2009-01-03 22:22:43 +01:00
/**
* \ file config . h
*
2011-01-06 13:28:03 +01:00
* \ brief Configuration options ( set of defines )
*
2015-01-23 10:45:19 +01:00
* Copyright ( C ) 2006 - 2014 , ARM Limited , All Rights Reserved
2010-07-18 22:36:00 +02:00
*
2015-03-06 14:17:10 +01:00
* This file is part of mbed TLS ( https : //tls.mbed.org)
2010-07-18 22:36:00 +02:00
*
2009-01-04 17:27:10 +01:00
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License along
* with this program ; if not , write to the Free Software Foundation , Inc . ,
* 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA .
*
2009-01-03 22:22:43 +01:00
* This set of compile - time options may be used to enable
* or disable features selectively , and reduce the global
* memory footprint .
*/
2009-01-03 22:51:57 +01:00
# ifndef POLARSSL_CONFIG_H
# define POLARSSL_CONFIG_H
2009-01-03 22:22:43 +01:00
2011-11-18 15:26:47 +01:00
# if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
2009-01-03 22:22:43 +01:00
# define _CRT_SECURE_NO_DEPRECATE 1
# endif
2011-01-27 16:24:17 +01:00
/**
2011-01-21 12:00:08 +01:00
* \ name SECTION : System support
*
* This section sets system specific settings .
* \ {
*/
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_HAVE_INT8
*
* The system uses 8 - bit wide native integers .
2009-01-03 22:22:43 +01:00
*
2015-04-09 14:51:51 +02:00
* \ deprecated The compiler should be able to generate code for 32 - bit
* arithmetic ( required by C89 ) . This code is likely to be at least as
* efficient as ours .
*
2011-01-27 16:24:17 +01:00
* Uncomment if native integers are 8 - bit wide .
2009-01-03 22:22:43 +01:00
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_HAVE_INT8
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_HAVE_INT16
*
* The system uses 16 - bit wide native integers .
2009-01-03 22:22:43 +01:00
*
2015-04-09 14:51:51 +02:00
* \ deprecated The compiler should be able to generate code for 32 - bit
* arithmetic ( required by C89 ) . This code is likely to be at least as
* efficient as ours .
*
2011-01-27 16:24:17 +01:00
* Uncomment if native integers are 16 - bit wide .
2009-01-03 22:22:43 +01:00
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_HAVE_INT16
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
2012-10-02 14:19:31 +02:00
* \ def POLARSSL_HAVE_LONGLONG
2011-01-27 16:24:17 +01:00
*
2012-10-02 14:19:31 +02:00
* The compiler supports the ' long long ' type .
* ( Only used on 32 - bit platforms )
2009-01-03 22:22:43 +01:00
*/
2012-10-02 14:19:31 +02:00
# define POLARSSL_HAVE_LONGLONG
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_HAVE_ASM
*
2013-09-20 13:45:36 +02:00
* The compiler has support for asm ( ) .
2009-04-19 23:17:55 +02:00
*
* Requires support for asm ( ) in compiler .
*
* Used in :
* library / timing . c
* library / padlock . c
* include / polarssl / bn_mul . h
*
2013-09-20 13:45:36 +02:00
* Comment to disable the use of assembly code .
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_HAVE_ASM
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_HAVE_SSE2
*
2012-10-01 16:42:47 +02:00
* CPU supports SSE2 instruction set .
2011-01-27 16:24:17 +01:00
*
2009-01-03 22:22:43 +01:00
* Uncomment if the CPU supports SSE2 ( IA - 32 specific ) .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_HAVE_SSE2
2013-07-03 15:31:03 +02:00
/**
* \ def POLARSSL_HAVE_TIME
*
2013-09-20 13:45:36 +02:00
* System has time . h and time ( ) / localtime ( ) / gettimeofday ( ) .
2013-07-03 15:31:03 +02:00
*
* Comment if your system does not support time functions
*/
# define POLARSSL_HAVE_TIME
2013-12-13 12:54:09 +01:00
/**
* \ def POLARSSL_HAVE_IPV6
*
* System supports the basic socket interface for IPv6 ( RFC 3493 ) ,
2013-12-13 16:23:39 +01:00
* specifically getaddrinfo ( ) , freeaddrinfo ( ) and struct sockaddr_storage .
2013-12-13 12:54:09 +01:00
*
2013-12-17 17:38:55 +01:00
* Note : on Windows / MingW , XP or higher is required .
*
2015-04-09 14:40:46 +02:00
* \ warning As of 1.3 .11 , * not * using this flag when POLARSSL_NET_C is
* defined , is deprecated . The alternative legacy code will be removed in 2.0 .
*
2013-12-13 12:54:09 +01:00
* Comment if your system does not support the IPv6 socket interface
*/
# define POLARSSL_HAVE_IPV6
2014-02-01 22:50:07 +01:00
2014-02-04 17:30:24 +01:00
/**
* \ def POLARSSL_PLATFORM_MEMORY
*
* Enable the memory allocation layer .
*
2015-01-22 17:11:05 +01:00
* By default mbed TLS uses the system - provided malloc ( ) and free ( ) .
2014-02-04 17:30:24 +01:00
* This allows different allocators ( self - implemented or provided ) to be
* provided to the platform abstraction layer .
*
2015-02-06 17:14:34 +01:00
* Enabling POLARSSL_PLATFORM_MEMORY without the
* POLARSSL_PLATFORM_ { FREE , MALLOC } _MACROs will provide
* " platform_set_malloc_free() " allowing you to set an alternative malloc ( ) and
* free ( ) function pointer at runtime .
*
* Enabling POLARSSL_PLATFORM_MEMORY and specifying
* POLARSSL_PLATFORM_ { MALLOC , FREE } _MACROs will allow you to specify the
* alternate function at compile time .
2014-02-04 17:30:24 +01:00
*
* Requires : POLARSSL_PLATFORM_C
*
* Enable this layer to allow use of alternative memory allocators .
*/
//#define POLARSSL_PLATFORM_MEMORY
2014-04-25 11:11:10 +02:00
/**
* \ def POLARSSL_PLATFORM_NO_STD_FUNCTIONS
*
* Do not assign standard functions in the platform layer ( e . g . malloc ( ) to
* POLARSSL_PLATFORM_STD_MALLOC and printf ( ) to POLARSSL_PLATFORM_STD_PRINTF )
*
* This makes sure there are no linking errors on platforms that do not support
* these functions . You will HAVE to provide alternatives , either at runtime
* via the platform_set_xxx ( ) functions or at compile time by setting
2015-02-06 17:14:34 +01:00
* the POLARSSL_PLATFORM_STD_XXX defines , or enabling a
* POLARSSL_PLATFORM_XXX_MACRO .
2014-04-25 11:11:10 +02:00
*
* Requires : POLARSSL_PLATFORM_C
*
* Uncomment to prevent default assignment of standard functions in the
* platform layer .
*/
//#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS
2014-02-01 22:50:07 +01:00
/**
* \ def POLARSSL_PLATFORM_XXX_ALT
*
2015-01-22 17:11:05 +01:00
* Uncomment a macro to let mbed TLS support the function in the platform
2014-02-01 22:50:07 +01:00
* abstraction layer .
*
2015-01-22 17:11:05 +01:00
* Example : In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT , mbed TLS will
2014-02-01 22:50:07 +01:00
* provide a function " platform_set_printf() " that allows you to set an
* alternative printf function pointer .
*
* All these define require POLARSSL_PLATFORM_C to be defined !
*
2015-01-30 11:47:32 +01:00
* WARNING : POLARSSL_PLATFORM_SNPRINTF_ALT is not available on Windows
* for compatibility reasons .
*
2015-02-06 17:14:34 +01:00
* WARNING : POLARSSL_PLATFORM_XXX_ALT cannot be defined at the same time as
* POLARSSL_PLATFORM_XXX_MACRO !
*
2014-02-01 22:50:07 +01:00
* Uncomment a macro to enable alternate implementation of specific base
* platform function
*/
2015-01-30 13:01:34 +01:00
//#define POLARSSL_PLATFORM_EXIT_ALT
2015-02-03 12:00:54 +01:00
//#define POLARSSL_PLATFORM_FPRINTF_ALT
//#define POLARSSL_PLATFORM_PRINTF_ALT
//#define POLARSSL_PLATFORM_SNPRINTF_ALT
2015-03-23 13:58:27 +01:00
/**
* \ def POLARSSL_DEPRECATED_WARNING
*
* Mark deprecated functions so that they generate a warning if used .
* Functions deprecated in one version will usually be removed in the next
* version . You can enable this to help you prepare the transition to a new
* major version by making sure your code is not using these functions .
*
* This only works with GCC and Clang . With other compilers , you may want to
* use POLARSSL_DEPRECATED_REMOVED
*
* Uncomment to get warnings on using deprecated functions .
*/
//#define POLARSSL_DEPRECATED_WARNING
/**
* \ def POLARSSL_DEPRECATED_REMOVED
*
* Remove deprecated functions so that they generate an error if used .
* Functions deprecated in one version will usually be removed in the next
* version . You can enable this to help you prepare the transition to a new
* major version by making sure your code is not using these functions .
*
* Uncomment to get errors on using deprecated functions .
*/
//#define POLARSSL_DEPRECATED_REMOVED
2013-09-20 13:45:36 +02:00
/* \} name SECTION: System support */
2011-01-21 12:00:08 +01:00
2011-01-27 16:24:17 +01:00
/**
2015-01-22 17:11:05 +01:00
* \ name SECTION : mbed TLS feature support
2011-01-21 12:00:08 +01:00
*
* This section sets support for features that are or are not needed
* within the modules that are enabled .
* \ {
*/
2009-01-03 22:22:43 +01:00
2014-02-06 15:11:55 +01:00
/**
* \ def POLARSSL_TIMING_ALT
*
* Uncomment to provide your own alternate implementation for hardclock ( ) ,
* get_timer ( ) , set_alarm ( ) and m_sleep ( ) .
*
* Only works if you have POLARSSL_TIMING_C enabled .
*
* You will need to provide a header " timing_alt.h " and an implementation at
* compile time .
*/
//#define POLARSSL_TIMING_ALT
2013-06-24 19:20:35 +02:00
/**
* \ def POLARSSL_XXX_ALT
*
2015-01-22 17:11:05 +01:00
* Uncomment a macro to let mbed TLS use your alternate core implementation of
2013-06-24 19:20:35 +02:00
* a symmetric or hash algorithm ( e . g . platform specific assembly optimized
* implementations ) . Keep in mind that the function prototypes should remain
* the same .
*
2015-01-22 17:11:05 +01:00
* Example : In case you uncomment POLARSSL_AES_ALT , mbed TLS will no longer
2013-06-24 19:20:35 +02:00
* provide the " struct aes_context " definition and omit the base function
* declarations and implementations . " aes_alt.h " will be included from
* " aes.h " to include the new function definitions .
