mbed TLS library

Dependents:   HTTPClient-SSL WS_SERVER

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers config.h Source File

config.h

Go to the documentation of this file.
00001 /**
00002  * \file config.h
00003  *
00004  * \brief Configuration options (set of defines)
00005  *
00006  *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
00007  *
00008  *  This file is part of mbed TLS (https://tls.mbed.org)
00009  *
00010  *  This program is free software; you can redistribute it and/or modify
00011  *  it under the terms of the GNU General Public License as published by
00012  *  the Free Software Foundation; either version 2 of the License, or
00013  *  (at your option) any later version.
00014  *
00015  *  This program is distributed in the hope that it will be useful,
00016  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00017  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00018  *  GNU General Public License for more details.
00019  *
00020  *  You should have received a copy of the GNU General Public License along
00021  *  with this program; if not, write to the Free Software Foundation, Inc.,
00022  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
00023  *
00024  * This set of compile-time options may be used to enable
00025  * or disable features selectively, and reduce the global
00026  * memory footprint.
00027  */
00028 #ifndef POLARSSL_CONFIG_H
00029 #define POLARSSL_CONFIG_H
00030 
00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
00032 #define _CRT_SECURE_NO_DEPRECATE 1
00033 #endif
00034 
00035 /**
00036  * \name SECTION: System support
00037  *
00038  * This section sets system specific settings.
00039  * \{
00040  */
00041 
00042 /**
00043  * \def POLARSSL_HAVE_INT8
00044  *
00045  * The system uses 8-bit wide native integers.
00046  *
00047  * \deprecated The compiler should be able to generate code for 32-bit
00048  * arithmetic (required by C89). This code is likely to be at least as
00049  * efficient as ours.
00050  *
00051  * Uncomment if native integers are 8-bit wide.
00052  */
00053 //#define POLARSSL_HAVE_INT8
00054 
00055 /**
00056  * \def POLARSSL_HAVE_INT16
00057  *
00058  * The system uses 16-bit wide native integers.
00059  *
00060  * \deprecated The compiler should be able to generate code for 32-bit
00061  * arithmetic (required by C89). This code is likely to be at least as
00062  * efficient as ours.
00063  *
00064  * Uncomment if native integers are 16-bit wide.
00065  */
00066 //#define POLARSSL_HAVE_INT16
00067 
00068 /**
00069  * \def POLARSSL_HAVE_LONGLONG
00070  *
00071  * The compiler supports the 'long long' type.
00072  * (Only used on 32-bit platforms)
00073  */
00074 #define POLARSSL_HAVE_LONGLONG
00075 
00076 /**
00077  * \def POLARSSL_HAVE_ASM
00078  *
00079  * The compiler has support for asm().
00080  *
00081  * Requires support for asm() in compiler.
00082  *
00083  * Used in:
00084  *      library/timing.c
00085  *      library/padlock.c
00086  *      include/polarssl/bn_mul.h
00087  *
00088  * Comment to disable the use of assembly code.
00089  */
00090 //#define POLARSSL_HAVE_ASM
00091 
00092 /**
00093  * \def POLARSSL_HAVE_SSE2
00094  *
00095  * CPU supports SSE2 instruction set.
00096  *
00097  * Uncomment if the CPU supports SSE2 (IA-32 specific).
00098  */
00099 //#define POLARSSL_HAVE_SSE2
00100 
00101 /**
00102  * \def POLARSSL_HAVE_TIME
00103  *
00104  * System has time.h and time() / localtime()  / gettimeofday().
00105  *
00106  * Comment if your system does not support time functions
00107  */
00108 //#define POLARSSL_HAVE_TIME
00109 
00110 /**
00111  * \def POLARSSL_HAVE_IPV6
00112  *
00113  * System supports the basic socket interface for IPv6 (RFC 3493),
00114  * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage.
00115  *
00116  * Note: on Windows/MingW, XP or higher is required.
00117  *
00118  * \warning As of 1.3.11, *not* using this flag when POLARSSL_NET_C is
00119  * defined, is deprecated. The alternative legacy code will be removed in 2.0.
00120  *
00121  * Comment if your system does not support the IPv6 socket interface
00122  */
00123 #define POLARSSL_HAVE_IPV6
00124 
00125 /**
00126  * \def POLARSSL_PLATFORM_MEMORY
00127  *
00128  * Enable the memory allocation layer.
00129  *
00130  * By default mbed TLS uses the system-provided malloc() and free().
00131  * This allows different allocators (self-implemented or provided) to be
00132  * provided to the platform abstraction layer.
00133  *
00134  * Enabling POLARSSL_PLATFORM_MEMORY without the
00135  * POLARSSL_PLATFORM_{FREE,MALLOC}_MACROs will provide
00136  * "platform_set_malloc_free()" allowing you to set an alternative malloc() and
00137  * free() function pointer at runtime.
00138  *
00139  * Enabling POLARSSL_PLATFORM_MEMORY and specifying
00140  * POLARSSL_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the
00141  * alternate function at compile time.
00142  *
00143  * Requires: POLARSSL_PLATFORM_C
00144  *
00145  * Enable this layer to allow use of alternative memory allocators.
00146  */
00147 //#define POLARSSL_PLATFORM_MEMORY
00148 
00149 /**
00150  * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS
00151  *
00152  * Do not assign standard functions in the platform layer (e.g. malloc() to
00153  * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF)
00154  *
00155  * This makes sure there are no linking errors on platforms that do not support
00156  * these functions. You will HAVE to provide alternatives, either at runtime
00157  * via the platform_set_xxx() functions or at compile time by setting
00158  * the POLARSSL_PLATFORM_STD_XXX defines, or enabling a
00159  * POLARSSL_PLATFORM_XXX_MACRO.
00160  *
00161  * Requires: POLARSSL_PLATFORM_C
00162  *
00163  * Uncomment to prevent default assignment of standard functions in the
00164  * platform layer.
00165  */
00166 //#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS
00167 
00168 /**
00169  * \def POLARSSL_PLATFORM_XXX_ALT
00170  *
00171  * Uncomment a macro to let mbed TLS support the function in the platform
00172  * abstraction layer.
00173  *
00174  * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, mbed TLS will
00175  * provide a function "platform_set_printf()" that allows you to set an
00176  * alternative printf function pointer.
00177  *
00178  * All these define require POLARSSL_PLATFORM_C to be defined!
00179  *
00180  * WARNING: POLARSSL_PLATFORM_SNPRINTF_ALT is not available on Windows
00181  * for compatibility reasons.
00182  *
00183  * WARNING: POLARSSL_PLATFORM_XXX_ALT cannot be defined at the same time as
00184  * POLARSSL_PLATFORM_XXX_MACRO!
00185  *
00186  * Uncomment a macro to enable alternate implementation of specific base
00187  * platform function
00188  */
00189 //#define POLARSSL_PLATFORM_EXIT_ALT
00190 //#define POLARSSL_PLATFORM_FPRINTF_ALT
00191 //#define POLARSSL_PLATFORM_PRINTF_ALT
00192 //#define POLARSSL_PLATFORM_SNPRINTF_ALT
00193 
00194 /**
00195  * \def POLARSSL_DEPRECATED_WARNING
00196  *
00197  * Mark deprecated functions so that they generate a warning if used.
00198  * Functions deprecated in one version will usually be removed in the next
00199  * version. You can enable this to help you prepare the transition to a new
00200  * major version by making sure your code is not using these functions.
00201  *
00202  * This only works with GCC and Clang. With other compilers, you may want to
00203  * use POLARSSL_DEPRECATED_REMOVED
00204  *
00205  * Uncomment to get warnings on using deprecated functions.
00206  */
00207 //#define POLARSSL_DEPRECATED_WARNING
00208 
00209 /**
00210  * \def POLARSSL_DEPRECATED_REMOVED
00211  *
00212  * Remove deprecated functions so that they generate an error if used.
00213  * Functions deprecated in one version will usually be removed in the next
00214  * version. You can enable this to help you prepare the transition to a new
00215  * major version by making sure your code is not using these functions.
00216  *
00217  * Uncomment to get errors on using deprecated functions.
00218  */
00219 //#define POLARSSL_DEPRECATED_REMOVED
00220 
00221 /* \} name SECTION: System support */
00222 
00223 /**
00224  * \name SECTION: mbed TLS feature support
00225  *
00226  * This section sets support for features that are or are not needed
00227  * within the modules that are enabled.
00228  * \{
00229  */
00230 
00231 /**
00232  * \def POLARSSL_TIMING_ALT
00233  *
00234  * Uncomment to provide your own alternate implementation for hardclock(),
00235  * get_timer(), set_alarm() and m_sleep().
00236  *
00237  * Only works if you have POLARSSL_TIMING_C enabled.
00238  *
00239  * You will need to provide a header "timing_alt.h" and an implementation at
00240  * compile time.
00241  */
00242 //#define POLARSSL_TIMING_ALT
00243 
00244 /**
00245  * \def POLARSSL_XXX_ALT
00246  *
00247  * Uncomment a macro to let mbed TLS use your alternate core implementation of
00248  * a symmetric or hash algorithm (e.g. platform specific assembly optimized
00249  * implementations). Keep in mind that the function prototypes should remain
00250  * the same.
00251  *
00252  * Example: In case you uncomment POLARSSL_AES_ALT, mbed TLS will no longer
00253  * provide the "struct aes_context" definition and omit the base function
00254  * declarations and implementations. "aes_alt.h" will be included from
00255  * "aes.h" to include the new function definitions.
