David Fletcher
Port of TI's CC3100 Websock camera demo. Using FreeRTOS, mbedTLS, also parts of Arducam for cams ov5642 and 0v2640. Can also use MT9D111. Work in progress. Be warned some parts maybe a bit flacky. This is for Seeed Arch max only, for an M3, see the demo for CM3 using the 0v5642 aducam mini.
Embed:
(wiki syntax)
Show/hide line numbers
config.h
Go to the documentation of this file.
00001 /** 00002 * \file config.h 00003 * 00004 * \brief Configuration options (set of defines) 00005 * 00006 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved 00007 * 00008 * This file is part of mbed TLS (https://tls.mbed.org) 00009 * 00010 * This program is free software; you can redistribute it and/or modify 00011 * it under the terms of the GNU General Public License as published by 00012 * the Free Software Foundation; either version 2 of the License, or 00013 * (at your option) any later version. 00014 * 00015 * This program is distributed in the hope that it will be useful, 00016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00018 * GNU General Public License for more details. 00019 * 00020 * You should have received a copy of the GNU General Public License along 00021 * with this program; if not, write to the Free Software Foundation, Inc., 00022 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00023 * 00024 * This set of compile-time options may be used to enable 00025 * or disable features selectively, and reduce the global 00026 * memory footprint. 00027 */ 00028 #ifndef POLARSSL_CONFIG_H 00029 #define POLARSSL_CONFIG_H 00030 00031 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 00032 #define _CRT_SECURE_NO_DEPRECATE 1 00033 #endif 00034 00035 /** 00036 * \name SECTION: System support 00037 * 00038 * This section sets system specific settings. 00039 * \{ 00040 */ 00041 00042 /** 00043 * \def POLARSSL_HAVE_INT8 00044 * 00045 * The system uses 8-bit wide native integers. 00046 * 00047 * \deprecated The compiler should be able to generate code for 32-bit 00048 * arithmetic (required by C89). This code is likely to be at least as 00049 * efficient as ours. 00050 * 00051 * Uncomment if native integers are 8-bit wide. 00052 */ 00053 //#define POLARSSL_HAVE_INT8 00054 00055 /** 00056 * \def POLARSSL_HAVE_INT16 00057 * 00058 * The system uses 16-bit wide native integers. 00059 * 00060 * \deprecated The compiler should be able to generate code for 32-bit 00061 * arithmetic (required by C89). This code is likely to be at least as 00062 * efficient as ours. 00063 * 00064 * Uncomment if native integers are 16-bit wide. 00065 */ 00066 //#define POLARSSL_HAVE_INT16 00067 00068 /** 00069 * \def POLARSSL_HAVE_LONGLONG 00070 * 00071 * The compiler supports the 'long long' type. 00072 * (Only used on 32-bit platforms) 00073 */ 00074 #define POLARSSL_HAVE_LONGLONG 00075 00076 /** 00077 * \def POLARSSL_HAVE_ASM 00078 * 00079 * The compiler has support for asm(). 00080 * 00081 * Requires support for asm() in compiler. 00082 * 00083 * Used in: 00084 * library/timing.c 00085 * library/padlock.c 00086 * include/polarssl/bn_mul.h 00087 * 00088 * Comment to disable the use of assembly code. 00089 */ 00090 #define POLARSSL_HAVE_ASM 00091 00092 /** 00093 * \def POLARSSL_HAVE_SSE2 00094 * 00095 * CPU supports SSE2 instruction set. 00096 * 00097 * Uncomment if the CPU supports SSE2 (IA-32 specific). 00098 */ 00099 //#define POLARSSL_HAVE_SSE2 00100 00101 /** 00102 * \def POLARSSL_HAVE_TIME 00103 * 00104 * System has time.h and time() / localtime() / gettimeofday(). 00105 * 00106 * Comment if your system does not support time functions 00107 */ 00108 #define POLARSSL_HAVE_TIME 00109 00110 /** 00111 * \def POLARSSL_HAVE_IPV6 00112 * 00113 * System supports the basic socket interface for IPv6 (RFC 3493), 00114 * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage. 00115 * 00116 * Note: on Windows/MingW, XP or higher is required. 00117 * 00118 * \warning As of 1.3.11, *not* using this flag when POLARSSL_NET_C is 00119 * defined, is deprecated. The alternative legacy code will be removed in 2.0. 00120 * 00121 * Comment if your system does not support the IPv6 socket interface 00122 */ 00123 #define POLARSSL_HAVE_IPV6 00124 00125 /** 00126 * \def POLARSSL_PLATFORM_MEMORY 00127 * 00128 * Enable the memory allocation layer. 00129 * 00130 * By default mbed TLS uses the system-provided malloc() and free(). 00131 * This allows different allocators (self-implemented or provided) to be 00132 * provided to the platform abstraction layer. 00133 * 00134 * Enabling POLARSSL_PLATFORM_MEMORY without the 00135 * POLARSSL_PLATFORM_{FREE,MALLOC}_MACROs will provide 00136 * "platform_set_malloc_free()" allowing you to set an alternative malloc() and 00137 * free() function pointer at runtime. 00138 * 00139 * Enabling POLARSSL_PLATFORM_MEMORY and specifying 00140 * POLARSSL_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the 00141 * alternate function at compile time. 00142 * 00143 * Requires: POLARSSL_PLATFORM_C 00144 * 00145 * Enable this layer to allow use of alternative memory allocators. 00146 */ 00147 //#define POLARSSL_PLATFORM_MEMORY 00148 00149 /** 00150 * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS 00151 * 00152 * Do not assign standard functions in the platform layer (e.g. malloc() to 00153 * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF) 00154 * 00155 * This makes sure there are no linking errors on platforms that do not support 00156 * these functions. You will HAVE to provide alternatives, either at runtime 00157 * via the platform_set_xxx() functions or at compile time by setting 00158 * the POLARSSL_PLATFORM_STD_XXX defines, or enabling a 00159 * POLARSSL_PLATFORM_XXX_MACRO. 00160 * 00161 * Requires: POLARSSL_PLATFORM_C 00162 * 00163 * Uncomment to prevent default assignment of standard functions in the 00164 * platform layer. 00165 */ 00166 //#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS 00167 00168 /** 00169 * \def POLARSSL_PLATFORM_XXX_ALT 00170 * 00171 * Uncomment a macro to let mbed TLS support the function in the platform 00172 * abstraction layer. 00173 * 00174 * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, mbed TLS will 00175 * provide a function "platform_set_printf()" that allows you to set an 00176 * alternative printf function pointer. 00177 * 00178 * All these define require POLARSSL_PLATFORM_C to be defined! 00179 * 00180 * WARNING: POLARSSL_PLATFORM_SNPRINTF_ALT is not available on Windows 00181 * for compatibility reasons. 00182 * 00183 * WARNING: POLARSSL_PLATFORM_XXX_ALT cannot be defined at the same time as 00184 * POLARSSL_PLATFORM_XXX_MACRO! 00185 * 00186 * Uncomment a macro to enable alternate implementation of specific base 00187 * platform function 00188 */ 00189 //#define POLARSSL_PLATFORM_EXIT_ALT 00190 //#define POLARSSL_PLATFORM_FPRINTF_ALT 00191 //#define POLARSSL_PLATFORM_PRINTF_ALT 00192 //#define POLARSSL_PLATFORM_SNPRINTF_ALT 00193 00194 /** 00195 * \def POLARSSL_DEPRECATED_WARNING 00196 * 00197 * Mark deprecated functions so that they generate a warning if used. 00198 * Functions deprecated in one version will usually be removed in the next 00199 * version. You can enable this to help you prepare the transition to a new 00200 * major version by making sure your code is not using these functions. 00201 * 00202 * This only works with GCC and Clang. With other compilers, you may want to 00203 * use POLARSSL_DEPRECATED_REMOVED 00204 * 00205 * Uncomment to get warnings on using deprecated functions. 00206 */ 00207 //#define POLARSSL_DEPRECATED_WARNING 00208 00209 /** 00210 * \def POLARSSL_DEPRECATED_REMOVED 00211 * 00212 * Remove deprecated functions so that they generate an error if used. 00213 * Functions deprecated in one version will usually be removed in the next 00214 * version. You can enable this to help you prepare the transition to a new 00215 * major version by making sure your code is not using these functions. 00216 * 00217 * Uncomment to get errors on using deprecated functions. 00218 */ 00219 //#define POLARSSL_DEPRECATED_REMOVED 00220 00221 /* \} name SECTION: System support */ 00222 00223 /** 00224 * \name SECTION: mbed TLS feature support 00225 * 00226 * This section sets support for features that are or are not needed 00227 * within the modules that are enabled. 00228 * \{ 00229 */ 00230 00231 /** 00232 * \def POLARSSL_TIMING_ALT 00233 * 00234 * Uncomment to provide your own alternate implementation for hardclock(), 00235 * get_timer(), set_alarm() and m_sleep(). 00236 * 00237 * Only works if you have POLARSSL_TIMING_C enabled. 00238 * 00239 * You will need to provide a header "timing_alt.h" and an implementation at 00240 * compile time. 00241 */ 00242 //#define POLARSSL_TIMING_ALT 00243 00244 /** 00245 * \def POLARSSL_XXX_ALT 00246 * 00247 * Uncomment a macro to let mbed TLS use your alternate core implementation of 00248 * a symmetric or hash algorithm (e.g. platform specific assembly optimized 00249 * implementations). Keep in mind that the function prototypes should remain 00250 * the same. 00251 * 00252 * Example: In case you uncomment POLARSSL_AES_ALT, mbed TLS will no longer 00253 * provide the "struct aes_context" definition and omit the base function 00254 * declarations and implementations. "aes_alt.h" will be included from 00255 * "aes.h" to include the new function definitions. 00256 * 00257 * Uncomment a macro to enable alternate implementation for core algorithm 00258 * functions 00259 */ 00260 //#define POLARSSL_AES_ALT 00261 //#define POLARSSL_ARC4_ALT 00262 //#define POLARSSL_BLOWFISH_ALT 00263 //#define POLARSSL_CAMELLIA_ALT 00264 //#define POLARSSL_DES_ALT 00265 //#define POLARSSL_XTEA_ALT 00266 //#define POLARSSL_MD2_ALT 00267 //#define POLARSSL_MD4_ALT 00268 //#define POLARSSL_MD5_ALT 00269 //#define POLARSSL_RIPEMD160_ALT 00270 //#define POLARSSL_SHA1_ALT 00271 //#define POLARSSL_SHA256_ALT 00272 //#define POLARSSL_SHA512_ALT 00273 00274 /** 00275 * \def POLARSSL_AES_ROM_TABLES 00276 * 00277 * Store the AES tables in ROM. 00278 * 00279 * Uncomment this macro to store the AES tables in ROM. 00280 */ 00281 //#define POLARSSL_AES_ROM_TABLES 00282 00283 /** 00284 * \def POLARSSL_CAMELLIA_SMALL_MEMORY 00285 * 00286 * Use less ROM for the Camellia implementation (saves about 768 bytes). 