Doug Anson
mbed TLS library
Dependents: HTTPClient-SSL WS_SERVER
Embed:
(wiki syntax)
Show/hide line numbers
config.h
Go to the documentation of this file.
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved 00007 * 00008 * This file is part of mbed TLS (https://tls.mbed.org) 00009 * 00010 * This program is free software; you can redistribute it and/or modify 00011 * it under the terms of the GNU General Public License as published by 00012 * the Free Software Foundation; either version 2 of the License, or 00013 * (at your option) any later version. 00014 * 00015 * This program is distributed in the hope that it will be useful, 00016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00018 * GNU General Public License for more details. 00019 * 00020 * You should have received a copy of the GNU General Public License along 00021 * with this program; if not, write to the Free Software Foundation, Inc., 00022 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00023 * 00024 * This set of compile-time options may be used to enable 00025 * or disable features selectively, and reduce the global 00026 * memory footprint. 00027 */ 00028 #ifndef POLARSSL_CONFIG_H 00029 #define POLARSSL_CONFIG_H 00030 00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00032 #define _CRT_SECURE_NO_DEPRECATE 1 00033 #endif 00034 00035 /** 00036 * \name SECTION: System support 00037 * 00038 * This section sets system specific settings. 00039 * \{ 00040 */ 00041 00042 /** 00043 * \def POLARSSL_HAVE_INT8 00044 * 00045 * The system uses 8-bit wide native integers. 00046 * 00047 * \deprecated The compiler should be able to generate code for 32-bit 00048 * arithmetic (required by C89). This code is likely to be at least as 00049 * efficient as ours. 00050 * 00051 * Uncomment if native integers are 8-bit wide. 00052 */ 00053 //#define POLARSSL_HAVE_INT8 00054 00055 /** 00056 * \def POLARSSL_HAVE_INT16 00057 * 00058 * The system uses 16-bit wide native integers. 00059 * 00060 * \deprecated The compiler should be able to generate code for 32-bit 00061 * arithmetic (required by C89). This code is likely to be at least as 00062 * efficient as ours. 00063 * 00064 * Uncomment if native integers are 16-bit wide. 00065 */ 00066 //#define POLARSSL_HAVE_INT16 00067 00068 /** 00069 * \def POLARSSL_HAVE_LONGLONG 00070 * 00071 * The compiler supports the 'long long' type. 00072 * (Only used on 32-bit platforms) 00073 */ 00074 #define POLARSSL_HAVE_LONGLONG 00075 00076 /** 00077 * \def POLARSSL_HAVE_ASM 00078 * 00079 * The compiler has support for asm(). 00080 * 00081 * Requires support for asm() in compiler. 00082 * 00083 * Used in: 00084 * library/timing.c 00085 * library/padlock.c 00086 * include/polarssl/bn_mul.h 00087 * 00088 * Comment to disable the use of assembly code. 00089 */ 00090 //#define POLARSSL_HAVE_ASM 00091 00092 /** 00093 * \def POLARSSL_HAVE_SSE2 00094 * 00095 * CPU supports SSE2 instruction set. 00096 * 00097 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00098 */ 00099 //#define POLARSSL_HAVE_SSE2 00100 00101 /** 00102 * \def POLARSSL_HAVE_TIME 00103 * 00104 * System has time.h and time() / localtime() / gettimeofday(). 00105 * 00106 * Comment if your system does not support time functions 00107 */ 00108 //#define POLARSSL_HAVE_TIME 00109 00110 /** 00111 * \def POLARSSL_HAVE_IPV6 00112 * 00113 * System supports the basic socket interface for IPv6 (RFC 3493), 00114 * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage. 00115 * 00116 * Note: on Windows/MingW, XP or higher is required. 00117 * 00118 * \warning As of 1.3.11, *not* using this flag when POLARSSL_NET_C is 00119 * defined, is deprecated. The alternative legacy code will be removed in 2.0. 00120 * 00121 * Comment if your system does not support the IPv6 socket interface 00122 */ 00123 #define POLARSSL_HAVE_IPV6 00124 00125 /** 00126 * \def POLARSSL_PLATFORM_MEMORY 00127 * 00128 * Enable the memory allocation layer. 00129 * 00130 * By default mbed TLS uses the system-provided malloc() and free(). 00131 * This allows different allocators (self-implemented or provided) to be 00132 * provided to the platform abstraction layer. 00133 * 00134 * Enabling POLARSSL_PLATFORM_MEMORY without the 00135 * POLARSSL_PLATFORM_{FREE,MALLOC}_MACROs will provide 00136 * "platform_set_malloc_free()" allowing you to set an alternative malloc() and 00137 * free() function pointer at runtime. 00138 * 00139 * Enabling POLARSSL_PLATFORM_MEMORY and specifying 00140 * POLARSSL_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the 00141 * alternate function at compile time. 00142 * 00143 * Requires: POLARSSL_PLATFORM_C 00144 * 00145 * Enable this layer to allow use of alternative memory allocators. 00146 */ 00147 //#define POLARSSL_PLATFORM_MEMORY 00148 00149 /** 00150 * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS 00151 * 00152 * Do not assign standard functions in the platform layer (e.g. malloc() to 00153 * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF) 00154 * 00155 * This makes sure there are no linking errors on platforms that do not support 00156 * these functions. You will HAVE to provide alternatives, either at runtime 00157 * via the platform_set_xxx() functions or at compile time by setting 00158 * the POLARSSL_PLATFORM_STD_XXX defines, or enabling a 00159 * POLARSSL_PLATFORM_XXX_MACRO. 00160 * 00161 * Requires: POLARSSL_PLATFORM_C 00162 * 00163 * Uncomment to prevent default assignment of standard functions in the 00164 * platform layer. 00165 */ 00166 //#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS 00167 00168 /** 00169 * \def POLARSSL_PLATFORM_XXX_ALT 00170 * 00171 * Uncomment a macro to let mbed TLS support the function in the platform 00172 * abstraction layer. 00173 * 00174 * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, mbed TLS will 00175 * provide a function "platform_set_printf()" that allows you to set an 00176 * alternative printf function pointer. 00177 * 00178 * All these define require POLARSSL_PLATFORM_C to be defined! 00179 * 00180 * WARNING: POLARSSL_PLATFORM_SNPRINTF_ALT is not available on Windows 00181 * for compatibility reasons. 00182 * 00183 * WARNING: POLARSSL_PLATFORM_XXX_ALT cannot be defined at the same time as 00184 * POLARSSL_PLATFORM_XXX_MACRO! 00185 * 00186 * Uncomment a macro to enable alternate implementation of specific base 00187 * platform function 00188 */ 00189 //#define POLARSSL_PLATFORM_EXIT_ALT 00190 //#define POLARSSL_PLATFORM_FPRINTF_ALT 00191 //#define POLARSSL_PLATFORM_PRINTF_ALT 00192 //#define POLARSSL_PLATFORM_SNPRINTF_ALT 00193 00194 /** 00195 * \def POLARSSL_DEPRECATED_WARNING 00196 * 00197 * Mark deprecated functions so that they generate a warning if used. 00198 * Functions deprecated in one version will usually be removed in the next 00199 * version. You can enable this to help you prepare the transition to a new 00200 * major version by making sure your code is not using these functions. 00201 * 00202 * This only works with GCC and Clang. With other compilers, you may want to 00203 * use POLARSSL_DEPRECATED_REMOVED 00204 * 00205 * Uncomment to get warnings on using deprecated functions. 00206 */ 00207 //#define POLARSSL_DEPRECATED_WARNING 00208 00209 /** 00210 * \def POLARSSL_DEPRECATED_REMOVED 00211 * 00212 * Remove deprecated functions so that they generate an error if used. 00213 * Functions deprecated in one version will usually be removed in the next 00214 * version. You can enable this to help you prepare the transition to a new 00215 * major version by making sure your code is not using these functions. 00216 * 00217 * Uncomment to get errors on using deprecated functions. 00218 */ 00219 //#define POLARSSL_DEPRECATED_REMOVED 00220 00221 /* \} name SECTION: System support */ 00222 00223 /** 00224 * \name SECTION: mbed TLS feature support 00225 * 00226 * This section sets support for features that are or are not needed 00227 * within the modules that are enabled. 00228 * \{ 00229 */ 00230 00231 /** 00232 * \def POLARSSL_TIMING_ALT 00233 * 00234 * Uncomment to provide your own alternate implementation for hardclock(), 00235 * get_timer(), set_alarm() and m_sleep(). 00236 * 00237 * Only works if you have POLARSSL_TIMING_C enabled. 00238 * 00239 * You will need to provide a header "timing_alt.h" and an implementation at 00240 * compile time. 00241 */ 00242 //#define POLARSSL_TIMING_ALT 00243 00244 /** 00245 * \def POLARSSL_XXX_ALT 00246 * 00247 * Uncomment a macro to let mbed TLS use your alternate core implementation of 00248 * a symmetric or hash algorithm (e.g. platform specific assembly optimized 00249 * implementations). Keep in mind that the function prototypes should remain 00250 * the same. 00251 * 00252 * Example: In case you uncomment POLARSSL_AES_ALT, mbed TLS will no longer 00253 * provide the "struct aes_context" definition and omit the base function 00254 * declarations and implementations. "aes_alt.h" will be included from 00255 * "aes.h" to include the new function definitions. 00256 * 00257 * Uncomment a macro to enable alternate implementation for core algorithm 00258 * functions 00259 */ 00260 //#define POLARSSL_AES_ALT 00261 //#define POLARSSL_ARC4_ALT 00262 //#define POLARSSL_BLOWFISH_ALT 00263 //#define POLARSSL_CAMELLIA_ALT 00264 //#define POLARSSL_DES_ALT 00265 //#define POLARSSL_XTEA_ALT 00266 //#define POLARSSL_MD2_ALT 00267 //#define POLARSSL_MD4_ALT 00268 //#define POLARSSL_MD5_ALT 00269 //#define POLARSSL_RIPEMD160_ALT 00270 //#define POLARSSL_SHA1_ALT 00271 //#define POLARSSL_SHA256_ALT 00272 //#define POLARSSL_SHA512_ALT 00273 00274 /** 00275 * \def POLARSSL_AES_ROM_TABLES 00276 * 00277 * Store the AES tables in ROM. 00278 * 00279 * Uncomment this macro to store the AES tables in ROM. 00280 */ 00281 //#define POLARSSL_AES_ROM_TABLES 00282 00283 /** 00284 * \def POLARSSL_CAMELLIA_SMALL_MEMORY 00285 * 00286 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00287 * 00288 * Uncomment this macro to use less memory for Camellia. 