00256  *
00257  * Uncomment a macro to enable alternate implementation for core algorithm
00258  * functions
00259  */
00260 //#define POLARSSL_AES_ALT
00261 //#define POLARSSL_ARC4_ALT
00262 //#define POLARSSL_BLOWFISH_ALT
00263 //#define POLARSSL_CAMELLIA_ALT
00264 //#define POLARSSL_DES_ALT
00265 //#define POLARSSL_XTEA_ALT
00266 //#define POLARSSL_MD2_ALT
00267 //#define POLARSSL_MD4_ALT
00268 //#define POLARSSL_MD5_ALT
00269 //#define POLARSSL_RIPEMD160_ALT
00270 //#define POLARSSL_SHA1_ALT
00271 //#define POLARSSL_SHA256_ALT
00272 //#define POLARSSL_SHA512_ALT
00273 
00274 /**
00275  * \def POLARSSL_AES_ROM_TABLES
00276  *
00277  * Store the AES tables in ROM.
00278  *
00279  * Uncomment this macro to store the AES tables in ROM.
00280  */
00281 //#define POLARSSL_AES_ROM_TABLES
00282 
00283 /**
00284  * \def POLARSSL_CAMELLIA_SMALL_MEMORY
00285  *
00286  * Use less ROM for the Camellia implementation (saves about 768 bytes).
00287  *
00288  * Uncomment this macro to use less memory for Camellia.
00289  */
00290 //#define POLARSSL_CAMELLIA_SMALL_MEMORY
00291 
00292 /**
00293  * \def POLARSSL_CIPHER_MODE_CBC
00294  *
00295  * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
00296  */
00297 #define POLARSSL_CIPHER_MODE_CBC
00298 
00299 /**
00300  * \def POLARSSL_CIPHER_MODE_CFB
00301  *
00302  * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
00303  */
00304 #define POLARSSL_CIPHER_MODE_CFB
00305 
00306 /**
00307  * \def POLARSSL_CIPHER_MODE_CTR
00308  *
00309  * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
00310  */
00311 #define POLARSSL_CIPHER_MODE_CTR
00312 
00313 /**
00314  * \def POLARSSL_CIPHER_NULL_CIPHER
00315  *
00316  * Enable NULL cipher.
00317  * Warning: Only do so when you know what you are doing. This allows for
00318  * encryption or channels without any security!
00319  *
00320  * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
00321  * the following ciphersuites:
00322  *      TLS_ECDH_ECDSA_WITH_NULL_SHA
00323  *      TLS_ECDH_RSA_WITH_NULL_SHA
00324  *      TLS_ECDHE_ECDSA_WITH_NULL_SHA
00325  *      TLS_ECDHE_RSA_WITH_NULL_SHA
00326  *      TLS_ECDHE_PSK_WITH_NULL_SHA384
00327  *      TLS_ECDHE_PSK_WITH_NULL_SHA256
00328  *      TLS_ECDHE_PSK_WITH_NULL_SHA
00329  *      TLS_DHE_PSK_WITH_NULL_SHA384
00330  *      TLS_DHE_PSK_WITH_NULL_SHA256
00331  *      TLS_DHE_PSK_WITH_NULL_SHA
00332  *      TLS_RSA_WITH_NULL_SHA256
00333  *      TLS_RSA_WITH_NULL_SHA
00334  *      TLS_RSA_WITH_NULL_MD5
00335  *      TLS_RSA_PSK_WITH_NULL_SHA384
00336  *      TLS_RSA_PSK_WITH_NULL_SHA256
00337  *      TLS_RSA_PSK_WITH_NULL_SHA
00338  *      TLS_PSK_WITH_NULL_SHA384
00339  *      TLS_PSK_WITH_NULL_SHA256
00340  *      TLS_PSK_WITH_NULL_SHA
00341  *
00342  * Uncomment this macro to enable the NULL cipher and ciphersuites
00343  */
00344 //#define POLARSSL_CIPHER_NULL_CIPHER
00345 
00346 /**
00347  * \def POLARSSL_CIPHER_PADDING_XXX
00348  *
00349  * Uncomment or comment macros to add support for specific padding modes
00350  * in the cipher layer with cipher modes that support padding (e.g. CBC)
00351  *
00352  * If you disable all padding modes, only full blocks can be used with CBC.
00353  *
00354  * Enable padding modes in the cipher layer.
00355  */
00356 #define POLARSSL_CIPHER_PADDING_PKCS7
00357 #define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
00358 #define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
00359 #define POLARSSL_CIPHER_PADDING_ZEROS
00360 
00361 /**
00362  * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
00363  *
00364  * Enable weak ciphersuites in SSL / TLS.
00365  * Warning: Only do so when you know what you are doing. This allows for
00366  * channels with virtually no security at all!
00367  *
00368  * This enables the following ciphersuites:
00369  *      TLS_RSA_WITH_DES_CBC_SHA
00370  *      TLS_DHE_RSA_WITH_DES_CBC_SHA
00371  *
00372  * Uncomment this macro to enable weak ciphersuites
00373  */
00374 //#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
00375 
00376 /**
00377  * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES
00378  *
00379  * Remove RC4 ciphersuites by default in SSL / TLS.
00380  * This flag removes the ciphersuites based on RC4 from the default list as
00381  * returned by ssl_list_ciphersuites(). However, it is still possible to
00382  * enable (some of) them with ssl_set_ciphersuites() by including them
00383  * explicitly.
00384  *
00385  * Uncomment this macro to remove RC4 ciphersuites by default.
00386  */
00387 //#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
00388 
00389 /**
00390  * \def POLARSSL_ECP_XXXX_ENABLED
00391  *
00392  * Enables specific curves within the Elliptic Curve module.
00393  * By default all supported curves are enabled.
00394  *
00395  * Comment macros to disable the curve and functions for it
00396  */
00397 #define POLARSSL_ECP_DP_SECP192R1_ENABLED
00398 #define POLARSSL_ECP_DP_SECP224R1_ENABLED
00399 #define POLARSSL_ECP_DP_SECP256R1_ENABLED
00400 #define POLARSSL_ECP_DP_SECP384R1_ENABLED
00401 #define POLARSSL_ECP_DP_SECP521R1_ENABLED
00402 #define POLARSSL_ECP_DP_SECP192K1_ENABLED
00403 #define POLARSSL_ECP_DP_SECP224K1_ENABLED
00404 #define POLARSSL_ECP_DP_SECP256K1_ENABLED
00405 #define POLARSSL_ECP_DP_BP256R1_ENABLED
00406 #define POLARSSL_ECP_DP_BP384R1_ENABLED
00407 #define POLARSSL_ECP_DP_BP512R1_ENABLED
00408 //#define POLARSSL_ECP_DP_M221_ENABLED  // Not implemented yet!
00409 #define POLARSSL_ECP_DP_M255_ENABLED
00410 //#define POLARSSL_ECP_DP_M383_ENABLED  // Not implemented yet!
00411 //#define POLARSSL_ECP_DP_M511_ENABLED  // Not implemented yet!
00412 
00413 /**
00414  * \def POLARSSL_ECP_NIST_OPTIM
00415  *
00416  * Enable specific 'modulo p' routines for each NIST prime.
00417  * Depending on the prime and architecture, makes operations 4 to 8 times
00418  * faster on the corresponding curve.
00419  *
00420  * Comment this macro to disable NIST curves optimisation.
00421  */
00422 #define POLARSSL_ECP_NIST_OPTIM
00423 
00424 /**
00425  * \def POLARSSL_ECDSA_DETERMINISTIC
00426  *
00427  * Enable deterministic ECDSA (RFC 6979).
00428  * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
00429  * may result in a compromise of the long-term signing key. This is avoided by
00430  * the deterministic variant.
00431  *
00432  * Requires: POLARSSL_HMAC_DRBG_C
00433  *
00434  * Comment this macro to disable deterministic ECDSA.
00435  */
00436 #define POLARSSL_ECDSA_DETERMINISTIC
00437 
00438 /**
00439  * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
00440  *
00441  * Enable the PSK based ciphersuite modes in SSL / TLS.
00442  *
00443  * This enables the following ciphersuites (if other requisites are
00444  * enabled as well):
00445  *      TLS_PSK_WITH_AES_256_GCM_SHA384
00446  *      TLS_PSK_WITH_AES_256_CBC_SHA384
00447  *      TLS_PSK_WITH_AES_256_CBC_SHA
00448  *      TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
00449  *      TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
00450  *      TLS_PSK_WITH_AES_128_GCM_SHA256
00451  *      TLS_PSK_WITH_AES_128_CBC_SHA256
00452  *      TLS_PSK_WITH_AES_128_CBC_SHA
00453  *      TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
00454  *      TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
00455  *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
00456  *      TLS_PSK_WITH_RC4_128_SHA
00457  */
00458 #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
00459 
00460 /**
00461  * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
00462  *
00463  * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
00464  *
00465  * Requires: POLARSSL_DHM_C
00466  *
00467  * This enables the following ciphersuites (if other requisites are
00468  * enabled as well):
00469  *      TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
00470  *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
00471  *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA
00472  *      TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
00473  *      TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
00474  *      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
00475  *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
00476  *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA
00477  *      TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
00478  *      TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
00479  *      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
00480  *      TLS_DHE_PSK_WITH_RC4_128_SHA
00481  */
00482 #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
00483 
00484 /**
00485  * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
00486  *
00487  * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
00488  *
00489  * Requires: POLARSSL_ECDH_C
00490  *
00491  * This enables the following ciphersuites (if other requisites are
00492  * enabled as well):
00493  *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
00494  *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
00495  *      TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
00496  *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
00497  *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
00498  *      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
00499  *      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
00500  *      TLS_ECDHE_PSK_WITH_RC4_128_SHA
00501  */
00502 #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
00503 
00504 /**
00505  * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
00506  *
00507  * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
00508  *
00509  * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
00510  *           POLARSSL_X509_CRT_PARSE_C
00511  *
00512  * This enables the following ciphersuites (if other requisites are
00513  * enabled as well):
00514  *      TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
00515  *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
00516  *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA
00517  *      TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
00518  *      TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
00519  *      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
00520  *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
00521  *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA
00522  *      TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
00523  *      TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
00524  *      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
00525  *      TLS_RSA_PSK_WITH_RC4_128_SHA
00526  */
00527 #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
00528 
00529 /**
00530  * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
00531  *
00532  * Enable the RSA-only based ciphersuite modes in SSL / TLS.
