4 * \brief Configuration options (set of defines)
6 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
8 * This file is part of mbed TLS (https://polarssl.org)
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 * This set of compile-time options may be used to enable
25 * or disable features selectively, and reduce the global
28 #ifndef POLARSSL_CONFIG_H
29 #define POLARSSL_CONFIG_H
31 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
32 #define _CRT_SECURE_NO_DEPRECATE 1
36 * \name SECTION: System support
38 * This section sets system specific settings.
43 * \def POLARSSL_HAVE_INT8
45 * The system uses 8-bit wide native integers.
47 * Uncomment if native integers are 8-bit wide.
49 //#define POLARSSL_HAVE_INT8
52 * \def POLARSSL_HAVE_INT16
54 * The system uses 16-bit wide native integers.
56 * Uncomment if native integers are 16-bit wide.
58 //#define POLARSSL_HAVE_INT16
61 * \def POLARSSL_HAVE_LONGLONG
63 * The compiler supports the 'long long' type.
64 * (Only used on 32-bit platforms)
66 #define POLARSSL_HAVE_LONGLONG
69 * \def POLARSSL_HAVE_ASM
71 * The compiler has support for asm().
73 * Requires support for asm() in compiler.
78 * include/polarssl/bn_mul.h
80 * Comment to disable the use of assembly code.
82 #define POLARSSL_HAVE_ASM
85 * \def POLARSSL_HAVE_SSE2
87 * CPU supports SSE2 instruction set.
89 * Uncomment if the CPU supports SSE2 (IA-32 specific).
91 #define POLARSSL_HAVE_SSE2
94 * \def POLARSSL_HAVE_TIME
96 * System has time.h and time() / localtime() / gettimeofday().
98 * Comment if your system does not support time functions
100 #define POLARSSL_HAVE_TIME
103 * \def POLARSSL_HAVE_IPV6
105 * System supports the basic socket interface for IPv6 (RFC 3493),
106 * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage.
108 * Note: on Windows/MingW, XP or higher is required.
110 * Comment if your system does not support the IPv6 socket interface
112 #define POLARSSL_HAVE_IPV6
115 * \def POLARSSL_PLATFORM_MEMORY
117 * Enable the memory allocation layer.
119 * By default mbed TLS uses the system-provided malloc() and free().
120 * This allows different allocators (self-implemented or provided) to be
121 * provided to the platform abstraction layer.
123 * Enabling POLARSSL_PLATFORM_MEMORY will provide "platform_set_malloc_free()"
124 * to allow you to set an alternative malloc() and free() function pointer.
126 * Requires: POLARSSL_PLATFORM_C
128 * Enable this layer to allow use of alternative memory allocators.
130 //#define POLARSSL_PLATFORM_MEMORY
133 * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS
135 * Do not assign standard functions in the platform layer (e.g. malloc() to
136 * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF)
138 * This makes sure there are no linking errors on platforms that do not support
139 * these functions. You will HAVE to provide alternatives, either at runtime
140 * via the platform_set_xxx() functions or at compile time by setting
141 * the POLARSSL_PLATFORM_STD_XXX defines.
143 * Requires: POLARSSL_PLATFORM_C
145 * Uncomment to prevent default assignment of standard functions in the
148 //#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS
151 * \def POLARSSL_PLATFORM_XXX_ALT
153 * Uncomment a macro to let mbed TLS support the function in the platform
156 * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, mbed TLS will
157 * provide a function "platform_set_printf()" that allows you to set an
158 * alternative printf function pointer.
160 * All these define require POLARSSL_PLATFORM_C to be defined!
162 * Uncomment a macro to enable alternate implementation of specific base
165 //#define POLARSSL_PLATFORM_PRINTF_ALT
166 //#define POLARSSL_PLATFORM_FPRINTF_ALT
167 /* \} name SECTION: System support */
170 * \name SECTION: mbed TLS feature support
172 * This section sets support for features that are or are not needed
173 * within the modules that are enabled.
178 * \def POLARSSL_TIMING_ALT
180 * Uncomment to provide your own alternate implementation for hardclock(),
181 * get_timer(), set_alarm() and m_sleep().
183 * Only works if you have POLARSSL_TIMING_C enabled.