00289 */ 00290 //#define POLARSSL_CAMELLIA_SMALL_MEMORY 00291 00292 /** 00293 * \def POLARSSL_CIPHER_MODE_CBC 00294 * 00295 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00296 */ 00297 #define POLARSSL_CIPHER_MODE_CBC 00298 00299 /** 00300 * \def POLARSSL_CIPHER_MODE_CFB 00301 * 00302 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00303 */ 00304 #define POLARSSL_CIPHER_MODE_CFB 00305 00306 /** 00307 * \def POLARSSL_CIPHER_MODE_CTR 00308 * 00309 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00310 */ 00311 #define POLARSSL_CIPHER_MODE_CTR 00312 00313 /** 00314 * \def POLARSSL_CIPHER_NULL_CIPHER 00315 * 00316 * Enable NULL cipher. 00317 * Warning: Only do so when you know what you are doing. This allows for 00318 * encryption or channels without any security! 00319 * 00320 * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable 00321 * the following ciphersuites: 00322 * TLS_ECDH_ECDSA_WITH_NULL_SHA 00323 * TLS_ECDH_RSA_WITH_NULL_SHA 00324 * TLS_ECDHE_ECDSA_WITH_NULL_SHA 00325 * TLS_ECDHE_RSA_WITH_NULL_SHA 00326 * TLS_ECDHE_PSK_WITH_NULL_SHA384 00327 * TLS_ECDHE_PSK_WITH_NULL_SHA256 00328 * TLS_ECDHE_PSK_WITH_NULL_SHA 00329 * TLS_DHE_PSK_WITH_NULL_SHA384 00330 * TLS_DHE_PSK_WITH_NULL_SHA256 00331 * TLS_DHE_PSK_WITH_NULL_SHA 00332 * TLS_RSA_WITH_NULL_SHA256 00333 * TLS_RSA_WITH_NULL_SHA 00334 * TLS_RSA_WITH_NULL_MD5 00335 * TLS_RSA_PSK_WITH_NULL_SHA384 00336 * TLS_RSA_PSK_WITH_NULL_SHA256 00337 * TLS_RSA_PSK_WITH_NULL_SHA 00338 * TLS_PSK_WITH_NULL_SHA384 00339 * TLS_PSK_WITH_NULL_SHA256 00340 * TLS_PSK_WITH_NULL_SHA 00341 * 00342 * Uncomment this macro to enable the NULL cipher and ciphersuites 00343 */ 00344 //#define POLARSSL_CIPHER_NULL_CIPHER 00345 00346 /** 00347 * \def POLARSSL_CIPHER_PADDING_XXX 00348 * 00349 * Uncomment or comment macros to add support for specific padding modes 00350 * in the cipher layer with cipher modes that support padding (e.g. CBC) 00351 * 00352 * If you disable all padding modes, only full blocks can be used with CBC. 00353 * 00354 * Enable padding modes in the cipher layer. 00355 */ 00356 #define POLARSSL_CIPHER_PADDING_PKCS7 00357 #define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS 00358 #define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN 00359 #define POLARSSL_CIPHER_PADDING_ZEROS 00360 00361 /** 00362 * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES 00363 * 00364 * Enable weak ciphersuites in SSL / TLS. 00365 * Warning: Only do so when you know what you are doing. This allows for 00366 * channels with virtually no security at all! 00367 * 00368 * This enables the following ciphersuites: 00369 * TLS_RSA_WITH_DES_CBC_SHA 00370 * TLS_DHE_RSA_WITH_DES_CBC_SHA 00371 * 00372 * Uncomment this macro to enable weak ciphersuites 00373 */ 00374 //#define POLARSSL_ENABLE_WEAK_CIPHERSUITES 00375 00376 /** 00377 * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES 00378 * 00379 * Remove RC4 ciphersuites by default in SSL / TLS. 00380 * This flag removes the ciphersuites based on RC4 from the default list as 00381 * returned by ssl_list_ciphersuites(). However, it is still possible to 00382 * enable (some of) them with ssl_set_ciphersuites() by including them 00383 * explicitly. 00384 * 00385 * Uncomment this macro to remove RC4 ciphersuites by default. 00386 */ 00387 //#define POLARSSL_REMOVE_ARC4_CIPHERSUITES 00388 00389 /** 00390 * \def POLARSSL_ECP_XXXX_ENABLED 00391 * 00392 * Enables specific curves within the Elliptic Curve module. 00393 * By default all supported curves are enabled. 00394 * 00395 * Comment macros to disable the curve and functions for it 00396 */ 00397 #define POLARSSL_ECP_DP_SECP192R1_ENABLED 00398 #define POLARSSL_ECP_DP_SECP224R1_ENABLED 00399 #define POLARSSL_ECP_DP_SECP256R1_ENABLED 00400 #define POLARSSL_ECP_DP_SECP384R1_ENABLED 00401 #define POLARSSL_ECP_DP_SECP521R1_ENABLED 00402 #define POLARSSL_ECP_DP_SECP192K1_ENABLED 00403 #define POLARSSL_ECP_DP_SECP224K1_ENABLED 00404 #define POLARSSL_ECP_DP_SECP256K1_ENABLED 00405 #define POLARSSL_ECP_DP_BP256R1_ENABLED 00406 #define POLARSSL_ECP_DP_BP384R1_ENABLED 00407 #define POLARSSL_ECP_DP_BP512R1_ENABLED 00408 //#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet! 00409 #define POLARSSL_ECP_DP_M255_ENABLED 00410 //#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet! 00411 //#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet! 00412 00413 /** 00414 * \def POLARSSL_ECP_NIST_OPTIM 00415 * 00416 * Enable specific 'modulo p' routines for each NIST prime. 00417 * Depending on the prime and architecture, makes operations 4 to 8 times 00418 * faster on the corresponding curve. 00419 * 00420 * Comment this macro to disable NIST curves optimisation. 00421 */ 00422 #define POLARSSL_ECP_NIST_OPTIM 00423 00424 /** 00425 * \def POLARSSL_ECDSA_DETERMINISTIC 00426 * 00427 * Enable deterministic ECDSA (RFC 6979). 00428 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00429 * may result in a compromise of the long-term signing key. This is avoided by 00430 * the deterministic variant. 00431 * 00432 * Requires: POLARSSL_HMAC_DRBG_C 00433 * 00434 * Comment this macro to disable deterministic ECDSA. 00435 */ 00436 #define POLARSSL_ECDSA_DETERMINISTIC 00437 00438 /** 00439 * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED 00440 * 00441 * Enable the PSK based ciphersuite modes in SSL / TLS. 00442 * 00443 * This enables the following ciphersuites (if other requisites are 00444 * enabled as well): 00445 * TLS_PSK_WITH_AES_256_GCM_SHA384 00446 * TLS_PSK_WITH_AES_256_CBC_SHA384 00447 * TLS_PSK_WITH_AES_256_CBC_SHA 00448 * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00449 * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00450 * TLS_PSK_WITH_AES_128_GCM_SHA256 00451 * TLS_PSK_WITH_AES_128_CBC_SHA256 00452 * TLS_PSK_WITH_AES_128_CBC_SHA 00453 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00454 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00455 * TLS_PSK_WITH_3DES_EDE_CBC_SHA 00456 * TLS_PSK_WITH_RC4_128_SHA 00457 */ 00458 #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED 00459 00460 /** 00461 * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED 00462 * 00463 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00464 * 00465 * Requires: POLARSSL_DHM_C 00466 * 00467 * This enables the following ciphersuites (if other requisites are 00468 * enabled as well): 00469 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00470 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00471 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00472 * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00473 * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00474 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00475 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00476 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00477 * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00478 * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00479 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00480 * TLS_DHE_PSK_WITH_RC4_128_SHA 00481 */ 00482 #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED 00483 00484 /** 00485 * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00486 * 00487 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00488 * 00489 * Requires: POLARSSL_ECDH_C 00490 * 00491 * This enables the following ciphersuites (if other requisites are 00492 * enabled as well): 00493 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00494 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00495 * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00496 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00497 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00498 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00499 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00500 * TLS_ECDHE_PSK_WITH_RC4_128_SHA 00501 */ 00502 #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00503 00504 /** 00505 * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED 00506 * 00507 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00508 * 00509 * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00510 * POLARSSL_X509_CRT_PARSE_C 00511 * 00512 * This enables the following ciphersuites (if other requisites are 00513 * enabled as well): 00514 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00515 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00516 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00517 * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00518 * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00519 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00520 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00521 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00522 * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00523 * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00524 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00525 * TLS_RSA_PSK_WITH_RC4_128_SHA 00526 */ 00527 #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED 00528 00529 /** 00530 * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED 00531 * 00532 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00533 * 00534 * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00535 * POLARSSL_X509_CRT_PARSE_C 00536 * 00537 * This enables the following ciphersuites (if other requisites are 00538 * enabled as well): 00539 * TLS_RSA_WITH_AES_256_GCM_SHA384 00540 * TLS_RSA_WITH_AES_256_CBC_SHA256 00541 * TLS_RSA_WITH_AES_256_CBC_SHA 00542 * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00543 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00544 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00545 * TLS_RSA_WITH_AES_128_GCM_SHA256 00546 * TLS_RSA_WITH_AES_128_CBC_SHA256 00547 * TLS_RSA_WITH_AES_128_CBC_SHA 00548 * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00549 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00550 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00551 * TLS_RSA_WITH_3DES_EDE_CBC_SHA 00552 * TLS_RSA_WITH_RC4_128_SHA 00553 * TLS_RSA_WITH_RC4_128_MD5 00554 */ 00555 #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED 00556 00557 /** 00558 * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED 00559 * 00560 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00561 * 00562 * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00563 * POLARSSL_X509_CRT_PARSE_C 00564 * 00565 * This enables the following ciphersuites (if other requisites are 00566 * enabled as well): 00567 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00568 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00569 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00570 * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00571 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00572 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00573 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00574 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00575 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00576 * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00577 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00578 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00579 * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00580 */ 00581 #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED 00582 00583 /** 00584 * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00585 * 00586 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00587 * 00588 * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00589 * POLARSSL_X509_CRT_PARSE_C 00590 * 00591 * This enables the following ciphersuites (if other requisites are 00592 * enabled as well): 00593 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00594 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00595 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00596 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00597 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00598 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00599 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00600 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00601 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00602 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00603 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00604 * TLS_ECDHE_RSA_WITH_RC4_128_SHA 00605 */ 00606 #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00607 00608 /** 00609 * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00610 * 00611 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00612 * 00613 * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, 00614 * 00615 * This enables the following ciphersuites (if other requisites are 00616 * enabled as well): 00617 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00618 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00619 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00620 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00621 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00622 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00623 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00624 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00625 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00626 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00627 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00628 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00629 */ 00630 #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00631 00632 /** 00633 * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00634 * 00635 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00636 * 00637 * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C 00638 * 00639 * This enables the following ciphersuites (if other requisites are 00640 * enabled as well): 00641 * TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00642 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00643 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00644 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00645 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00646 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00647 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00648 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00649 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00650 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00651 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00652 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00653 */ 00654 #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00655 00656 /** 00657 * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED 00658 * 00659 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00660 * 00661 * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C 00662 * 00663 * This enables the following ciphersuites (if other requisites are 00664 * enabled as well): 00665 * TLS_ECDH_RSA_WITH_RC4_128_SHA 00666 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00667 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00668 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00669 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00670 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00671 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00672 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00673 * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00674 * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00675 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00676 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00677 */ 00678 #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED 00679 00680 /** 00681 * \def POLARSSL_PK_PARSE_EC_EXTENDED 00682 * 00683 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00684 * RFC 5915 and RFC 5480. 00685 * 00686 * Currently this means parsing the SpecifiedECDomain choice of EC 00687 * parameters (only known groups are supported, not arbitrary domains, to 00688 * avoid validation issues). 00689 * 00690 * Disable if you only need to support RFC 5915 + 5480 key formats. 00691 */ 00692 #define POLARSSL_PK_PARSE_EC_EXTENDED 00693 00694 /** 00695 * \def POLARSSL_ERROR_STRERROR_BC 00696 * 00697 * Make available the backward compatible error_strerror() next to the 00698 * current polarssl_strerror(). 00699 * 00700 * \deprecated Do not define this and use polarssl_strerror() instead 00701 * 00702 * Disable if you want to really remove the error_strerror() name 00703 */ 00704 #define POLARSSL_ERROR_STRERROR_BC 00705 00706 /** 00707 * \def POLARSSL_ERROR_STRERROR_DUMMY 00708 * 00709 * Enable a dummy error function to make use of polarssl_strerror() in 00710 * third party libraries easier when POLARSSL_ERROR_C is disabled 00711 * (no effect when POLARSSL_ERROR_C is enabled). 00712 * 00713 * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're 00714 * not using polarssl_strerror() or error_strerror() in your application. 00715 * 00716 * Disable if you run into name conflicts and want to really remove the 00717 * polarssl_strerror() 00718 */ 00719 #define POLARSSL_ERROR_STRERROR_DUMMY 00720 00721 /** 00722 * \def POLARSSL_GENPRIME 00723 * 00724 * Enable the prime-number generation code. 00725 * 00726 * Requires: POLARSSL_BIGNUM_C 00727 */ 00728 #define POLARSSL_GENPRIME 00729 00730 /** 00731 * \def POLARSSL_FS_IO 00732 * 00733 * Enable functions that use the filesystem. 00734 */ 00735 //#define POLARSSL_FS_IO 00736 00737 /** 00738 * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES 00739 * 00740 * Do not add default entropy sources. These are the platform specific, 00741 * hardclock and HAVEGE based poll functions. 00742 * 00743 * This is useful to have more control over the added entropy sources in an 00744 * application. 00745 * 00746 * Uncomment this macro to prevent loading of default entropy functions. 00747 */ 00748 //#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES 00749 00750 /** 00751 * \def POLARSSL_NO_PLATFORM_ENTROPY 00752 * 00753 * Do not use built-in platform entropy functions. 00754 * This is useful if your platform does not support 00755 * standards like the /dev/urandom or Windows CryptoAPI. 00756 * 00757 * Uncomment this macro to disable the built-in platform entropy functions. 00758 */ 00759 //#define POLARSSL_NO_PLATFORM_ENTROPY 00760 00761 /** 00762 * \def POLARSSL_ENTROPY_FORCE_SHA256 00763 * 00764 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00765 * default SHA-512 based one (if both are available). 00766 * 00767 * Requires: POLARSSL_SHA256_C 00768 * 00769 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00770 * if you have performance concerns. 00771 * 00772 * This option is only useful if both POLARSSL_SHA256_C and 00773 * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used. 00774 */ 00775 //#define POLARSSL_ENTROPY_FORCE_SHA256 00776 00777 /** 00778 * \def POLARSSL_MEMORY_DEBUG 00779 * 00780 * Enable debugging of buffer allocator memory issues. Automatically prints 00781 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00782 * function for 'debug output' of allocated memory. 