00287 * 00288 * Uncomment this macro to use less memory for Camellia. 00289 */ 00290 //#define POLARSSL_CAMELLIA_SMALL_MEMORY 00291 00292 /** 00293 * \def POLARSSL_CIPHER_MODE_CBC 00294 * 00295 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 00296 */ 00297 #define POLARSSL_CIPHER_MODE_CBC 00298 00299 /** 00300 * \def POLARSSL_CIPHER_MODE_CFB 00301 * 00302 * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 00303 */ 00304 #define POLARSSL_CIPHER_MODE_CFB 00305 00306 /** 00307 * \def POLARSSL_CIPHER_MODE_CTR 00308 * 00309 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 00310 */ 00311 #define POLARSSL_CIPHER_MODE_CTR 00312 00313 /** 00314 * \def POLARSSL_CIPHER_NULL_CIPHER 00315 * 00316 * Enable NULL cipher. 00317 * Warning: Only do so when you know what you are doing. This allows for 00318 * encryption or channels without any security! 00319 * 00320 * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable 00321 * the following ciphersuites: 00322 * TLS_ECDH_ECDSA_WITH_NULL_SHA 00323 * TLS_ECDH_RSA_WITH_NULL_SHA 00324 * TLS_ECDHE_ECDSA_WITH_NULL_SHA 00325 * TLS_ECDHE_RSA_WITH_NULL_SHA 00326 * TLS_ECDHE_PSK_WITH_NULL_SHA384 00327 * TLS_ECDHE_PSK_WITH_NULL_SHA256 00328 * TLS_ECDHE_PSK_WITH_NULL_SHA 00329 * TLS_DHE_PSK_WITH_NULL_SHA384 00330 * TLS_DHE_PSK_WITH_NULL_SHA256 00331 * TLS_DHE_PSK_WITH_NULL_SHA 00332 * TLS_RSA_WITH_NULL_SHA256 00333 * TLS_RSA_WITH_NULL_SHA 00334 * TLS_RSA_WITH_NULL_MD5 00335 * TLS_RSA_PSK_WITH_NULL_SHA384 00336 * TLS_RSA_PSK_WITH_NULL_SHA256 00337 * TLS_RSA_PSK_WITH_NULL_SHA 00338 * TLS_PSK_WITH_NULL_SHA384 00339 * TLS_PSK_WITH_NULL_SHA256 00340 * TLS_PSK_WITH_NULL_SHA 00341 * 00342 * Uncomment this macro to enable the NULL cipher and ciphersuites 00343 */ 00344 //#define POLARSSL_CIPHER_NULL_CIPHER 00345 00346 /** 00347 * \def POLARSSL_CIPHER_PADDING_XXX 00348 * 00349 * Uncomment or comment macros to add support for specific padding modes 00350 * in the cipher layer with cipher modes that support padding (e.g. CBC) 00351 * 00352 * If you disable all padding modes, only full blocks can be used with CBC. 00353 * 00354 * Enable padding modes in the cipher layer. 00355 */ 00356 #define POLARSSL_CIPHER_PADDING_PKCS7 00357 #define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS 00358 #define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN 00359 #define POLARSSL_CIPHER_PADDING_ZEROS 00360 00361 /** 00362 * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES 00363 * 00364 * Enable weak ciphersuites in SSL / TLS. 00365 * Warning: Only do so when you know what you are doing. This allows for 00366 * channels with virtually no security at all! 00367 * 00368 * This enables the following ciphersuites: 00369 * TLS_RSA_WITH_DES_CBC_SHA 00370 * TLS_DHE_RSA_WITH_DES_CBC_SHA 00371 * 00372 * Uncomment this macro to enable weak ciphersuites 00373 */ 00374 //#define POLARSSL_ENABLE_WEAK_CIPHERSUITES 00375 00376 /** 00377 * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES 00378 * 00379 * Remove RC4 ciphersuites by default in SSL / TLS. 00380 * This flag removes the ciphersuites based on RC4 from the default list as 00381 * returned by ssl_list_ciphersuites(). However, it is still possible to 00382 * enable (some of) them with ssl_set_ciphersuites() by including them 00383 * explicitly. 00384 * 00385 * Uncomment this macro to remove RC4 ciphersuites by default. 00386 */ 00387 //#define POLARSSL_REMOVE_ARC4_CIPHERSUITES 00388 00389 /** 00390 * \def POLARSSL_ECP_XXXX_ENABLED 00391 * 00392 * Enables specific curves within the Elliptic Curve module. 00393 * By default all supported curves are enabled. 00394 * 00395 * Comment macros to disable the curve and functions for it 00396 */ 00397 #define POLARSSL_ECP_DP_SECP192R1_ENABLED 00398 #define POLARSSL_ECP_DP_SECP224R1_ENABLED 00399 #define POLARSSL_ECP_DP_SECP256R1_ENABLED 00400 #define POLARSSL_ECP_DP_SECP384R1_ENABLED 00401 #define POLARSSL_ECP_DP_SECP521R1_ENABLED 00402 #define POLARSSL_ECP_DP_SECP192K1_ENABLED 00403 #define POLARSSL_ECP_DP_SECP224K1_ENABLED 00404 #define POLARSSL_ECP_DP_SECP256K1_ENABLED 00405 #define POLARSSL_ECP_DP_BP256R1_ENABLED 00406 #define POLARSSL_ECP_DP_BP384R1_ENABLED 00407 #define POLARSSL_ECP_DP_BP512R1_ENABLED 00408 //#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet! 00409 #define POLARSSL_ECP_DP_M255_ENABLED 00410 //#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet! 00411 //#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet! 00412 00413 /** 00414 * \def POLARSSL_ECP_NIST_OPTIM 00415 * 00416 * Enable specific 'modulo p' routines for each NIST prime. 00417 * Depending on the prime and architecture, makes operations 4 to 8 times 00418 * faster on the corresponding curve. 00419 * 00420 * Comment this macro to disable NIST curves optimisation. 00421 */ 00422 #define POLARSSL_ECP_NIST_OPTIM 00423 00424 /** 00425 * \def POLARSSL_ECDSA_DETERMINISTIC 00426 * 00427 * Enable deterministic ECDSA (RFC 6979). 00428 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 00429 * may result in a compromise of the long-term signing key. This is avoided by 00430 * the deterministic variant. 00431 * 00432 * Requires: POLARSSL_HMAC_DRBG_C 00433 * 00434 * Comment this macro to disable deterministic ECDSA. 00435 */ 00436 #define POLARSSL_ECDSA_DETERMINISTIC 00437 00438 /** 00439 * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED 00440 * 00441 * Enable the PSK based ciphersuite modes in SSL / TLS. 00442 * 00443 * This enables the following ciphersuites (if other requisites are 00444 * enabled as well): 00445 * TLS_PSK_WITH_AES_256_GCM_SHA384 00446 * TLS_PSK_WITH_AES_256_CBC_SHA384 00447 * TLS_PSK_WITH_AES_256_CBC_SHA 00448 * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 00449 * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 00450 * TLS_PSK_WITH_AES_128_GCM_SHA256 00451 * TLS_PSK_WITH_AES_128_CBC_SHA256 00452 * TLS_PSK_WITH_AES_128_CBC_SHA 00453 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 00454 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 00455 * TLS_PSK_WITH_3DES_EDE_CBC_SHA 00456 * TLS_PSK_WITH_RC4_128_SHA 00457 */ 00458 #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED 00459 00460 /** 00461 * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED 00462 * 00463 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 00464 * 00465 * Requires: POLARSSL_DHM_C 00466 * 00467 * This enables the following ciphersuites (if other requisites are 00468 * enabled as well): 00469 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 00470 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 00471 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA 00472 * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 00473 * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00474 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 00475 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 00476 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA 00477 * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 00478 * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00479 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 00480 * TLS_DHE_PSK_WITH_RC4_128_SHA 00481 */ 00482 #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED 00483 00484 /** 00485 * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00486 * 00487 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 00488 * 00489 * Requires: POLARSSL_ECDH_C 00490 * 00491 * This enables the following ciphersuites (if other requisites are 00492 * enabled as well): 00493 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 00494 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 00495 * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 00496 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00497 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 00498 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 00499 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 00500 * TLS_ECDHE_PSK_WITH_RC4_128_SHA 00501 */ 00502 #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED 00503 00504 /** 00505 * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED 00506 * 00507 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 00508 * 00509 * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00510 * POLARSSL_X509_CRT_PARSE_C 00511 * 00512 * This enables the following ciphersuites (if other requisites are 00513 * enabled as well): 00514 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 00515 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 00516 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA 00517 * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 00518 * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 00519 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 00520 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 00521 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA 00522 * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 00523 * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 00524 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 00525 * TLS_RSA_PSK_WITH_RC4_128_SHA 00526 */ 00527 #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED 00528 00529 /** 00530 * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED 00531 * 00532 * Enable the RSA-only based ciphersuite modes in SSL / TLS. 00533 * 00534 * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00535 * POLARSSL_X509_CRT_PARSE_C 00536 * 00537 * This enables the following ciphersuites (if other requisites are 00538 * enabled as well): 00539 * TLS_RSA_WITH_AES_256_GCM_SHA384 00540 * TLS_RSA_WITH_AES_256_CBC_SHA256 00541 * TLS_RSA_WITH_AES_256_CBC_SHA 00542 * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 00543 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 00544 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 00545 * TLS_RSA_WITH_AES_128_GCM_SHA256 00546 * TLS_RSA_WITH_AES_128_CBC_SHA256 00547 * TLS_RSA_WITH_AES_128_CBC_SHA 00548 * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 00549 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 00550 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 00551 * TLS_RSA_WITH_3DES_EDE_CBC_SHA 00552 * TLS_RSA_WITH_RC4_128_SHA 00553 * TLS_RSA_WITH_RC4_128_MD5 00554 */ 00555 #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED 00556 00557 /** 00558 * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED 00559 * 00560 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 00561 * 00562 * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00563 * POLARSSL_X509_CRT_PARSE_C 00564 * 00565 * This enables the following ciphersuites (if other requisites are 00566 * enabled as well): 00567 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00568 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00569 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00570 * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00571 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 00572 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 00573 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00574 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00575 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00576 * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00577 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00578 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 00579 * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 00580 */ 00581 #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED 00582 00583 /** 00584 * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00585 * 00586 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 00587 * 00588 * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 00589 * POLARSSL_X509_CRT_PARSE_C 00590 * 00591 * This enables the following ciphersuites (if other requisites are 00592 * enabled as well): 00593 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00594 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00595 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00596 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 00597 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 00598 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00599 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00600 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00601 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 00602 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 00603 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00604 * TLS_ECDHE_RSA_WITH_RC4_128_SHA 00605 */ 00606 #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED 00607 00608 /** 00609 * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00610 * 00611 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 00612 * 00613 * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, 00614 * 00615 * This enables the following ciphersuites (if other requisites are 00616 * enabled as well): 00617 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00618 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00619 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00620 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00621 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00622 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00623 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00624 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00625 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00626 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00627 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00628 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00629 */ 00630 #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 00631 00632 /** 00633 * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00634 * 00635 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 00636 * 00637 * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C 00638 * 00639 * This enables the following ciphersuites (if other requisites are 00640 * enabled as well): 00641 * TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00642 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00643 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00644 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00645 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00646 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00647 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00648 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00649 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 00650 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 00651 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 00652 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 00653 */ 00654 #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 00655 00656 /** 00657 * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED 00658 * 00659 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 00660 * 00661 * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C 00662 * 00663 * This enables the following ciphersuites (if other requisites are 00664 * enabled as well): 00665 * TLS_ECDH_RSA_WITH_RC4_128_SHA 00666 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00667 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00668 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00669 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00670 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00671 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00672 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00673 * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 00674 * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 00675 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 00676 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 00677 */ 00678 #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED 00679 00680 /** 00681 * \def POLARSSL_PK_PARSE_EC_EXTENDED 00682 * 00683 * Enhance support for reading EC keys using variants of SEC1 not allowed by 00684 * RFC 5915 and RFC 5480. 00685 * 00686 * Currently this means parsing the SpecifiedECDomain choice of EC 00687 * parameters (only known groups are supported, not arbitrary domains, to 00688 * avoid validation issues). 00689 * 00690 * Disable if you only need to support RFC 5915 + 5480 key formats. 00691 */ 00692 #define POLARSSL_PK_PARSE_EC_EXTENDED 00693 00694 /** 00695 * \def POLARSSL_ERROR_STRERROR_BC 00696 * 00697 * Make available the backward compatible error_strerror() next to the 00698 * current polarssl_strerror(). 00699 * 00700 * \deprecated Do not define this and use polarssl_strerror() instead 00701 * 00702 * Disable if you want to really remove the error_strerror() name 00703 */ 00704 #define POLARSSL_ERROR_STRERROR_BC 00705 00706 /** 00707 * \def POLARSSL_ERROR_STRERROR_DUMMY 00708 * 00709 * Enable a dummy error function to make use of polarssl_strerror() in 00710 * third party libraries easier when POLARSSL_ERROR_C is disabled 00711 * (no effect when POLARSSL_ERROR_C is enabled). 00712 * 00713 * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're 00714 * not using polarssl_strerror() or error_strerror() in your application. 00715 * 00716 * Disable if you run into name conflicts and want to really remove the 00717 * polarssl_strerror() 00718 */ 00719 #define POLARSSL_ERROR_STRERROR_DUMMY 00720 00721 /** 00722 * \def POLARSSL_GENPRIME 00723 * 00724 * Enable the prime-number generation code. 00725 * 00726 * Requires: POLARSSL_BIGNUM_C 00727 */ 00728 #define POLARSSL_GENPRIME 00729 00730 /** 00731 * \def POLARSSL_FS_IO 00732 * 00733 * Enable functions that use the filesystem. 00734 */ 00735 #define POLARSSL_FS_IO 00736 00737 /** 00738 * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES 00739 * 00740 * Do not add default entropy sources. These are the platform specific, 00741 * hardclock and HAVEGE based poll functions. 00742 * 00743 * This is useful to have more control over the added entropy sources in an 00744 * application. 00745 * 00746 * Uncomment this macro to prevent loading of default entropy functions. 00747 */ 00748 //#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES 00749 00750 /** 00751 * \def POLARSSL_NO_PLATFORM_ENTROPY 00752 * 00753 * Do not use built-in platform entropy functions. 00754 * This is useful if your platform does not support 00755 * standards like the /dev/urandom or Windows CryptoAPI. 00756 * 00757 * Uncomment this macro to disable the built-in platform entropy functions. 00758 */ 00759 //#define POLARSSL_NO_PLATFORM_ENTROPY 00760 00761 /** 00762 * \def POLARSSL_ENTROPY_FORCE_SHA256 00763 * 00764 * Force the entropy accumulator to use a SHA-256 accumulator instead of the 00765 * default SHA-512 based one (if both are available). 00766 * 00767 * Requires: POLARSSL_SHA256_C 00768 * 00769 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 00770 * if you have performance concerns. 