185 * You will need to provide a header "timing_alt.h" and an implementation at
188 //#define POLARSSL_TIMING_ALT
191 * \def POLARSSL_XXX_ALT
193 * Uncomment a macro to let mbed TLS use your alternate core implementation of
194 * a symmetric or hash algorithm (e.g. platform specific assembly optimized
195 * implementations). Keep in mind that the function prototypes should remain
198 * Example: In case you uncomment POLARSSL_AES_ALT, mbed TLS will no longer
199 * provide the "struct aes_context" definition and omit the base function
200 * declarations and implementations. "aes_alt.h" will be included from
201 * "aes.h" to include the new function definitions.
203 * Uncomment a macro to enable alternate implementation for core algorithm
206 //#define POLARSSL_AES_ALT
207 //#define POLARSSL_ARC4_ALT
208 //#define POLARSSL_BLOWFISH_ALT
209 //#define POLARSSL_CAMELLIA_ALT
210 //#define POLARSSL_DES_ALT
211 //#define POLARSSL_XTEA_ALT
212 //#define POLARSSL_MD2_ALT
213 //#define POLARSSL_MD4_ALT
214 //#define POLARSSL_MD5_ALT
215 //#define POLARSSL_RIPEMD160_ALT
216 //#define POLARSSL_SHA1_ALT
217 //#define POLARSSL_SHA256_ALT
218 //#define POLARSSL_SHA512_ALT
221 * \def POLARSSL_AES_ROM_TABLES
223 * Store the AES tables in ROM.
225 * Uncomment this macro to store the AES tables in ROM.
228 //#define POLARSSL_AES_ROM_TABLES
231 * \def POLARSSL_CIPHER_MODE_CBC
233 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
235 #define POLARSSL_CIPHER_MODE_CBC
238 * \def POLARSSL_CIPHER_MODE_CFB
240 * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
242 #define POLARSSL_CIPHER_MODE_CFB
245 * \def POLARSSL_CIPHER_MODE_CTR
247 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
249 #define POLARSSL_CIPHER_MODE_CTR
252 * \def POLARSSL_CIPHER_NULL_CIPHER
254 * Enable NULL cipher.
255 * Warning: Only do so when you know what you are doing. This allows for
256 * encryption or channels without any security!
258 * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
259 * the following ciphersuites:
260 * TLS_ECDH_ECDSA_WITH_NULL_SHA
261 * TLS_ECDH_RSA_WITH_NULL_SHA
262 * TLS_ECDHE_ECDSA_WITH_NULL_SHA
263 * TLS_ECDHE_RSA_WITH_NULL_SHA
264 * TLS_ECDHE_PSK_WITH_NULL_SHA384
265 * TLS_ECDHE_PSK_WITH_NULL_SHA256
266 * TLS_ECDHE_PSK_WITH_NULL_SHA
267 * TLS_DHE_PSK_WITH_NULL_SHA384
268 * TLS_DHE_PSK_WITH_NULL_SHA256
269 * TLS_DHE_PSK_WITH_NULL_SHA
270 * TLS_RSA_WITH_NULL_SHA256
271 * TLS_RSA_WITH_NULL_SHA
272 * TLS_RSA_WITH_NULL_MD5
273 * TLS_RSA_PSK_WITH_NULL_SHA384
274 * TLS_RSA_PSK_WITH_NULL_SHA256
275 * TLS_RSA_PSK_WITH_NULL_SHA
276 * TLS_PSK_WITH_NULL_SHA384
277 * TLS_PSK_WITH_NULL_SHA256
278 * TLS_PSK_WITH_NULL_SHA
280 * Uncomment this macro to enable the NULL cipher and ciphersuites
282 //#define POLARSSL_CIPHER_NULL_CIPHER
285 * \def POLARSSL_CIPHER_PADDING_XXX
287 * Uncomment or comment macros to add support for specific padding modes
288 * in the cipher layer with cipher modes that support padding (e.g. CBC)
290 * If you disable all padding modes, only full blocks can be used with CBC.
292 * Enable padding modes in the cipher layer.
294 #define POLARSSL_CIPHER_PADDING_PKCS7
295 #define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
296 #define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
297 #define POLARSSL_CIPHER_PADDING_ZEROS
300 * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
302 * Enable weak ciphersuites in SSL / TLS.