00783 * 00784 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C 00785 * 00786 * Uncomment this macro to let the buffer allocator print out error messages. 00787 */ 00788 //#define POLARSSL_MEMORY_DEBUG 00789 00790 /** 00791 * \def POLARSSL_MEMORY_BACKTRACE 00792 * 00793 * Include backtrace information with each allocated block. 00794 * 00795 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C 00796 * GLIBC-compatible backtrace() an backtrace_symbols() support 00797 * 00798 * Uncomment this macro to include backtrace information 00799 */ 00800 //#define POLARSSL_MEMORY_BACKTRACE 00801 00802 /** 00803 * \def POLARSSL_PKCS1_V15 00804 * 00805 * Enable support for PKCS#1 v1.5 encoding. 00806 * 00807 * Requires: POLARSSL_RSA_C 00808 * 00809 * This enables support for PKCS#1 v1.5 operations. 00810 */ 00811 #define POLARSSL_PKCS1_V15 00812 00813 /** 00814 * \def POLARSSL_PKCS1_V21 00815 * 00816 * Enable support for PKCS#1 v2.1 encoding. 00817 * 00818 * Requires: POLARSSL_MD_C, POLARSSL_RSA_C 00819 * 00820 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00821 */ 00822 #define POLARSSL_PKCS1_V21 00823 00824 /** 00825 * \def POLARSSL_RSA_NO_CRT 00826 * 00827 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00828 * 00829 * Uncomment this macro to disable the use of CRT in RSA. 00830 * 00831 */ 00832 //#define POLARSSL_RSA_NO_CRT 00833 00834 /** 00835 * \def POLARSSL_SELF_TEST 00836 * 00837 * Enable the checkup functions (*_self_test). 00838 */ 00839 #define POLARSSL_SELF_TEST 00840 00841 /** 00842 * \def POLARSSL_SSL_AEAD_RANDOM_IV 00843 * 00844 * Generate a random IV rather than using the record sequence number as a 00845 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 00846 * 00847 * Using the sequence number is generally recommended. 00848 * 00849 * Uncomment this macro to always use random IVs with AEAD ciphersuites. 00850 */ 00851 //#define POLARSSL_SSL_AEAD_RANDOM_IV 00852 00853 /** 00854 * \def POLARSSL_SSL_ALL_ALERT_MESSAGES 00855 * 00856 * Enable sending of alert messages in case of encountered errors as per RFC. 00857 * If you choose not to send the alert messages, mbed TLS can still communicate 00858 * with other servers, only debugging of failures is harder. 00859 * 00860 * The advantage of not sending alert messages, is that no information is given 00861 * about reasons for failures thus preventing adversaries of gaining intel. 00862 * 00863 * Enable sending of all alert messages 00864 */ 00865 #define POLARSSL_SSL_ALERT_MESSAGES 00866 00867 /** 00868 * \def POLARSSL_SSL_DEBUG_ALL 00869 * 00870 * Enable the debug messages in SSL module for all issues. 00871 * Debug messages have been disabled in some places to prevent timing 00872 * attacks due to (unbalanced) debugging function calls. 00873 * 00874 * If you need all error reporting you should enable this during debugging, 00875 * but remove this for production servers that should log as well. 00876 * 00877 * Uncomment this macro to report all debug messages on errors introducing 00878 * a timing side-channel. 00879 * 00880 */ 00881 //#define POLARSSL_SSL_DEBUG_ALL 00882 00883 /** \def POLARSSL_SSL_ENCRYPT_THEN_MAC 00884 * 00885 * Enable support for Encrypt-then-MAC, RFC 7366. 00886 * 00887 * This allows peers that both support it to use a more robust protection for 00888 * ciphersuites using CBC, providing deep resistance against timing attacks 00889 * on the padding or underlying cipher. 00890 * 00891 * This only affects CBC ciphersuites, and is useless if none is defined. 00892 * 00893 * Requires: POLARSSL_SSL_PROTO_TLS1 or 00894 * POLARSSL_SSL_PROTO_TLS1_1 or 00895 * POLARSSL_SSL_PROTO_TLS1_2 00896 * 00897 * Comment this macro to disable support for Encrypt-then-MAC 00898 */ 00899 #define POLARSSL_SSL_ENCRYPT_THEN_MAC 00900 00901 /** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET 00902 * 00903 * Enable support for Extended Master Secret, aka Session Hash 00904 * (draft-ietf-tls-session-hash-02). 00905 * 00906 * This was introduced as "the proper fix" to the Triple Handshake familiy of 00907 * attacks, but it is recommended to always use it (even if you disable 00908 * renegotiation), since it actually fixes a more fundamental issue in the 00909 * original SSL/TLS design, and has implications beyond Triple Handshake. 00910 * 00911 * Requires: POLARSSL_SSL_PROTO_TLS1 or 00912 * POLARSSL_SSL_PROTO_TLS1_1 or 00913 * POLARSSL_SSL_PROTO_TLS1_2 00914 * 00915 * Comment this macro to disable support for Extended Master Secret. 00916 */ 00917 #define POLARSSL_SSL_EXTENDED_MASTER_SECRET 00918 00919 /** 00920 * \def POLARSSL_SSL_FALLBACK_SCSV 00921 * 00922 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 00923 * 00924 * For servers, it is recommended to always enable this, unless you support 00925 * only one version of TLS, or know for sure that none of your clients 00926 * implements a fallback strategy. 00927 * 00928 * For clients, you only need this if you're using a fallback strategy, which 00929 * is not recommended in the first place, unless you absolutely need it to 00930 * interoperate with buggy (version-intolerant) servers. 00931 * 00932 * Comment this macro to disable support for FALLBACK_SCSV 00933 */ 00934 #define POLARSSL_SSL_FALLBACK_SCSV 00935 00936 /** 00937 * \def POLARSSL_SSL_HW_RECORD_ACCEL 00938 * 00939 * Enable hooking functions in SSL module for hardware acceleration of 00940 * individual records. 00941 * 00942 * Uncomment this macro to enable hooking functions. 00943 */ 00944 //#define POLARSSL_SSL_HW_RECORD_ACCEL 00945 00946 /** 00947 * \def POLARSSL_SSL_CBC_RECORD_SPLITTING 00948 * 00949 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 00950 * 00951 * This is a countermeasure to the BEAST attack, which also minimizes the risk 00952 * of interoperability issues compared to sending 0-length records. 00953 * 00954 * Comment this macro to disable 1/n-1 record splitting. 00955 */ 00956 #define POLARSSL_SSL_CBC_RECORD_SPLITTING 00957 00958 /** 00959 * \def POLARSSL_SSL_DISABLE_RENEGOTIATION 00960 * 00961 * Disable support for TLS renegotiation. 00962 * 00963 * The two main uses of renegotiation are (1) refresh keys on long-lived 00964 * connections and (2) client authentication after the initial handshake. 00965 * If you don't need renegotiation, it's probably better to disable it, since 00966 * it has been associated with security issues in the past and is easy to 00967 * misuse/misunderstand. 00968 * 00969 * Warning: in the next stable branch, this switch will be replaced by 00970 * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation. 00971 * 00972 * Uncomment this to disable support for renegotiation. 00973 */ 00974 //#define POLARSSL_SSL_DISABLE_RENEGOTIATION 00975 00976 /** 00977 * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 00978 * 00979 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 00980 * SSL Server module (POLARSSL_SSL_SRV_C). 00981 * 00982 * Comment this macro to disable support for SSLv2 Client Hello messages. 00983 */ 00984 #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 00985 00986 /** 00987 * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE 00988 * 00989 * Pick the ciphersuite according to the client's preferences rather than ours 00990 * in the SSL Server module (POLARSSL_SSL_SRV_C). 00991 * 00992 * Uncomment this macro to respect client's ciphersuite order 00993 */ 00994 //#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE 00995 00996 /** 00997 * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH 00998 * 00999 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01000 * 01001 * Comment this macro to disable support for the max_fragment_length extension 01002 */ 01003 #define POLARSSL_SSL_MAX_FRAGMENT_LENGTH 01004 01005 /** 01006 * \def POLARSSL_SSL_PROTO_SSL3 01007 * 01008 * Enable support for SSL 3.0. 01009 * 01010 * Requires: POLARSSL_MD5_C 01011 * POLARSSL_SHA1_C 01012 * 01013 * Comment this macro to disable support for SSL 3.0 01014 */ 01015 #define POLARSSL_SSL_PROTO_SSL3 01016 01017 /** 01018 * \def POLARSSL_SSL_PROTO_TLS1 01019 * 01020 * Enable support for TLS 1.0. 01021 * 01022 * Requires: POLARSSL_MD5_C 01023 * POLARSSL_SHA1_C 01024 * 01025 * Comment this macro to disable support for TLS 1.0 01026 */ 01027 #define POLARSSL_SSL_PROTO_TLS1 01028 01029 /** 01030 * \def POLARSSL_SSL_PROTO_TLS1_1 01031 * 01032 * Enable support for TLS 1.1. 01033 * 01034 * Requires: POLARSSL_MD5_C 01035 * POLARSSL_SHA1_C 01036 * 01037 * Comment this macro to disable support for TLS 1.1 01038 */ 01039 #define POLARSSL_SSL_PROTO_TLS1_1 01040 01041 /** 01042 * \def POLARSSL_SSL_PROTO_TLS1_2 01043 * 01044 * Enable support for TLS 1.2. 01045 * 01046 * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C 01047 * (Depends on ciphersuites) 01048 * 01049 * Comment this macro to disable support for TLS 1.2 01050 */ 01051 #define POLARSSL_SSL_PROTO_TLS1_2 01052 01053 /** 01054 * \def POLARSSL_SSL_ALPN 01055 * 01056 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01057 * 01058 * Comment this macro to disable support for ALPN. 01059 */ 01060 #define POLARSSL_SSL_ALPN 01061 01062 /** 01063 * \def POLARSSL_SSL_SESSION_TICKETS 01064 * 01065 * Enable support for RFC 5077 session tickets in SSL. 01066 * 01067 * Requires: POLARSSL_AES_C 01068 * POLARSSL_SHA256_C 01069 * POLARSSL_CIPHER_MODE_CBC 01070 * 01071 * Comment this macro to disable support for SSL session tickets 01072 */ 01073 #define POLARSSL_SSL_SESSION_TICKETS 01074 01075 /** 01076 * \def POLARSSL_SSL_SERVER_NAME_INDICATION 01077 * 01078 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01079 * 01080 * Requires: POLARSSL_X509_CRT_PARSE_C 01081 * 01082 * Comment this macro to disable support for server name indication in SSL 01083 */ 01084 #define POLARSSL_SSL_SERVER_NAME_INDICATION 01085 01086 /** 01087 * \def POLARSSL_SSL_TRUNCATED_HMAC 01088 * 01089 * Enable support for RFC 6066 truncated HMAC in SSL. 01090 * 01091 * Comment this macro to disable support for truncated HMAC in SSL 01092 */ 01093 #define POLARSSL_SSL_TRUNCATED_HMAC 01094 01095 /** 01096 * \def POLARSSL_SSL_SET_CURVES 01097 * 01098 * Enable ssl_set_curves(). 