*
* Uncomment a macro to enable alternate implementation for core algorithm
* functions
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_AES_ALT
//#define POLARSSL_ARC4_ALT
//#define POLARSSL_BLOWFISH_ALT
//#define POLARSSL_CAMELLIA_ALT
//#define POLARSSL_DES_ALT
//#define POLARSSL_XTEA_ALT
//#define POLARSSL_MD2_ALT
//#define POLARSSL_MD4_ALT
//#define POLARSSL_MD5_ALT
2014-01-22 14:14:26 +01:00
//#define POLARSSL_RIPEMD160_ALT
2013-10-15 11:55:10 +02:00
//#define POLARSSL_SHA1_ALT
//#define POLARSSL_SHA256_ALT
//#define POLARSSL_SHA512_ALT
2013-06-24 19:20:35 +02:00
2011-04-24 23:19:15 +02:00
/**
* \ def POLARSSL_AES_ROM_TABLES
*
* Store the AES tables in ROM .
*
* Uncomment this macro to store the AES tables in ROM .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_AES_ROM_TABLES
2011-04-24 23:19:15 +02:00
2015-04-03 16:28:19 +02:00
/**
* \ def POLARSSL_CAMELLIA_SMALL_MEMORY
*
* Use less ROM for the Camellia implementation ( saves about 768 bytes ) .
*
* Uncomment this macro to use less memory for Camellia .
*/
//#define POLARSSL_CAMELLIA_SMALL_MEMORY
2013-09-13 14:10:44 +02:00
/**
* \ def POLARSSL_CIPHER_MODE_CBC
*
* Enable Cipher Block Chaining mode ( CBC ) for symmetric ciphers .
*/
# define POLARSSL_CIPHER_MODE_CBC
2011-04-19 16:29:23 +02:00
/**
* \ def POLARSSL_CIPHER_MODE_CFB
*
* Enable Cipher Feedback mode ( CFB ) for symmetric ciphers .
*/
# define POLARSSL_CIPHER_MODE_CFB
/**
* \ def POLARSSL_CIPHER_MODE_CTR
*
* Enable Counter Block Cipher mode ( CTR ) for symmetric ciphers .
*/
# define POLARSSL_CIPHER_MODE_CTR
2012-02-06 17:45:10 +01:00
/**
* \ def POLARSSL_CIPHER_NULL_CIPHER
*
* Enable NULL cipher .
* Warning : Only do so when you know what you are doing . This allows for
* encryption or channels without any security !
*
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
* the following ciphersuites :
2013-12-11 16:17:10 +01:00
* TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_NULL_SHA
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_NULL_SHA
2013-03-20 14:39:14 +01:00
* TLS_ECDHE_RSA_WITH_NULL_SHA
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_PSK_WITH_NULL_SHA384
* TLS_ECDHE_PSK_WITH_NULL_SHA256
* TLS_ECDHE_PSK_WITH_NULL_SHA
2013-10-14 14:19:31 +02:00
* TLS_DHE_PSK_WITH_NULL_SHA384
2013-10-25 18:01:50 +02:00
* TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_DHE_PSK_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_MD5
2013-10-14 14:19:31 +02:00
* TLS_RSA_PSK_WITH_NULL_SHA384
2013-10-25 18:01:50 +02:00
* TLS_RSA_PSK_WITH_NULL_SHA256
* TLS_RSA_PSK_WITH_NULL_SHA
* TLS_PSK_WITH_NULL_SHA384
* TLS_PSK_WITH_NULL_SHA256
* TLS_PSK_WITH_NULL_SHA
2012-02-06 17:45:10 +01:00
*
* Uncomment this macro to enable the NULL cipher and ciphersuites
*/
2014-04-17 16:22:31 +02:00
//#define POLARSSL_CIPHER_NULL_CIPHER
2012-02-06 17:45:10 +01:00
2013-08-14 12:21:18 +02:00
/**
* \ def POLARSSL_CIPHER_PADDING_XXX
*
* Uncomment or comment macros to add support for specific padding modes
* in the cipher layer with cipher modes that support padding ( e . g . CBC )
*
* If you disable all padding modes , only full blocks can be used with CBC .
*
* Enable padding modes in the cipher layer .
*/
# define POLARSSL_CIPHER_PADDING_PKCS7
# define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
# define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
# define POLARSSL_CIPHER_PADDING_ZEROS
2012-02-06 17:45:10 +01:00
/**
* \ def POLARSSL_ENABLE_WEAK_CIPHERSUITES
*
2013-09-20 13:45:36 +02:00
* Enable weak ciphersuites in SSL / TLS .
2012-02-06 17:45:10 +01:00
* Warning : Only do so when you know what you are doing . This allows for
2012-11-14 13:39:52 +01:00
* channels with virtually no security at all !
2012-02-06 17:45:10 +01:00
*
* This enables the following ciphersuites :
2012-10-31 13:32:41 +01:00
* TLS_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_DES_CBC_SHA
2012-02-06 17:45:10 +01:00
*
* Uncomment this macro to enable weak ciphersuites
*/
2014-04-17 16:22:31 +02:00
//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
2012-02-06 17:45:10 +01:00
2014-06-24 22:42:34 +02:00
/**
* \ def POLARSSL_REMOVE_ARC4_CIPHERSUITES
*
* Remove RC4 ciphersuites by default in SSL / TLS .
* This flag removes the ciphersuites based on RC4 from the default list as
* returned by ssl_list_ciphersuites ( ) . However , it is still possible to
* enable ( some of ) them with ssl_set_ciphersuites ( ) by including them
* explicitly .
*
* Uncomment this macro to remove RC4 ciphersuites by default .
*/
//#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
2013-06-29 23:26:34 +02:00
/**
* \ def POLARSSL_ECP_XXXX_ENABLED
*
* Enables specific curves within the Elliptic Curve module .
2013-10-25 18:01:50 +02:00
* By default all supported curves are enabled .
2013-06-29 23:26:34 +02:00
*
* Comment macros to disable the curve and functions for it
*/
# define POLARSSL_ECP_DP_SECP192R1_ENABLED
# define POLARSSL_ECP_DP_SECP224R1_ENABLED
# define POLARSSL_ECP_DP_SECP256R1_ENABLED
# define POLARSSL_ECP_DP_SECP384R1_ENABLED
# define POLARSSL_ECP_DP_SECP521R1_ENABLED
2014-01-11 15:58:47 +01:00
# define POLARSSL_ECP_DP_SECP192K1_ENABLED
2014-01-11 15:22:07 +01:00
# define POLARSSL_ECP_DP_SECP224K1_ENABLED
2014-01-10 18:17:18 +01:00
# define POLARSSL_ECP_DP_SECP256K1_ENABLED
2013-10-07 19:40:41 +02:00
# define POLARSSL_ECP_DP_BP256R1_ENABLED
# define POLARSSL_ECP_DP_BP384R1_ENABLED
# define POLARSSL_ECP_DP_BP512R1_ENABLED
2013-12-03 14:12:26 +01:00
//#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet!
# define POLARSSL_ECP_DP_M255_ENABLED
//#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet!
//#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet!
2013-06-29 23:26:34 +02:00
2013-10-23 16:11:52 +02:00
/**
* \ def POLARSSL_ECP_NIST_OPTIM
*
* Enable specific ' modulo p ' routines for each NIST prime .
* Depending on the prime and architecture , makes operations 4 to 8 times
* faster on the corresponding curve .
*
* Comment this macro to disable NIST curves optimisation .
*/
# define POLARSSL_ECP_NIST_OPTIM
2014-01-06 10:16:28 +01:00
/**
* \ def POLARSSL_ECDSA_DETERMINISTIC
*
* Enable deterministic ECDSA ( RFC 6979 ) .
* Standard ECDSA is " fragile " in the sense that lack of entropy when signing
* may result in a compromise of the long - term signing key . This is avoided by
* the deterministic variant .
*
2014-01-27 14:24:03 +01:00
* Requires : POLARSSL_HMAC_DRBG_C
2014-01-07 16:46:17 +01:00
*
2014-01-06 10:16:28 +01:00
* Comment this macro to disable deterministic ECDSA .
*/
# define POLARSSL_ECDSA_DETERMINISTIC
2013-04-16 18:05:29 +02:00
/**
* \ def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
*
2013-09-20 13:45:36 +02:00
* Enable the PSK based ciphersuite modes in SSL / TLS .
2013-04-16 18:05:29 +02:00
*
2013-04-19 09:08:57 +02:00
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-10-25 18:01:50 +02:00
* TLS_PSK_WITH_AES_256_GCM_SHA384
2013-04-19 22:28:21 +02:00
* TLS_PSK_WITH_AES_256_CBC_SHA384
2013-10-25 18:01:50 +02:00
* TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
2013-04-19 22:28:21 +02:00
* TLS_PSK_WITH_AES_128_GCM_SHA256
2013-10-25 18:01:50 +02:00
* TLS_PSK_WITH_AES_128_CBC_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_RC4_128_SHA
2013-04-16 18:05:29 +02:00
*/
# define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
2013-04-19 09:08:57 +02:00
/**
* \ def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
*
2013-09-20 13:45:36 +02:00
* Enable the DHE - PSK based ciphersuite modes in SSL / TLS .
2013-04-19 09:08:57 +02:00
*
* Requires : POLARSSL_DHM_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-10-25 18:01:50 +02:00
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
2013-04-19 22:28:21 +02:00
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
2013-10-25 18:01:50 +02:00
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2013-04-19 22:28:21 +02:00
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
2013-10-25 18:01:50 +02:00
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
2013-04-19 09:08:57 +02:00
*/
2013-04-19 14:30:58 +02:00
# define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
2013-04-19 09:08:57 +02:00
2013-10-11 16:53:50 +02:00
/**
* \ def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
*
* Enable the ECDHE - PSK based ciphersuite modes in SSL / TLS .
*
* Requires : POLARSSL_ECDH_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
2013-10-11 19:07:56 +02:00
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
2013-10-11 19:07:56 +02:00
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
2013-10-11 19:07:56 +02:00
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
2013-10-11 16:53:50 +02:00
*/
# define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
2013-04-19 09:08:57 +02:00
/**
* \ def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
*
2013-09-20 13:45:36 +02:00
* Enable the RSA - PSK based ciphersuite modes in SSL / TLS .
2013-10-14 17:39:48 +02:00
*
2013-09-18 17:18:34 +02:00
* Requires : POLARSSL_RSA_C , POLARSSL_PKCS1_V15 ,
2013-09-23 12:20:02 +02:00
* POLARSSL_X509_CRT_PARSE_C
2013-04-19 09:08:57 +02:00
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-10-25 18:01:50 +02:00
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
2013-04-19 22:28:21 +02:00
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
2013-10-25 18:01:50 +02:00
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
2013-04-19 22:28:21 +02:00
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
2013-10-25 18:01:50 +02:00
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_RC4_128_SHA
2013-04-19 09:08:57 +02:00
*/
2013-10-14 17:39:48 +02:00
# define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
2013-04-19 09:08:57 +02:00
/**
* \ def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
*
2013-09-20 13:45:36 +02:00
* Enable the RSA - only based ciphersuite modes in SSL / TLS .