303 * Warning: Only do so when you know what you are doing. This allows for
304 * channels with virtually no security at all!
306 * This enables the following ciphersuites:
307 * TLS_RSA_WITH_DES_CBC_SHA
308 * TLS_DHE_RSA_WITH_DES_CBC_SHA
310 * Uncomment this macro to enable weak ciphersuites
312 //#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
315 * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES
317 * Remove RC4 ciphersuites by default in SSL / TLS.
318 * This flag removes the ciphersuites based on RC4 from the default list as
319 * returned by ssl_list_ciphersuites(). However, it is still possible to
320 * enable (some of) them with ssl_set_ciphersuites() by including them
323 * Uncomment this macro to remove RC4 ciphersuites by default.
325 #define POLARSSL_REMOVE_ARC4_CIPHERSUITES
328 * \def POLARSSL_ECP_XXXX_ENABLED
330 * Enables specific curves within the Elliptic Curve module.
331 * By default all supported curves are enabled.
333 * Comment macros to disable the curve and functions for it
335 #define POLARSSL_ECP_DP_SECP192R1_ENABLED
336 #define POLARSSL_ECP_DP_SECP224R1_ENABLED
337 #define POLARSSL_ECP_DP_SECP256R1_ENABLED
338 #define POLARSSL_ECP_DP_SECP384R1_ENABLED
339 #define POLARSSL_ECP_DP_SECP521R1_ENABLED
340 #define POLARSSL_ECP_DP_SECP192K1_ENABLED
341 #define POLARSSL_ECP_DP_SECP224K1_ENABLED
342 #define POLARSSL_ECP_DP_SECP256K1_ENABLED
343 #define POLARSSL_ECP_DP_BP256R1_ENABLED
344 #define POLARSSL_ECP_DP_BP384R1_ENABLED
345 #define POLARSSL_ECP_DP_BP512R1_ENABLED
346 //#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet!
347 #define POLARSSL_ECP_DP_M255_ENABLED
348 //#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet!
349 //#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet!
352 * \def POLARSSL_ECP_NIST_OPTIM
354 * Enable specific 'modulo p' routines for each NIST prime.
355 * Depending on the prime and architecture, makes operations 4 to 8 times
356 * faster on the corresponding curve.
358 * Comment this macro to disable NIST curves optimisation.
360 #define POLARSSL_ECP_NIST_OPTIM
363 * \def POLARSSL_ECDSA_DETERMINISTIC
365 * Enable deterministic ECDSA (RFC 6979).
366 * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
367 * may result in a compromise of the long-term signing key. This is avoided by
368 * the deterministic variant.
370 * Requires: POLARSSL_HMAC_DRBG_C
372 * Comment this macro to disable deterministic ECDSA.
374 #define POLARSSL_ECDSA_DETERMINISTIC
377 * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
379 * Enable the PSK based ciphersuite modes in SSL / TLS.
381 * This enables the following ciphersuites (if other requisites are
383 * TLS_PSK_WITH_AES_256_GCM_SHA384
384 * TLS_PSK_WITH_AES_256_CBC_SHA384
385 * TLS_PSK_WITH_AES_256_CBC_SHA
386 * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
387 * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
388 * TLS_PSK_WITH_AES_128_GCM_SHA256
389 * TLS_PSK_WITH_AES_128_CBC_SHA256
390 * TLS_PSK_WITH_AES_128_CBC_SHA
391 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
392 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
393 * TLS_PSK_WITH_3DES_EDE_CBC_SHA
394 * TLS_PSK_WITH_RC4_128_SHA
396 //#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED /* (swyter: we don't need pre-shared key negotiation as schannel does not support it) */
399 * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
401 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
403 * Requires: POLARSSL_DHM_C
405 * This enables the following ciphersuites (if other requisites are
407 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
408 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
409 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
410 * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
411 * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
412 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
413 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
414 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
415 * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
416 * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
417 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
418 * TLS_DHE_PSK_WITH_RC4_128_SHA
420 //#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED /* (swyter: we don't need pre-shared key negotiation as schannel does not support it) */
423 * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
425 * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
427 * Requires: POLARSSL_ECDH_C
429 * This enables the following ciphersuites (if other requisites are
431 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
432 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
433 * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
434 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
435 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
436 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
437 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
438 * TLS_ECDHE_PSK_WITH_RC4_128_SHA
440 //#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED /* (swyter: we don't need pre-shared key negotiation as schannel does not support it) */
443 * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
445 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
447 * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
448 * POLARSSL_X509_CRT_PARSE_C
450 * This enables the following ciphersuites (if other requisites are
452 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
453 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
454 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
455 * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
456 * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
457 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
458 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
459 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
460 * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
461 * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
462 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
463 * TLS_RSA_PSK_WITH_RC4_128_SHA
465 //#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED /* (swyter: we don't need pre-shared key negotiation as schannel does not support it) */
468 * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
470 * Enable the RSA-only based ciphersuite modes in SSL / TLS.