01099 * 01100 * This is disabled by default since it breaks binary compatibility with the 01101 * 1.3.x line. If you choose to enable it, you will need to rebuild your 01102 * application against the new header files, relinking will not be enough. 01103 * It will be enabled by default, or no longer an option, in the 1.4 branch. 01104 * 01105 * Uncomment to make ssl_set_curves() available. 01106 */ 01107 //#define POLARSSL_SSL_SET_CURVES 01108 01109 /** 01110 * \def POLARSSL_THREADING_ALT 01111 * 01112 * Provide your own alternate threading implementation. 01113 * 01114 * Requires: POLARSSL_THREADING_C 01115 * 01116 * Uncomment this to allow your own alternate threading implementation. 01117 */ 01118 //#define POLARSSL_THREADING_ALT 01119 01120 /** 01121 * \def POLARSSL_THREADING_PTHREAD 01122 * 01123 * Enable the pthread wrapper layer for the threading layer. 01124 * 01125 * Requires: POLARSSL_THREADING_C 01126 * 01127 * Uncomment this to enable pthread mutexes. 01128 */ 01129 //#define POLARSSL_THREADING_PTHREAD 01130 01131 /** 01132 * \def POLARSSL_VERSION_FEATURES 01133 * 01134 * Allow run-time checking of compile-time enabled features. Thus allowing users 01135 * to check at run-time if the library is for instance compiled with threading 01136 * support via version_check_feature(). 01137 * 01138 * Requires: POLARSSL_VERSION_C 01139 * 01140 * Comment this to disable run-time checking and save ROM space 01141 */ 01142 #define POLARSSL_VERSION_FEATURES 01143 01144 /** 01145 * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 01146 * 01147 * If set, the X509 parser will not break-off when parsing an X509 certificate 01148 * and encountering an extension in a v1 or v2 certificate. 01149 * 01150 * Uncomment to prevent an error. 01151 */ 01152 //#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 01153 01154 /** 01155 * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01156 * 01157 * If set, the X509 parser will not break-off when parsing an X509 certificate 01158 * and encountering an unknown critical extension. 01159 * 01160 * Uncomment to prevent an error. 01161 */ 01162 //#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01163 01164 /** 01165 * \def POLARSSL_X509_CHECK_KEY_USAGE 01166 * 01167 * Enable verification of the keyUsage extension (CA and leaf certificates). 01168 * 01169 * Disabling this avoids problems with mis-issued and/or misused 01170 * (intermediate) CA and leaf certificates. 01171 * 01172 * \warning Depending on your PKI use, disabling this can be a security risk! 01173 * 01174 * Comment to skip keyUsage checking for both CA and leaf certificates. 01175 */ 01176 #define POLARSSL_X509_CHECK_KEY_USAGE 01177 01178 /** 01179 * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE 01180 * 01181 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01182 * 01183 * Disabling this avoids problems with mis-issued and/or misused certificates. 01184 * 01185 * \warning Depending on your PKI use, disabling this can be a security risk! 01186 * 01187 * Comment to skip extendedKeyUsage checking for certificates. 01188 */ 01189 #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE 01190 01191 /** 01192 * \def POLARSSL_X509_RSASSA_PSS_SUPPORT 01193 * 01194 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01195 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01196 * 01197 * Comment this macro to disallow using RSASSA-PSS in certificates. 01198 */ 01199 #define POLARSSL_X509_RSASSA_PSS_SUPPORT 01200 01201 /** 01202 * \def POLARSSL_ZLIB_SUPPORT 01203 * 01204 * If set, the SSL/TLS module uses ZLIB to support compression and 01205 * decompression of packet data. 01206 * 01207 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01208 * CRIME attack. Before enabling this option, you should examine with care if 01209 * CRIME or similar exploits may be a applicable to your use case. 01210 * 01211 * Used in: library/ssl_tls.c 01212 * library/ssl_cli.c 01213 * library/ssl_srv.c 01214 * 01215 * This feature requires zlib library and headers to be present. 01216 * 01217 * Uncomment to enable use of ZLIB 01218 */ 01219 //#define POLARSSL_ZLIB_SUPPORT 01220 /* \} name SECTION: mbed TLS feature support */ 01221 01222 /** 01223 * \name SECTION: mbed TLS modules 01224 * 01225 * This section enables or disables entire modules in mbed TLS 01226 * \{ 01227 */ 01228 01229 /** 01230 * \def POLARSSL_AESNI_C 01231 * 01232 * Enable AES-NI support on x86-64. 01233 * 01234 * Module: library/aesni.c 01235 * Caller: library/aes.c 01236 * 01237 * Requires: POLARSSL_HAVE_ASM 01238 * 01239 * This modules adds support for the AES-NI instructions on x86-64 01240 */ 01241 //#define POLARSSL_AESNI_C 01242 01243 /** 01244 * \def POLARSSL_AES_C 01245 * 01246 * Enable the AES block cipher. 01247 * 01248 * Module: library/aes.c 01249 * Caller: library/ssl_tls.c 01250 * library/pem.c 01251 * library/ctr_drbg.c 01252 * 01253 * This module enables the following ciphersuites (if other requisites are 01254 * enabled as well): 01255 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01256 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01257 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01258 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01259 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01260 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01261 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01262 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01263 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01264 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01265 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01266 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01267 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01268 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01269 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01270 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01271 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01272 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01273 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01274 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01275 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01276 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01277 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01278 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01279 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01280 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01281 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01282 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01283 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01284 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01285 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01286 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01287 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01288 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01289 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01290 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01291 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01292 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01293 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01294 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01295 * TLS_RSA_WITH_AES_256_GCM_SHA384 01296 * TLS_RSA_WITH_AES_256_CBC_SHA256 01297 * TLS_RSA_WITH_AES_256_CBC_SHA 01298 * TLS_RSA_WITH_AES_128_GCM_SHA256 01299 * TLS_RSA_WITH_AES_128_CBC_SHA256 01300 * TLS_RSA_WITH_AES_128_CBC_SHA 01301 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01302 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01303 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01304 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01305 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01306 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01307 * TLS_PSK_WITH_AES_256_GCM_SHA384 01308 * TLS_PSK_WITH_AES_256_CBC_SHA384 01309 * TLS_PSK_WITH_AES_256_CBC_SHA 01310 * TLS_PSK_WITH_AES_128_GCM_SHA256 01311 * TLS_PSK_WITH_AES_128_CBC_SHA256 01312 * TLS_PSK_WITH_AES_128_CBC_SHA 01313 * 01314 * PEM_PARSE uses AES for decrypting encrypted keys. 01315 */ 01316 #define POLARSSL_AES_C 01317 01318 /** 01319 * \def POLARSSL_ARC4_C 01320 * 01321 * Enable the ARCFOUR stream cipher. 01322 * 01323 * Module: library/arc4.c 01324 * Caller: library/ssl_tls.c 01325 * 01326 * This module enables the following ciphersuites (if other requisites are 01327 * enabled as well): 01328 * TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01329 * TLS_ECDH_RSA_WITH_RC4_128_SHA 01330 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01331 * TLS_ECDHE_RSA_WITH_RC4_128_SHA 01332 * TLS_ECDHE_PSK_WITH_RC4_128_SHA 01333 * TLS_DHE_PSK_WITH_RC4_128_SHA 01334 * TLS_RSA_WITH_RC4_128_SHA 01335 * TLS_RSA_WITH_RC4_128_MD5 01336 * TLS_RSA_PSK_WITH_RC4_128_SHA 01337 * TLS_PSK_WITH_RC4_128_SHA 01338 */ 01339 #define POLARSSL_ARC4_C 01340 01341 /** 01342 * \def POLARSSL_ASN1_PARSE_C 01343 * 01344 * Enable the generic ASN1 parser. 01345 * 01346 * Module: library/asn1.c 01347 * Caller: library/x509.c 01348 * library/dhm.c 01349 * library/pkcs12.c 01350 * library/pkcs5.c 01351 * library/pkparse.c 01352 */ 01353 #define POLARSSL_ASN1_PARSE_C 01354 01355 /** 01356 * \def POLARSSL_ASN1_WRITE_C 01357 * 01358 * Enable the generic ASN1 writer. 