00771 * 00772 * This option is only useful if both POLARSSL_SHA256_C and 00773 * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used. 00774 */ 00775 //#define POLARSSL_ENTROPY_FORCE_SHA256 00776 00777 /** 00778 * \def POLARSSL_MEMORY_DEBUG 00779 * 00780 * Enable debugging of buffer allocator memory issues. Automatically prints 00781 * (to stderr) all (fatal) messages on memory allocation issues. Enables 00782 * function for 'debug output' of allocated memory. 00783 * 00784 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C 00785 * 00786 * Uncomment this macro to let the buffer allocator print out error messages. 00787 */ 00788 //#define POLARSSL_MEMORY_DEBUG 00789 00790 /** 00791 * \def POLARSSL_MEMORY_BACKTRACE 00792 * 00793 * Include backtrace information with each allocated block. 00794 * 00795 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C 00796 * GLIBC-compatible backtrace() an backtrace_symbols() support 00797 * 00798 * Uncomment this macro to include backtrace information 00799 */ 00800 //#define POLARSSL_MEMORY_BACKTRACE 00801 00802 /** 00803 * \def POLARSSL_PKCS1_V15 00804 * 00805 * Enable support for PKCS#1 v1.5 encoding. 00806 * 00807 * Requires: POLARSSL_RSA_C 00808 * 00809 * This enables support for PKCS#1 v1.5 operations. 00810 */ 00811 #define POLARSSL_PKCS1_V15 00812 00813 /** 00814 * \def POLARSSL_PKCS1_V21 00815 * 00816 * Enable support for PKCS#1 v2.1 encoding. 00817 * 00818 * Requires: POLARSSL_MD_C, POLARSSL_RSA_C 00819 * 00820 * This enables support for RSAES-OAEP and RSASSA-PSS operations. 00821 */ 00822 #define POLARSSL_PKCS1_V21 00823 00824 /** 00825 * \def POLARSSL_RSA_NO_CRT 00826 * 00827 * Do not use the Chinese Remainder Theorem for the RSA private operation. 00828 * 00829 * Uncomment this macro to disable the use of CRT in RSA. 00830 * 00831 */ 00832 //#define POLARSSL_RSA_NO_CRT 00833 00834 /** 00835 * \def POLARSSL_SELF_TEST 00836 * 00837 * Enable the checkup functions (*_self_test). 00838 */ 00839 #define POLARSSL_SELF_TEST 00840 00841 /** 00842 * \def POLARSSL_SSL_AEAD_RANDOM_IV 00843 * 00844 * Generate a random IV rather than using the record sequence number as a 00845 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 00846 * 00847 * Using the sequence number is generally recommended. 00848 * 00849 * Uncomment this macro to always use random IVs with AEAD ciphersuites. 00850 */ 00851 //#define POLARSSL_SSL_AEAD_RANDOM_IV 00852 00853 /** 00854 * \def POLARSSL_SSL_ALL_ALERT_MESSAGES 00855 * 00856 * Enable sending of alert messages in case of encountered errors as per RFC. 00857 * If you choose not to send the alert messages, mbed TLS can still communicate 00858 * with other servers, only debugging of failures is harder. 00859 * 00860 * The advantage of not sending alert messages, is that no information is given 00861 * about reasons for failures thus preventing adversaries of gaining intel. 00862 * 00863 * Enable sending of all alert messages 00864 */ 00865 #define POLARSSL_SSL_ALERT_MESSAGES 00866 00867 /** 00868 * \def POLARSSL_SSL_DEBUG_ALL 00869 * 00870 * Enable the debug messages in SSL module for all issues. 00871 * Debug messages have been disabled in some places to prevent timing 00872 * attacks due to (unbalanced) debugging function calls. 00873 * 00874 * If you need all error reporting you should enable this during debugging, 00875 * but remove this for production servers that should log as well. 00876 * 00877 * Uncomment this macro to report all debug messages on errors introducing 00878 * a timing side-channel. 00879 * 00880 */ 00881 //#define POLARSSL_SSL_DEBUG_ALL 00882 00883 /** \def POLARSSL_SSL_ENCRYPT_THEN_MAC 00884 * 00885 * Enable support for Encrypt-then-MAC, RFC 7366. 00886 * 00887 * This allows peers that both support it to use a more robust protection for 00888 * ciphersuites using CBC, providing deep resistance against timing attacks 00889 * on the padding or underlying cipher. 00890 * 00891 * This only affects CBC ciphersuites, and is useless if none is defined. 00892 * 00893 * Requires: POLARSSL_SSL_PROTO_TLS1 or 00894 * POLARSSL_SSL_PROTO_TLS1_1 or 00895 * POLARSSL_SSL_PROTO_TLS1_2 00896 * 00897 * Comment this macro to disable support for Encrypt-then-MAC 00898 */ 00899 #define POLARSSL_SSL_ENCRYPT_THEN_MAC 00900 00901 /** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET 00902 * 00903 * Enable support for Extended Master Secret, aka Session Hash 00904 * (draft-ietf-tls-session-hash-02). 00905 * 00906 * This was introduced as "the proper fix" to the Triple Handshake familiy of 00907 * attacks, but it is recommended to always use it (even if you disable 00908 * renegotiation), since it actually fixes a more fundamental issue in the 00909 * original SSL/TLS design, and has implications beyond Triple Handshake. 00910 * 00911 * Requires: POLARSSL_SSL_PROTO_TLS1 or 00912 * POLARSSL_SSL_PROTO_TLS1_1 or 00913 * POLARSSL_SSL_PROTO_TLS1_2 00914 * 00915 * Comment this macro to disable support for Extended Master Secret. 00916 */ 00917 #define POLARSSL_SSL_EXTENDED_MASTER_SECRET 00918 00919 /** 00920 * \def POLARSSL_SSL_FALLBACK_SCSV 00921 * 00922 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 00923 * 00924 * For servers, it is recommended to always enable this, unless you support 00925 * only one version of TLS, or know for sure that none of your clients 00926 * implements a fallback strategy. 00927 * 00928 * For clients, you only need this if you're using a fallback strategy, which 00929 * is not recommended in the first place, unless you absolutely need it to 00930 * interoperate with buggy (version-intolerant) servers. 00931 * 00932 * Comment this macro to disable support for FALLBACK_SCSV 00933 */ 00934 #define POLARSSL_SSL_FALLBACK_SCSV 00935 00936 /** 00937 * \def POLARSSL_SSL_HW_RECORD_ACCEL 00938 * 00939 * Enable hooking functions in SSL module for hardware acceleration of 00940 * individual records. 00941 * 00942 * Uncomment this macro to enable hooking functions. 00943 */ 00944 //#define POLARSSL_SSL_HW_RECORD_ACCEL 00945 00946 /** 00947 * \def POLARSSL_SSL_CBC_RECORD_SPLITTING 00948 * 00949 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 00950 * 00951 * This is a countermeasure to the BEAST attack, which also minimizes the risk 00952 * of interoperability issues compared to sending 0-length records. 00953 * 00954 * Comment this macro to disable 1/n-1 record splitting. 00955 */ 00956 #define POLARSSL_SSL_CBC_RECORD_SPLITTING 00957 00958 /** 00959 * \def POLARSSL_SSL_DISABLE_RENEGOTIATION 00960 * 00961 * Disable support for TLS renegotiation. 00962 * 00963 * The two main uses of renegotiation are (1) refresh keys on long-lived 00964 * connections and (2) client authentication after the initial handshake. 00965 * If you don't need renegotiation, it's probably better to disable it, since 00966 * it has been associated with security issues in the past and is easy to 00967 * misuse/misunderstand. 00968 * 00969 * Warning: in the next stable branch, this switch will be replaced by 00970 * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation. 00971 * 00972 * Uncomment this to disable support for renegotiation. 00973 */ 00974 //#define POLARSSL_SSL_DISABLE_RENEGOTIATION 00975 00976 /** 00977 * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 00978 * 00979 * Enable support for receiving and parsing SSLv2 Client Hello messages for the 00980 * SSL Server module (POLARSSL_SSL_SRV_C). 00981 * 00982 * Comment this macro to disable support for SSLv2 Client Hello messages. 00983 */ 00984 #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 00985 00986 /** 00987 * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE 00988 * 00989 * Pick the ciphersuite according to the client's preferences rather than ours 00990 * in the SSL Server module (POLARSSL_SSL_SRV_C). 00991 * 00992 * Uncomment this macro to respect client's ciphersuite order 00993 */ 00994 //#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE 00995 00996 /** 00997 * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH 00998 * 00999 * Enable support for RFC 6066 max_fragment_length extension in SSL. 01000 * 01001 * Comment this macro to disable support for the max_fragment_length extension 01002 */ 01003 #define POLARSSL_SSL_MAX_FRAGMENT_LENGTH 01004 01005 /** 01006 * \def POLARSSL_SSL_PROTO_SSL3 01007 * 01008 * Enable support for SSL 3.0. 01009 * 01010 * Requires: POLARSSL_MD5_C 01011 * POLARSSL_SHA1_C 01012 * 01013 * Comment this macro to disable support for SSL 3.0 01014 */ 01015 #define POLARSSL_SSL_PROTO_SSL3 01016 01017 /** 01018 * \def POLARSSL_SSL_PROTO_TLS1 01019 * 01020 * Enable support for TLS 1.0. 01021 * 01022 * Requires: POLARSSL_MD5_C 01023 * POLARSSL_SHA1_C 01024 * 01025 * Comment this macro to disable support for TLS 1.0 01026 */ 01027 #define POLARSSL_SSL_PROTO_TLS1 01028 01029 /** 01030 * \def POLARSSL_SSL_PROTO_TLS1_1 01031 * 01032 * Enable support for TLS 1.1. 01033 * 01034 * Requires: POLARSSL_MD5_C 01035 * POLARSSL_SHA1_C 01036 * 01037 * Comment this macro to disable support for TLS 1.1 01038 */ 01039 #define POLARSSL_SSL_PROTO_TLS1_1 01040 01041 /** 01042 * \def POLARSSL_SSL_PROTO_TLS1_2 01043 * 01044 * Enable support for TLS 1.2. 01045 * 01046 * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C 01047 * (Depends on ciphersuites) 01048 * 01049 * Comment this macro to disable support for TLS 1.2 01050 */ 01051 #define POLARSSL_SSL_PROTO_TLS1_2 01052 01053 /** 01054 * \def POLARSSL_SSL_ALPN 01055 * 01056 * Enable support for RFC 7301 Application Layer Protocol Negotiation. 