472 * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
473 * POLARSSL_X509_CRT_PARSE_C
475 * This enables the following ciphersuites (if other requisites are
477 * TLS_RSA_WITH_AES_256_GCM_SHA384
478 * TLS_RSA_WITH_AES_256_CBC_SHA256
479 * TLS_RSA_WITH_AES_256_CBC_SHA
480 * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
481 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
482 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
483 * TLS_RSA_WITH_AES_128_GCM_SHA256
484 * TLS_RSA_WITH_AES_128_CBC_SHA256
485 * TLS_RSA_WITH_AES_128_CBC_SHA
486 * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
487 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
488 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
489 * TLS_RSA_WITH_3DES_EDE_CBC_SHA
490 * TLS_RSA_WITH_RC4_128_SHA
491 * TLS_RSA_WITH_RC4_128_MD5
493 #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
496 * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
498 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
500 * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
501 * POLARSSL_X509_CRT_PARSE_C
503 * This enables the following ciphersuites (if other requisites are
505 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
506 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
507 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
508 * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
509 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
510 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
511 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
512 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
513 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
514 * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
515 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
516 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
517 * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
519 //#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED /* (swyter: we don't need pre-shared key negotiation as schannel does not support it) */
522 * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
524 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
526 * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
527 * POLARSSL_X509_CRT_PARSE_C
529 * This enables the following ciphersuites (if other requisites are
531 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
532 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
533 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
534 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
535 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
536 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
537 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
538 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
539 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
540 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
541 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
542 * TLS_ECDHE_RSA_WITH_RC4_128_SHA
544 #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
547 * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
549 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
551 * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
553 * This enables the following ciphersuites (if other requisites are
555 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
556 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
557 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
558 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
559 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
560 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
561 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
562 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
563 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
564 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
565 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
566 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
568 #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
571 * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
573 * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
575 * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
577 * This enables the following ciphersuites (if other requisites are
579 * TLS_ECDH_ECDSA_WITH_RC4_128_SHA
580 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
581 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
582 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
583 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
584 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
585 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
586 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
587 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
588 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
589 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
590 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
592 #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
595 * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
597 * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
599 * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
601 * This enables the following ciphersuites (if other requisites are
603 * TLS_ECDH_RSA_WITH_RC4_128_SHA
604 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
605 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
606 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
607 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
608 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
609 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
610 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
611 * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
612 * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
613 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
614 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
616 #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
619 * \def POLARSSL_PK_PARSE_EC_EXTENDED
621 * Enhance support for reading EC keys using variants of SEC1 not allowed by
622 * RFC 5915 and RFC 5480.
624 * Currently this means parsing the SpecifiedECDomain choice of EC
625 * parameters (only known groups are supported, not arbitrary domains, to
626 * avoid validation issues).
628 * Disable if you only need to support RFC 5915 + 5480 key formats.
630 #define POLARSSL_PK_PARSE_EC_EXTENDED
633 * \def POLARSSL_ERROR_STRERROR_BC
635 * Make available the backward compatible error_strerror() next to the
636 * current polarssl_strerror().
638 * For new code, it is recommended to use polarssl_strerror() instead and
641 * Disable if you run into name conflicts and want to really remove the
644 #define POLARSSL_ERROR_STRERROR_BC
647 * \def POLARSSL_ERROR_STRERROR_DUMMY
649 * Enable a dummy error function to make use of polarssl_strerror() in
650 * third party libraries easier when POLARSSL_ERROR_C is disabled
651 * (no effect when POLARSSL_ERROR_C is enabled).