00533  *
00534  * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
00535  *           POLARSSL_X509_CRT_PARSE_C
00536  *
00537  * This enables the following ciphersuites (if other requisites are
00538  * enabled as well):
00539  *      TLS_RSA_WITH_AES_256_GCM_SHA384
00540  *      TLS_RSA_WITH_AES_256_CBC_SHA256
00541  *      TLS_RSA_WITH_AES_256_CBC_SHA
00542  *      TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
00543  *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
00544  *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
00545  *      TLS_RSA_WITH_AES_128_GCM_SHA256
00546  *      TLS_RSA_WITH_AES_128_CBC_SHA256
00547  *      TLS_RSA_WITH_AES_128_CBC_SHA
00548  *      TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
00549  *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
00550  *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
00551  *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
00552  *      TLS_RSA_WITH_RC4_128_SHA
00553  *      TLS_RSA_WITH_RC4_128_MD5
00554  */
00555 #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
00556 
00557 /**
00558  * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
00559  *
00560  * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
00561  *
00562  * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
00563  *           POLARSSL_X509_CRT_PARSE_C
00564  *
00565  * This enables the following ciphersuites (if other requisites are
00566  * enabled as well):
00567  *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
00568  *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
00569  *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
00570  *      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
00571  *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
00572  *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
00573  *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
00574  *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
00575  *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
00576  *      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
00577  *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
00578  *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
00579  *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
00580  */
00581 #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
00582 
00583 /**
00584  * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
00585  *
00586  * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
00587  *
00588  * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
00589  *           POLARSSL_X509_CRT_PARSE_C
00590  *
00591  * This enables the following ciphersuites (if other requisites are
00592  * enabled as well):
00593  *      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
00594  *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
00595  *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
00596  *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
00597  *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
00598  *      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
00599  *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
00600  *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
00601  *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
00602  *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
00603  *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
00604  *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
00605  */
00606 #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
00607 
00608 /**
00609  * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
00610  *
00611  * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
00612  *
00613  * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
00614  *
00615  * This enables the following ciphersuites (if other requisites are
00616  * enabled as well):
00617  *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
00618  *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
00619  *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
00620  *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
00621  *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
00622  *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
00623  *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
00624  *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
00625  *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
00626  *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
00627  *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
00628  *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
00629  */
00630 #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
00631 
00632 /**
00633  * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
00634  *
00635  * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
00636  *
00637  * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
00638  *
00639  * This enables the following ciphersuites (if other requisites are
00640  * enabled as well):
00641  *      TLS_ECDH_ECDSA_WITH_RC4_128_SHA
00642  *      TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
00643  *      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
00644  *      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
00645  *      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
00646  *      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
00647  *      TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
00648  *      TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
00649  *      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
00650  *      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
00651  *      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
00652  *      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
00653  */
00654 #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
00655 
00656 /**
00657  * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
00658  *
00659  * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
00660  *
00661  * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
00662  *
00663  * This enables the following ciphersuites (if other requisites are
00664  * enabled as well):
00665  *      TLS_ECDH_RSA_WITH_RC4_128_SHA
00666  *      TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
00667  *      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
00668  *      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
00669  *      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
00670  *      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
00671  *      TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
00672  *      TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
00673  *      TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
00674  *      TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
00675  *      TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
00676  *      TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
00677  */
00678 #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
00679 
00680 /**
00681  * \def POLARSSL_PK_PARSE_EC_EXTENDED
00682  *
00683  * Enhance support for reading EC keys using variants of SEC1 not allowed by
00684  * RFC 5915 and RFC 5480.
00685  *
00686  * Currently this means parsing the SpecifiedECDomain choice of EC
00687  * parameters (only known groups are supported, not arbitrary domains, to
00688  * avoid validation issues).
00689  *
00690  * Disable if you only need to support RFC 5915 + 5480 key formats.
00691  */
00692 #define POLARSSL_PK_PARSE_EC_EXTENDED
00693 
00694 /**
00695  * \def POLARSSL_ERROR_STRERROR_BC
00696  *
00697  * Make available the backward compatible error_strerror() next to the
00698  * current polarssl_strerror().
00699  *
00700  * \deprecated Do not define this and use polarssl_strerror() instead
00701  *
00702  * Disable if you want to really remove the error_strerror() name
00703  */
00704 #define POLARSSL_ERROR_STRERROR_BC
00705 
00706 /**
00707  * \def POLARSSL_ERROR_STRERROR_DUMMY
00708  *
00709  * Enable a dummy error function to make use of polarssl_strerror() in
00710  * third party libraries easier when POLARSSL_ERROR_C is disabled
00711  * (no effect when POLARSSL_ERROR_C is enabled).
00712  *
00713  * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're
00714  * not using polarssl_strerror() or error_strerror() in your application.
00715  *
00716  * Disable if you run into name conflicts and want to really remove the
00717  * polarssl_strerror()
00718  */
00719 #define POLARSSL_ERROR_STRERROR_DUMMY
00720 
00721 /**
00722  * \def POLARSSL_GENPRIME
00723  *
00724  * Enable the prime-number generation code.
00725  *
00726  * Requires: POLARSSL_BIGNUM_C
00727  */
00728 #define POLARSSL_GENPRIME
00729 
00730 /**
00731  * \def POLARSSL_FS_IO
00732  *
00733  * Enable functions that use the filesystem.
00734  */
00735 //#define POLARSSL_FS_IO
00736 
00737 /**
00738  * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
00739  *
00740  * Do not add default entropy sources. These are the platform specific,
00741  * hardclock and HAVEGE based poll functions.
00742  *
00743  * This is useful to have more control over the added entropy sources in an
00744  * application.
00745  *
00746  * Uncomment this macro to prevent loading of default entropy functions.
00747  */
00748 //#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
00749 
00750 /**
00751  * \def POLARSSL_NO_PLATFORM_ENTROPY
00752  *
00753  * Do not use built-in platform entropy functions.
00754  * This is useful if your platform does not support
00755  * standards like the /dev/urandom or Windows CryptoAPI.
00756  *
00757  * Uncomment this macro to disable the built-in platform entropy functions.
00758  */
00759 //#define POLARSSL_NO_PLATFORM_ENTROPY
00760 
00761 /**
00762  * \def POLARSSL_ENTROPY_FORCE_SHA256
00763  *
00764  * Force the entropy accumulator to use a SHA-256 accumulator instead of the
00765  * default SHA-512 based one (if both are available).
00766  *
00767  * Requires: POLARSSL_SHA256_C
00768  *
00769  * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
00770  * if you have performance concerns.
00771  *
00772  * This option is only useful if both POLARSSL_SHA256_C and
00773  * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used.
00774  */
00775 //#define POLARSSL_ENTROPY_FORCE_SHA256
00776 
00777 /**
00778  * \def POLARSSL_MEMORY_DEBUG
00779  *
00780  * Enable debugging of buffer allocator memory issues. Automatically prints
00781  * (to stderr) all (fatal) messages on memory allocation issues. Enables
00782  * function for 'debug output' of allocated memory.
00783  *
00784  * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
00785  *
00786  * Uncomment this macro to let the buffer allocator print out error messages.
00787  */
00788 //#define POLARSSL_MEMORY_DEBUG
00789 
00790 /**
00791  * \def POLARSSL_MEMORY_BACKTRACE
00792  *
00793  * Include backtrace information with each allocated block.
00794  *
00795  * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
00796  *           GLIBC-compatible backtrace() an backtrace_symbols() support
00797  *
00798  * Uncomment this macro to include backtrace information
00799  */
00800 //#define POLARSSL_MEMORY_BACKTRACE
00801 
00802 /**
00803  * \def POLARSSL_PKCS1_V15
00804  *
00805  * Enable support for PKCS#1 v1.5 encoding.
00806  *
00807  * Requires: POLARSSL_RSA_C
00808  *
00809  * This enables support for PKCS#1 v1.5 operations.
00810  */
00811 #define POLARSSL_PKCS1_V15
00812 
00813 /**
00814  * \def POLARSSL_PKCS1_V21
00815  *
00816  * Enable support for PKCS#1 v2.1 encoding.
00817  *
00818  * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
00819  *
00820  * This enables support for RSAES-OAEP and RSASSA-PSS operations.
00821  */
00822 #define POLARSSL_PKCS1_V21
00823 
00824 /**
00825  * \def POLARSSL_RSA_NO_CRT
00826  *
00827  * Do not use the Chinese Remainder Theorem for the RSA private operation.
00828  *
00829  * Uncomment this macro to disable the use of CRT in RSA.
00830  *
00831  */
00832 //#define POLARSSL_RSA_NO_CRT
00833 
00834 /**
00835  * \def POLARSSL_SELF_TEST
00836  *
00837  * Enable the checkup functions (*_self_test).
00838  */
00839 #define POLARSSL_SELF_TEST
00840 
00841 /**
00842  * \def POLARSSL_SSL_AEAD_RANDOM_IV
00843  *
00844  * Generate a random IV rather than using the record sequence number as a
00845  * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
00846  *
00847  * Using the sequence number is generally recommended.
00848  *
00849  * Uncomment this macro to always use random IVs with AEAD ciphersuites.