2013-04-19 09:08:57 +02:00
*
2013-09-18 17:18:34 +02:00
* Requires : POLARSSL_RSA_C , POLARSSL_PKCS1_V15 ,
2013-09-23 12:20:02 +02:00
* POLARSSL_X509_CRT_PARSE_C
2013-04-19 09:08:57 +02:00
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* TLS_RSA_WITH_AES_256_GCM_SHA384
2013-10-25 18:01:50 +02:00
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
2013-04-19 09:08:57 +02:00
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
2013-04-19 09:08:57 +02:00
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
2013-10-25 18:01:50 +02:00
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
2013-04-19 09:08:57 +02:00
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_MD5
2013-04-19 09:08:57 +02:00
*/
# define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
/**
* \ def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
*
2013-09-20 13:45:36 +02:00
* Enable the DHE - RSA based ciphersuite modes in SSL / TLS .
2013-04-19 09:08:57 +02:00
*
2013-09-18 17:18:34 +02:00
* Requires : POLARSSL_DHM_C , POLARSSL_RSA_C , POLARSSL_PKCS1_V15 ,
2013-09-23 12:20:02 +02:00
* POLARSSL_X509_CRT_PARSE_C
2013-04-19 09:08:57 +02:00
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-10-25 18:01:50 +02:00
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
2013-04-19 09:08:57 +02:00
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
2013-10-25 18:01:50 +02:00
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2013-04-19 09:08:57 +02:00
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2013-04-19 09:08:57 +02:00
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2013-10-25 18:01:50 +02:00
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
2013-04-19 09:08:57 +02:00
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
# define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
/**
* \ def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
*
2013-09-20 13:45:36 +02:00
* Enable the ECDHE - RSA based ciphersuite modes in SSL / TLS .
2013-04-19 09:08:57 +02:00
*
2013-09-18 17:18:34 +02:00
* Requires : POLARSSL_ECDH_C , POLARSSL_RSA_C , POLARSSL_PKCS1_V15 ,
2013-09-23 12:20:02 +02:00
* POLARSSL_X509_CRT_PARSE_C
2013-04-19 09:08:57 +02:00
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2013-04-19 09:08:57 +02:00
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
2013-04-19 09:08:57 +02:00
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
2013-04-19 09:08:57 +02:00
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
2013-04-19 09:08:57 +02:00
*/
# define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
2013-08-17 17:39:04 +02:00
/**
* \ def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
*
2013-09-20 13:45:36 +02:00
* Enable the ECDHE - ECDSA based ciphersuite modes in SSL / TLS .
2013-08-17 17:39:04 +02:00
*
2013-09-18 17:18:34 +02:00
* Requires : POLARSSL_ECDH_C , POLARSSL_ECDSA_C , POLARSSL_X509_CRT_PARSE_C ,
2013-08-17 17:39:04 +02:00
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
2013-08-17 17:39:04 +02:00
*/
# define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
2013-12-11 16:17:10 +01:00
/**
* \ def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
*
* Enable the ECDH - ECDSA based ciphersuite modes in SSL / TLS .
*
* Requires : POLARSSL_ECDH_C , POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
*/
# define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
/**
* \ def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
*
* Enable the ECDH - RSA based ciphersuite modes in SSL / TLS .
*
* Requires : POLARSSL_ECDH_C , POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites ( if other requisites are
* enabled as well ) :
* TLS_ECDH_RSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
*/
# define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
2014-03-19 16:39:52 +01:00
/**
* \ def POLARSSL_PK_PARSE_EC_EXTENDED
*
* Enhance support for reading EC keys using variants of SEC1 not allowed by
* RFC 5915 and RFC 5480.
*
* Currently this means parsing the SpecifiedECDomain choice of EC
* parameters ( only known groups are supported , not arbitrary domains , to
* avoid validation issues ) .
*
* Disable if you only need to support RFC 5915 + 5480 key formats .
*/
# define POLARSSL_PK_PARSE_EC_EXTENDED
2013-06-29 18:24:32 +02:00
/**
* \ def POLARSSL_ERROR_STRERROR_BC
*
* Make available the backward compatible error_strerror ( ) next to the
* current polarssl_strerror ( ) .
*
2015-03-20 18:21:21 +01:00
* \ deprecated Do not define this and use polarssl_strerror ( ) instead
2014-06-25 12:55:12 +02:00
*
2015-03-20 18:21:21 +01:00
* Disable if you want to really remove the error_strerror ( ) name
2013-06-29 18:24:32 +02:00
*/
# define POLARSSL_ERROR_STRERROR_BC
2013-02-02 12:43:08 +01:00
/**
* \ def POLARSSL_ERROR_STRERROR_DUMMY
*
2013-09-09 15:55:12 +02:00
* Enable a dummy error function to make use of polarssl_strerror ( ) in
2014-06-25 12:55:12 +02:00
* third party libraries easier when POLARSSL_ERROR_C is disabled
* ( no effect when POLARSSL_ERROR_C is enabled ) .
*
* You can safely disable this if POLARSSL_ERROR_C is enabled , or if you ' re
* not using polarssl_strerror ( ) or error_strerror ( ) in your application .
2013-02-02 12:43:08 +01:00
*
* Disable if you run into name conflicts and want to really remove the
2013-09-09 15:55:12 +02:00
* polarssl_strerror ( )
2013-02-02 12:43:08 +01:00
*/
# define POLARSSL_ERROR_STRERROR_DUMMY
2011-01-27 16:24:17 +01:00
/**
2011-04-24 23:19:15 +02:00
* \ def POLARSSL_GENPRIME
2011-01-27 16:24:17 +01:00
*
2013-09-20 14:10:14 +02:00
* Enable the prime - number generation code .
2013-09-20 13:45:36 +02:00
*
2013-09-20 14:10:14 +02:00
* Requires : POLARSSL_BIGNUM_C
2009-01-03 22:22:43 +01:00
*/
2011-04-24 23:19:15 +02:00
# define POLARSSL_GENPRIME
2009-01-03 22:22:43 +01:00
2011-04-25 17:28:35 +02:00
/**
* \ def POLARSSL_FS_IO
*
* Enable functions that use the filesystem .
*/
# define POLARSSL_FS_IO
2011-12-15 21:11:16 +01:00
/**
* \ def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
*
* Do not add default entropy sources . These are the platform specific ,
* hardclock and HAVEGE based poll functions .
*
2014-04-05 06:04:40 +02:00
* This is useful to have more control over the added entropy sources in an
2011-12-15 21:11:16 +01:00
* application .
*
* Uncomment this macro to prevent loading of default entropy functions .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
2011-12-15 21:11:16 +01:00
2011-12-03 22:45:14 +01:00
/**
* \ def POLARSSL_NO_PLATFORM_ENTROPY
*
* Do not use built - in platform entropy functions .
* This is useful if your platform does not support
* standards like the / dev / urandom or Windows CryptoAPI .
*
* Uncomment this macro to disable the built - in platform entropy functions .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_NO_PLATFORM_ENTROPY
2011-12-03 22:45:14 +01:00
2014-02-06 15:55:25 +01:00
/**
* \ def POLARSSL_ENTROPY_FORCE_SHA256
*
* Force the entropy accumulator to use a SHA - 256 accumulator instead of the
* default SHA - 512 based one ( if both are available ) .
*
* Requires : POLARSSL_SHA256_C
*
* On 32 - bit systems SHA - 256 can be much faster than SHA - 512. Use this option
* if you have performance concerns .
*
* This option is only useful if both POLARSSL_SHA256_C and
* POLARSSL_SHA512_C are defined . Otherwise the available hash module is used .
*/
//#define POLARSSL_ENTROPY_FORCE_SHA256
2013-07-03 13:37:05 +02:00
/**
* \ def POLARSSL_MEMORY_DEBUG
*
* Enable debugging of buffer allocator memory issues . Automatically prints
* ( to stderr ) all ( fatal ) messages on memory allocation issues . Enables
* function for ' debug output ' of allocated memory .
*
* Requires : POLARSSL_MEMORY_BUFFER_ALLOC_C
*
* Uncomment this macro to let the buffer allocator print out error messages .
2013-10-15 11:55:10 +02:00
*/
//#define POLARSSL_MEMORY_DEBUG
2013-07-03 13:37:05 +02:00
/**
* \ def POLARSSL_MEMORY_BACKTRACE
*
* Include backtrace information with each allocated block .
*
* Requires : POLARSSL_MEMORY_BUFFER_ALLOC_C
* GLIBC - compatible backtrace ( ) an backtrace_symbols ( ) support
*
* Uncomment this macro to include backtrace information
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_MEMORY_BACKTRACE
2013-07-03 13:37:05 +02:00
2013-08-30 12:06:24 +02:00
/**
* \ def POLARSSL_PKCS1_V15
*
2013-09-20 13:45:36 +02:00
* Enable support for PKCS # 1 v1 .5 encoding .
*
2013-08-30 12:06:24 +02:00
* Requires : POLARSSL_RSA_C
*
* This enables support for PKCS # 1 v1 .5 operations .
*/
# define POLARSSL_PKCS1_V15
2011-03-08 15:16:06 +01:00
/**
* \ def POLARSSL_PKCS1_V21
*
2013-09-20 13:45:36 +02:00
* Enable support for PKCS # 1 v2 .1 encoding .
*
2011-05-26 15:16:06 +02:00
* Requires : POLARSSL_MD_C , POLARSSL_RSA_C
*
2011-03-08 15:16:06 +01:00
* This enables support for RSAES - OAEP and RSASSA - PSS operations .
*/
# define POLARSSL_PKCS1_V21
2011-03-26 14:40:23 +01:00
/**
* \ def POLARSSL_RSA_NO_CRT
*
* Do not use the Chinese Remainder Theorem for the RSA private operation .
*
* Uncomment this macro to disable the use of CRT in RSA .
*
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_RSA_NO_CRT
2011-04-24 23:19:15 +02:00
/**
* \ def POLARSSL_SELF_TEST
*
* Enable the checkup functions ( * _self_test ) .
*/
# define POLARSSL_SELF_TEST
2011-07-27 18:51:09 +02:00
2014-10-29 22:29:20 +01:00
/**
* \ def POLARSSL_SSL_AEAD_RANDOM_IV
*
* Generate a random IV rather than using the record sequence number as a
* nonce for ciphersuites using and AEAD algorithm ( GCM or CCM ) .
*
* Using the sequence number is generally recommended .
*
* Uncomment this macro to always use random IVs with AEAD ciphersuites .
*/
//#define POLARSSL_SSL_AEAD_RANDOM_IV
2013-01-31 17:13:13 +01:00
/**
* \ def POLARSSL_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC .
2015-01-22 17:11:05 +01:00
* If you choose not to send the alert messages , mbed TLS can still communicate
2013-01-31 17:13:13 +01:00
* with other servers , only debugging of failures is harder .