01057 * 01058 * Comment this macro to disable support for ALPN. 01059 */ 01060 #define POLARSSL_SSL_ALPN 01061 01062 /** 01063 * \def POLARSSL_SSL_SESSION_TICKETS 01064 * 01065 * Enable support for RFC 5077 session tickets in SSL. 01066 * 01067 * Requires: POLARSSL_AES_C 01068 * POLARSSL_SHA256_C 01069 * POLARSSL_CIPHER_MODE_CBC 01070 * 01071 * Comment this macro to disable support for SSL session tickets 01072 */ 01073 #define POLARSSL_SSL_SESSION_TICKETS 01074 01075 /** 01076 * \def POLARSSL_SSL_SERVER_NAME_INDICATION 01077 * 01078 * Enable support for RFC 6066 server name indication (SNI) in SSL. 01079 * 01080 * Requires: POLARSSL_X509_CRT_PARSE_C 01081 * 01082 * Comment this macro to disable support for server name indication in SSL 01083 */ 01084 #define POLARSSL_SSL_SERVER_NAME_INDICATION 01085 01086 /** 01087 * \def POLARSSL_SSL_TRUNCATED_HMAC 01088 * 01089 * Enable support for RFC 6066 truncated HMAC in SSL. 01090 * 01091 * Comment this macro to disable support for truncated HMAC in SSL 01092 */ 01093 #define POLARSSL_SSL_TRUNCATED_HMAC 01094 01095 /** 01096 * \def POLARSSL_SSL_SET_CURVES 01097 * 01098 * Enable ssl_set_curves(). 01099 * 01100 * This is disabled by default since it breaks binary compatibility with the 01101 * 1.3.x line. If you choose to enable it, you will need to rebuild your 01102 * application against the new header files, relinking will not be enough. 01103 * It will be enabled by default, or no longer an option, in the 1.4 branch. 01104 * 01105 * Uncomment to make ssl_set_curves() available. 01106 */ 01107 //#define POLARSSL_SSL_SET_CURVES 01108 01109 /** 01110 * \def POLARSSL_THREADING_ALT 01111 * 01112 * Provide your own alternate threading implementation. 01113 * 01114 * Requires: POLARSSL_THREADING_C 01115 * 01116 * Uncomment this to allow your own alternate threading implementation. 01117 */ 01118 //#define POLARSSL_THREADING_ALT 01119 01120 /** 01121 * \def POLARSSL_THREADING_PTHREAD 01122 * 01123 * Enable the pthread wrapper layer for the threading layer. 01124 * 01125 * Requires: POLARSSL_THREADING_C 01126 * 01127 * Uncomment this to enable pthread mutexes. 01128 */ 01129 //#define POLARSSL_THREADING_PTHREAD 01130 01131 /** 01132 * \def POLARSSL_VERSION_FEATURES 01133 * 01134 * Allow run-time checking of compile-time enabled features. Thus allowing users 01135 * to check at run-time if the library is for instance compiled with threading 01136 * support via version_check_feature(). 01137 * 01138 * Requires: POLARSSL_VERSION_C 01139 * 01140 * Comment this to disable run-time checking and save ROM space 01141 */ 01142 #define POLARSSL_VERSION_FEATURES 01143 01144 /** 01145 * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 01146 * 01147 * If set, the X509 parser will not break-off when parsing an X509 certificate 01148 * and encountering an extension in a v1 or v2 certificate. 01149 * 01150 * Uncomment to prevent an error. 01151 */ 01152 //#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 01153 01154 /** 01155 * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01156 * 01157 * If set, the X509 parser will not break-off when parsing an X509 certificate 01158 * and encountering an unknown critical extension. 01159 * 01160 * Uncomment to prevent an error. 01161 */ 01162 //#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 01163 01164 /** 01165 * \def POLARSSL_X509_CHECK_KEY_USAGE 01166 * 01167 * Enable verification of the keyUsage extension (CA and leaf certificates). 01168 * 01169 * Disabling this avoids problems with mis-issued and/or misused 01170 * (intermediate) CA and leaf certificates. 01171 * 01172 * \warning Depending on your PKI use, disabling this can be a security risk! 01173 * 01174 * Comment to skip keyUsage checking for both CA and leaf certificates. 01175 */ 01176 #define POLARSSL_X509_CHECK_KEY_USAGE 01177 01178 /** 01179 * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE 01180 * 01181 * Enable verification of the extendedKeyUsage extension (leaf certificates). 01182 * 01183 * Disabling this avoids problems with mis-issued and/or misused certificates. 01184 * 01185 * \warning Depending on your PKI use, disabling this can be a security risk! 01186 * 01187 * Comment to skip extendedKeyUsage checking for certificates. 01188 */ 01189 #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE 01190 01191 /** 01192 * \def POLARSSL_X509_RSASSA_PSS_SUPPORT 01193 * 01194 * Enable parsing and verification of X.509 certificates, CRLs and CSRS 01195 * signed with RSASSA-PSS (aka PKCS#1 v2.1). 01196 * 01197 * Comment this macro to disallow using RSASSA-PSS in certificates. 01198 */ 01199 #define POLARSSL_X509_RSASSA_PSS_SUPPORT 01200 01201 /** 01202 * \def POLARSSL_ZLIB_SUPPORT 01203 * 01204 * If set, the SSL/TLS module uses ZLIB to support compression and 01205 * decompression of packet data. 01206 * 01207 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 01208 * CRIME attack. Before enabling this option, you should examine with care if 01209 * CRIME or similar exploits may be a applicable to your use case. 01210 * 01211 * Used in: library/ssl_tls.c 01212 * library/ssl_cli.c 01213 * library/ssl_srv.c 01214 * 01215 * This feature requires zlib library and headers to be present. 01216 * 01217 * Uncomment to enable use of ZLIB 01218 */ 01219 //#define POLARSSL_ZLIB_SUPPORT 01220 /* \} name SECTION: mbed TLS feature support */ 01221 01222 /** 01223 * \name SECTION: mbed TLS modules 01224 * 01225 * This section enables or disables entire modules in mbed TLS 01226 * \{ 01227 */ 01228 01229 /** 01230 * \def POLARSSL_AESNI_C 01231 * 01232 * Enable AES-NI support on x86-64. 01233 * 01234 * Module: library/aesni.c 01235 * Caller: library/aes.c 01236 * 01237 * Requires: POLARSSL_HAVE_ASM 01238 * 01239 * This modules adds support for the AES-NI instructions on x86-64 01240 */ 01241 #define POLARSSL_AESNI_C 01242 01243 /** 01244 * \def POLARSSL_AES_C 01245 * 01246 * Enable the AES block cipher. 01247 * 01248 * Module: library/aes.c 01249 * Caller: library/ssl_tls.c 01250 * library/pem.c 01251 * library/ctr_drbg.c 01252 * 01253 * This module enables the following ciphersuites (if other requisites are 01254 * enabled as well): 01255 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 01256 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 01257 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 01258 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 01259 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 01260 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 01261 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 01262 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 01263 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 01264 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 01265 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 01266 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 01267 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 01268 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 01269 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01270 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 01271 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 01272 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01273 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 01274 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 01275 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01276 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 01277 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 01278 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01279 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 01280 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 01281 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01282 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 01283 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 01284 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01285 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01286 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 01287 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01288 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 01289 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA 01290 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01291 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 01292 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01293 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 01294 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA 01295 * TLS_RSA_WITH_AES_256_GCM_SHA384 01296 * TLS_RSA_WITH_AES_256_CBC_SHA256 01297 * TLS_RSA_WITH_AES_256_CBC_SHA 01298 * TLS_RSA_WITH_AES_128_GCM_SHA256 01299 * TLS_RSA_WITH_AES_128_CBC_SHA256 01300 * TLS_RSA_WITH_AES_128_CBC_SHA 01301 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 01302 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 01303 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA 01304 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 01305 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 01306 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA 01307 * TLS_PSK_WITH_AES_256_GCM_SHA384 01308 * TLS_PSK_WITH_AES_256_CBC_SHA384 01309 * TLS_PSK_WITH_AES_256_CBC_SHA 01310 * TLS_PSK_WITH_AES_128_GCM_SHA256 01311 * TLS_PSK_WITH_AES_128_CBC_SHA256 01312 * TLS_PSK_WITH_AES_128_CBC_SHA 01313 * 01314 * PEM_PARSE uses AES for decrypting encrypted keys. 01315 */ 01316 #define POLARSSL_AES_C 01317 01318 /** 01319 * \def POLARSSL_ARC4_C 01320 * 01321 * Enable the ARCFOUR stream cipher. 01322 * 01323 * Module: library/arc4.c 01324 * Caller: library/ssl_tls.c 01325 * 01326 * This module enables the following ciphersuites (if other requisites are 01327 * enabled as well): 01328 * TLS_ECDH_ECDSA_WITH_RC4_128_SHA 01329 * TLS_ECDH_RSA_WITH_RC4_128_SHA 01330 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 01331 * TLS_ECDHE_RSA_WITH_RC4_128_SHA 01332 * TLS_ECDHE_PSK_WITH_RC4_128_SHA 01333 * TLS_DHE_PSK_WITH_RC4_128_SHA 01334 * TLS_RSA_WITH_RC4_128_SHA 01335 * TLS_RSA_WITH_RC4_128_MD5 01336 * TLS_RSA_PSK_WITH_RC4_128_SHA 01337 * TLS_PSK_WITH_RC4_128_SHA 01338 */ 01339 #define POLARSSL_ARC4_C 01340 01341 /** 01342 * \def POLARSSL_ASN1_PARSE_C 01343 * 01344 * Enable the generic ASN1 parser. 