01359 * 01360 * Module: library/asn1write.c 01361 * Caller: library/ecdsa.c 01362 * library/pkwrite.c 01363 * library/x509_create.c 01364 * library/x509write_crt.c 01365 * library/x509write_csr.c 01366 */ 01367 #define POLARSSL_ASN1_WRITE_C 01368 01369 /** 01370 * \def POLARSSL_BASE64_C 01371 * 01372 * Enable the Base64 module. 01373 * 01374 * Module: library/base64.c 01375 * Caller: library/pem.c 01376 * 01377 * This module is required for PEM support (required by X.509). 01378 */ 01379 #define POLARSSL_BASE64_C 01380 01381 /** 01382 * \def POLARSSL_BIGNUM_C 01383 * 01384 * Enable the multi-precision integer library. 01385 * 01386 * Module: library/bignum.c 01387 * Caller: library/dhm.c 01388 * library/ecp.c 01389 * library/ecdsa.c 01390 * library/rsa.c 01391 * library/ssl_tls.c 01392 * 01393 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01394 */ 01395 #define POLARSSL_BIGNUM_C 01396 01397 /** 01398 * \def POLARSSL_BLOWFISH_C 01399 * 01400 * Enable the Blowfish block cipher. 01401 * 01402 * Module: library/blowfish.c 01403 */ 01404 #define POLARSSL_BLOWFISH_C 01405 01406 /** 01407 * \def POLARSSL_CAMELLIA_C 01408 * 01409 * Enable the Camellia block cipher. 01410 * 01411 * Module: library/camellia.c 01412 * Caller: library/ssl_tls.c 01413 * 01414 * This module enables the following ciphersuites (if other requisites are 01415 * enabled as well): 01416 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01417 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01418 * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01419 * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01420 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01421 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01422 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01423 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01424 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01425 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01426 * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01427 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01428 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01429 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01430 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01431 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01432 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01433 * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01434 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01435 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01436 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01437 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01438 * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01439 * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01440 * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01441 * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01442 * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01443 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01444 * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01445 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01446 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01447 * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01448 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01449 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01450 * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01451 * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01452 * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01453 * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01454 * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01455 * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01456 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01457 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01458 */ 01459 #define POLARSSL_CAMELLIA_C 01460 01461 /** 01462 * \def POLARSSL_CCM_C 01463 * 01464 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01465 * 01466 * Module: library/ccm.c 01467 * 01468 * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C 01469 * 01470 * This module enables the AES-CCM ciphersuites, if other requisites are 01471 * enabled as well. 01472 */ 01473 #define POLARSSL_CCM_C 01474 01475 /** 01476 * \def POLARSSL_CERTS_C 01477 * 01478 * Enable the test certificates. 01479 * 01480 * Module: library/certs.c 01481 * Caller: 01482 * 01483 * Requires: POLARSSL_PEM_PARSE_C 01484 * 01485 * This module is used for testing (ssl_client/server). 01486 */ 01487 #define POLARSSL_CERTS_C 01488 01489 /** 01490 * \def POLARSSL_CIPHER_C 01491 * 01492 * Enable the generic cipher layer. 01493 * 01494 * Module: library/cipher.c 01495 * Caller: library/ssl_tls.c 01496 * 01497 * Uncomment to enable generic cipher wrappers. 01498 */ 01499 #define POLARSSL_CIPHER_C 01500 01501 /** 01502 * \def POLARSSL_CTR_DRBG_C 01503 * 01504 * Enable the CTR_DRBG AES-256-based random generator. 01505 * 01506 * Module: library/ctr_drbg.c 01507 * Caller: 01508 * 01509 * Requires: POLARSSL_AES_C 01510 * 01511 * This module provides the CTR_DRBG AES-256 random number generator. 01512 */ 01513 #define POLARSSL_CTR_DRBG_C 01514 01515 /** 01516 * \def POLARSSL_DEBUG_C 01517 * 01518 * Enable the debug functions. 01519 * 01520 * Module: library/debug.c 01521 * Caller: library/ssl_cli.c 01522 * library/ssl_srv.c 01523 * library/ssl_tls.c 01524 * 01525 * This module provides debugging functions. 01526 */ 01527 #define POLARSSL_DEBUG_C 01528 01529 /** 01530 * \def POLARSSL_DES_C 01531 * 01532 * Enable the DES block cipher. 01533 * 01534 * Module: library/des.c 01535 * Caller: library/pem.c 01536 * library/ssl_tls.c 01537 * 01538 * This module enables the following ciphersuites (if other requisites are 01539 * enabled as well): 01540 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01541 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01542 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01543 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01544 * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01545 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01546 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01547 * TLS_RSA_WITH_3DES_EDE_CBC_SHA 01548 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01549 * TLS_PSK_WITH_3DES_EDE_CBC_SHA 01550 * 01551 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01552 */ 01553 #define POLARSSL_DES_C 01554 01555 /** 01556 * \def POLARSSL_DHM_C 01557 * 01558 * Enable the Diffie-Hellman-Merkle module. 01559 * 01560 * Module: library/dhm.c 01561 * Caller: library/ssl_cli.c 01562 * library/ssl_srv.c 01563 * 01564 * This module is used by the following key exchanges: 01565 * DHE-RSA, DHE-PSK 01566 */ 01567 #define POLARSSL_DHM_C 01568 01569 /** 01570 * \def POLARSSL_ECDH_C 01571 * 01572 * Enable the elliptic curve Diffie-Hellman library. 01573 * 01574 * Module: library/ecdh.c 01575 * Caller: library/ssl_cli.c 01576 * library/ssl_srv.c 01577 * 01578 * This module is used by the following key exchanges: 01579 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01580 * 01581 * Requires: POLARSSL_ECP_C 01582 */ 01583 #define POLARSSL_ECDH_C 01584 01585 /** 01586 * \def POLARSSL_ECDSA_C 01587 * 01588 * Enable the elliptic curve DSA library. 01589 * 01590 * Module: library/ecdsa.c 01591 * Caller: 01592 * 01593 * This module is used by the following key exchanges: 01594 * ECDHE-ECDSA 01595 * 01596 * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C 01597 */ 01598 #define POLARSSL_ECDSA_C 01599 01600 /** 01601 * \def POLARSSL_ECP_C 01602 * 01603 * Enable the elliptic curve over GF(p) library. 01604 * 01605 * Module: library/ecp.c 01606 * Caller: library/ecdh.c 01607 * library/ecdsa.c 01608 * 01609 * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED 01610 */ 01611 #define POLARSSL_ECP_C 01612 01613 /** 01614 * \def POLARSSL_ENTROPY_C 01615 * 01616 * Enable the platform-specific entropy code. 01617 * 01618 * Module: library/entropy.c 01619 * Caller: 01620 * 01621 * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C 01622 * 01623 * This module provides a generic entropy pool 01624 */ 01625 #define POLARSSL_ENTROPY_C 01626 01627 /** 01628 * \def POLARSSL_ERROR_C 01629 * 01630 * Enable error code to error string conversion. 01631 * 01632 * Module: library/error.c 01633 * Caller: 01634 * 01635 * This module enables polarssl_strerror(). 01636 */ 01637 #define POLARSSL_ERROR_C 01638 01639 /** 01640 * \def POLARSSL_GCM_C 01641 * 01642 * Enable the Galois/Counter Mode (GCM) for AES. 01643 * 01644 * Module: library/gcm.c 01645 * 01646 * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C 01647 * 01648 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01649 * requisites are enabled as well. 01650 */ 01651 #define POLARSSL_GCM_C 01652 01653 /** 01654 * \def POLARSSL_HAVEGE_C 01655 * 01656 * Enable the HAVEGE random generator. 01657 * 01658 * Warning: the HAVEGE random generator is not suitable for virtualized 01659 * environments 01660 * 01661 * Warning: the HAVEGE random generator is dependent on timing and specific 01662 * processor traits. It is therefore not advised to use HAVEGE as 01663 * your applications primary random generator or primary entropy pool 01664 * input. As a secondary input to your entropy pool, it IS able add 01665 * the (limited) extra entropy it provides. 01666 * 01667 * Module: library/havege.c 01668 * Caller: 01669 * 01670 * Requires: POLARSSL_TIMING_C 01671 * 01672 * Uncomment to enable the HAVEGE random generator. 