/** * \file config.h * * \brief Configuration options (set of defines) * * Copyright (C) 2006-2011, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker * * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * This set of compile-time options may be used to enable * or disable features selectively, and reduce the global * memory footprint. */ #ifndef POLARSSL_CONFIG_H #define POLARSSL_CONFIG_H #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif /** * \name SECTION: System support * * This section sets system specific settings. * \{ */ /** * \def POLARSSL_HAVE_INT8 * * The system uses 8-bit wide native integers. * * Uncomment if native integers are 8-bit wide. #define POLARSSL_HAVE_INT8 */ /** * \def POLARSSL_HAVE_INT16 * * The system uses 16-bit wide native integers. * * Uncomment if native integers are 16-bit wide. #define POLARSSL_HAVE_INT16 */ /** * \def POLARSSL_HAVE_LONGLONG * * The compiler supports the use of long long. * * Uncomment if the compiler supports long long. #define POLARSSL_HAVE_LONGLONG */ /** * \def POLARSSL_HAVE_ASM * * The compiler has support for asm() * * Uncomment to enable the use of assembly code. * * Requires support for asm() in compiler. * * Used in: * library/timing.c * library/padlock.c * include/polarssl/bn_mul.h * */ #define POLARSSL_HAVE_ASM /** * \def POLARSSL_HAVE_SSE2 * * CPI supports SSE2 instruction set. * * Uncomment if the CPU supports SSE2 (IA-32 specific). * #define POLARSSL_HAVE_SSE2 */ /* \} name */ /** * \name SECTION: PolarSSL feature support * * This section sets support for features that are or are not needed * within the modules that are enabled. * \{ */ /** * \def POLARSSL_AES_ROM_TABLES * * Store the AES tables in ROM. * * Uncomment this macro to store the AES tables in ROM. * #define POLARSSL_AES_ROM_TABLES */ /** * \def POLARSSL_CIPHER_MODE_CFB * * Enable Cipher Feedback mode (CFB) for symmetric ciphers. */ #define POLARSSL_CIPHER_MODE_CFB /** * \def POLARSSL_CIPHER_MODE_CTR * * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. */ #define POLARSSL_CIPHER_MODE_CTR /** * \def POLARSSL_DEBUG_MSG * * Requires: POLARSSL_DEBUG_C * * Enable all SSL/TLS debugging messages. */ #define POLARSSL_DEBUG_MSG /** * \def POLARSSL_ERROR_STRERROR_DUMMY * * Enable a dummy error function to make use of error_strerror() in * third party libraries easier. * * Disable if you run into name conflicts and want to really remove the * error_strerror() */ #define POLARSSL_ERROR_STRERROR_DUMMY /** * \def POLARSSL_GENPRIME * * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C * * Enable the RSA prime-number generation code. */ #define POLARSSL_GENPRIME /** * \def POLARSSL_FS_IO * * Enable functions that use the filesystem. */ #define POLARSSL_FS_IO /** * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES * * Do not add default entropy sources. These are the platform specific, * hardclock and HAVEGE based poll functions. * * This is useful to have more control over the added entropy sources in an * application. * * Uncomment this macro to prevent loading of default entropy functions. #define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */ /** * \def POLARSSL_NO_PLATFORM_ENTROPY * * Do not use built-in platform entropy functions. * This is useful if your platform does not support * standards like the /dev/urandom or Windows CryptoAPI. * * Uncomment this macro to disable the built-in platform entropy functions. #define POLARSSL_NO_PLATFORM_ENTROPY */ /** * \def POLARSSL_PKCS1_V21 * * Requires: POLARSSL_MD_C, POLARSSL_RSA_C * * Enable support for PKCS#1 v2.1 encoding. * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ #define POLARSSL_PKCS1_V21 /** * \def POLARSSL_RSA_NO_CRT * * Do not use the Chinese Remainder Theorem for the RSA private operation. * * Uncomment this macro to disable the use of CRT in RSA. * #define POLARSSL_RSA_NO_CRT */ /** * \def POLARSSL_SELF_TEST * * Enable the checkup functions (*_self_test). */ #define POLARSSL_SELF_TEST /** * \def POLARSSL_SSL_DEBUG_ALL * * Enable the debug messages in SSL module for all issues. * Debug messages have been disabled in some places to prevent timing * attacks due to (unbalanced) debugging function calls. * * If you need all error reporting you should enable this during debugging, * but remove this for production servers that should log as well. * * Uncomment this macro to report all debug messages on errors introducing * a timing side-channel. * #define POLARSSL_SSL_DEBUG_ALL */ /** * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION * * If set, the X509 parser will not break-off when parsing an X509 certificate * and encountering an unknown critical extension. * * Uncomment to prevent an error. * #define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ /* \} name */ /** * \name SECTION: PolarSSL modules * * This section enables or disables entire modules in PolarSSL * \{ */ /** * \def POLARSSL_AES_C * * Enable the AES block cipher. * * Module: library/aes.c * Caller: library/ssl_tls.c * library/pem.c * library/ctr_drbg.c * * This module enables the following ciphersuites: * SSL_RSA_AES_128_SHA * SSL_RSA_AES_256_SHA * SSL_EDH_RSA_AES_256_SHA * * PEM uses AES for decrypting encrypted keys. */ #define POLARSSL_AES_C /** * \def POLARSSL_ARC4_C * * Enable the ARCFOUR stream cipher. * * Module: library/arc4.c * Caller: library/ssl_tls.c * * This module enables the following ciphersuites: * SSL_RSA_RC4_128_MD5 * SSL_RSA_RC4_128_SHA */ #define POLARSSL_ARC4_C /** * \def POLARSSL_ASN1_PARSE_C * * Enable the generic ASN1 parser. * * Module: library/asn1.c * Caller: library/x509parse.c */ #define POLARSSL_ASN1_PARSE_C /** * \def POLARSSL_BASE64_C * * Enable the Base64 module. * * Module: library/base64.c * Caller: library/pem.c * * This module is required for PEM support (required by X.509). */ #define POLARSSL_BASE64_C /** * \def POLARSSL_BIGNUM_C * * Enable the multi-precision integer library. * * Module: library/bignum.c * Caller: library/dhm.c * library/rsa.c * library/ssl_tls.c * library/x509parse.c * * This module is required for RSA and DHM support. */ #define POLARSSL_BIGNUM_C /** * \def POLARSSL_CAMELLIA_C * * Enable the Camellia block cipher. * * Module: library/camellia.c * Caller: library/ssl_tls.c * * This module enabled the following cipher suites: * SSL_RSA_CAMELLIA_128_SHA * SSL_RSA_CAMELLIA_256_SHA * SSL_EDH_RSA_CAMELLIA_256_SHA */ #define POLARSSL_CAMELLIA_C /** * \def POLARSSL_CERTS_C * * Enable the test certificates. * * Module: library/certs.c * Caller: * * This module is used for testing (ssl_client/server). */ #define POLARSSL_CERTS_C /** * \def POLARSSL_CIPHER_C * * Enable the generic cipher layer. * * Module: library/cipher.c * Caller: * * Uncomment to enable generic cipher wrappers. */ #define POLARSSL_CIPHER_C /** * \def POLARSSL_CTR_DRBG_C * * Enable the CTR_DRBG AES-256-based random generator * * Module: library/ctr_drbg.c * Caller: * * Requires: POLARSSL_AES_C * * This module provides the CTR_DRBG AES-256 random number generator. */ #define POLARSSL_CTR_DRBG_C /** * \def POLARSSL_DEBUG_C * * Enable the debug functions. * * Module: library/debug.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c * * This module provides debugging functions. */ #define POLARSSL_DEBUG_C /** * \def POLARSSL_DES_C * * Enable the DES block cipher. * * Module: library/des.c * Caller: library/pem.c * library/ssl_tls.c * * This module enables the following ciphersuites: * SSL_RSA_DES_168_SHA * SSL_EDH_RSA_DES_168_SHA * * PEM uses DES/3DES for decrypting encrypted keys. */ #define POLARSSL_DES_C /** * \def POLARSSL_DHM_C * * Enable the Diffie-Hellman-Merkle key exchange. * * Module: library/dhm.c * Caller: library/ssl_cli.c * library/ssl_srv.c * * This module enables the following ciphersuites: * SSL_EDH_RSA_DES_168_SHA * SSL_EDH_RSA_AES_256_SHA * SSL_EDH_RSA_CAMELLIA_256_SHA */ #define POLARSSL_DHM_C /** * \def POLARSSL_ENTROPY_C * * Enable the platform-specific entropy code. * * Module: library/entropy.c * Caller: * * Requires: POLARSSL_SHA4_C * * This module provides a generic entropy pool */ #define POLARSSL_ENTROPY_C /** * \def POLARSSL_ERROR_C * * Enable error code to error string conversion. * * Module: library/error.c * Caller: * * This module enables err_strerror(). */ #define POLARSSL_ERROR_C /** * \def POLARSSL_HAVEGE_C * * Enable the HAVEGE random generator. * * Warning: the HAVEGE random generator is not suitable for virtualized * environments * * Warning: the HAVEGE random generator is dependent on timing and specific * processor traits. It is therefore not advised to use HAVEGE as * your applications primary random generator or primary entropy pool * input. As a secondary input to your entropy pool, it IS able add * the (limited) extra entropy it provides. * * Module: library/havege.c * Caller: * * Requires: POLARSSL_TIMING_C * * Uncomment to enable the HAVEGE random generator. #define POLARSSL_HAVEGE_C */ /** * \def POLARSSL_MD_C * * Enable