01345 * 01346 * Module: library/asn1.c 01347 * Caller: library/x509.c 01348 * library/dhm.c 01349 * library/pkcs12.c 01350 * library/pkcs5.c 01351 * library/pkparse.c 01352 */ 01353 #define POLARSSL_ASN1_PARSE_C 01354 01355 /** 01356 * \def POLARSSL_ASN1_WRITE_C 01357 * 01358 * Enable the generic ASN1 writer. 01359 * 01360 * Module: library/asn1write.c 01361 * Caller: library/ecdsa.c 01362 * library/pkwrite.c 01363 * library/x509_create.c 01364 * library/x509write_crt.c 01365 * library/x509write_csr.c 01366 */ 01367 #define POLARSSL_ASN1_WRITE_C 01368 01369 /** 01370 * \def POLARSSL_BASE64_C 01371 * 01372 * Enable the Base64 module. 01373 * 01374 * Module: library/base64.c 01375 * Caller: library/pem.c 01376 * 01377 * This module is required for PEM support (required by X.509). 01378 */ 01379 #define POLARSSL_BASE64_C 01380 01381 /** 01382 * \def POLARSSL_BIGNUM_C 01383 * 01384 * Enable the multi-precision integer library. 01385 * 01386 * Module: library/bignum.c 01387 * Caller: library/dhm.c 01388 * library/ecp.c 01389 * library/ecdsa.c 01390 * library/rsa.c 01391 * library/ssl_tls.c 01392 * 01393 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 01394 */ 01395 #define POLARSSL_BIGNUM_C 01396 01397 /** 01398 * \def POLARSSL_BLOWFISH_C 01399 * 01400 * Enable the Blowfish block cipher. 01401 * 01402 * Module: library/blowfish.c 01403 */ 01404 #define POLARSSL_BLOWFISH_C 01405 01406 /** 01407 * \def POLARSSL_CAMELLIA_C 01408 * 01409 * Enable the Camellia block cipher. 01410 * 01411 * Module: library/camellia.c 01412 * Caller: library/ssl_tls.c 01413 * 01414 * This module enables the following ciphersuites (if other requisites are 01415 * enabled as well): 01416 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01417 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01418 * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 01419 * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 01420 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01421 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01422 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 01423 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 01424 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 01425 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01426 * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 01427 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 01428 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 01429 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01430 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01431 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 01432 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01433 * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 01434 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 01435 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01436 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01437 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01438 * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 01439 * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01440 * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 01441 * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 01442 * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01443 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 01444 * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 01445 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01446 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01447 * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 01448 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01449 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01450 * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 01451 * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 01452 * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 01453 * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 01454 * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 01455 * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 01456 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 01457 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 01458 */ 01459 #define POLARSSL_CAMELLIA_C 01460 01461 /** 01462 * \def POLARSSL_CCM_C 01463 * 01464 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 01465 * 01466 * Module: library/ccm.c 01467 * 01468 * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C 01469 * 01470 * This module enables the AES-CCM ciphersuites, if other requisites are 01471 * enabled as well. 01472 */ 01473 #define POLARSSL_CCM_C 01474 01475 /** 01476 * \def POLARSSL_CERTS_C 01477 * 01478 * Enable the test certificates. 01479 * 01480 * Module: library/certs.c 01481 * Caller: 01482 * 01483 * Requires: POLARSSL_PEM_PARSE_C 01484 * 01485 * This module is used for testing (ssl_client/server). 01486 */ 01487 #define POLARSSL_CERTS_C 01488 01489 /** 01490 * \def POLARSSL_CIPHER_C 01491 * 01492 * Enable the generic cipher layer. 01493 * 01494 * Module: library/cipher.c 01495 * Caller: library/ssl_tls.c 01496 * 01497 * Uncomment to enable generic cipher wrappers. 01498 */ 01499 #define POLARSSL_CIPHER_C 01500 01501 /** 01502 * \def POLARSSL_CTR_DRBG_C 01503 * 01504 * Enable the CTR_DRBG AES-256-based random generator. 01505 * 01506 * Module: library/ctr_drbg.c 01507 * Caller: 01508 * 01509 * Requires: POLARSSL_AES_C 01510 * 01511 * This module provides the CTR_DRBG AES-256 random number generator. 01512 */ 01513 #define POLARSSL_CTR_DRBG_C 01514 01515 /** 01516 * \def POLARSSL_DEBUG_C 01517 * 01518 * Enable the debug functions. 01519 * 01520 * Module: library/debug.c 01521 * Caller: library/ssl_cli.c 01522 * library/ssl_srv.c 01523 * library/ssl_tls.c 01524 * 01525 * This module provides debugging functions. 01526 */ 01527 #define POLARSSL_DEBUG_C 01528 01529 /** 01530 * \def POLARSSL_DES_C 01531 * 01532 * Enable the DES block cipher. 01533 * 01534 * Module: library/des.c 01535 * Caller: library/pem.c 01536 * library/ssl_tls.c 01537 * 01538 * This module enables the following ciphersuites (if other requisites are 01539 * enabled as well): 01540 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 01541 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 01542 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 01543 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 01544 * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01545 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 01546 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 01547 * TLS_RSA_WITH_3DES_EDE_CBC_SHA 01548 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 01549 * TLS_PSK_WITH_3DES_EDE_CBC_SHA 01550 * 01551 * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 01552 */ 01553 #define POLARSSL_DES_C 01554 01555 /** 01556 * \def POLARSSL_DHM_C 01557 * 01558 * Enable the Diffie-Hellman-Merkle module. 01559 * 01560 * Module: library/dhm.c 01561 * Caller: library/ssl_cli.c 01562 * library/ssl_srv.c 01563 * 01564 * This module is used by the following key exchanges: 01565 * DHE-RSA, DHE-PSK 01566 */ 01567 #define POLARSSL_DHM_C 01568 01569 /** 01570 * \def POLARSSL_ECDH_C 01571 * 01572 * Enable the elliptic curve Diffie-Hellman library. 01573 * 01574 * Module: library/ecdh.c 01575 * Caller: library/ssl_cli.c 01576 * library/ssl_srv.c 01577 * 01578 * This module is used by the following key exchanges: 01579 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 01580 * 01581 * Requires: POLARSSL_ECP_C 01582 */ 01583 #define POLARSSL_ECDH_C 01584 01585 /** 01586 * \def POLARSSL_ECDSA_C 01587 * 01588 * Enable the elliptic curve DSA library. 01589 * 01590 * Module: library/ecdsa.c 01591 * Caller: 01592 * 01593 * This module is used by the following key exchanges: 01594 * ECDHE-ECDSA 01595 * 01596 * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C 01597 */ 01598 #define POLARSSL_ECDSA_C 01599 01600 /** 01601 * \def POLARSSL_ECP_C 01602 * 01603 * Enable the elliptic curve over GF(p) library. 01604 * 01605 * Module: library/ecp.c 01606 * Caller: library/ecdh.c 01607 * library/ecdsa.c 01608 * 01609 * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED 01610 */ 01611 #define POLARSSL_ECP_C 01612 01613 /** 01614 * \def POLARSSL_ENTROPY_C 01615 * 01616 * Enable the platform-specific entropy code. 01617 * 01618 * Module: library/entropy.c 01619 * Caller: 01620 * 01621 * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C 01622 * 01623 * This module provides a generic entropy pool 01624 */ 01625 #define POLARSSL_ENTROPY_C 01626 01627 /** 01628 * \def POLARSSL_ERROR_C 01629 * 01630 * Enable error code to error string conversion. 01631 * 01632 * Module: library/error.c 01633 * Caller: 01634 * 01635 * This module enables polarssl_strerror(). 01636 */ 01637 #define POLARSSL_ERROR_C 01638 01639 /** 01640 * \def POLARSSL_GCM_C 01641 * 01642 * Enable the Galois/Counter Mode (GCM) for AES. 01643 * 01644 * Module: library/gcm.c 01645 * 01646 * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C 01647 * 01648 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 01649 * requisites are enabled as well. 01650 */ 01651 #define POLARSSL_GCM_C 01652 01653 /** 01654 * \def POLARSSL_HAVEGE_C 01655 * 01656 * Enable the HAVEGE random generator. 01657 * 01658 * Warning: the HAVEGE random generator is not suitable for virtualized 01659 * environments 01660 * 01661 * Warning: the HAVEGE random generator is dependent on timing and specific 01662 * processor traits. It is therefore not advised to use HAVEGE as 01663 * your applications primary random generator or primary entropy pool 01664 * input. As a secondary input to your entropy pool, it IS able add 01665 * the (limited) extra entropy it provides. 