01673 */ 01674 //#define POLARSSL_HAVEGE_C 01675 01676 /** 01677 * \def POLARSSL_HMAC_DRBG_C 01678 * 01679 * Enable the HMAC_DRBG random generator. 01680 * 01681 * Module: library/hmac_drbg.c 01682 * Caller: 01683 * 01684 * Requires: POLARSSL_MD_C 01685 * 01686 * Uncomment to enable the HMAC_DRBG random number geerator. 01687 */ 01688 #define POLARSSL_HMAC_DRBG_C 01689 01690 /** 01691 * \def POLARSSL_MD_C 01692 * 01693 * Enable the generic message digest layer. 01694 * 01695 * Module: library/md.c 01696 * Caller: 01697 * 01698 * Uncomment to enable generic message digest wrappers. 01699 */ 01700 #define POLARSSL_MD_C 01701 01702 /** 01703 * \def POLARSSL_MD2_C 01704 * 01705 * Enable the MD2 hash algorithm. 01706 * 01707 * Module: library/md2.c 01708 * Caller: 01709 * 01710 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01711 */ 01712 //#define POLARSSL_MD2_C 01713 01714 /** 01715 * \def POLARSSL_MD4_C 01716 * 01717 * Enable the MD4 hash algorithm. 01718 * 01719 * Module: library/md4.c 01720 * Caller: 01721 * 01722 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01723 */ 01724 //#define POLARSSL_MD4_C 01725 01726 /** 01727 * \def POLARSSL_MD5_C 01728 * 01729 * Enable the MD5 hash algorithm. 01730 * 01731 * Module: library/md5.c 01732 * Caller: library/md.c 01733 * library/pem.c 01734 * library/ssl_tls.c 01735 * 01736 * This module is required for SSL/TLS and X.509. 01737 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01738 */ 01739 #define POLARSSL_MD5_C 01740 01741 /** 01742 * \def POLARSSL_MEMORY_C 01743 * 01744 * \deprecated Use POLARSSL_PLATFORM_MEMORY instead. 01745 * 01746 * Depends on: POLARSSL_PLATFORM_C 01747 */ 01748 //#define POLARSSL_MEMORY_C 01749 01750 /** 01751 * \def POLARSSL_MEMORY_BUFFER_ALLOC_C 01752 * 01753 * Enable the buffer allocator implementation that makes use of a (stack) 01754 * based buffer to 'allocate' dynamic memory. (replaces malloc() and free() 01755 * calls) 01756 * 01757 * Module: library/memory_buffer_alloc.c 01758 * 01759 * Requires: POLARSSL_PLATFORM_C 01760 * POLARSSL_PLATFORM_MEMORY (to use it within mbed TLS) 01761 * 01762 * Enable this module to enable the buffer memory allocator. 01763 */ 01764 //#define POLARSSL_MEMORY_BUFFER_ALLOC_C 01765 01766 /** 01767 * \def POLARSSL_NET_C 01768 * 01769 * Enable the TCP/IP networking routines. 01770 * 01771 * \warning As of 1.3.11, it is deprecated to enable this module without 01772 * POLARSSL_HAVE_IPV6. The alternative legacy code will be removed in 2.0. 01773 * 01774 * Module: library/net.c 01775 * 01776 * This module provides TCP/IP networking routines. 01777 */ 01778 //#define POLARSSL_NET_C 01779 01780 /** 01781 * \def POLARSSL_OID_C 01782 * 01783 * Enable the OID database. 01784 * 01785 * Module: library/oid.c 01786 * Caller: library/asn1write.c 01787 * library/pkcs5.c 01788 * library/pkparse.c 01789 * library/pkwrite.c 01790 * library/rsa.c 01791 * library/x509.c 01792 * library/x509_create.c 01793 * library/x509_crl.c 01794 * library/x509_crt.c 01795 * library/x509_csr.c 01796 * library/x509write_crt.c 01797 * library/x509write_csr.c 01798 * 01799 * This modules translates between OIDs and internal values. 01800 */ 01801 #define POLARSSL_OID_C 01802 01803 /** 01804 * \def POLARSSL_PADLOCK_C 01805 * 01806 * Enable VIA Padlock support on x86. 01807 * 01808 * Module: library/padlock.c 01809 * Caller: library/aes.c 01810 * 01811 * Requires: POLARSSL_HAVE_ASM 01812 * 01813 * This modules adds support for the VIA PadLock on x86. 01814 */ 01815 //#define POLARSSL_PADLOCK_C 01816 01817 /** 01818 * \def POLARSSL_PBKDF2_C 01819 * 01820 * Enable PKCS#5 PBKDF2 key derivation function. 01821 * 01822 * \deprecated Use POLARSSL_PKCS5_C instead 01823 * 01824 * Module: library/pbkdf2.c 01825 * 01826 * Requires: POLARSSL_PKCS5_C 01827 * 01828 * This module adds support for the PKCS#5 PBKDF2 key derivation function. 01829 */ 01830 #define POLARSSL_PBKDF2_C 01831 01832 /** 01833 * \def POLARSSL_PEM_PARSE_C 01834 * 01835 * Enable PEM decoding / parsing. 01836 * 01837 * Module: library/pem.c 01838 * Caller: library/dhm.c 01839 * library/pkparse.c 01840 * library/x509_crl.c 01841 * library/x509_crt.c 01842 * library/x509_csr.c 01843 * 01844 * Requires: POLARSSL_BASE64_C 01845 * 01846 * This modules adds support for decoding / parsing PEM files. 01847 */ 01848 #define POLARSSL_PEM_PARSE_C 01849 01850 /** 01851 * \def POLARSSL_PEM_WRITE_C 01852 * 01853 * Enable PEM encoding / writing. 01854 * 01855 * Module: library/pem.c 01856 * Caller: library/pkwrite.c 01857 * library/x509write_crt.c 01858 * library/x509write_csr.c 01859 * 01860 * Requires: POLARSSL_BASE64_C 01861 * 01862 * This modules adds support for encoding / writing PEM files. 01863 */ 01864 #define POLARSSL_PEM_WRITE_C 01865 01866 /** 01867 * \def POLARSSL_PK_C 01868 * 01869 * Enable the generic public (asymetric) key layer. 01870 * 01871 * Module: library/pk.c 01872 * Caller: library/ssl_tls.c 01873 * library/ssl_cli.c 01874 * library/ssl_srv.c 01875 * 01876 * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C 01877 * 01878 * Uncomment to enable generic public key wrappers. 01879 */ 01880 #define POLARSSL_PK_C 01881 01882 /** 01883 * \def POLARSSL_PK_PARSE_C 01884 * 01885 * Enable the generic public (asymetric) key parser. 01886 * 01887 * Module: library/pkparse.c 01888 * Caller: library/x509_crt.c 01889 * library/x509_csr.c 01890 * 01891 * Requires: POLARSSL_PK_C 01892 * 01893 * Uncomment to enable generic public key parse functions. 01894 */ 01895 #define POLARSSL_PK_PARSE_C 01896 01897 /** 01898 * \def POLARSSL_PK_WRITE_C 01899 * 01900 * Enable the generic public (asymetric) key writer. 01901 * 01902 * Module: library/pkwrite.c 01903 * Caller: library/x509write.c 01904 * 01905 * Requires: POLARSSL_PK_C 01906 * 01907 * Uncomment to enable generic public key write functions. 01908 */ 01909 #define POLARSSL_PK_WRITE_C 01910 01911 /** 01912 * \def POLARSSL_PKCS5_C 01913 * 01914 * Enable PKCS#5 functions. 01915 * 01916 * Module: library/pkcs5.c 01917 * 01918 * Requires: POLARSSL_MD_C 01919 * 01920 * This module adds support for the PKCS#5 functions. 01921 */ 01922 #define POLARSSL_PKCS5_C 01923 01924 /** 01925 * \def POLARSSL_PKCS11_C 01926 * 01927 * Enable wrapper for PKCS#11 smartcard support. 01928 * 01929 * Module: library/pkcs11.c 01930 * Caller: library/pk.c 01931 * 01932 * Requires: POLARSSL_PK_C 01933 * 01934 * This module enables SSL/TLS PKCS #11 smartcard support. 01935 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 01936 */ 01937 //#define POLARSSL_PKCS11_C 01938 01939 /** 01940 * \def POLARSSL_PKCS12_C 01941 * 01942 * Enable PKCS#12 PBE functions. 01943 * Adds algorithms for parsing PKCS#8 encrypted private keys 01944 * 01945 * Module: library/pkcs12.c 01946 * Caller: library/pkparse.c 01947 * 01948 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C 01949 * Can use: POLARSSL_ARC4_C 01950 * 01951 * This module enables PKCS#12 functions. 01952 */ 01953 #define POLARSSL_PKCS12_C 01954 01955 /** 01956 * \def POLARSSL_PLATFORM_C 01957 * 01958 * Enable the platform abstraction layer that allows you to re-assign 01959 * functions like malloc(), free(), snprintf(), printf(), fprintf(), exit() 01960 * 01961 * Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT 01962 * or POLARSSL_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 01963 * above to be specified at runtime or compile time respectively. 01964 * 01965 * Module: library/platform.c 01966 * Caller: Most other .c files 01967 * 01968 * This module enables abstraction of common (libc) functions. 01969 */ 01970 #define POLARSSL_PLATFORM_C 01971 01972 /** 01973 * \def POLARSSL_RIPEMD160_C 01974 * 01975 * Enable the RIPEMD-160 hash algorithm. 01976 * 01977 * Module: library/ripemd160.c 01978 * Caller: library/md.c 01979 * 01980 */ 01981 #define POLARSSL_RIPEMD160_C 01982 01983 /** 01984 * \def POLARSSL_RSA_C 01985 * 01986 * Enable the RSA public-key cryptosystem. 01987 * 01988 * Module: library/rsa.c 01989 * Caller: library/ssl_cli.c 01990 * library/ssl_srv.c 01991 * library/ssl_tls.c 01992 * library/x509.c 01993 * 01994 * This module is used by the following key exchanges: 01995 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 01996 * 01997 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C 01998 */ 01999 #define POLARSSL_RSA_C 02000 02001 /** 02002 * \def POLARSSL_SHA1_C 02003 * 02004 * Enable the SHA1 cryptographic hash algorithm. 02005 * 02006 * Module: library/sha1.c 02007 * Caller: library/md.c 02008 * library/ssl_cli.c 02009 * library/ssl_srv.c 02010 * library/ssl_tls.c 02011 * library/x509write_crt.c 02012 * 02013 * This module is required for SSL/TLS and SHA1-signed certificates. 02014 */ 02015 #define POLARSSL_SHA1_C 02016 02017 /** 02018 * \def POLARSSL_SHA256_C 02019 * 02020 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02021 * (Used to be POLARSSL_SHA2_C) 02022 * 02023 * Module: library/sha256.c 02024 * Caller: library/entropy.c 02025 * library/md.c 02026 * library/ssl_cli.c 02027 * library/ssl_srv.c 02028 * library/ssl_tls.c 02029 * 02030 * This module adds support for SHA-224 and SHA-256. 02031 * This module is required for the SSL/TLS 1.2 PRF function. 02032 */ 02033 #define POLARSSL_SHA256_C 02034 02035 /** 02036 * \def POLARSSL_SHA512_C 02037 * 02038 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02039 * (Used to be POLARSSL_SHA4_C) 02040 * 02041 * Module: library/sha512.c 02042 * Caller: library/entropy.c 02043 * library/md.c 02044 * library/ssl_cli.c 02045 * library/ssl_srv.c 02046 * 02047 * This module adds support for SHA-384 and SHA-512. 02048 */ 02049 #define POLARSSL_SHA512_C 02050 02051 /** 02052 * \def POLARSSL_SSL_CACHE_C 02053 * 02054 * Enable simple SSL cache implementation. 