the generic message digest layer. * * Module: library/md.c * Caller: * * Uncomment to enable generic message digest wrappers. */ #define POLARSSL_MD_C /** * \def POLARSSL_MD2_C * * Enable the MD2 hash algorithm * * Module: library/md2.c * Caller: library/x509parse.c * * Uncomment to enable support for (rare) MD2-signed X.509 certs. * #define POLARSSL_MD2_C */ /** * \def POLARSSL_MD4_C * * Enable the MD4 hash algorithm * * Module: library/md4.c * Caller: library/x509parse.c * * Uncomment to enable support for (rare) MD4-signed X.509 certs. * #define POLARSSL_MD4_C */ /** * \def POLARSSL_MD5_C * * Enable the MD5 hash algorithm * * Module: library/md5.c * Caller: library/pem.c * library/ssl_tls.c * library/x509parse.c * * This module is required for SSL/TLS and X.509. * PEM uses MD5 for decrypting encrypted keys. */ #define POLARSSL_MD5_C /** * \def POLARSSL_NET_C * * Enable the TCP/IP networking routines. * * Module: library/net.c * Caller: * * This module provides TCP/IP networking routines. */ #define POLARSSL_NET_C /** * \def POLARSSL_PADLOCK_C * * Enable VIA Padlock support on x86. * * Module: library/padlock.c * Caller: library/aes.c * * This modules adds support for the VIA PadLock on x86. */ #define POLARSSL_PADLOCK_C /** * \def POLARSSL_PEM_C * * Enable PEM decoding * * Module: library/pem.c * Caller: library/x509parse.c * * Requires: POLARSSL_BASE64_C * * This modules adds support for decoding PEM files. */ #define POLARSSL_PEM_C /** * \def POLARSSL_PKCS11_C * * Enable support for PKCS#11 smartcard support. * * Module: library/ssl_srv.c * Caller: library/ssl_cli.c * library/ssl_srv.c * * Requires: POLARSSL_SSL_TLS_C * * This module is required for SSL/TLS PKCS #11 smartcard support. * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) #define POLARSSL_PKCS11_C */ /** * \def POLARSSL_RSA_C * * Enable the RSA public-key cryptosystem. * * Module: library/rsa.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c * library/x509.c * * Requires: POLARSSL_BIGNUM_C * * This module is required for SSL/TLS and MD5-signed certificates. */ #define POLARSSL_RSA_C /** * \def POLARSSL_SHA1_C * * Enable the SHA1 cryptographic hash algorithm. * * Module: library/sha1.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c * library/x509parse.c * * This module is required for SSL/TLS and SHA1-signed certificates. */ #define POLARSSL_SHA1_C /** * \def POLARSSL_SHA2_C * * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * * Module: library/sha2.c * Caller: library/md_wrap.c * library/x509parse.c * * This module adds support for SHA-224 and SHA-256. */ #define POLARSSL_SHA2_C /** * \def POLARSSL_SHA4_C * * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * * Module: library/sha4.c * Caller: library/md_wrap.c * library/x509parse.c * * This module adds support for SHA-384 and SHA-512. */ #define POLARSSL_SHA4_C /** * \def POLARSSL_SSL_CLI_C * * Enable the SSL/TLS client code. * * Module: library/ssl_cli.c * Caller: * * Requires: POLARSSL_SSL_TLS_C * * This module is required for SSL/TLS client support. */ #define POLARSSL_SSL_CLI_C /** * \def POLARSSL_SSL_SRV_C * * Enable the SSL/TLS server code. * * Module: library/ssl_srv.c * Caller: * * Requires: POLARSSL_SSL_TLS_C * * This module is required for SSL/TLS server support. */ #define POLARSSL_SSL_SRV_C /** * \def POLARSSL_SSL_TLS_C * * Enable the generic SSL/TLS code. * * Module: library/ssl_tls.c * Caller: library/ssl_cli.c * library/ssl_srv.c * * Requires: POLARSSL_MD5_C, POLARSSL_SHA1_C, POLARSSL_X509_PARSE_C * * This module is required for SSL/TLS. */ #define POLARSSL_SSL_TLS_C /** * \def POLARSSL_TIMING_C * * Enable the portable timing interface. * * Module: library/timing.c * Caller: library/havege.c * * This module is used by the HAVEGE random number generator. */ #define POLARSSL_TIMING_C /** * \def POLARSSL_VERSION_C * * Enable run-time version information. * * Module: library/version.c * * This module provides run-time version information. */ #define POLARSSL_VERSION_C /** * \def POLARSSL_X509_PARSE_C * * Enable X.509 certificate parsing. * * Module: library/x509parse.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c * * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_RSA_C * * This module is required for X.509 certificate parsing. */ #define POLARSSL_X509_PARSE_C /** * \def POLARSSL_XTEA_C * * Enable the XTEA block cipher. * * Module: library/xtea.c * Caller: */ #define POLARSSL_XTEA_C /* \} name */ #endif /* config.h */