADING_C 01918 01919 /** 01920 * \def POLARSSL_TIMING_C 01921 * 01922 * Enable the portable timing interface. 01923 * 01924 * Module: library/timing.c 01925 * Caller: library/havege.c 01926 * 01927 * This module is used by the HAVEGE random number generator. 01928 */ 01929 #define POLARSSL_TIMING_C 01930 01931 /** 01932 * \def POLARSSL_VERSION_C 01933 * 01934 * Enable run-time version information. 01935 * 01936 * Module: library/version.c 01937 * 01938 * This module provides run-time version information. 01939 */ 01940 #define POLARSSL_VERSION_C 01941 01942 /** 01943 * \def POLARSSL_X509_USE_C 01944 * 01945 * Enable X.509 core for using certificates. 01946 * 01947 * Module: library/x509.c 01948 * Caller: library/x509_crl.c 01949 * library/x509_crt.c 01950 * library/x509_csr.c 01951 * 01952 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C, 01953 * POLARSSL_PK_PARSE_C 01954 * 01955 * This module is required for the X.509 parsing modules. 01956 */ 01957 #define POLARSSL_X509_USE_C 01958 01959 /** 01960 * \def POLARSSL_X509_CRT_PARSE_C 01961 * 01962 * Enable X.509 certificate parsing. 01963 * 01964 * Module: library/x509_crt.c 01965 * Caller: library/ssl_cli.c 01966 * library/ssl_srv.c 01967 * library/ssl_tls.c 01968 * 01969 * Requires: POLARSSL_X509_USE_C 01970 * 01971 * This module is required for X.509 certificate parsing. 01972 */ 01973 #define POLARSSL_X509_CRT_PARSE_C 01974 01975 /** 01976 * \def POLARSSL_X509_CRL_PARSE_C 01977 * 01978 * Enable X.509 CRL parsing. 01979 * 01980 * Module: library/x509_crl.c 01981 * Caller: library/x509_crt.c 01982 * 01983 * Requires: POLARSSL_X509_USE_C 01984 * 01985 * This module is required for X.509 CRL parsing. 01986 */ 01987 #define POLARSSL_X509_CRL_PARSE_C 01988 01989 /** 01990 * \def POLARSSL_X509_CSR_PARSE_C 01991 * 01992 * Enable X.509 Certificate Signing Request (CSR) parsing. 01993 * 01994 * Module: library/x509_csr.c 01995 * Caller: library/x509_crt_write.c 01996 * 01997 * Requires: POLARSSL_X509_USE_C 01998 * 01999 * This module is used for reading X.509 certificate request. 02000 */ 02001 #define POLARSSL_X509_CSR_PARSE_C 02002 02003 /** 02004 * \def POLARSSL_X509_CREATE_C 02005 * 02006 * Enable X.509 core for creating certificates. 02007 * 02008 * Module: library/x509_create.c 02009 * 02010 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C 02011 * 02012 * This module is the basis for creating X.509 certificates and CSRs. 02013 */ 02014 #define POLARSSL_X509_CREATE_C 02015 02016 /** 02017 * \def POLARSSL_X509_CRT_WRITE_C 02018 * 02019 * Enable creating X.509 certificates. 02020 * 02021 * Module: library/x509_crt_write.c 02022 * 02023 * Requires: POLARSSL_CREATE_C 02024 * 02025 * This module is required for X.509 certificate creation. 02026 */ 02027 #define POLARSSL_X509_CRT_WRITE_C 02028 02029 /** 02030 * \def POLARSSL_X509_CSR_WRITE_C 02031 * 02032 * Enable creating X.509 Certificate Signing Requests (CSR). 02033 * 02034 * Module: library/x509_csr_write.c 02035 * 02036 * Requires: POLARSSL_CREATE_C 02037 * 02038 * This module is required for X.509 certificate request writing. 02039 */ 02040 #define POLARSSL_X509_CSR_WRITE_C 02041 02042 /** 02043 * \def POLARSSL_XTEA_C 02044 * 02045 * Enable the XTEA block cipher. 02046 * 02047 * Module: library/xtea.c 02048 * Caller: 02049 */ 02050 #define POLARSSL_XTEA_C 02051 02052 /* \} name SECTION: PolarSSL modules */ 02053 02054 /** 02055 * \name SECTION: Module configuration options 02056 * 02057 * This section allows for the setting of module specific sizes and 02058 * configuration options. The default values are already present in the 02059 * relevant header files and should suffice for the regular use cases. 02060 * 02061 * Our advice is to enable options and change their values here 02062 * only if you have a good reason and know the consequences. 02063 * 02064 * Please check the respective header file for documentation on these 02065 * parameters (to prevent duplicate documentation). 02066 * \{ 02067 */ 02068 02069 /* MPI / BIGNUM options */ 02070 //#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02071 //#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */ 02072 02073 /* CTR_DRBG options */ 02074 //#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02075 //#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02076 //#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02077 //#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02078 //#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02079 02080 /* HMAC_DRBG options */ 02081 //#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02082 //#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02083 //#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02084 //#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02085 02086 /* ECP options */ 02087 //#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02088 //#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02089 //#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02090 02091 /* Entropy options */ 02092 //#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02093 //#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02094 02095 /* Memory buffer allocator options */ 02096 //#define MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02097 02098 /* Platform options */ 02099 //#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02100 //#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ 02101 //#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02102 //#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02103 //#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02104 02105 /* SSL Cache options */ 02106 //#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02107 //#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02108 02109 /* SSL options */ 02110 //#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ 02111 //#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02112 02113 /* Debug options */ 02114 //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */ 02115 02116 /* \} name SECTION: Module configuration options */ 02117 02118 #include "check_config.h" 02119 02120 #endif /* POLARSSL_CONFIG_H */ 02121 02122
Generated on Tue Jul 12 2022 19:40:15 by
1.7.2