*
* The advantage of not sending alert messages , is that no information is given
* about reasons for failures thus preventing adversaries of gaining intel .
*
* Enable sending of all alert messages
*/
# define POLARSSL_SSL_ALERT_MESSAGES
2013-01-31 16:57:45 +01:00
/**
* \ def POLARSSL_SSL_DEBUG_ALL
*
* Enable the debug messages in SSL module for all issues .
* Debug messages have been disabled in some places to prevent timing
* attacks due to ( unbalanced ) debugging function calls .
*
* If you need all error reporting you should enable this during debugging ,
* but remove this for production servers that should log as well .
*
* Uncomment this macro to report all debug messages on errors introducing
* a timing side - channel .
*
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_SSL_DEBUG_ALL
2013-01-31 16:57:45 +01:00
2014-10-27 13:57:03 +01:00
/** \def POLARSSL_SSL_ENCRYPT_THEN_MAC
*
* Enable support for Encrypt - then - MAC , RFC 7366.
*
* This allows peers that both support it to use a more robust protection for
* ciphersuites using CBC , providing deep resistance against timing attacks
* on the padding or underlying cipher .
*
* This only affects CBC ciphersuites , and is useless if none is defined .
*
* Requires : POLARSSL_SSL_PROTO_TLS1 or
* POLARSSL_SSL_PROTO_TLS1_1 or
* POLARSSL_SSL_PROTO_TLS1_2
*
* Comment this macro to disable support for Encrypt - then - MAC
*/
# define POLARSSL_SSL_ENCRYPT_THEN_MAC
2014-10-20 18:40:56 +02:00
/** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET
*
* Enable support for Extended Master Secret , aka Session Hash
* ( draft - ietf - tls - session - hash - 02 ) .
*
* This was introduced as " the proper fix " to the Triple Handshake familiy of
* attacks , but it is recommended to always use it ( even if you disable
* renegotiation ) , since it actually fixes a more fundamental issue in the
* original SSL / TLS design , and has implications beyond Triple Handshake .
*
2014-10-28 14:13:55 +01:00
* Requires : POLARSSL_SSL_PROTO_TLS1 or
* POLARSSL_SSL_PROTO_TLS1_1 or
* POLARSSL_SSL_PROTO_TLS1_2
*
2014-10-20 18:40:56 +02:00
* Comment this macro to disable support for Extended Master Secret .
*/
# define POLARSSL_SSL_EXTENDED_MASTER_SECRET
2014-10-20 13:34:59 +02:00
/**
* \ def POLARSSL_SSL_FALLBACK_SCSV
*
* Enable support for FALLBACK_SCSV ( draft - ietf - tls - downgrade - scsv - 00 ) .
*
* For servers , it is recommended to always enable this , unless you support
* only one version of TLS , or know for sure that none of your clients
* implements a fallback strategy .
*
* For clients , you only need this if you ' re using a fallback strategy , which
* is not recommended in the first place , unless you absolutely need it to
* interoperate with buggy ( version - intolerant ) servers .
*
* Comment this macro to disable support for FALLBACK_SCSV
*/
# define POLARSSL_SSL_FALLBACK_SCSV
2012-05-08 11:17:57 +02:00
/**
* \ def POLARSSL_SSL_HW_RECORD_ACCEL
*
* Enable hooking functions in SSL module for hardware acceleration of
* individual records .
*
* Uncomment this macro to enable hooking functions .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_SSL_HW_RECORD_ACCEL
2012-05-08 11:17:57 +02:00
2015-01-07 12:39:44 +01:00
/**
* \ def POLARSSL_SSL_CBC_RECORD_SPLITTING
*
* Enable 1 / n - 1 record splitting for CBC mode in SSLv3 and TLS 1.0 .
*
* This is a countermeasure to the BEAST attack , which also minimizes the risk
* of interoperability issues compared to sending 0 - length records .
*
* Comment this macro to disable 1 / n - 1 record splitting .
*/
# define POLARSSL_SSL_CBC_RECORD_SPLITTING
2014-11-03 08:23:14 +01:00
/**
2014-11-04 19:52:10 +01:00
* \ def POLARSSL_SSL_DISABLE_RENEGOTIATION
2014-11-03 08:23:14 +01:00
*
2014-11-04 19:52:10 +01:00
* Disable support for TLS renegotiation .
2014-11-03 08:23:14 +01:00
*
* The two main uses of renegotiation are ( 1 ) refresh keys on long - lived
* connections and ( 2 ) client authentication after the initial handshake .
* If you don ' t need renegotiation , it ' s probably better to disable it , since
* it has been associated with security issues in the past and is easy to
* misuse / misunderstand .
2014-11-04 19:52:10 +01:00
*
* Warning : in the next stable branch , this switch will be replaced by
* POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation .
*
* Uncomment this to disable support for renegotiation .
2014-11-03 08:23:14 +01:00
*/
2014-11-04 19:52:10 +01:00
//#define POLARSSL_SSL_DISABLE_RENEGOTIATION
2014-11-03 08:23:14 +01:00
2013-03-06 17:01:52 +01:00
/**
* \ def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
*
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
2013-09-20 13:45:36 +02:00
* SSL Server module ( POLARSSL_SSL_SRV_C ) .
2013-03-06 17:01:52 +01:00
*
* Comment this macro to disable support for SSLv2 Client Hello messages .
*/
# define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
2013-11-30 18:30:06 +01:00
/**
* \ def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
*
* Pick the ciphersuite according to the client ' s preferences rather than ours
* in the SSL Server module ( POLARSSL_SSL_SRV_C ) .
*
* Uncomment this macro to respect client ' s ciphersuite order
*/
//#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
2013-08-15 13:33:48 +02:00
/**
* \ def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
*
2013-09-20 13:45:36 +02:00
* Enable support for RFC 6066 max_fragment_length extension in SSL .
2013-08-15 13:33:48 +02:00
*
* Comment this macro to disable support for the max_fragment_length extension
*/
# define POLARSSL_SSL_MAX_FRAGMENT_LENGTH
2013-08-27 21:19:20 +02:00
/**
* \ def POLARSSL_SSL_PROTO_SSL3
*
2013-09-20 13:45:36 +02:00
* Enable support for SSL 3.0 .
2013-08-27 21:19:20 +02:00
*
* Requires : POLARSSL_MD5_C
* POLARSSL_SHA1_C
*
* Comment this macro to disable support for SSL 3.0
*/
2016-03-14 14:40:43 +01:00
//#define POLARSSL_SSL_PROTO_SSL3
2013-08-27 21:19:20 +02:00
/**
* \ def POLARSSL_SSL_PROTO_TLS1
*
2013-09-20 13:45:36 +02:00
* Enable support for TLS 1.0 .
2013-08-27 21:19:20 +02:00
*
* Requires : POLARSSL_MD5_C
* POLARSSL_SHA1_C
*
* Comment this macro to disable support for TLS 1.0
*/
# define POLARSSL_SSL_PROTO_TLS1
/**
* \ def POLARSSL_SSL_PROTO_TLS1_1
*
2013-09-20 13:45:36 +02:00
* Enable support for TLS 1.1 .
2013-08-27 21:19:20 +02:00
*
* Requires : POLARSSL_MD5_C
* POLARSSL_SHA1_C
*
* Comment this macro to disable support for TLS 1.1
*/
# define POLARSSL_SSL_PROTO_TLS1_1
/**
* \ def POLARSSL_SSL_PROTO_TLS1_2
*
2013-09-20 13:45:36 +02:00
* Enable support for TLS 1.2 .
2013-08-27 21:19:20 +02:00
*
2013-10-27 14:29:51 +01:00
* Requires : POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C
2013-08-27 21:19:20 +02:00
* ( Depends on ciphersuites )
*
* Comment this macro to disable support for TLS 1.2
*/
# define POLARSSL_SSL_PROTO_TLS1_2
2014-04-04 16:08:41 +02:00
/**
* \ def POLARSSL_SSL_ALPN
*
2014-11-20 18:28:50 +01:00
* Enable support for RFC 7301 Application Layer Protocol Negotiation .
2014-04-04 16:08:41 +02:00
*
2014-04-08 12:33:37 +02:00
* Comment this macro to disable support for ALPN .
2014-04-04 16:08:41 +02:00
*/
2014-04-08 12:33:37 +02:00
# define POLARSSL_SSL_ALPN
2014-04-04 16:08:41 +02:00
2013-08-14 13:48:06 +02:00
/**
* \ def POLARSSL_SSL_SESSION_TICKETS
*
2013-09-20 13:45:36 +02:00
* Enable support for RFC 5077 session tickets in SSL .
2013-08-14 13:48:06 +02:00
*
* Requires : POLARSSL_AES_C
* POLARSSL_SHA256_C
2013-09-13 16:24:20 +02:00
* POLARSSL_CIPHER_MODE_CBC
2013-08-14 13:48:06 +02:00
*
* Comment this macro to disable support for SSL session tickets
*/
# define POLARSSL_SSL_SESSION_TICKETS
2013-08-27 21:55:01 +02:00
/**
* \ def POLARSSL_SSL_SERVER_NAME_INDICATION
*
2013-09-20 13:45:36 +02:00
* Enable support for RFC 6066 server name indication ( SNI ) in SSL .
2013-08-27 21:55:01 +02:00
*
2015-01-28 17:44:37 +01:00
* Requires : POLARSSL_X509_CRT_PARSE_C
*
2013-08-27 21:55:01 +02:00
* Comment this macro to disable support for server name indication in SSL
*/
# define POLARSSL_SSL_SERVER_NAME_INDICATION
2013-08-15 13:45:55 +02:00
/**
* \ def POLARSSL_SSL_TRUNCATED_HMAC
*
2013-09-20 13:45:36 +02:00
* Enable support for RFC 6066 truncated HMAC in SSL .
2013-08-15 13:45:55 +02:00
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
# define POLARSSL_SSL_TRUNCATED_HMAC
2016-01-02 01:08:13 +01:00
/**
* \ def POLARSSL_SSL_ENABLE_MD5_SIGNATURES
*
* Offer , accept and do MD5 - based signatures in the TLS 1.2 handshake .
* Has no effect on which algorithms are accepted for certificates .
* Has no effect on other SSL / TLS versions .
*
* \ warning Enabling this could be a security risk !
*
* Uncomment to enable MD5 signatures in TLS 1.2
*/
//#define POLARSSL_SSL_ENABLE_MD5_SIGNATURES
2014-02-03 15:56:49 +01:00
/**
2014-02-04 13:58:39 +01:00
* \ def POLARSSL_SSL_SET_CURVES
2014-02-03 15:56:49 +01:00
*
2014-02-04 13:58:39 +01:00
* Enable ssl_set_curves ( ) .
2014-02-03 15:56:49 +01:00
*
* This is disabled by default since it breaks binary compatibility with the
* 1.3 . x line . If you choose to enable it , you will need to rebuild your
* application against the new header files , relinking will not be enough .
* It will be enabled by default , or no longer an option , in the 1.4 branch .