01666 * 01667 * Module: library/havege.c 01668 * Caller: 01669 * 01670 * Requires: POLARSSL_TIMING_C 01671 * 01672 * Uncomment to enable the HAVEGE random generator. 01673 */ 01674 //#define POLARSSL_HAVEGE_C 01675 01676 /** 01677 * \def POLARSSL_HMAC_DRBG_C 01678 * 01679 * Enable the HMAC_DRBG random generator. 01680 * 01681 * Module: library/hmac_drbg.c 01682 * Caller: 01683 * 01684 * Requires: POLARSSL_MD_C 01685 * 01686 * Uncomment to enable the HMAC_DRBG random number geerator. 01687 */ 01688 #define POLARSSL_HMAC_DRBG_C 01689 01690 /** 01691 * \def POLARSSL_MD_C 01692 * 01693 * Enable the generic message digest layer. 01694 * 01695 * Module: library/md.c 01696 * Caller: 01697 * 01698 * Uncomment to enable generic message digest wrappers. 01699 */ 01700 #define POLARSSL_MD_C 01701 01702 /** 01703 * \def POLARSSL_MD2_C 01704 * 01705 * Enable the MD2 hash algorithm. 01706 * 01707 * Module: library/md2.c 01708 * Caller: 01709 * 01710 * Uncomment to enable support for (rare) MD2-signed X.509 certs. 01711 */ 01712 //#define POLARSSL_MD2_C 01713 01714 /** 01715 * \def POLARSSL_MD4_C 01716 * 01717 * Enable the MD4 hash algorithm. 01718 * 01719 * Module: library/md4.c 01720 * Caller: 01721 * 01722 * Uncomment to enable support for (rare) MD4-signed X.509 certs. 01723 */ 01724 //#define POLARSSL_MD4_C 01725 01726 /** 01727 * \def POLARSSL_MD5_C 01728 * 01729 * Enable the MD5 hash algorithm. 01730 * 01731 * Module: library/md5.c 01732 * Caller: library/md.c 01733 * library/pem.c 01734 * library/ssl_tls.c 01735 * 01736 * This module is required for SSL/TLS and X.509. 01737 * PEM_PARSE uses MD5 for decrypting encrypted keys. 01738 */ 01739 #define POLARSSL_MD5_C 01740 01741 /** 01742 * \def POLARSSL_MEMORY_C 01743 * 01744 * \deprecated Use POLARSSL_PLATFORM_MEMORY instead. 01745 * 01746 * Depends on: POLARSSL_PLATFORM_C 01747 */ 01748 //#define POLARSSL_MEMORY_C 01749 01750 /** 01751 * \def POLARSSL_MEMORY_BUFFER_ALLOC_C 01752 * 01753 * Enable the buffer allocator implementation that makes use of a (stack) 01754 * based buffer to 'allocate' dynamic memory. (replaces malloc() and free() 01755 * calls) 01756 * 01757 * Module: library/memory_buffer_alloc.c 01758 * 01759 * Requires: POLARSSL_PLATFORM_C 01760 * POLARSSL_PLATFORM_MEMORY (to use it within mbed TLS) 01761 * 01762 * Enable this module to enable the buffer memory allocator. 01763 */ 01764 //#define POLARSSL_MEMORY_BUFFER_ALLOC_C 01765 01766 /** 01767 * \def POLARSSL_NET_C 01768 * 01769 * Enable the TCP/IP networking routines. 01770 * 01771 * \warning As of 1.3.11, it is deprecated to enable this module without 01772 * POLARSSL_HAVE_IPV6. The alternative legacy code will be removed in 2.0. 01773 * 01774 * Module: library/net.c 01775 * 01776 * This module provides TCP/IP networking routines. 01777 */ 01778 #define POLARSSL_NET_C 01779 01780 /** 01781 * \def POLARSSL_OID_C 01782 * 01783 * Enable the OID database. 01784 * 01785 * Module: library/oid.c 01786 * Caller: library/asn1write.c 01787 * library/pkcs5.c 01788 * library/pkparse.c 01789 * library/pkwrite.c 01790 * library/rsa.c 01791 * library/x509.c 01792 * library/x509_create.c 01793 * library/x509_crl.c 01794 * library/x509_crt.c 01795 * library/x509_csr.c 01796 * library/x509write_crt.c 01797 * library/x509write_csr.c 01798 * 01799 * This modules translates between OIDs and internal values. 01800 */ 01801 #define POLARSSL_OID_C 01802 01803 /** 01804 * \def POLARSSL_PADLOCK_C 01805 * 01806 * Enable VIA Padlock support on x86. 01807 * 01808 * Module: library/padlock.c 01809 * Caller: library/aes.c 01810 * 01811 * Requires: POLARSSL_HAVE_ASM 01812 * 01813 * This modules adds support for the VIA PadLock on x86. 01814 */ 01815 #define POLARSSL_PADLOCK_C 01816 01817 /** 01818 * \def POLARSSL_PBKDF2_C 01819 * 01820 * Enable PKCS#5 PBKDF2 key derivation function. 01821 * 01822 * \deprecated Use POLARSSL_PKCS5_C instead 01823 * 01824 * Module: library/pbkdf2.c 01825 * 01826 * Requires: POLARSSL_PKCS5_C 01827 * 01828 * This module adds support for the PKCS#5 PBKDF2 key derivation function. 01829 */ 01830 #define POLARSSL_PBKDF2_C 01831 01832 /** 01833 * \def POLARSSL_PEM_PARSE_C 01834 * 01835 * Enable PEM decoding / parsing. 01836 * 01837 * Module: library/pem.c 01838 * Caller: library/dhm.c 01839 * library/pkparse.c 01840 * library/x509_crl.c 01841 * library/x509_crt.c 01842 * library/x509_csr.c 01843 * 01844 * Requires: POLARSSL_BASE64_C 01845 * 01846 * This modules adds support for decoding / parsing PEM files. 01847 */ 01848 #define POLARSSL_PEM_PARSE_C 01849 01850 /** 01851 * \def POLARSSL_PEM_WRITE_C 01852 * 01853 * Enable PEM encoding / writing. 01854 * 01855 * Module: library/pem.c 01856 * Caller: library/pkwrite.c 01857 * library/x509write_crt.c 01858 * library/x509write_csr.c 01859 * 01860 * Requires: POLARSSL_BASE64_C 01861 * 01862 * This modules adds support for encoding / writing PEM files. 01863 */ 01864 #define POLARSSL_PEM_WRITE_C 01865 01866 /** 01867 * \def POLARSSL_PK_C 01868 * 01869 * Enable the generic public (asymetric) key layer. 01870 * 01871 * Module: library/pk.c 01872 * Caller: library/ssl_tls.c 01873 * library/ssl_cli.c 01874 * library/ssl_srv.c 01875 * 01876 * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C 01877 * 01878 * Uncomment to enable generic public key wrappers. 01879 */ 01880 #define POLARSSL_PK_C 01881 01882 /** 01883 * \def POLARSSL_PK_PARSE_C 01884 * 01885 * Enable the generic public (asymetric) key parser. 01886 * 01887 * Module: library/pkparse.c 01888 * Caller: library/x509_crt.c 01889 * library/x509_csr.c 01890 * 01891 * Requires: POLARSSL_PK_C 01892 * 01893 * Uncomment to enable generic public key parse functions. 01894 */ 01895 #define POLARSSL_PK_PARSE_C 01896 01897 /** 01898 * \def POLARSSL_PK_WRITE_C 01899 * 01900 * Enable the generic public (asymetric) key writer. 01901 * 01902 * Module: library/pkwrite.c 01903 * Caller: library/x509write.c 01904 * 01905 * Requires: POLARSSL_PK_C 01906 * 01907 * Uncomment to enable generic public key write functions. 01908 */ 01909 #define POLARSSL_PK_WRITE_C 01910 01911 /** 01912 * \def POLARSSL_PKCS5_C 01913 * 01914 * Enable PKCS#5 functions. 01915 * 01916 * Module: library/pkcs5.c 01917 * 01918 * Requires: POLARSSL_MD_C 01919 * 01920 * This module adds support for the PKCS#5 functions. 01921 */ 01922 #define POLARSSL_PKCS5_C 01923 01924 /** 01925 * \def POLARSSL_PKCS11_C 01926 * 01927 * Enable wrapper for PKCS#11 smartcard support. 01928 * 01929 * Module: library/pkcs11.c 01930 * Caller: library/pk.c 01931 * 01932 * Requires: POLARSSL_PK_C 01933 * 01934 * This module enables SSL/TLS PKCS #11 smartcard support. 01935 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 01936 */ 01937 //#define POLARSSL_PKCS11_C 01938 01939 /** 01940 * \def POLARSSL_PKCS12_C 01941 * 01942 * Enable PKCS#12 PBE functions. 01943 * Adds algorithms for parsing PKCS#8 encrypted private keys 01944 * 01945 * Module: library/pkcs12.c 01946 * Caller: library/pkparse.c 01947 * 01948 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C 01949 * Can use: POLARSSL_ARC4_C 01950 * 01951 * This module enables PKCS#12 functions. 01952 */ 01953 #define POLARSSL_PKCS12_C 01954 01955 /** 01956 * \def POLARSSL_PLATFORM_C 01957 * 01958 * Enable the platform abstraction layer that allows you to re-assign 01959 * functions like malloc(), free(), snprintf(), printf(), fprintf(), exit() 01960 * 01961 * Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT 01962 * or POLARSSL_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 01963 * above to be specified at runtime or compile time respectively. 01964 * 01965 * Module: library/platform.c 01966 * Caller: Most other .c files 01967 * 01968 * This module enables abstraction of common (libc) functions. 01969 */ 01970 #define POLARSSL_PLATFORM_C 01971 01972 /** 01973 * \def POLARSSL_RIPEMD160_C 01974 * 01975 * Enable the RIPEMD-160 hash algorithm. 01976 * 01977 * Module: library/ripemd160.c 01978 * Caller: library/md.c 01979 * 01980 */ 01981 #define POLARSSL_RIPEMD160_C 01982 01983 /** 01984 * \def POLARSSL_RSA_C 01985 * 01986 * Enable the RSA public-key cryptosystem. 01987 * 01988 * Module: library/rsa.c 01989 * Caller: library/ssl_cli.c 01990 * library/ssl_srv.c 01991 * library/ssl_tls.c 01992 * library/x509.c 01993 * 01994 * This module is used by the following key exchanges: 01995 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 01996 * 01997 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C 01998 */ 01999 #define POLARSSL_RSA_C 02000 02001 /** 02002 * \def POLARSSL_SHA1_C 02003 * 02004 * Enable the SHA1 cryptographic hash algorithm. 02005 * 02006 * Module: library/sha1.c 02007 * Caller: library/md.c 02008 * library/ssl_cli.c 02009 * library/ssl_srv.c 02010 * library/ssl_tls.c 02011 * library/x509write_crt.c 02012 * 02013 * This module is required for SSL/TLS and SHA1-signed certificates. 02014 */ 02015 #define POLARSSL_SHA1_C 02016 02017 /** 02018 * \def POLARSSL_SHA256_C 02019 * 02020 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 02021 * (Used to be POLARSSL_SHA2_C) 02022 * 02023 * Module: library/sha256.c 02024 * Caller: library/entropy.c 02025 * library/md.c 02026 * library/ssl_cli.c 02027 * library/ssl_srv.c 02028 * library/ssl_tls.c 02029 * 02030 * This module adds support for SHA-224 and SHA-256. 02031 * This module is required for the SSL/TLS 1.2 PRF function. 02032 */ 02033 #define POLARSSL_SHA256_C 02034 02035 /** 02036 * \def POLARSSL_SHA512_C 02037 * 02038 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 02039 * (Used to be POLARSSL_SHA4_C) 02040 * 02041 * Module: library/sha512.c 02042 * Caller: library/entropy.c 02043 * library/md.c 02044 * library/ssl_cli.c 02045 * library/ssl_srv.c 02046 * 02047 * This module adds support for SHA-384 and SHA-512. 02048 */ 02049 #define POLARSSL_SHA512_C 02050 02051 /** 02052 * \def POLARSSL_SSL_CACHE_C 02053 * 02054 * Enable simple SSL cache implementation. 