00850  */
00851 //#define POLARSSL_SSL_AEAD_RANDOM_IV
00852 
00853 /**
00854  * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
00855  *
00856  * Enable sending of alert messages in case of encountered errors as per RFC.
00857  * If you choose not to send the alert messages, mbed TLS can still communicate
00858  * with other servers, only debugging of failures is harder.
00859  *
00860  * The advantage of not sending alert messages, is that no information is given
00861  * about reasons for failures thus preventing adversaries of gaining intel.
00862  *
00863  * Enable sending of all alert messages
00864  */
00865 #define POLARSSL_SSL_ALERT_MESSAGES
00866 
00867 /**
00868  * \def POLARSSL_SSL_DEBUG_ALL
00869  *
00870  * Enable the debug messages in SSL module for all issues.
00871  * Debug messages have been disabled in some places to prevent timing
00872  * attacks due to (unbalanced) debugging function calls.
00873  *
00874  * If you need all error reporting you should enable this during debugging,
00875  * but remove this for production servers that should log as well.
00876  *
00877  * Uncomment this macro to report all debug messages on errors introducing
00878  * a timing side-channel.
00879  *
00880  */
00881 //#define POLARSSL_SSL_DEBUG_ALL
00882 
00883 /** \def POLARSSL_SSL_ENCRYPT_THEN_MAC
00884  *
00885  * Enable support for Encrypt-then-MAC, RFC 7366.
00886  *
00887  * This allows peers that both support it to use a more robust protection for
00888  * ciphersuites using CBC, providing deep resistance against timing attacks
00889  * on the padding or underlying cipher.
00890  *
00891  * This only affects CBC ciphersuites, and is useless if none is defined.
00892  *
00893  * Requires: POLARSSL_SSL_PROTO_TLS1    or
00894  *           POLARSSL_SSL_PROTO_TLS1_1  or
00895  *           POLARSSL_SSL_PROTO_TLS1_2
00896  *
00897  * Comment this macro to disable support for Encrypt-then-MAC
00898  */
00899 #define POLARSSL_SSL_ENCRYPT_THEN_MAC
00900 
00901 /** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET
00902  *
00903  * Enable support for Extended Master Secret, aka Session Hash
00904  * (draft-ietf-tls-session-hash-02).
00905  *
00906  * This was introduced as "the proper fix" to the Triple Handshake familiy of
00907  * attacks, but it is recommended to always use it (even if you disable
00908  * renegotiation), since it actually fixes a more fundamental issue in the
00909  * original SSL/TLS design, and has implications beyond Triple Handshake.
00910  *
00911  * Requires: POLARSSL_SSL_PROTO_TLS1    or
00912  *           POLARSSL_SSL_PROTO_TLS1_1  or
00913  *           POLARSSL_SSL_PROTO_TLS1_2
00914  *
00915  * Comment this macro to disable support for Extended Master Secret.
00916  */
00917 #define POLARSSL_SSL_EXTENDED_MASTER_SECRET
00918 
00919 /**
00920  * \def POLARSSL_SSL_FALLBACK_SCSV
00921  *
00922  * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
00923  *
00924  * For servers, it is recommended to always enable this, unless you support
00925  * only one version of TLS, or know for sure that none of your clients
00926  * implements a fallback strategy.
00927  *
00928  * For clients, you only need this if you're using a fallback strategy, which
00929  * is not recommended in the first place, unless you absolutely need it to
00930  * interoperate with buggy (version-intolerant) servers.
00931  *
00932  * Comment this macro to disable support for FALLBACK_SCSV
00933  */
00934 #define POLARSSL_SSL_FALLBACK_SCSV
00935 
00936 /**
00937  * \def POLARSSL_SSL_HW_RECORD_ACCEL
00938  *
00939  * Enable hooking functions in SSL module for hardware acceleration of
00940  * individual records.
00941  *
00942  * Uncomment this macro to enable hooking functions.
00943  */
00944 //#define POLARSSL_SSL_HW_RECORD_ACCEL
00945 
00946 /**
00947  * \def POLARSSL_SSL_CBC_RECORD_SPLITTING
00948  *
00949  * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
00950  *
00951  * This is a countermeasure to the BEAST attack, which also minimizes the risk
00952  * of interoperability issues compared to sending 0-length records.
00953  *
00954  * Comment this macro to disable 1/n-1 record splitting.
00955  */
00956 #define POLARSSL_SSL_CBC_RECORD_SPLITTING
00957 
00958 /**
00959  * \def POLARSSL_SSL_DISABLE_RENEGOTIATION
00960  *
00961  * Disable support for TLS renegotiation.
00962  *
00963  * The two main uses of renegotiation are (1) refresh keys on long-lived
00964  * connections and (2) client authentication after the initial handshake.
00965  * If you don't need renegotiation, it's probably better to disable it, since
00966  * it has been associated with security issues in the past and is easy to
00967  * misuse/misunderstand.
00968  *
00969  * Warning: in the next stable branch, this switch will be replaced by
00970  * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation.
00971  *
00972  * Uncomment this to disable support for renegotiation.
00973  */
00974 //#define POLARSSL_SSL_DISABLE_RENEGOTIATION
00975 
00976 /**
00977  * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
00978  *
00979  * Enable support for receiving and parsing SSLv2 Client Hello messages for the
00980  * SSL Server module (POLARSSL_SSL_SRV_C).
00981  *
00982  * Comment this macro to disable support for SSLv2 Client Hello messages.
00983  */
00984 #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
00985 
00986 /**
00987  * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
00988  *
00989  * Pick the ciphersuite according to the client's preferences rather than ours
00990  * in the SSL Server module (POLARSSL_SSL_SRV_C).
00991  *
00992  * Uncomment this macro to respect client's ciphersuite order
00993  */
00994 //#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
00995 
00996 /**
00997  * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
00998  *
00999  * Enable support for RFC 6066 max_fragment_length extension in SSL.
01000  *
01001  * Comment this macro to disable support for the max_fragment_length extension
01002  */
01003 #define POLARSSL_SSL_MAX_FRAGMENT_LENGTH
01004 
01005 /**
01006  * \def POLARSSL_SSL_PROTO_SSL3
01007  *
01008  * Enable support for SSL 3.0.
01009  *
01010  * Requires: POLARSSL_MD5_C
01011  *           POLARSSL_SHA1_C
01012  *
01013  * Comment this macro to disable support for SSL 3.0
01014  */
01015 #define POLARSSL_SSL_PROTO_SSL3
01016 
01017 /**
01018  * \def POLARSSL_SSL_PROTO_TLS1
01019  *
01020  * Enable support for TLS 1.0.
01021  *
01022  * Requires: POLARSSL_MD5_C
01023  *           POLARSSL_SHA1_C
01024  *
01025  * Comment this macro to disable support for TLS 1.0
01026  */
01027 #define POLARSSL_SSL_PROTO_TLS1
01028 
01029 /**
01030  * \def POLARSSL_SSL_PROTO_TLS1_1
01031  *
01032  * Enable support for TLS 1.1.
01033  *
01034  * Requires: POLARSSL_MD5_C
01035  *           POLARSSL_SHA1_C
01036  *
01037  * Comment this macro to disable support for TLS 1.1
01038  */
01039 #define POLARSSL_SSL_PROTO_TLS1_1
01040 
01041 /**
01042  * \def POLARSSL_SSL_PROTO_TLS1_2
01043  *
01044  * Enable support for TLS 1.2.
01045  *
01046  * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C
01047  *           (Depends on ciphersuites)
01048  *
01049  * Comment this macro to disable support for TLS 1.2
01050  */
01051 #define POLARSSL_SSL_PROTO_TLS1_2
01052 
01053 /**
01054  * \def POLARSSL_SSL_ALPN
01055  *
01056  * Enable support for RFC 7301 Application Layer Protocol Negotiation.
01057  *
01058  * Comment this macro to disable support for ALPN.
01059  */
01060 #define POLARSSL_SSL_ALPN
01061 
01062 /**
01063  * \def POLARSSL_SSL_SESSION_TICKETS
01064  *
01065  * Enable support for RFC 5077 session tickets in SSL.
01066  *
01067  * Requires: POLARSSL_AES_C
01068  *           POLARSSL_SHA256_C
01069  *           POLARSSL_CIPHER_MODE_CBC
01070  *
01071  * Comment this macro to disable support for SSL session tickets
01072  */
01073 #define POLARSSL_SSL_SESSION_TICKETS
01074 
01075 /**
01076  * \def POLARSSL_SSL_SERVER_NAME_INDICATION
01077  *
01078  * Enable support for RFC 6066 server name indication (SNI) in SSL.
01079  *
01080  * Requires: POLARSSL_X509_CRT_PARSE_C
01081  *
01082  * Comment this macro to disable support for server name indication in SSL
01083  */
01084 #define POLARSSL_SSL_SERVER_NAME_INDICATION
01085 
01086 /**
01087  * \def POLARSSL_SSL_TRUNCATED_HMAC
01088  *
01089  * Enable support for RFC 6066 truncated HMAC in SSL.
01090  *
01091  * Comment this macro to disable support for truncated HMAC in SSL
01092  */
01093 #define POLARSSL_SSL_TRUNCATED_HMAC
01094 
01095 /**
01096  * \def POLARSSL_SSL_SET_CURVES
01097  *
01098  * Enable ssl_set_curves().
01099  *
01100  * This is disabled by default since it breaks binary compatibility with the
01101  * 1.3.x line. If you choose to enable it, you will need to rebuild your
01102  * application against the new header files, relinking will not be enough.
01103  * It will be enabled by default, or no longer an option, in the 1.4 branch.
01104  *
01105  * Uncomment to make ssl_set_curves() available.
01106  */
01107 //#define POLARSSL_SSL_SET_CURVES
01108 
01109 /**
01110  * \def POLARSSL_THREADING_ALT
01111  *
01112  * Provide your own alternate threading implementation.