*
2014-02-04 13:58:39 +01:00
* Uncomment to make ssl_set_curves ( ) available .
2014-02-03 15:56:49 +01:00
*/
2014-02-06 10:23:14 +01:00
//#define POLARSSL_SSL_SET_CURVES
2014-02-03 15:56:49 +01:00
2013-09-28 14:40:38 +02:00
/**
* \ def POLARSSL_THREADING_ALT
*
* Provide your own alternate threading implementation .
*
* Requires : POLARSSL_THREADING_C
*
* Uncomment this to allow your own alternate threading implementation .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_THREADING_ALT
2013-09-28 14:40:38 +02:00
/**
* \ def POLARSSL_THREADING_PTHREAD
*
* Enable the pthread wrapper layer for the threading layer .
*
* Requires : POLARSSL_THREADING_C
*
* Uncomment this to enable pthread mutexes .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_THREADING_PTHREAD
2013-09-28 14:40:38 +02:00
2014-04-30 11:49:44 +02:00
/**
* \ def POLARSSL_VERSION_FEATURES
*
* Allow run - time checking of compile - time enabled features . Thus allowing users
* to check at run - time if the library is for instance compiled with threading
* support via version_check_feature ( ) .
*
* Requires : POLARSSL_VERSION_C
*
* Comment this to disable run - time checking and save ROM space
*/
# define POLARSSL_VERSION_FEATURES
2013-09-23 15:01:36 +02:00
/**
* \ def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
*
* If set , the X509 parser will not break - off when parsing an X509 certificate
* and encountering an extension in a v1 or v2 certificate .
*
* Uncomment to prevent an error .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
2013-09-23 15:01:36 +02:00
2011-07-27 18:51:09 +02:00
/**
* \ def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* If set , the X509 parser will not break - off when parsing an X509 certificate
* and encountering an unknown critical extension .
*
2015-10-05 13:12:39 +02:00
* \ warning Depending on your PKI use , enabling this can be a security risk !
*
2011-07-27 18:51:09 +02:00
* Uncomment to prevent an error .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
2012-07-03 15:30:23 +02:00
2016-09-19 10:35:18 +02:00
/**
* \ def POLARSSL_X509_ALLOW_RELAXED_DATE
*
* If set , the X509 parser will not break - off when parsing an X509 certificate
* and encountering ASN .1 UTCTime or ASN .1 GeneralizedTime without seconds or
* with a time zone .
*
* Uncomment to prevent an error .
*/
//#define POLARSSL_X509_ALLOW_RELAXED_DATE
2014-04-09 09:50:03 +02:00
/**
* \ def POLARSSL_X509_CHECK_KEY_USAGE
*
* Enable verification of the keyUsage extension ( CA and leaf certificates ) .
*
* Disabling this avoids problems with mis - issued and / or misused
* ( intermediate ) CA and leaf certificates .
*
* \ warning Depending on your PKI use , disabling this can be a security risk !
*
* Comment to skip keyUsage checking for both CA and leaf certificates .
*/
# define POLARSSL_X509_CHECK_KEY_USAGE
2014-04-10 17:53:56 +02:00
/**
* \ def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
*
* Enable verification of the extendedKeyUsage extension ( leaf certificates ) .
*
* Disabling this avoids problems with mis - issued and / or misused certificates .
*
* \ warning Depending on your PKI use , disabling this can be a security risk !
*
* Comment to skip extendedKeyUsage checking for certificates .
*/
# define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
2014-06-06 16:42:37 +02:00
/**
* \ def POLARSSL_X509_RSASSA_PSS_SUPPORT
*
* Enable parsing and verification of X .509 certificates , CRLs and CSRS
* signed with RSASSA - PSS ( aka PKCS # 1 v2 .1 ) .
*
* Comment this macro to disallow using RSASSA - PSS in certificates .
*/
# define POLARSSL_X509_RSASSA_PSS_SUPPORT
2012-07-03 15:30:23 +02:00
/**
* \ def POLARSSL_ZLIB_SUPPORT
*
* If set , the SSL / TLS module uses ZLIB to support compression and
* decompression of packet data .
*
2014-03-11 10:30:38 +01:00
* \ warning TLS - level compression MAY REDUCE SECURITY ! See for example the
* CRIME attack . Before enabling this option , you should examine with care if
* CRIME or similar exploits may be a applicable to your use case .
*
2012-07-03 15:30:23 +02:00
* Used in : library / ssl_tls . c
* library / ssl_cli . c
* library / ssl_srv . c
*
* This feature requires zlib library and headers to be present .
*
* Uncomment to enable use of ZLIB
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_ZLIB_SUPPORT
2015-01-22 17:11:05 +01:00
/* \} name SECTION: mbed TLS feature support */
2011-01-21 12:00:08 +01:00
2011-01-27 16:24:17 +01:00
/**
2015-01-22 17:11:05 +01:00
* \ name SECTION : mbed TLS modules
2011-01-21 12:00:08 +01:00
*
2015-01-22 17:11:05 +01:00
* This section enables or disables entire modules in mbed TLS
2011-01-21 12:00:08 +01:00
* \ {
*/
2009-01-03 22:22:43 +01:00
2013-12-16 17:12:53 +01:00
/**
* \ def POLARSSL_AESNI_C
*
* Enable AES - NI support on x86 - 64.
*
* Module : library / aesni . c
* Caller : library / aes . c
*
* Requires : POLARSSL_HAVE_ASM
*
* This modules adds support for the AES - NI instructions on x86 - 64
*/
# define POLARSSL_AESNI_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_AES_C
*
* Enable the AES block cipher .
*
2009-01-03 22:22:43 +01:00
* Module : library / aes . c
* Caller : library / ssl_tls . c
2011-02-12 15:30:57 +01:00
* library / pem . c
2011-12-03 22:45:14 +01:00
* library / ctr_drbg . c
2009-01-03 22:22:43 +01:00
*
2012-10-31 13:32:41 +01:00
* This module enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-12-11 16:17:10 +01:00
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2012-10-31 13:32:41 +01:00
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2012-10-31 13:32:41 +01:00
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
2013-03-20 14:39:14 +01:00
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
* TLS_RSA_PSK_WITH_AES_256_CBC_SHA
* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
* TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_GCM_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA384
2013-04-16 18:05:29 +02:00
* TLS_PSK_WITH_AES_256_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA256
* TLS_PSK_WITH_AES_128_CBC_SHA
2013-02-19 13:17:08 +01:00
*
2013-09-15 20:43:33 +02:00
* PEM_PARSE uses AES for decrypting encrypted keys .
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_AES_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_ARC4_C
*
* Enable the ARCFOUR stream cipher .
*
2009-01-03 22:22:43 +01:00
* Module : library / arc4 . c
* Caller : library / ssl_tls . c
*
2013-03-20 14:39:14 +01:00
* This module enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-12-11 16:17:10 +01:00
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
2013-03-20 14:39:14 +01:00
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_PSK_WITH_RC4_128_SHA
2013-04-16 18:05:29 +02:00
* TLS_PSK_WITH_RC4_128_SHA
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_ARC4_C
2009-01-03 22:22:43 +01:00
2011-11-10 15:43:23 +01:00
/**
* \ def POLARSSL_ASN1_PARSE_C
*
* Enable the generic ASN1 parser .
*
* Module : library / asn1 . c
2013-09-20 14:10:14 +02:00
* Caller : library / x509 . c
* library / dhm . c
* library / pkcs12 . c
* library / pkcs5 . c
* library / pkparse . c
2011-11-10 15:43:23 +01:00
*/
# define POLARSSL_ASN1_PARSE_C
2012-02-14 00:11:30 +01:00
/**
* \ def POLARSSL_ASN1_WRITE_C
*
* Enable the generic ASN1 writer .
*
* Module : library / asn1write . c
2013-09-20 14:10:14 +02:00
* Caller : library / ecdsa . c
* library / pkwrite . c
* library / x509_create . c
* library / x509write_crt . c
* library / x509write_csr . c
2012-02-14 00:11:30 +01:00
*/
# define POLARSSL_ASN1_WRITE_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_BASE64_C
*
* Enable the Base64 module .
*
2009-01-03 22:22:43 +01:00
* Module : library / base64 . c
2011-05-26 15:16:06 +02:00
* Caller : library / pem . c
2009-01-03 22:22:43 +01:00
*
2011-05-26 15:16:06 +02:00
* This module is required for PEM support ( required by X .509 ) .
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_BASE64_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_BIGNUM_C
*
2012-11-14 13:39:52 +01:00
* Enable the multi - precision integer library .
2011-01-27 16:24:17 +01:00
*
2009-01-03 22:22:43 +01:00
* Module : library / bignum . c
* Caller : library / dhm . c
2013-09-20 14:10:14 +02:00
* library / ecp . c
2014-06-25 13:00:17 +02:00
* library / ecdsa . c
2009-01-03 22:22:43 +01:00
* library / rsa . c
* library / ssl_tls . c
*
2014-06-25 13:00:17 +02:00
* This module is required for RSA , DHM and ECC ( ECDH , ECDSA ) support .
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_BIGNUM_C
2009-01-03 22:22:43 +01:00
2012-07-04 13:02:11 +02:00
/**
* \ def POLARSSL_BLOWFISH_C
*
* Enable the Blowfish block cipher .
*
* Module : library / blowfish . c
*/
# define POLARSSL_BLOWFISH_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_CAMELLIA_C
*
* Enable the Camellia block cipher .
*
2009-01-11 00:31:23 +01:00
* Module : library / camellia . c
2009-07-28 09:18:38 +02:00
* Caller : library / ssl_tls . c
2009-01-11 00:31:23 +01:00
*
2012-10-31 13:32:41 +01:00
* This module enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-12-11 16:17:10 +01:00
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2012-10-31 13:32:41 +01:00
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2012-10-31 13:32:41 +01:00
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2013-10-25 18:01:50 +02:00
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
2009-01-11 00:31:23 +01:00
*/
# define POLARSSL_CAMELLIA_C
2014-05-02 15:17:29 +02:00
/**
2014-05-22 15:13:02 +02:00
* \ def POLARSSL_CCM_C
2014-05-02 15:17:29 +02:00
*
* Enable the Counter with CBC - MAC ( CCM ) mode for 128 - bit block cipher .
*
* Module : library / ccm . c
*
* Requires : POLARSSL_AES_C or POLARSSL_CAMELLIA_C
*
* This module enables the AES - CCM ciphersuites , if other requisites are
* enabled as well .
*/
# define POLARSSL_CCM_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_CERTS_C
*
* Enable the test certificates .
*
2009-01-03 22:22:43 +01:00
* Module : library / certs . c
* Caller :
*
2013-10-27 14:35:02 +01:00
* Requires : POLARSSL_PEM_PARSE_C
*
2009-01-03 22:22:43 +01:00
* This module is used for testing ( ssl_client / server ) .
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_CERTS_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_CIPHER_C
*
* Enable the generic cipher layer .