02055 * 02056 * Module: library/ssl_cache.c 02057 * Caller: 02058 * 02059 * Requires: POLARSSL_SSL_CACHE_C 02060 */ 02061 #define POLARSSL_SSL_CACHE_C 02062 02063 /** 02064 * \def POLARSSL_SSL_CLI_C 02065 * 02066 * Enable the SSL/TLS client code. 02067 * 02068 * Module: library/ssl_cli.c 02069 * Caller: 02070 * 02071 * Requires: POLARSSL_SSL_TLS_C 02072 * 02073 * This module is required for SSL/TLS client support. 02074 */ 02075 #define POLARSSL_SSL_CLI_C 02076 02077 /** 02078 * \def POLARSSL_SSL_SRV_C 02079 * 02080 * Enable the SSL/TLS server code. 02081 * 02082 * Module: library/ssl_srv.c 02083 * Caller: 02084 * 02085 * Requires: POLARSSL_SSL_TLS_C 02086 * 02087 * This module is required for SSL/TLS server support. 02088 */ 02089 #define POLARSSL_SSL_SRV_C 02090 02091 /** 02092 * \def POLARSSL_SSL_TLS_C 02093 * 02094 * Enable the generic SSL/TLS code. 02095 * 02096 * Module: library/ssl_tls.c 02097 * Caller: library/ssl_cli.c 02098 * library/ssl_srv.c 02099 * 02100 * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C 02101 * and at least one of the POLARSSL_SSL_PROTO_* defines 02102 * 02103 * This module is required for SSL/TLS. 02104 */ 02105 #define POLARSSL_SSL_TLS_C 02106 02107 /** 02108 * \def POLARSSL_THREADING_C 02109 * 02110 * Enable the threading abstraction layer. 02111 * By default mbed TLS assumes it is used in a non-threaded environment or that 02112 * contexts are not shared between threads. If you do intend to use contexts 02113 * between threads, you will need to enable this layer to prevent race 02114 * conditions. 02115 * 02116 * Module: library/threading.c 02117 * 02118 * This allows different threading implementations (self-implemented or 02119 * provided). 02120 * 02121 * You will have to enable either POLARSSL_THREADING_ALT or 02122 * POLARSSL_THREADING_PTHREAD. 02123 * 02124 * Enable this layer to allow use of mutexes within mbed TLS 02125 */ 02126 //#define POLARSSL_THREADING_C 02127 02128 /** 02129 * \def POLARSSL_TIMING_C 02130 * 02131 * Enable the portable timing interface. 02132 * 02133 * Module: library/timing.c 02134 * Caller: library/havege.c 02135 * 02136 * This module is used by the HAVEGE random number generator. 02137 */ 02138 //#define POLARSSL_TIMING_C 02139 02140 /** 02141 * \def POLARSSL_VERSION_C 02142 * 02143 * Enable run-time version information. 02144 * 02145 * Module: library/version.c 02146 * 02147 * This module provides run-time version information. 02148 */ 02149 #define POLARSSL_VERSION_C 02150 02151 /** 02152 * \def POLARSSL_X509_USE_C 02153 * 02154 * Enable X.509 core for using certificates. 02155 * 02156 * Module: library/x509.c 02157 * Caller: library/x509_crl.c 02158 * library/x509_crt.c 02159 * library/x509_csr.c 02160 * 02161 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C, 02162 * POLARSSL_PK_PARSE_C 02163 * 02164 * This module is required for the X.509 parsing modules. 02165 */ 02166 #define POLARSSL_X509_USE_C 02167 02168 /** 02169 * \def POLARSSL_X509_CRT_PARSE_C 02170 * 02171 * Enable X.509 certificate parsing. 02172 * 02173 * Module: library/x509_crt.c 02174 * Caller: library/ssl_cli.c 02175 * library/ssl_srv.c 02176 * library/ssl_tls.c 02177 * 02178 * Requires: POLARSSL_X509_USE_C 02179 * 02180 * This module is required for X.509 certificate parsing. 02181 */ 02182 #define POLARSSL_X509_CRT_PARSE_C 02183 02184 /** 02185 * \def POLARSSL_X509_CRL_PARSE_C 02186 * 02187 * Enable X.509 CRL parsing. 02188 * 02189 * Module: library/x509_crl.c 02190 * Caller: library/x509_crt.c 02191 * 02192 * Requires: POLARSSL_X509_USE_C 02193 * 02194 * This module is required for X.509 CRL parsing. 02195 */ 02196 #define POLARSSL_X509_CRL_PARSE_C 02197 02198 /** 02199 * \def POLARSSL_X509_CSR_PARSE_C 02200 * 02201 * Enable X.509 Certificate Signing Request (CSR) parsing. 02202 * 02203 * Module: library/x509_csr.c 02204 * Caller: library/x509_crt_write.c 02205 * 02206 * Requires: POLARSSL_X509_USE_C 02207 * 02208 * This module is used for reading X.509 certificate request. 02209 */ 02210 #define POLARSSL_X509_CSR_PARSE_C 02211 02212 /** 02213 * \def POLARSSL_X509_CREATE_C 02214 * 02215 * Enable X.509 core for creating certificates. 02216 * 02217 * Module: library/x509_create.c 02218 * 02219 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C 02220 * 02221 * This module is the basis for creating X.509 certificates and CSRs. 02222 */ 02223 #define POLARSSL_X509_CREATE_C 02224 02225 /** 02226 * \def POLARSSL_X509_CRT_WRITE_C 02227 * 02228 * Enable creating X.509 certificates. 02229 * 02230 * Module: library/x509_crt_write.c 02231 * 02232 * Requires: POLARSSL_CREATE_C 02233 * 02234 * This module is required for X.509 certificate creation. 02235 */ 02236 #define POLARSSL_X509_CRT_WRITE_C 02237 02238 /** 02239 * \def POLARSSL_X509_CSR_WRITE_C 02240 * 02241 * Enable creating X.509 Certificate Signing Requests (CSR). 02242 * 02243 * Module: library/x509_csr_write.c 02244 * 02245 * Requires: POLARSSL_CREATE_C 02246 * 02247 * This module is required for X.509 certificate request writing. 02248 */ 02249 #define POLARSSL_X509_CSR_WRITE_C 02250 02251 /** 02252 * \def POLARSSL_XTEA_C 02253 * 02254 * Enable the XTEA block cipher. 02255 * 02256 * Module: library/xtea.c 02257 * Caller: 02258 */ 02259 #define POLARSSL_XTEA_C 02260 02261 /* \} name SECTION: mbed TLS modules */ 02262 02263 /** 02264 * \name SECTION: Module configuration options 02265 * 02266 * This section allows for the setting of module specific sizes and 02267 * configuration options. The default values are already present in the 02268 * relevant header files and should suffice for the regular use cases. 02269 * 02270 * Our advice is to enable options and change their values here 02271 * only if you have a good reason and know the consequences. 02272 * 02273 * Please check the respective header file for documentation on these 02274 * parameters (to prevent duplicate documentation). 02275 * \{ 02276 */ 02277 02278 /* MPI / BIGNUM options */ 02279 //#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02280 //#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02281 02282 /* CTR_DRBG options */ 02283 //#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02284 //#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02285 //#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02286 //#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02287 //#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02288 02289 /* HMAC_DRBG options */ 02290 //#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02291 //#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02292 //#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02293 //#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02294 02295 /* ECP options */ 02296 //#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02297 //#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02298 //#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02299 02300 /* Entropy options */ 02301 //#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02302 //#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02303 02304 /* Memory buffer allocator options */ 02305 //#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02306 02307 /* Platform options */ 02308 //#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02309 //#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ 02310 //#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02311 //#define POLARSSL_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02312 //#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02313 //#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02314 //#define POLARSSL_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02315 02316 /* To Use Function Macros POLARSSL_PLATFORM_C must be enabled */ 02317 /* POLARSSL_PLATFORM_XXX_MACRO and POLARSSL_PLATFORM_XXX_ALT cannot both be defined */ 02318 //#define POLARSSL_PLATFORM_MALLOC_MACRO malloc /**< Default allocator macro to use, can be undefined */ 02319 //#define POLARSSL_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02320 //#define POLARSSL_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02321 //#define POLARSSL_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02322 //#define POLARSSL_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02323 //#define POLARSSL_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02324 02325 /* SSL Cache options */ 02326 //#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02327 //#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02328 02329 /* SSL options */ 02330 //#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ 02331 //#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02332 //#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02333 02334 /** 02335 * Complete list of ciphersuites to use, in order of preference. 02336 * 02337 * \warning No dependency checking is done on that field! This option can only 02338 * be used to restrict the set of available ciphersuites. It is your 02339 * responsibility to make sure the needed modules are active. 02340 * 02341 * Use this to save a few hundred bytes of ROM (default ordering of all 02342 * available ciphersuites) and a few to a few hundred bytes of RAM. 02343 * 02344 * The value below is only an example, not the default. 02345 */ 02346 //#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02347 02348 /* Debug options */ 02349 //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */ 02350 02351 /* X509 options */ 02352 //#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02353 02354 /* \} name SECTION: Module configuration options */ 02355 02356 #include "check_config.h" 02357 02358 #endif /* POLARSSL_CONFIG_H */ 02359
Generated on Tue Jul 12 2022 13:50:37 by
1.7.2