01113  *
01114  * Requires: POLARSSL_THREADING_C
01115  *
01116  * Uncomment this to allow your own alternate threading implementation.
01117  */
01118 //#define POLARSSL_THREADING_ALT
01119 
01120 /**
01121  * \def POLARSSL_THREADING_PTHREAD
01122  *
01123  * Enable the pthread wrapper layer for the threading layer.
01124  *
01125  * Requires: POLARSSL_THREADING_C
01126  *
01127  * Uncomment this to enable pthread mutexes.
01128  */
01129 //#define POLARSSL_THREADING_PTHREAD
01130 
01131 /**
01132  * \def POLARSSL_VERSION_FEATURES
01133  *
01134  * Allow run-time checking of compile-time enabled features. Thus allowing users
01135  * to check at run-time if the library is for instance compiled with threading
01136  * support via version_check_feature().
01137  *
01138  * Requires: POLARSSL_VERSION_C
01139  *
01140  * Comment this to disable run-time checking and save ROM space
01141  */
01142 #define POLARSSL_VERSION_FEATURES
01143 
01144 /**
01145  * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
01146  *
01147  * If set, the X509 parser will not break-off when parsing an X509 certificate
01148  * and encountering an extension in a v1 or v2 certificate.
01149  *
01150  * Uncomment to prevent an error.
01151  */
01152 //#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
01153 
01154 /**
01155  * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
01156  *
01157  * If set, the X509 parser will not break-off when parsing an X509 certificate
01158  * and encountering an unknown critical extension.
01159  *
01160  * Uncomment to prevent an error.
01161  */
01162 //#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
01163 
01164 /**
01165  * \def POLARSSL_X509_CHECK_KEY_USAGE
01166  *
01167  * Enable verification of the keyUsage extension (CA and leaf certificates).
01168  *
01169  * Disabling this avoids problems with mis-issued and/or misused
01170  * (intermediate) CA and leaf certificates.
01171  *
01172  * \warning Depending on your PKI use, disabling this can be a security risk!
01173  *
01174  * Comment to skip keyUsage checking for both CA and leaf certificates.
01175  */
01176 #define POLARSSL_X509_CHECK_KEY_USAGE
01177 
01178 /**
01179  * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
01180  *
01181  * Enable verification of the extendedKeyUsage extension (leaf certificates).
01182  *
01183  * Disabling this avoids problems with mis-issued and/or misused certificates.
01184  *
01185  * \warning Depending on your PKI use, disabling this can be a security risk!
01186  *
01187  * Comment to skip extendedKeyUsage checking for certificates.
01188  */
01189 #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
01190 
01191 /**
01192  * \def POLARSSL_X509_RSASSA_PSS_SUPPORT
01193  *
01194  * Enable parsing and verification of X.509 certificates, CRLs and CSRS
01195  * signed with RSASSA-PSS (aka PKCS#1 v2.1).
01196  *
01197  * Comment this macro to disallow using RSASSA-PSS in certificates.
01198  */
01199 #define POLARSSL_X509_RSASSA_PSS_SUPPORT
01200 
01201 /**
01202  * \def POLARSSL_ZLIB_SUPPORT
01203  *
01204  * If set, the SSL/TLS module uses ZLIB to support compression and
01205  * decompression of packet data.
01206  *
01207  * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
01208  * CRIME attack. Before enabling this option, you should examine with care if
01209  * CRIME or similar exploits may be a applicable to your use case.
01210  *
01211  * Used in: library/ssl_tls.c
01212  *          library/ssl_cli.c
01213  *          library/ssl_srv.c
01214  *
01215  * This feature requires zlib library and headers to be present.
01216  *
01217  * Uncomment to enable use of ZLIB
01218  */
01219 //#define POLARSSL_ZLIB_SUPPORT
01220 /* \} name SECTION: mbed TLS feature support */
01221 
01222 /**
01223  * \name SECTION: mbed TLS modules
01224  *
01225  * This section enables or disables entire modules in mbed TLS
01226  * \{
01227  */
01228 
01229 /**
01230  * \def POLARSSL_AESNI_C
01231  *
01232  * Enable AES-NI support on x86-64.
01233  *
01234  * Module:  library/aesni.c
01235  * Caller:  library/aes.c
01236  *
01237  * Requires: POLARSSL_HAVE_ASM
01238  *
01239  * This modules adds support for the AES-NI instructions on x86-64
01240  */
01241 //#define POLARSSL_AESNI_C
01242 
01243 /**
01244  * \def POLARSSL_AES_C
01245  *
01246  * Enable the AES block cipher.
01247  *
01248  * Module:  library/aes.c
01249  * Caller:  library/ssl_tls.c
01250  *          library/pem.c
01251  *          library/ctr_drbg.c
01252  *
01253  * This module enables the following ciphersuites (if other requisites are
01254  * enabled as well):
01255  *      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
01256  *      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
01257  *      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
01258  *      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
01259  *      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
01260  *      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
01261  *      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
01262  *      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
01263  *      TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
01264  *      TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
01265  *      TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
01266  *      TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
01267  *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
01268  *      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
01269  *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
01270  *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
01271  *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
01272  *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
01273  *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
01274  *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
01275  *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
01276  *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
01277  *      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
01278  *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
01279  *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
01280  *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
01281  *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
01282  *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
01283  *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
01284  *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
01285  *      TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
01286  *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
01287  *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
01288  *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
01289  *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA
01290  *      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
01291  *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
01292  *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
01293  *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
01294  *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA
01295  *      TLS_RSA_WITH_AES_256_GCM_SHA384
01296  *      TLS_RSA_WITH_AES_256_CBC_SHA256
01297  *      TLS_RSA_WITH_AES_256_CBC_SHA
01298  *      TLS_RSA_WITH_AES_128_GCM_SHA256
01299  *      TLS_RSA_WITH_AES_128_CBC_SHA256
01300  *      TLS_RSA_WITH_AES_128_CBC_SHA
01301  *      TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
01302  *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
01303  *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA
01304  *      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
01305  *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
01306  *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA
01307  *      TLS_PSK_WITH_AES_256_GCM_SHA384
01308  *      TLS_PSK_WITH_AES_256_CBC_SHA384
01309  *      TLS_PSK_WITH_AES_256_CBC_SHA
01310  *      TLS_PSK_WITH_AES_128_GCM_SHA256
01311  *      TLS_PSK_WITH_AES_128_CBC_SHA256
01312  *      TLS_PSK_WITH_AES_128_CBC_SHA
01313  *
01314  * PEM_PARSE uses AES for decrypting encrypted keys.
01315  */
01316 #define POLARSSL_AES_C
01317 
01318 /**
01319  * \def POLARSSL_ARC4_C
01320  *
01321  * Enable the ARCFOUR stream cipher.
01322  *
01323  * Module:  library/arc4.c
01324  * Caller:  library/ssl_tls.c
01325  *
01326  * This module enables the following ciphersuites (if other requisites are
01327  * enabled as well):
01328  *      TLS_ECDH_ECDSA_WITH_RC4_128_SHA
01329  *      TLS_ECDH_RSA_WITH_RC4_128_SHA
01330  *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
01331  *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
01332  *      TLS_ECDHE_PSK_WITH_RC4_128_SHA
01333  *      TLS_DHE_PSK_WITH_RC4_128_SHA
01334  *      TLS_RSA_WITH_RC4_128_SHA
01335  *      TLS_RSA_WITH_RC4_128_MD5
01336  *      TLS_RSA_PSK_WITH_RC4_128_SHA
01337  *      TLS_PSK_WITH_RC4_128_SHA
01338  */
01339 #define POLARSSL_ARC4_C
01340 
01341 /**
01342  * \def POLARSSL_ASN1_PARSE_C
01343  *
01344  * Enable the generic ASN1 parser.
01345  *
01346  * Module:  library/asn1.c
01347  * Caller:  library/x509.c
01348  *          library/dhm.c
01349  *          library/pkcs12.c
01350  *          library/pkcs5.c
01351  *          library/pkparse.c
01352  */
01353 #define POLARSSL_ASN1_PARSE_C
01354 
01355 /**
01356  * \def POLARSSL_ASN1_WRITE_C
01357  *
01358  * Enable the generic ASN1 writer.
01359  *
01360  * Module:  library/asn1write.c
01361  * Caller:  library/ecdsa.c
01362  *          library/pkwrite.c
01363  *          library/x509_create.c
01364  *          library/x509write_crt.c
01365  *          library/x509write_csr.c
01366  */
01367 #define POLARSSL_ASN1_WRITE_C
01368 
01369 /**
01370  * \def POLARSSL_BASE64_C
01371  *
01372  * Enable the Base64 module.
01373  *
01374  * Module:  library/base64.c
01375  * Caller:  library/pem.c
01376  *
01377  * This module is required for PEM support (required by X.509).
01378  */
01379 #define POLARSSL_BASE64_C
01380 
01381 /**
01382  * \def POLARSSL_BIGNUM_C
01383  *
01384  * Enable the multi-precision integer library.
01385  *
01386  * Module:  library/bignum.c
01387  * Caller:  library/dhm.c
01388  *          library/ecp.c
01389  *          library/ecdsa.c
01390  *          library/rsa.c
01391  *          library/ssl_tls.c
01392  *
01393  * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
01394  */
01395 #define POLARSSL_BIGNUM_C
01396 
01397 /**
01398  * \def POLARSSL_BLOWFISH_C
01399  *
01400  * Enable the Blowfish block cipher.
01401  *
01402  * Module:  library/blowfish.c
01403  */
01404 #define POLARSSL_BLOWFISH_C
01405 
01406 /**
01407  * \def POLARSSL_CAMELLIA_C
01408  *
01409  * Enable the Camellia block cipher.