*
2011-01-06 16:37:30 +01:00
* Module : library / cipher . c
2013-08-19 13:30:57 +02:00
* Caller : library / ssl_tls . c
2011-01-06 16:37:30 +01:00
*
* Uncomment to enable generic cipher wrappers .
*/
# define POLARSSL_CIPHER_C
2011-11-27 15:46:59 +01:00
/**
* \ def POLARSSL_CTR_DRBG_C
*
2013-09-20 13:45:36 +02:00
* Enable the CTR_DRBG AES - 256 - based random generator .
2011-11-27 15:46:59 +01:00
*
* Module : library / ctr_drbg . c
* Caller :
*
2011-12-03 22:45:14 +01:00
* Requires : POLARSSL_AES_C
*
2011-11-27 15:46:59 +01:00
* This module provides the CTR_DRBG AES - 256 random number generator .
*/
# define POLARSSL_CTR_DRBG_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_DEBUG_C
*
* Enable the debug functions .
*
2009-01-03 22:22:43 +01:00
* Module : library / debug . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
*
* This module provides debugging functions .
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_DEBUG_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_DES_C
*
* Enable the DES block cipher .
*
2009-01-03 22:22:43 +01:00
* Module : library / des . c
2013-02-19 13:17:08 +01:00
* Caller : library / pem . c
* library / ssl_tls . c
2009-01-03 22:22:43 +01:00
*
2012-10-31 13:32:41 +01:00
* This module enables the following ciphersuites ( if other requisites are
* enabled as well ) :
2013-12-11 16:17:10 +01:00
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
2013-03-20 14:39:14 +01:00
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
2013-10-25 18:01:50 +02:00
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
2013-04-16 18:05:29 +02:00
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
2013-02-19 13:17:08 +01:00
*
2013-09-15 20:43:33 +02:00
* PEM_PARSE uses DES / 3 DES for decrypting encrypted keys .
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_DES_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_DHM_C
*
2013-10-25 18:01:50 +02:00
* Enable the Diffie - Hellman - Merkle module .
2011-01-27 16:24:17 +01:00
*
2009-01-03 22:22:43 +01:00
* Module : library / dhm . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
*
2013-10-25 18:01:50 +02:00
* This module is used by the following key exchanges :
* DHE - RSA , DHE - PSK
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_DHM_C
2009-01-03 22:22:43 +01:00
2013-03-13 16:30:17 +01:00
/**
* \ def POLARSSL_ECDH_C
*
* Enable the elliptic curve Diffie - Hellman library .
*
* Module : library / ecdh . c
2013-03-20 14:39:14 +01:00
* Caller : library / ssl_cli . c
* library / ssl_srv . c
*
2013-10-25 18:01:50 +02:00
* This module is used by the following key exchanges :
* ECDHE - ECDSA , ECDHE - RSA , DHE - PSK
2013-03-13 16:30:17 +01:00
*
* Requires : POLARSSL_ECP_C
*/
# define POLARSSL_ECDH_C
/**
* \ def POLARSSL_ECDSA_C
*
* Enable the elliptic curve DSA library .
*
* Module : library / ecdsa . c
* Caller :
*
2013-10-25 18:01:50 +02:00
* This module is used by the following key exchanges :
* ECDHE - ECDSA
*
2013-08-08 14:36:15 +02:00
* Requires : POLARSSL_ECP_C , POLARSSL_ASN1_WRITE_C , POLARSSL_ASN1_PARSE_C
2013-03-13 16:30:17 +01:00
*/
# define POLARSSL_ECDSA_C
/**
* \ def POLARSSL_ECP_C
*
* Enable the elliptic curve over GF ( p ) library .
*
* Module : library / ecp . c
* Caller : library / ecdh . c
* library / ecdsa . c
*
2013-10-10 15:40:49 +02:00
* Requires : POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
2013-03-13 16:30:17 +01:00
*/
# define POLARSSL_ECP_C
2011-12-03 22:45:14 +01:00
/**
* \ def POLARSSL_ENTROPY_C
*
* Enable the platform - specific entropy code .
*
* Module : library / entropy . c
* Caller :
*
2014-02-06 15:55:25 +01:00
* Requires : POLARSSL_SHA512_C or POLARSSL_SHA256_C
2011-12-03 22:45:14 +01:00
*
* This module provides a generic entropy pool
*/
# define POLARSSL_ENTROPY_C
2011-05-09 18:17:09 +02:00
/**
* \ def POLARSSL_ERROR_C
*
* Enable error code to error string conversion .
*
* Module : library / error . c
* Caller :
*
2014-04-05 06:04:40 +02:00
* This module enables polarssl_strerror ( ) .
2011-05-09 18:17:09 +02:00
*/
# define POLARSSL_ERROR_C
2012-03-20 14:50:09 +01:00
/**
* \ def POLARSSL_GCM_C
*
2013-09-20 13:45:36 +02:00
* Enable the Galois / Counter Mode ( GCM ) for AES .
2012-03-20 14:50:09 +01:00
*
* Module : library / gcm . c
*
2013-10-24 13:39:39 +02:00
* Requires : POLARSSL_AES_C or POLARSSL_CAMELLIA_C
2012-10-31 13:32:41 +01:00
*
2013-10-25 18:01:50 +02:00
* This module enables the AES - GCM and CAMELLIA - GCM ciphersuites , if other
* requisites are enabled as well .
2012-03-20 14:50:09 +01:00
*/
# define POLARSSL_GCM_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_HAVEGE_C
*
* Enable the HAVEGE random generator .
*
2013-06-24 13:01:53 +02:00
* Warning : the HAVEGE random generator is not suitable for virtualized
* environments
*
* Warning : the HAVEGE random generator is dependent on timing and specific
* processor traits . It is therefore not advised to use HAVEGE as
* your applications primary random generator or primary entropy pool
* input . As a secondary input to your entropy pool , it IS able add
* the ( limited ) extra entropy it provides .
*
2009-01-03 22:22:43 +01:00
* Module : library / havege . c
* Caller :
*
2011-05-26 15:16:06 +02:00
* Requires : POLARSSL_TIMING_C
*
2013-06-24 13:01:53 +02:00
* Uncomment to enable the HAVEGE random generator .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_HAVEGE_C
2009-01-03 22:22:43 +01:00
2014-01-27 14:03:10 +01:00
/**
* \ def POLARSSL_HMAC_DRBG_C
*
* Enable the HMAC_DRBG random generator .
*
* Module : library / hmac_drbg . c
* Caller :
*
* Requires : POLARSSL_MD_C
*
* Uncomment to enable the HMAC_DRBG random number geerator .
*/
# define POLARSSL_HMAC_DRBG_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_MD_C
*
* Enable the generic message digest layer .
*
2011-01-06 15:20:01 +01:00
* Module : library / md . c
* Caller :
*
* Uncomment to enable generic message digest wrappers .
*/
# define POLARSSL_MD_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_MD2_C
*
2013-09-20 13:45:36 +02:00
* Enable the MD2 hash algorithm .
2011-01-27 16:24:17 +01:00
*
2009-01-03 22:22:43 +01:00
* Module : library / md2 . c
2013-09-20 14:10:14 +02:00
* Caller :
2009-01-03 22:22:43 +01:00
*
* Uncomment to enable support for ( rare ) MD2 - signed X .509 certs .
2009-07-28 22:52:02 +02:00
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_MD2_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_MD4_C
*
2013-09-20 13:45:36 +02:00
* Enable the MD4 hash algorithm .
2011-01-27 16:24:17 +01:00
*
2009-01-03 22:22:43 +01:00
* Module : library / md4 . c
2013-09-20 14:10:14 +02:00
* Caller :
2009-01-03 22:22:43 +01:00
*
* Uncomment to enable support for ( rare ) MD4 - signed X .509 certs .
2009-07-28 22:52:02 +02:00
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_MD4_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_MD5_C
*
2013-09-20 13:45:36 +02:00
* Enable the MD5 hash algorithm .
2011-01-27 16:24:17 +01:00
*
2009-01-03 22:22:43 +01:00
* Module : library / md5 . c
2013-09-20 14:10:14 +02:00
* Caller : library / md . c
* library / pem . c
2013-02-19 13:17:08 +01:00
* library / ssl_tls . c
2009-01-03 22:22:43 +01:00
*
* This module is required for SSL / TLS and X .509 .
2013-09-15 20:43:33 +02:00
* PEM_PARSE uses MD5 for decrypting encrypted keys .
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_MD5_C
2009-01-03 22:22:43 +01:00
2013-07-03 13:37:05 +02:00
/**
* \ def POLARSSL_MEMORY_C
2015-03-20 17:19:35 +01:00
*
* \ deprecated Use POLARSSL_PLATFORM_MEMORY instead .
*
2015-01-23 18:28:27 +01:00
* Depends on : POLARSSL_PLATFORM_C
2013-07-03 13:37:05 +02:00
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_MEMORY_C
2013-07-03 13:37:05 +02:00
/**
2013-09-20 13:45:36 +02:00
* \ def POLARSSL_MEMORY_BUFFER_ALLOC_C
*
* Enable the buffer allocator implementation that makes use of a ( stack )
* based buffer to ' allocate ' dynamic memory . ( replaces malloc ( ) and free ( )
* calls )
2013-07-03 13:37:05 +02:00
*
* Module : library / memory_buffer_alloc . c
*
2014-02-04 17:30:24 +01:00
* Requires : POLARSSL_PLATFORM_C
2015-01-22 17:11:05 +01:00
* POLARSSL_PLATFORM_MEMORY ( to use it within mbed TLS )
2013-07-03 13:37:05 +02:00
*
* Enable this module to enable the buffer memory allocator .
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_MEMORY_BUFFER_ALLOC_C
2013-07-03 13:37:05 +02:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_NET_C
*
* Enable the TCP / IP networking routines .
*
2015-04-09 14:40:46 +02:00
* \ warning As of 1.3 .11 , it is deprecated to enable this module without
* POLARSSL_HAVE_IPV6 . The alternative legacy code will be removed in 2.0 .
*
2009-01-03 22:22:43 +01:00
* Module : library / net . c
*
* This module provides TCP / IP networking routines .
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_NET_C
2009-01-03 22:22:43 +01:00
2013-04-07 22:00:46 +02:00
/**
* \ def POLARSSL_OID_C
*
2013-09-20 13:45:36 +02:00
* Enable the OID database .
2013-04-07 22:00:46 +02:00
*
* Module : library / oid . c
2013-09-20 14:10:14 +02:00
* Caller : library / asn1write . c
* library / pkcs5 . c
* library / pkparse . c
* library / pkwrite . c
* library / rsa . c
* library / x509 . c
* library / x509_create . c
* library / x509_crl . c
* library / x509_crt . c
* library / x509_csr . c
* library / x509write_crt . c
* library / x509write_csr . c
2013-04-07 22:00:46 +02:00
*
* This modules translates between OIDs and internal values .
*/
# define POLARSSL_OID_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_PADLOCK_C
*
* Enable VIA Padlock support on x86 .