02055 * 02056 * Module: library/ssl_cache.c 02057 * Caller: 02058 * 02059 * Requires: POLARSSL_SSL_CACHE_C 02060 */ 02061 #define POLARSSL_SSL_CACHE_C 02062 02063 /** 02064 * \def POLARSSL_SSL_CLI_C 02065 * 02066 * Enable the SSL/TLS client code. 02067 * 02068 * Module: library/ssl_cli.c 02069 * Caller: 02070 * 02071 * Requires: POLARSSL_SSL_TLS_C 02072 * 02073 * This module is required for SSL/TLS client support. 02074 */ 02075 #define POLARSSL_SSL_CLI_C 02076 02077 /** 02078 * \def POLARSSL_SSL_SRV_C 02079 * 02080 * Enable the SSL/TLS server code. 02081 * 02082 * Module: library/ssl_srv.c 02083 * Caller: 02084 * 02085 * Requires: POLARSSL_SSL_TLS_C 02086 * 02087 * This module is required for SSL/TLS server support. 02088 */ 02089 #define POLARSSL_SSL_SRV_C 02090 02091 /** 02092 * \def POLARSSL_SSL_TLS_C 02093 * 02094 * Enable the generic SSL/TLS code. 02095 * 02096 * Module: library/ssl_tls.c 02097 * Caller: library/ssl_cli.c 02098 * library/ssl_srv.c 02099 * 02100 * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C 02101 * and at least one of the POLARSSL_SSL_PROTO_* defines 02102 * 02103 * This module is required for SSL/TLS. 02104 */ 02105 #define POLARSSL_SSL_TLS_C 02106 02107 /** 02108 * \def POLARSSL_THREADING_C 02109 * 02110 * Enable the threading abstraction layer. 02111 * By default mbed TLS assumes it is used in a non-threaded environment or that 02112 * contexts are not shared between threads. If you do intend to use contexts 02113 * between threads, you will need to enable this layer to prevent race 02114 * conditions. 02115 * 02116 * Module: library/threading.c 02117 * 02118 * This allows different threading implementations (self-implemented or 02119 * provided). 02120 * 02121 * You will have to enable either POLARSSL_THREADING_ALT or 02122 * POLARSSL_THREADING_PTHREAD. 02123 * 02124 * Enable this layer to allow use of mutexes within mbed TLS 02125 */ 02126 //#define POLARSSL_THREADING_C 02127 02128 /** 02129 * \def POLARSSL_TIMING_C 02130 * 02131 * Enable the portable timing interface. 02132 * 02133 * Module: library/timing.c 02134 * Caller: library/havege.c 02135 * 02136 * This module is used by the HAVEGE random number generator. 02137 */ 02138 #define POLARSSL_TIMING_C 02139 02140 /** 02141 * \def POLARSSL_VERSION_C 02142 * 02143 * Enable run-time version information. 02144 * 02145 * Module: library/version.c 02146 * 02147 * This module provides run-time version information. 02148 */ 02149 #define POLARSSL_VERSION_C 02150 02151 /** 02152 * \def POLARSSL_X509_USE_C 02153 * 02154 * Enable X.509 core for using certificates. 02155 * 02156 * Module: library/x509.c 02157 * Caller: library/x509_crl.c 02158 * library/x509_crt.c 02159 * library/x509_csr.c 02160 * 02161 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C, 02162 * POLARSSL_PK_PARSE_C 02163 * 02164 * This module is required for the X.509 parsing modules. 02165 */ 02166 #define POLARSSL_X509_USE_C 02167 02168 /** 02169 * \def POLARSSL_X509_CRT_PARSE_C 02170 * 02171 * Enable X.509 certificate parsing. 02172 * 02173 * Module: library/x509_crt.c 02174 * Caller: library/ssl_cli.c 02175 * library/ssl_srv.c 02176 * library/ssl_tls.c 02177 * 02178 * Requires: POLARSSL_X509_USE_C 02179 * 02180 * This module is required for X.509 certificate parsing. 02181 */ 02182 #define POLARSSL_X509_CRT_PARSE_C 02183 02184 /** 02185 * \def POLARSSL_X509_CRL_PARSE_C 02186 * 02187 * Enable X.509 CRL parsing. 02188 * 02189 * Module: library/x509_crl.c 02190 * Caller: library/x509_crt.c 02191 * 02192 * Requires: POLARSSL_X509_USE_C 02193 * 02194 * This module is required for X.509 CRL parsing. 02195 */ 02196 #define POLARSSL_X509_CRL_PARSE_C 02197 02198 /** 02199 * \def POLARSSL_X509_CSR_PARSE_C 02200 * 02201 * Enable X.509 Certificate Signing Request (CSR) parsing. 02202 * 02203 * Module: library/x509_csr.c 02204 * Caller: library/x509_crt_write.c 02205 * 02206 * Requires: POLARSSL_X509_USE_C 02207 * 02208 * This module is used for reading X.509 certificate request. 02209 */ 02210 #define POLARSSL_X509_CSR_PARSE_C 02211 02212 /** 02213 * \def POLARSSL_X509_CREATE_C 02214 * 02215 * Enable X.509 core for creating certificates. 02216 * 02217 * Module: library/x509_create.c 02218 * 02219 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C 02220 * 02221 * This module is the basis for creating X.509 certificates and CSRs. 02222 */ 02223 #define POLARSSL_X509_CREATE_C 02224 02225 /** 02226 * \def POLARSSL_X509_CRT_WRITE_C 02227 * 02228 * Enable creating X.509 certificates. 02229 * 02230 * Module: library/x509_crt_write.c 02231 * 02232 * Requires: POLARSSL_CREATE_C 02233 * 02234 * This module is required for X.509 certificate creation. 02235 */ 02236 #define POLARSSL_X509_CRT_WRITE_C 02237 02238 /** 02239 * \def POLARSSL_X509_CSR_WRITE_C 02240 * 02241 * Enable creating X.509 Certificate Signing Requests (CSR). 02242 * 02243 * Module: library/x509_csr_write.c 02244 * 02245 * Requires: POLARSSL_CREATE_C 02246 * 02247 * This module is required for X.509 certificate request writing. 02248 */ 02249 #define POLARSSL_X509_CSR_WRITE_C 02250 02251 /** 02252 * \def POLARSSL_XTEA_C 02253 * 02254 * Enable the XTEA block cipher. 02255 * 02256 * Module: library/xtea.c 02257 * Caller: 02258 */ 02259 #define POLARSSL_XTEA_C 02260 02261 /* \} name SECTION: mbed TLS modules */ 02262 02263 /** 02264 * \name SECTION: Module configuration options 02265 * 02266 * This section allows for the setting of module specific sizes and 02267 * configuration options. The default values are already present in the 02268 * relevant header files and should suffice for the regular use cases. 02269 * 02270 * Our advice is to enable options and change their values here 02271 * only if you have a good reason and know the consequences. 02272 * 02273 * Please check the respective header file for documentation on these 02274 * parameters (to prevent duplicate documentation). 02275 * \{ 02276 */ 02277 02278 /* MPI / BIGNUM options */ 02279 //#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 02280 //#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 02281 02282 /* CTR_DRBG options */ 02283 //#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 02284 //#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02285 //#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02286 //#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02287 //#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02288 02289 /* HMAC_DRBG options */ 02290 //#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 02291 //#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 02292 //#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 02293 //#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 02294 02295 /* ECP options */ 02296 //#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 02297 //#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 02298 //#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 02299 02300 /* Entropy options */ 02301 //#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 02302 //#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 02303 02304 /* Memory buffer allocator options */ 02305 //#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 02306 02307 /* Platform options */ 02308 //#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 02309 //#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ 02310 //#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 02311 //#define POLARSSL_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 02312 //#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 02313 //#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 02314 //#define POLARSSL_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 02315 02316 /* To Use Function Macros POLARSSL_PLATFORM_C must be enabled */ 02317 /* POLARSSL_PLATFORM_XXX_MACRO and POLARSSL_PLATFORM_XXX_ALT cannot both be defined */ 02318 //#define POLARSSL_PLATFORM_MALLOC_MACRO malloc /**< Default allocator macro to use, can be undefined */ 02319 //#define POLARSSL_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 02320 //#define POLARSSL_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 02321 //#define POLARSSL_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 02322 //#define POLARSSL_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 02323 //#define POLARSSL_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 02324 02325 /* SSL Cache options */ 02326 //#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 02327 //#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 02328 02329 /* SSL options */ 02330 //#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ 02331 //#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 02332 //#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 02333 02334 /** 02335 * Complete list of ciphersuites to use, in order of preference. 02336 * 02337 * \warning No dependency checking is done on that field! This option can only 02338 * be used to restrict the set of available ciphersuites. It is your 02339 * responsibility to make sure the needed modules are active. 02340 * 02341 * Use this to save a few hundred bytes of ROM (default ordering of all 02342 * available ciphersuites) and a few to a few hundred bytes of RAM. 02343 * 02344 * The value below is only an example, not the default. 02345 */ 02346 //#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 02347 02348 /* Debug options */ 02349 //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */ 02350 02351 /* X509 options */ 02352 //#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 02353 02354 /* \} name SECTION: Module configuration options */ 02355 02356 #include "check_config.h" 02357 02358 #endif /* POLARSSL_CONFIG_H */ 02359
Generated on Tue Jul 12 2022 22:22:38 by
1.7.2