01410  *
01411  * Module:  library/camellia.c
01412  * Caller:  library/ssl_tls.c
01413  *
01414  * This module enables the following ciphersuites (if other requisites are
01415  * enabled as well):
01416  *      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
01417  *      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
01418  *      TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
01419  *      TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
01420  *      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
01421  *      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
01422  *      TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
01423  *      TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
01424  *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
01425  *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
01426  *      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
01427  *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
01428  *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
01429  *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
01430  *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
01431  *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
01432  *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
01433  *      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
01434  *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
01435  *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
01436  *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
01437  *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
01438  *      TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
01439  *      TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
01440  *      TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
01441  *      TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
01442  *      TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
01443  *      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
01444  *      TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
01445  *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
01446  *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
01447  *      TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
01448  *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
01449  *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
01450  *      TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
01451  *      TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
01452  *      TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
01453  *      TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
01454  *      TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
01455  *      TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
01456  *      TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
01457  *      TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
01458  */
01459 #define POLARSSL_CAMELLIA_C
01460 
01461 /**
01462  * \def POLARSSL_CCM_C
01463  *
01464  * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
01465  *
01466  * Module:  library/ccm.c
01467  *
01468  * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
01469  *
01470  * This module enables the AES-CCM ciphersuites, if other requisites are
01471  * enabled as well.
01472  */
01473 #define POLARSSL_CCM_C
01474 
01475 /**
01476  * \def POLARSSL_CERTS_C
01477  *
01478  * Enable the test certificates.
01479  *
01480  * Module:  library/certs.c
01481  * Caller:
01482  *
01483  * Requires: POLARSSL_PEM_PARSE_C
01484  *
01485  * This module is used for testing (ssl_client/server).
01486  */
01487 #define POLARSSL_CERTS_C
01488 
01489 /**
01490  * \def POLARSSL_CIPHER_C
01491  *
01492  * Enable the generic cipher layer.
01493  *
01494  * Module:  library/cipher.c
01495  * Caller:  library/ssl_tls.c
01496  *
01497  * Uncomment to enable generic cipher wrappers.
01498  */
01499 #define POLARSSL_CIPHER_C
01500 
01501 /**
01502  * \def POLARSSL_CTR_DRBG_C
01503  *
01504  * Enable the CTR_DRBG AES-256-based random generator.
01505  *
01506  * Module:  library/ctr_drbg.c
01507  * Caller:
01508  *
01509  * Requires: POLARSSL_AES_C
01510  *
01511  * This module provides the CTR_DRBG AES-256 random number generator.
01512  */
01513 #define POLARSSL_CTR_DRBG_C
01514 
01515 /**
01516  * \def POLARSSL_DEBUG_C
01517  *
01518  * Enable the debug functions.
01519  *
01520  * Module:  library/debug.c
01521  * Caller:  library/ssl_cli.c
01522  *          library/ssl_srv.c
01523  *          library/ssl_tls.c
01524  *
01525  * This module provides debugging functions.
01526  */
01527 #define POLARSSL_DEBUG_C
01528 
01529 /**
01530  * \def POLARSSL_DES_C
01531  *
01532  * Enable the DES block cipher.
01533  *
01534  * Module:  library/des.c
01535  * Caller:  library/pem.c
01536  *          library/ssl_tls.c
01537  *
01538  * This module enables the following ciphersuites (if other requisites are
01539  * enabled as well):
01540  *      TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
01541  *      TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
01542  *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
01543  *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
01544  *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
01545  *      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
01546  *      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
01547  *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
01548  *      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
01549  *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
01550  *
01551  * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
01552  */
01553 #define POLARSSL_DES_C
01554 
01555 /**
01556  * \def POLARSSL_DHM_C
01557  *
01558  * Enable the Diffie-Hellman-Merkle module.
01559  *
01560  * Module:  library/dhm.c
01561  * Caller:  library/ssl_cli.c
01562  *          library/ssl_srv.c
01563  *
01564  * This module is used by the following key exchanges:
01565  *      DHE-RSA, DHE-PSK
01566  */
01567 #define POLARSSL_DHM_C
01568 
01569 /**
01570  * \def POLARSSL_ECDH_C
01571  *
01572  * Enable the elliptic curve Diffie-Hellman library.
01573  *
01574  * Module:  library/ecdh.c
01575  * Caller:  library/ssl_cli.c
01576  *          library/ssl_srv.c
01577  *
01578  * This module is used by the following key exchanges:
01579  *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
01580  *
01581  * Requires: POLARSSL_ECP_C
01582  */
01583 #define POLARSSL_ECDH_C
01584 
01585 /**
01586  * \def POLARSSL_ECDSA_C
01587  *
01588  * Enable the elliptic curve DSA library.
01589  *
01590  * Module:  library/ecdsa.c
01591  * Caller:
01592  *
01593  * This module is used by the following key exchanges:
01594  *      ECDHE-ECDSA
01595  *
01596  * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
01597  */
01598 #define POLARSSL_ECDSA_C
01599 
01600 /**
01601  * \def POLARSSL_ECP_C
01602  *
01603  * Enable the elliptic curve over GF(p) library.
01604  *
01605  * Module:  library/ecp.c
01606  * Caller:  library/ecdh.c
01607  *          library/ecdsa.c
01608  *
01609  * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
01610  */
01611 #define POLARSSL_ECP_C
01612 
01613 /**
01614  * \def POLARSSL_ENTROPY_C
01615  *
01616  * Enable the platform-specific entropy code.
01617  *
01618  * Module:  library/entropy.c
01619  * Caller:
01620  *
01621  * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C
01622  *
01623  * This module provides a generic entropy pool
01624  */
01625 #define POLARSSL_ENTROPY_C
01626 
01627 /**
01628  * \def POLARSSL_ERROR_C
01629  *
01630  * Enable error code to error string conversion.
01631  *
01632  * Module:  library/error.c
01633  * Caller:
01634  *
01635  * This module enables polarssl_strerror().
01636  */
01637 #define POLARSSL_ERROR_C
01638 
01639 /**
01640  * \def POLARSSL_GCM_C
01641  *
01642  * Enable the Galois/Counter Mode (GCM) for AES.
01643  *
01644  * Module:  library/gcm.c
01645  *
01646  * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
01647  *
01648  * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
01649  * requisites are enabled as well.
01650  */
01651 #define POLARSSL_GCM_C
01652 
01653 /**
01654  * \def POLARSSL_HAVEGE_C
01655  *
01656  * Enable the HAVEGE random generator.
01657  *
01658  * Warning: the HAVEGE random generator is not suitable for virtualized
01659  *          environments
01660  *
01661  * Warning: the HAVEGE random generator is dependent on timing and specific
01662  *          processor traits. It is therefore not advised to use HAVEGE as
01663  *          your applications primary random generator or primary entropy pool
01664  *          input. As a secondary input to your entropy pool, it IS able add
01665  *          the (limited) extra entropy it provides.
01666  *
01667  * Module:  library/havege.c
01668  * Caller:
01669  *
01670  * Requires: POLARSSL_TIMING_C
01671  *
01672  * Uncomment to enable the HAVEGE random generator.
01673  */
01674 //#define POLARSSL_HAVEGE_C
01675 
01676 /**
01677  * \def POLARSSL_HMAC_DRBG_C
01678  *
01679  * Enable the HMAC_DRBG random generator.
01680  *
01681  * Module:  library/hmac_drbg.c
01682  * Caller:
01683  *
01684  * Requires: POLARSSL_MD_C
01685  *
01686  * Uncomment to enable the HMAC_DRBG random number geerator.
01687  */
01688 #define POLARSSL_HMAC_DRBG_C
01689 
01690 /**
01691  * \def POLARSSL_MD_C
01692  *
01693  * Enable the generic message digest layer.
01694  *
01695  * Module:  library/md.c
01696  * Caller:
01697  *
01698  * Uncomment to enable generic message digest wrappers.
01699  */
01700 #define POLARSSL_MD_C
01701 
01702 /**
01703  * \def POLARSSL_MD2_C
01704  *
01705  * Enable the MD2 hash algorithm.
01706  *
01707  * Module:  library/md2.c
01708  * Caller:
01709  *
01710  * Uncomment to enable support for (rare) MD2-signed X.509 certs.
01711  */
01712 //#define POLARSSL_MD2_C
01713 
01714 /**
01715  * \def POLARSSL_MD4_C
01716  *
01717  * Enable the MD4 hash algorithm.
01718  *
01719  * Module:  library/md4.c
01720  * Caller:
01721  *
01722  * Uncomment to enable support for (rare) MD4-signed X.509 certs.
01723  */
01724 //#define POLARSSL_MD4_C
01725 
01726 /**
01727  * \def POLARSSL_MD5_C
01728  *
01729  * Enable the MD5 hash algorithm.
01730  *
01731  * Module:  library/md5.c
01732  * Caller:  library/md.c
01733  *          library/pem.c
01734  *          library/ssl_tls.c
01735  *
01736  * This module is required for SSL/TLS and X.509.
01737  * PEM_PARSE uses MD5 for decrypting encrypted keys.
01738  */
01739 #define POLARSSL_MD5_C
01740 
01741 /**
01742  * \def POLARSSL_MEMORY_C
01743  *
01744  * \deprecated Use POLARSSL_PLATFORM_MEMORY instead.
01745  *
01746  * Depends on: POLARSSL_PLATFORM_C
01747  */
01748 //#define POLARSSL_MEMORY_C
01749 
01750 /**
01751  * \def POLARSSL_MEMORY_BUFFER_ALLOC_C
01752  *
01753  * Enable the buffer allocator implementation that makes use of a (stack)
01754  * based buffer to 'allocate' dynamic memory. (replaces malloc() and free()
01755  * calls)
01756  *
01757  * Module:  library/memory_buffer_alloc.c
01758  *
01759  * Requires: POLARSSL_PLATFORM_C
01760  *           POLARSSL_PLATFORM_MEMORY (to use it within mbed TLS)
01761  *
01762  * Enable this module to enable the buffer memory allocator.