*
2009-01-03 22:22:43 +01:00
* Module : library / padlock . c
* Caller : library / aes . c
*
2013-12-16 17:12:53 +01:00
* Requires : POLARSSL_HAVE_ASM
*
2009-01-03 22:22:43 +01:00
* This modules adds support for the VIA PadLock on x86 .
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_PADLOCK_C
2009-01-03 22:22:43 +01:00
2012-08-23 15:03:18 +02:00
/**
* \ def POLARSSL_PBKDF2_C
*
2013-09-20 13:45:36 +02:00
* Enable PKCS # 5 PBKDF2 key derivation function .
2015-03-20 17:19:35 +01:00
*
* \ deprecated Use POLARSSL_PKCS5_C instead
2012-08-23 15:03:18 +02:00
*
* Module : library / pbkdf2 . c
*
2013-06-24 19:26:38 +02:00
* Requires : POLARSSL_PKCS5_C
2012-08-23 15:03:18 +02:00
*
* This module adds support for the PKCS # 5 PBKDF2 key derivation function .
*/
2013-04-08 15:19:43 +02:00
# define POLARSSL_PBKDF2_C
2012-08-23 15:03:18 +02:00
2011-02-12 15:30:57 +01:00
/**
2013-09-15 20:43:33 +02:00
* \ def POLARSSL_PEM_PARSE_C
2011-02-12 15:30:57 +01:00
*
2013-09-20 13:45:36 +02:00
* Enable PEM decoding / parsing .
2011-02-12 15:30:57 +01:00
*
* Module : library / pem . c
2013-09-20 14:10:14 +02:00
* Caller : library / dhm . c
2013-09-15 20:43:33 +02:00
* library / pkparse . c
2013-09-20 14:10:14 +02:00
* library / x509_crl . c
* library / x509_crt . c
* library / x509_csr . c
2011-02-12 15:30:57 +01:00
*
2011-05-26 15:16:06 +02:00
* Requires : POLARSSL_BASE64_C
*
2013-09-15 20:43:33 +02:00
* This modules adds support for decoding / parsing PEM files .
2011-02-12 15:30:57 +01:00
*/
2013-09-15 20:43:33 +02:00
# define POLARSSL_PEM_PARSE_C
/**
* \ def POLARSSL_PEM_WRITE_C
*
2013-09-20 13:45:36 +02:00
* Enable PEM encoding / writing .
2013-09-15 20:43:33 +02:00
*
* Module : library / pem . c
2013-09-20 14:10:14 +02:00
* Caller : library / pkwrite . c
* library / x509write_crt . c
* library / x509write_csr . c
2013-09-15 20:43:33 +02:00
*
* Requires : POLARSSL_BASE64_C
*
* This modules adds support for encoding / writing PEM files .
*/
# define POLARSSL_PEM_WRITE_C
2011-02-12 15:30:57 +01:00
2013-08-22 13:29:31 +02:00
/**
* \ def POLARSSL_PK_C
*
* Enable the generic public ( asymetric ) key layer .
*
* Module : library / pk . c
2013-09-20 12:29:15 +02:00
* Caller : library / ssl_tls . c
2013-08-22 13:29:31 +02:00
* library / ssl_cli . c
* library / ssl_srv . c
*
2013-09-20 12:29:15 +02:00
* Requires : POLARSSL_RSA_C or POLARSSL_ECP_C
*
2013-08-22 13:29:31 +02:00
* Uncomment to enable generic public key wrappers .
*/
# define POLARSSL_PK_C
2013-09-15 17:04:23 +02:00
/**
* \ def POLARSSL_PK_PARSE_C
*
* Enable the generic public ( asymetric ) key parser .
*
* Module : library / pkparse . c
2013-09-20 14:10:14 +02:00
* Caller : library / x509_crt . c
* library / x509_csr . c
2013-09-15 17:04:23 +02:00
*
* Requires : POLARSSL_PK_C
*
* Uncomment to enable generic public key parse functions .
*/
# define POLARSSL_PK_PARSE_C
/**
* \ def POLARSSL_PK_WRITE_C
*
2013-09-16 22:46:20 +02:00
* Enable the generic public ( asymetric ) key writer .
2013-09-15 17:04:23 +02:00
*
* Module : library / pkwrite . c
* Caller : library / x509write . c
*
* Requires : POLARSSL_PK_C
*
* Uncomment to enable generic public key write functions .
*/
# define POLARSSL_PK_WRITE_C
2013-06-24 19:26:38 +02:00
/**
* \ def POLARSSL_PKCS5_C
*
2013-09-20 13:45:36 +02:00
* Enable PKCS # 5 functions .
2013-06-24 19:26:38 +02:00
*
* Module : library / pkcs5 . c
*
* Requires : POLARSSL_MD_C
*
* This module adds support for the PKCS # 5 functions .
*/
# define POLARSSL_PKCS5_C
2011-05-26 15:16:06 +02:00
/**
* \ def POLARSSL_PKCS11_C
*
2012-09-27 21:15:01 +02:00
* Enable wrapper for PKCS # 11 smartcard support .
2011-05-26 15:16:06 +02:00
*
2013-08-22 13:35:53 +02:00
* Module : library / pkcs11 . c
* Caller : library / pk . c
2011-05-26 15:16:06 +02:00
*
2013-08-22 13:35:53 +02:00
* Requires : POLARSSL_PK_C
2011-05-26 15:16:06 +02:00
*
2012-09-27 21:15:01 +02:00
* This module enables SSL / TLS PKCS # 11 smartcard support .
2011-05-26 15:16:06 +02:00
* Requires the presence of the PKCS # 11 helper library ( libpkcs11 - helper )
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_PKCS11_C
2011-05-26 15:16:06 +02:00
2013-06-24 19:17:19 +02:00
/**
* \ def POLARSSL_PKCS12_C
*
2013-09-20 13:45:36 +02:00
* Enable PKCS # 12 PBE functions .
2013-06-24 19:17:19 +02:00
* Adds algorithms for parsing PKCS # 8 encrypted private keys
*
* Module : library / pkcs12 . c
2013-09-20 14:10:14 +02:00
* Caller : library / pkparse . c
2013-06-24 19:17:19 +02:00
*
2013-06-24 19:34:08 +02:00
* Requires : POLARSSL_ASN1_PARSE_C , POLARSSL_CIPHER_C , POLARSSL_MD_C
* Can use : POLARSSL_ARC4_C
2013-06-24 19:17:19 +02:00
*
* This module enables PKCS # 12 functions .
*/
# define POLARSSL_PKCS12_C
2014-02-01 22:50:07 +01:00
/**
* \ def POLARSSL_PLATFORM_C
*
* Enable the platform abstraction layer that allows you to re - assign
2015-01-30 13:01:34 +01:00
* functions like malloc ( ) , free ( ) , snprintf ( ) , printf ( ) , fprintf ( ) , exit ( )
2014-02-01 22:50:07 +01:00
*
2015-02-06 17:14:34 +01:00
* Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT
* or POLARSSL_PLATFORM_XXX_MACRO directives , allowing the functions mentioned
* above to be specified at runtime or compile time respectively .
*
2014-02-01 22:50:07 +01:00
* Module : library / platform . c
* Caller : Most other . c files
*
* This module enables abstraction of common ( libc ) functions .
*/
# define POLARSSL_PLATFORM_C
2014-01-17 12:42:35 +01:00
/**
2014-01-22 13:35:29 +01:00
* \ def POLARSSL_RIPEMD160_C
2014-01-17 12:42:35 +01:00
*
* Enable the RIPEMD - 160 hash algorithm .
*
2014-01-22 13:35:29 +01:00
* Module : library / ripemd160 . c
2014-01-17 12:42:35 +01:00
* Caller : library / md . c
*
*/
2014-01-22 13:35:29 +01:00
# define POLARSSL_RIPEMD160_C
2014-01-17 12:42:35 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_RSA_C
*
* Enable the RSA public - key cryptosystem .
*
2009-01-03 22:22:43 +01:00
* Module : library / rsa . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
* library / x509 . c
*
2013-10-25 18:01:50 +02:00
* This module is used by the following key exchanges :
* RSA , DHE - RSA , ECDHE - RSA , RSA - PSK
2011-05-26 15:16:06 +02:00
*
2013-10-25 18:01:50 +02:00
* Requires : POLARSSL_BIGNUM_C , POLARSSL_OID_C
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_RSA_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_SHA1_C
*
* Enable the SHA1 cryptographic hash algorithm .
*
2009-01-03 22:22:43 +01:00
* Module : library / sha1 . c
2013-09-20 14:10:14 +02:00
* Caller : library / md . c
* library / ssl_cli . c
2009-01-03 22:22:43 +01:00
* library / ssl_srv . c
* library / ssl_tls . c
2013-09-20 14:10:14 +02:00
* library / x509write_crt . c
2009-01-03 22:22:43 +01:00
*
* This module is required for SSL / TLS and SHA1 - signed certificates .
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_SHA1_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
2013-06-30 14:34:05 +02:00
* \ def POLARSSL_SHA256_C
2011-01-27 16:24:17 +01:00
*
* Enable the SHA - 224 and SHA - 256 cryptographic hash algorithms .
2013-06-30 14:34:05 +02:00
* ( Used to be POLARSSL_SHA2_C )
2011-01-27 16:24:17 +01:00
*
2013-06-30 14:34:05 +02:00
* Module : library / sha256 . c
2013-09-20 14:10:14 +02:00
* Caller : library / entropy . c
* library / md . c
* library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
2009-01-03 22:22:43 +01:00
*
* This module adds support for SHA - 224 and SHA - 256.
2012-11-24 11:26:46 +01:00
* This module is required for the SSL / TLS 1.2 PRF function .
2009-01-03 22:22:43 +01:00
*/
2013-06-30 14:34:05 +02:00
# define POLARSSL_SHA256_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
2013-06-30 14:34:05 +02:00
* \ def POLARSSL_SHA512_C
2011-01-27 16:24:17 +01:00
*
* Enable the SHA - 384 and SHA - 512 cryptographic hash algorithms .
2013-06-30 14:34:05 +02:00
* ( Used to be POLARSSL_SHA4_C )
2011-01-27 16:24:17 +01:00
*
2013-06-30 14:34:05 +02:00
* Module : library / sha512 . c
2013-09-20 14:10:14 +02:00
* Caller : library / entropy . c
* library / md . c
* library / ssl_cli . c
* library / ssl_srv . c
2009-01-03 22:22:43 +01:00
*
* This module adds support for SHA - 384 and SHA - 512.
*/
2013-06-30 14:34:05 +02:00
# define POLARSSL_SHA512_C
2009-01-03 22:22:43 +01:00
2012-09-25 23:55:46 +02:00
/**
* \ def POLARSSL_SSL_CACHE_C
*
* Enable simple SSL cache implementation .
*
* Module : library / ssl_cache . c
* Caller :
*
* Requires : POLARSSL_SSL_CACHE_C
*/
# define POLARSSL_SSL_CACHE_C
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_SSL_CLI_C
*
* Enable the SSL / TLS client code .