01763  */
01764 //#define POLARSSL_MEMORY_BUFFER_ALLOC_C
01765 
01766 /**
01767  * \def POLARSSL_NET_C
01768  *
01769  * Enable the TCP/IP networking routines.
01770  *
01771  * \warning As of 1.3.11, it is deprecated to enable this module without
01772  * POLARSSL_HAVE_IPV6. The alternative legacy code will be removed in 2.0.
01773  *
01774  * Module:  library/net.c
01775  *
01776  * This module provides TCP/IP networking routines.
01777  */
01778 //#define POLARSSL_NET_C
01779 
01780 /**
01781  * \def POLARSSL_OID_C
01782  *
01783  * Enable the OID database.
01784  *
01785  * Module:  library/oid.c
01786  * Caller:  library/asn1write.c
01787  *          library/pkcs5.c
01788  *          library/pkparse.c
01789  *          library/pkwrite.c
01790  *          library/rsa.c
01791  *          library/x509.c
01792  *          library/x509_create.c
01793  *          library/x509_crl.c
01794  *          library/x509_crt.c
01795  *          library/x509_csr.c
01796  *          library/x509write_crt.c
01797  *          library/x509write_csr.c
01798  *
01799  * This modules translates between OIDs and internal values.
01800  */
01801 #define POLARSSL_OID_C
01802 
01803 /**
01804  * \def POLARSSL_PADLOCK_C
01805  *
01806  * Enable VIA Padlock support on x86.
01807  *
01808  * Module:  library/padlock.c
01809  * Caller:  library/aes.c
01810  *
01811  * Requires: POLARSSL_HAVE_ASM
01812  *
01813  * This modules adds support for the VIA PadLock on x86.
01814  */
01815 //#define POLARSSL_PADLOCK_C
01816 
01817 /**
01818  * \def POLARSSL_PBKDF2_C
01819  *
01820  * Enable PKCS#5 PBKDF2 key derivation function.
01821  *
01822  * \deprecated Use POLARSSL_PKCS5_C instead
01823  *
01824  * Module:  library/pbkdf2.c
01825  *
01826  * Requires: POLARSSL_PKCS5_C
01827  *
01828  * This module adds support for the PKCS#5 PBKDF2 key derivation function.
01829  */
01830 #define POLARSSL_PBKDF2_C
01831 
01832 /**
01833  * \def POLARSSL_PEM_PARSE_C
01834  *
01835  * Enable PEM decoding / parsing.
01836  *
01837  * Module:  library/pem.c
01838  * Caller:  library/dhm.c
01839  *          library/pkparse.c
01840  *          library/x509_crl.c
01841  *          library/x509_crt.c
01842  *          library/x509_csr.c
01843  *
01844  * Requires: POLARSSL_BASE64_C
01845  *
01846  * This modules adds support for decoding / parsing PEM files.
01847  */
01848 #define POLARSSL_PEM_PARSE_C
01849 
01850 /**
01851  * \def POLARSSL_PEM_WRITE_C
01852  *
01853  * Enable PEM encoding / writing.
01854  *
01855  * Module:  library/pem.c
01856  * Caller:  library/pkwrite.c
01857  *          library/x509write_crt.c
01858  *          library/x509write_csr.c
01859  *
01860  * Requires: POLARSSL_BASE64_C
01861  *
01862  * This modules adds support for encoding / writing PEM files.
01863  */
01864 #define POLARSSL_PEM_WRITE_C
01865 
01866 /**
01867  * \def POLARSSL_PK_C
01868  *
01869  * Enable the generic public (asymetric) key layer.
01870  *
01871  * Module:  library/pk.c
01872  * Caller:  library/ssl_tls.c
01873  *          library/ssl_cli.c
01874  *          library/ssl_srv.c
01875  *
01876  * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
01877  *
01878  * Uncomment to enable generic public key wrappers.
01879  */
01880 #define POLARSSL_PK_C
01881 
01882 /**
01883  * \def POLARSSL_PK_PARSE_C
01884  *
01885  * Enable the generic public (asymetric) key parser.
01886  *
01887  * Module:  library/pkparse.c
01888  * Caller:  library/x509_crt.c
01889  *          library/x509_csr.c
01890  *
01891  * Requires: POLARSSL_PK_C
01892  *
01893  * Uncomment to enable generic public key parse functions.
01894  */
01895 #define POLARSSL_PK_PARSE_C
01896 
01897 /**
01898  * \def POLARSSL_PK_WRITE_C
01899  *
01900  * Enable the generic public (asymetric) key writer.
01901  *
01902  * Module:  library/pkwrite.c
01903  * Caller:  library/x509write.c
01904  *
01905  * Requires: POLARSSL_PK_C
01906  *
01907  * Uncomment to enable generic public key write functions.
01908  */
01909 #define POLARSSL_PK_WRITE_C
01910 
01911 /**
01912  * \def POLARSSL_PKCS5_C
01913  *
01914  * Enable PKCS#5 functions.
01915  *
01916  * Module:  library/pkcs5.c
01917  *
01918  * Requires: POLARSSL_MD_C
01919  *
01920  * This module adds support for the PKCS#5 functions.
01921  */
01922 #define POLARSSL_PKCS5_C
01923 
01924 /**
01925  * \def POLARSSL_PKCS11_C
01926  *
01927  * Enable wrapper for PKCS#11 smartcard support.
01928  *
01929  * Module:  library/pkcs11.c
01930  * Caller:  library/pk.c
01931  *
01932  * Requires: POLARSSL_PK_C
01933  *
01934  * This module enables SSL/TLS PKCS #11 smartcard support.
01935  * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
01936  */
01937 //#define POLARSSL_PKCS11_C
01938 
01939 /**
01940  * \def POLARSSL_PKCS12_C
01941  *
01942  * Enable PKCS#12 PBE functions.
01943  * Adds algorithms for parsing PKCS#8 encrypted private keys
01944  *
01945  * Module:  library/pkcs12.c
01946  * Caller:  library/pkparse.c
01947  *
01948  * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C
01949  * Can use:  POLARSSL_ARC4_C
01950  *
01951  * This module enables PKCS#12 functions.
01952  */
01953 #define POLARSSL_PKCS12_C
01954 
01955 /**
01956  * \def POLARSSL_PLATFORM_C
01957  *
01958  * Enable the platform abstraction layer that allows you to re-assign
01959  * functions like malloc(), free(), snprintf(), printf(), fprintf(), exit()
01960  *
01961  * Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT
01962  * or POLARSSL_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
01963  * above to be specified at runtime or compile time respectively.
01964  *
01965  * Module:  library/platform.c
01966  * Caller:  Most other .c files
01967  *
01968  * This module enables abstraction of common (libc) functions.
01969  */
01970 #define POLARSSL_PLATFORM_C
01971 
01972 /**
01973  * \def POLARSSL_RIPEMD160_C
01974  *
01975  * Enable the RIPEMD-160 hash algorithm.
01976  *
01977  * Module:  library/ripemd160.c
01978  * Caller:  library/md.c
01979  *
01980  */
01981 #define POLARSSL_RIPEMD160_C
01982 
01983 /**
01984  * \def POLARSSL_RSA_C
01985  *
01986  * Enable the RSA public-key cryptosystem.
01987  *
01988  * Module:  library/rsa.c
01989  * Caller:  library/ssl_cli.c
01990  *          library/ssl_srv.c
01991  *          library/ssl_tls.c
01992  *          library/x509.c
01993  *
01994  * This module is used by the following key exchanges:
01995  *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
01996  *
01997  * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
01998  */
01999 #define POLARSSL_RSA_C
02000 
02001 /**
02002  * \def POLARSSL_SHA1_C
02003  *
02004  * Enable the SHA1 cryptographic hash algorithm.
02005  *
02006  * Module:  library/sha1.c
02007  * Caller:  library/md.c
02008  *          library/ssl_cli.c
02009  *          library/ssl_srv.c
02010  *          library/ssl_tls.c
02011  *          library/x509write_crt.c
02012  *
02013  * This module is required for SSL/TLS and SHA1-signed certificates.
02014  */
02015 #define POLARSSL_SHA1_C
02016 
02017 /**
02018  * \def POLARSSL_SHA256_C
02019  *
02020  * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
02021  * (Used to be POLARSSL_SHA2_C)
02022  *
02023  * Module:  library/sha256.c
02024  * Caller:  library/entropy.c
02025  *          library/md.c
02026  *          library/ssl_cli.c
02027  *          library/ssl_srv.c
02028  *          library/ssl_tls.c
02029  *
02030  * This module adds support for SHA-224 and SHA-256.
02031  * This module is required for the SSL/TLS 1.2 PRF function.
02032  */
02033 #define POLARSSL_SHA256_C
02034 
02035 /**
02036  * \def POLARSSL_SHA512_C
02037  *
02038  * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
02039  * (Used to be POLARSSL_SHA4_C)
02040  *
02041  * Module:  library/sha512.c
02042  * Caller:  library/entropy.c
02043  *          library/md.c
02044  *          library/ssl_cli.c
02045  *          library/ssl_srv.c
02046  *
02047  * This module adds support for SHA-384 and SHA-512.
02048  */
02049 #define POLARSSL_SHA512_C
02050 
02051 /**
02052  * \def POLARSSL_SSL_CACHE_C
02053  *
02054  * Enable simple SSL cache implementation.