*
2009-01-03 22:22:43 +01:00
* Module : library / ssl_cli . c
* Caller :
*
2011-05-26 15:16:06 +02:00
* Requires : POLARSSL_SSL_TLS_C
*
2009-01-03 22:22:43 +01:00
* This module is required for SSL / TLS client support .
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_SSL_CLI_C
2009-01-03 22:22:43 +01:00
2012-11-14 13:39:52 +01:00
/**
2011-01-27 16:24:17 +01:00
* \ def POLARSSL_SSL_SRV_C
*
* Enable the SSL / TLS server code .
*
2009-01-03 22:22:43 +01:00
* Module : library / ssl_srv . c
* Caller :
*
2011-05-26 15:16:06 +02:00
* Requires : POLARSSL_SSL_TLS_C
*
2009-01-03 22:22:43 +01:00
* This module is required for SSL / TLS server support .
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_SSL_SRV_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_SSL_TLS_C
*
2011-05-18 15:26:54 +02:00
* Enable the generic SSL / TLS code .
2011-01-27 16:24:17 +01:00
*
2009-01-03 22:22:43 +01:00
* Module : library / ssl_tls . c
* Caller : library / ssl_cli . c
* library / ssl_srv . c
*
2013-09-20 12:29:15 +02:00
* Requires : POLARSSL_CIPHER_C , POLARSSL_MD_C
2013-08-28 11:57:20 +02:00
* and at least one of the POLARSSL_SSL_PROTO_ * defines
2011-05-26 15:16:06 +02:00
*
2009-01-03 22:22:43 +01:00
* This module is required for SSL / TLS .
*/
2009-01-03 22:51:57 +01:00
# define POLARSSL_SSL_TLS_C
2009-01-03 22:22:43 +01:00
2013-09-28 14:40:38 +02:00
/**
* \ def POLARSSL_THREADING_C
*
* Enable the threading abstraction layer .
2015-01-22 17:11:05 +01:00
* By default mbed TLS assumes it is used in a non - threaded environment or that
2013-09-28 14:40:38 +02:00
* contexts are not shared between threads . If you do intend to use contexts
* between threads , you will need to enable this layer to prevent race
* conditions .
*
* Module : library / threading . c
*
* This allows different threading implementations ( self - implemented or
* provided ) .
*
2013-12-31 11:54:08 +01:00
* You will have to enable either POLARSSL_THREADING_ALT or
* POLARSSL_THREADING_PTHREAD .
2013-09-28 14:40:38 +02:00
*
2015-01-22 17:11:05 +01:00
* Enable this layer to allow use of mutexes within mbed TLS
2013-09-28 14:40:38 +02:00
*/
2013-10-15 11:55:10 +02:00
//#define POLARSSL_THREADING_C
2013-09-28 14:40:38 +02:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_TIMING_C
*
* Enable the portable timing interface .
*
2009-01-03 22:22:43 +01:00
* Module : library / timing . c
* Caller : library / havege . c
*
* This module is used by the HAVEGE random number generator .
2013-07-03 14:48:29 +02:00
*/
2013-09-10 16:16:50 +02:00
# define POLARSSL_TIMING_C
2009-01-03 22:22:43 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_VERSION_C
*
* Enable run - time version information .
*
2011-01-21 12:00:08 +01:00
* Module : library / version . c
*
* This module provides run - time version information .
*/
# define POLARSSL_VERSION_C
2011-01-27 16:24:17 +01:00
/**
2013-09-16 13:49:26 +02:00
* \ def POLARSSL_X509_USE_C
*
2013-09-20 13:45:36 +02:00
* Enable X .509 core for using certificates .
2013-09-16 13:49:26 +02:00
*
* Module : library / x509 . c
* Caller : library / x509_crl . c
* library / x509_crt . c
* library / x509_csr . c
*
* Requires : POLARSSL_ASN1_PARSE_C , POLARSSL_BIGNUM_C , POLARSSL_OID_C ,
* POLARSSL_PK_PARSE_C
*
* This module is required for the X .509 parsing modules .
*/
# define POLARSSL_X509_USE_C
/**
* \ def POLARSSL_X509_CRT_PARSE_C
2011-01-27 16:24:17 +01:00
*
* Enable X .509 certificate parsing .
*
2013-09-16 13:49:26 +02:00
* Module : library / x509_crt . c
2009-01-03 22:22:43 +01:00
* Caller : library / ssl_cli . c
* library / ssl_srv . c
* library / ssl_tls . c
*
2013-09-16 13:49:26 +02:00
* Requires : POLARSSL_X509_USE_C
2011-05-26 15:16:06 +02:00
*
2009-01-03 22:22:43 +01:00
* This module is required for X .509 certificate parsing .
*/
2013-09-16 13:49:26 +02:00
# define POLARSSL_X509_CRT_PARSE_C
/**
* \ def POLARSSL_X509_CRL_PARSE_C
*
* Enable X .509 CRL parsing .
*
* Module : library / x509_crl . c
* Caller : library / x509_crt . c
*
* Requires : POLARSSL_X509_USE_C
*
* This module is required for X .509 CRL parsing .
*/
# define POLARSSL_X509_CRL_PARSE_C
/**
* \ def POLARSSL_X509_CSR_PARSE_C
*
* Enable X .509 Certificate Signing Request ( CSR ) parsing .
*
* Module : library / x509_csr . c
* Caller : library / x509_crt_write . c
*
* Requires : POLARSSL_X509_USE_C
*
* This module is used for reading X .509 certificate request .
*/
# define POLARSSL_X509_CSR_PARSE_C
2009-01-03 22:22:43 +01:00
2012-02-14 00:11:30 +01:00
/**
2013-09-16 13:49:26 +02:00
* \ def POLARSSL_X509_CREATE_C
2012-02-14 00:11:30 +01:00
*
2013-09-20 13:45:36 +02:00
* Enable X .509 core for creating certificates .
2012-02-14 00:11:30 +01:00
*
2013-09-16 13:49:26 +02:00
* Module : library / x509_create . c
2012-02-14 00:11:30 +01:00
*
2013-09-15 17:04:23 +02:00
* Requires : POLARSSL_BIGNUM_C , POLARSSL_OID_C , POLARSSL_PK_WRITE_C
2012-02-14 00:11:30 +01:00
*
2013-09-16 13:49:26 +02:00
* This module is the basis for creating X .509 certificates and CSRs .
*/
# define POLARSSL_X509_CREATE_C
/**
* \ def POLARSSL_X509_CRT_WRITE_C
*
* Enable creating X .509 certificates .
*
* Module : library / x509_crt_write . c
*
* Requires : POLARSSL_CREATE_C
*
* This module is required for X .509 certificate creation .
*/
# define POLARSSL_X509_CRT_WRITE_C
/**
* \ def POLARSSL_X509_CSR_WRITE_C
*
2013-09-20 13:45:36 +02:00
* Enable creating X .509 Certificate Signing Requests ( CSR ) .
2013-09-16 13:49:26 +02:00
*
* Module : library / x509_csr_write . c
*
* Requires : POLARSSL_CREATE_C
*
2012-02-14 00:11:30 +01:00
* This module is required for X .509 certificate request writing .
*/
2013-09-16 13:49:26 +02:00
# define POLARSSL_X509_CSR_WRITE_C
2012-02-14 00:11:30 +01:00
2011-01-27 16:24:17 +01:00
/**
* \ def POLARSSL_XTEA_C
*
* Enable the XTEA block cipher .
2009-01-03 22:22:43 +01:00
*
2009-01-04 19:15:48 +01:00
* Module : library / xtea . c
* Caller :
*/
# define POLARSSL_XTEA_C
2012-10-31 09:26:55 +01:00
2015-01-22 17:11:05 +01:00
/* \} name SECTION: mbed TLS modules */
2009-01-04 19:15:48 +01:00
2013-06-24 19:31:17 +02:00
/**
* \ name SECTION : Module configuration options
*
* This section allows for the setting of module specific sizes and
* configuration options . The default values are already present in the
* relevant header files and should suffice for the regular use cases .
*
2014-04-25 11:11:10 +02:00
* Our advice is to enable options and change their values here
* only if you have a good reason and know the consequences .
2013-06-24 19:31:17 +02:00
*
* Please check the respective header file for documentation on these
* parameters ( to prevent duplicate documentation ) .
* \ {
*/
2014-04-25 11:11:10 +02:00
/* MPI / BIGNUM options */
//#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
2014-09-08 17:03:50 +02:00
//#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
2014-04-25 11:11:10 +02:00
/* CTR_DRBG options */
//#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
//#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
//#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
/* HMAC_DRBG options */
//#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
//#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
/* ECP options */
//#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
//#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
//#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
/* Entropy options */
//#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
//#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
/* Memory buffer allocator options */
2014-05-05 14:04:28 +02:00
//#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
2014-04-25 11:11:10 +02:00
/* Platform options */
2015-02-03 12:00:54 +01:00
//#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */
//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
//#define POLARSSL_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
2015-01-30 13:01:34 +01:00
//#define POLARSSL_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
2014-04-25 11:11:10 +02:00
2015-03-05 14:38:29 +01:00
/* To Use Function Macros POLARSSL_PLATFORM_C must be enabled */
/* POLARSSL_PLATFORM_XXX_MACRO and POLARSSL_PLATFORM_XXX_ALT cannot both be defined */
2015-02-03 12:26:31 +01:00
//#define POLARSSL_PLATFORM_MALLOC_MACRO malloc /**< Default allocator macro to use, can be undefined */
//#define POLARSSL_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
//#define POLARSSL_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
//#define POLARSSL_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
//#define POLARSSL_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
//#define POLARSSL_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
2014-04-25 11:11:10 +02:00
/* SSL Cache options */
//#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
/* SSL options */
//#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
2015-06-29 15:27:52 +02:00
//#define SSL_MIN_DHM_BYTES 128 /**< Min size of the Diffie-Hellman prime */
2014-04-25 11:11:10 +02:00
//#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
2014-07-03 16:12:50 +02:00
//#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
2013-06-24 19:31:17 +02:00
2014-06-30 17:59:55 +02:00
/**
* Complete list of ciphersuites to use , in order of preference .
*
* \ warning No dependency checking is done on that field ! This option can only
* be used to restrict the set of available ciphersuites . It is your
* responsibility to make sure the needed modules are active .
*
* Use this to save a few hundred bytes of ROM ( default ordering of all
* available ciphersuites ) and a few to a few hundred bytes of RAM .
*
* The value below is only an example , not the default .
*/
//#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2014-04-25 15:04:14 +02:00
/* Debug options */
//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
2014-11-20 16:34:20 +01:00
/* X509 options */
//#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
2014-04-30 11:49:44 +02:00
/* \} name SECTION: Module configuration options */
2013-06-24 19:31:17 +02:00
2014-04-30 12:35:08 +02:00
# include "check_config.h"
2014-04-30 11:49:44 +02:00
2014-04-30 12:35:08 +02:00
# endif /* POLARSSL_CONFIG_H */