02055  *
02056  * Module:  library/ssl_cache.c
02057  * Caller:
02058  *
02059  * Requires: POLARSSL_SSL_CACHE_C
02060  */
02061 #define POLARSSL_SSL_CACHE_C
02062 
02063 /**
02064  * \def POLARSSL_SSL_CLI_C
02065  *
02066  * Enable the SSL/TLS client code.
02067  *
02068  * Module:  library/ssl_cli.c
02069  * Caller:
02070  *
02071  * Requires: POLARSSL_SSL_TLS_C
02072  *
02073  * This module is required for SSL/TLS client support.
02074  */
02075 #define POLARSSL_SSL_CLI_C
02076 
02077 /**
02078  * \def POLARSSL_SSL_SRV_C
02079  *
02080  * Enable the SSL/TLS server code.
02081  *
02082  * Module:  library/ssl_srv.c
02083  * Caller:
02084  *
02085  * Requires: POLARSSL_SSL_TLS_C
02086  *
02087  * This module is required for SSL/TLS server support.
02088  */
02089 #define POLARSSL_SSL_SRV_C
02090 
02091 /**
02092  * \def POLARSSL_SSL_TLS_C
02093  *
02094  * Enable the generic SSL/TLS code.
02095  *
02096  * Module:  library/ssl_tls.c
02097  * Caller:  library/ssl_cli.c
02098  *          library/ssl_srv.c
02099  *
02100  * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
02101  *           and at least one of the POLARSSL_SSL_PROTO_* defines
02102  *
02103  * This module is required for SSL/TLS.
02104  */
02105 #define POLARSSL_SSL_TLS_C
02106 
02107 /**
02108  * \def POLARSSL_THREADING_C
02109  *
02110  * Enable the threading abstraction layer.
02111  * By default mbed TLS assumes it is used in a non-threaded environment or that
02112  * contexts are not shared between threads. If you do intend to use contexts
02113  * between threads, you will need to enable this layer to prevent race
02114  * conditions.
02115  *
02116  * Module:  library/threading.c
02117  *
02118  * This allows different threading implementations (self-implemented or
02119  * provided).
02120  *
02121  * You will have to enable either POLARSSL_THREADING_ALT or
02122  * POLARSSL_THREADING_PTHREAD.
02123  *
02124  * Enable this layer to allow use of mutexes within mbed TLS
02125  */
02126 //#define POLARSSL_THREADING_C
02127 
02128 /**
02129  * \def POLARSSL_TIMING_C
02130  *
02131  * Enable the portable timing interface.
02132  *
02133  * Module:  library/timing.c
02134  * Caller:  library/havege.c
02135  *
02136  * This module is used by the HAVEGE random number generator.
02137  */
02138 //#define POLARSSL_TIMING_C
02139 
02140 /**
02141  * \def POLARSSL_VERSION_C
02142  *
02143  * Enable run-time version information.
02144  *
02145  * Module:  library/version.c
02146  *
02147  * This module provides run-time version information.
02148  */
02149 #define POLARSSL_VERSION_C
02150 
02151 /**
02152  * \def POLARSSL_X509_USE_C
02153  *
02154  * Enable X.509 core for using certificates.
02155  *
02156  * Module:  library/x509.c
02157  * Caller:  library/x509_crl.c
02158  *          library/x509_crt.c
02159  *          library/x509_csr.c
02160  *
02161  * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
02162  *           POLARSSL_PK_PARSE_C
02163  *
02164  * This module is required for the X.509 parsing modules.
02165  */
02166 #define POLARSSL_X509_USE_C
02167 
02168 /**
02169  * \def POLARSSL_X509_CRT_PARSE_C
02170  *
02171  * Enable X.509 certificate parsing.
02172  *
02173  * Module:  library/x509_crt.c
02174  * Caller:  library/ssl_cli.c
02175  *          library/ssl_srv.c
02176  *          library/ssl_tls.c
02177  *
02178  * Requires: POLARSSL_X509_USE_C
02179  *
02180  * This module is required for X.509 certificate parsing.
02181  */
02182 #define POLARSSL_X509_CRT_PARSE_C
02183 
02184 /**
02185  * \def POLARSSL_X509_CRL_PARSE_C
02186  *
02187  * Enable X.509 CRL parsing.
02188  *
02189  * Module:  library/x509_crl.c
02190  * Caller:  library/x509_crt.c
02191  *
02192  * Requires: POLARSSL_X509_USE_C
02193  *
02194  * This module is required for X.509 CRL parsing.
02195  */
02196 #define POLARSSL_X509_CRL_PARSE_C
02197 
02198 /**
02199  * \def POLARSSL_X509_CSR_PARSE_C
02200  *
02201  * Enable X.509 Certificate Signing Request (CSR) parsing.
02202  *
02203  * Module:  library/x509_csr.c
02204  * Caller:  library/x509_crt_write.c
02205  *
02206  * Requires: POLARSSL_X509_USE_C
02207  *
02208  * This module is used for reading X.509 certificate request.
02209  */
02210 #define POLARSSL_X509_CSR_PARSE_C
02211 
02212 /**
02213  * \def POLARSSL_X509_CREATE_C
02214  *
02215  * Enable X.509 core for creating certificates.
02216  *
02217  * Module:  library/x509_create.c
02218  *
02219  * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
02220  *
02221  * This module is the basis for creating X.509 certificates and CSRs.
02222  */
02223 #define POLARSSL_X509_CREATE_C
02224 
02225 /**
02226  * \def POLARSSL_X509_CRT_WRITE_C
02227  *
02228  * Enable creating X.509 certificates.
02229  *
02230  * Module:  library/x509_crt_write.c
02231  *
02232  * Requires: POLARSSL_CREATE_C
02233  *
02234  * This module is required for X.509 certificate creation.
02235  */
02236 #define POLARSSL_X509_CRT_WRITE_C
02237 
02238 /**
02239  * \def POLARSSL_X509_CSR_WRITE_C
02240  *
02241  * Enable creating X.509 Certificate Signing Requests (CSR).
02242  *
02243  * Module:  library/x509_csr_write.c
02244  *
02245  * Requires: POLARSSL_CREATE_C
02246  *
02247  * This module is required for X.509 certificate request writing.
02248  */
02249 #define POLARSSL_X509_CSR_WRITE_C
02250 
02251 /**
02252  * \def POLARSSL_XTEA_C
02253  *
02254  * Enable the XTEA block cipher.
02255  *
02256  * Module:  library/xtea.c
02257  * Caller:
02258  */
02259 #define POLARSSL_XTEA_C
02260 
02261 /* \} name SECTION: mbed TLS modules */
02262 
02263 /**
02264  * \name SECTION: Module configuration options
02265  *
02266  * This section allows for the setting of module specific sizes and
02267  * configuration options. The default values are already present in the
02268  * relevant header files and should suffice for the regular use cases.
02269  *
02270  * Our advice is to enable options and change their values here
02271  * only if you have a good reason and know the consequences.
02272  *
02273  * Please check the respective header file for documentation on these
02274  * parameters (to prevent duplicate documentation).
02275  * \{
02276  */
02277 
02278 /* MPI / BIGNUM options */
02279 //#define POLARSSL_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
02280 //#define POLARSSL_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
02281 
02282 /* CTR_DRBG options */
02283 //#define CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
02284 //#define CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
02285 //#define CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
02286 //#define CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
02287 //#define CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
02288 
02289 /* HMAC_DRBG options */
02290 //#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
02291 //#define POLARSSL_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
02292 //#define POLARSSL_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
02293 //#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
02294 
02295 /* ECP options */
02296 //#define POLARSSL_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
02297 //#define POLARSSL_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
02298 //#define POLARSSL_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
02299 
02300 /* Entropy options */
02301 //#define ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
02302 //#define ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
02303 
02304 /* Memory buffer allocator options */
02305 //#define POLARSSL_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
02306 
02307 /* Platform options */
02308 //#define POLARSSL_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
02309 //#define POLARSSL_PLATFORM_STD_MALLOC        malloc /**< Default allocator to use, can be undefined */
02310 //#define POLARSSL_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
02311 //#define POLARSSL_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
02312 //#define POLARSSL_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
02313 //#define POLARSSL_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
02314 //#define POLARSSL_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
02315 
02316 /* To Use Function Macros POLARSSL_PLATFORM_C must be enabled */
02317 /* POLARSSL_PLATFORM_XXX_MACRO and POLARSSL_PLATFORM_XXX_ALT cannot both be defined */
02318 //#define POLARSSL_PLATFORM_MALLOC_MACRO        malloc /**< Default allocator macro to use, can be undefined */
02319 //#define POLARSSL_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
02320 //#define POLARSSL_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
02321 //#define POLARSSL_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
02322 //#define POLARSSL_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
02323 //#define POLARSSL_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
02324 
02325 /* SSL Cache options */
02326 //#define SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
02327 //#define SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
02328 
02329 /* SSL options */
02330 //#define SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
02331 //#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
02332 //#define POLARSSL_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
02333 
02334 /**
02335  * Complete list of ciphersuites to use, in order of preference.
02336  *
02337  * \warning No dependency checking is done on that field! This option can only
02338  * be used to restrict the set of available ciphersuites. It is your
02339  * responsibility to make sure the needed modules are active.
02340  *
02341  * Use this to save a few hundred bytes of ROM (default ordering of all
02342  * available ciphersuites) and a few to a few hundred bytes of RAM.
02343  *
02344  * The value below is only an example, not the default.
02345  */
02346 //#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
02347 
02348 /* Debug options */
02349 //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
02350 
02351 /* X509 options */
02352 //#define POLARSSL_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
02353 
02354 /* \} name SECTION: Module configuration options */
02355 
02356 #include "check_config.h"
02357 
02358 #endif /* POLARSSL_CONFIG_H */
02359