653 * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're
654 * not using polarssl_strerror() or error_strerror() in your application.
656 * Disable if you run into name conflicts and want to really remove the
657 * polarssl_strerror()
659 #define POLARSSL_ERROR_STRERROR_DUMMY
662 * \def POLARSSL_GENPRIME
664 * Enable the prime-number generation code.
666 * Requires: POLARSSL_BIGNUM_C
668 #define POLARSSL_GENPRIME
671 * \def POLARSSL_FS_IO
673 * Enable functions that use the filesystem.
675 #define POLARSSL_FS_IO
678 * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
680 * Do not add default entropy sources. These are the platform specific,
681 * hardclock and HAVEGE based poll functions.
683 * This is useful to have more control over the added entropy sources in an
686 * Uncomment this macro to prevent loading of default entropy functions.
688 //#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
691 * \def POLARSSL_NO_PLATFORM_ENTROPY
693 * Do not use built-in platform entropy functions.
694 * This is useful if your platform does not support
695 * standards like the /dev/urandom or Windows CryptoAPI.
697 * Uncomment this macro to disable the built-in platform entropy functions.
699 //#define POLARSSL_NO_PLATFORM_ENTROPY
702 * \def POLARSSL_ENTROPY_FORCE_SHA256
704 * Force the entropy accumulator to use a SHA-256 accumulator instead of the
705 * default SHA-512 based one (if both are available).
707 * Requires: POLARSSL_SHA256_C
709 * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
710 * if you have performance concerns.
712 * This option is only useful if both POLARSSL_SHA256_C and
713 * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used.
715 #define POLARSSL_ENTROPY_FORCE_SHA256
718 * \def POLARSSL_MEMORY_DEBUG
720 * Enable debugging of buffer allocator memory issues. Automatically prints
721 * (to stderr) all (fatal) messages on memory allocation issues. Enables
722 * function for 'debug output' of allocated memory.
724 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
726 * Uncomment this macro to let the buffer allocator print out error messages.
728 //#define POLARSSL_MEMORY_DEBUG
731 * \def POLARSSL_MEMORY_BACKTRACE
733 * Include backtrace information with each allocated block.
735 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
736 * GLIBC-compatible backtrace() an backtrace_symbols() support
738 * Uncomment this macro to include backtrace information
740 //#define POLARSSL_MEMORY_BACKTRACE
743 * \def POLARSSL_PKCS1_V15
745 * Enable support for PKCS#1 v1.5 encoding.
747 * Requires: POLARSSL_RSA_C
749 * This enables support for PKCS#1 v1.5 operations.
751 #define POLARSSL_PKCS1_V15
754 * \def POLARSSL_PKCS1_V21
756 * Enable support for PKCS#1 v2.1 encoding.
758 * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
760 * This enables support for RSAES-OAEP and RSASSA-PSS operations.
762 #define POLARSSL_PKCS1_V21
765 * \def POLARSSL_RSA_NO_CRT
767 * Do not use the Chinese Remainder Theorem for the RSA private operation.
769 * Uncomment this macro to disable the use of CRT in RSA.
772 //#define POLARSSL_RSA_NO_CRT
775 * \def POLARSSL_SELF_TEST
777 * Enable the checkup functions (*_self_test).
779 //#define POLARSSL_SELF_TEST
782 * \def POLARSSL_SSL_AEAD_RANDOM_IV
784 * Generate a random IV rather than using the record sequence number as a
785 * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
787 * Using the sequence number is generally recommended.
789 * Uncomment this macro to always use random IVs with AEAD ciphersuites.
791 //#define POLARSSL_SSL_AEAD_RANDOM_IV
794 * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
796 * Enable sending of alert messages in case of encountered errors as per RFC.
797 * If you choose not to send the alert messages, mbed TLS can still communicate
798 * with other servers, only debugging of failures is harder.
800 * The advantage of not sending alert messages, is that no information is given
801 * about reasons for failures thus preventing adversaries of gaining intel.
803 * Enable sending of all alert messages
805 #define POLARSSL_SSL_ALERT_MESSAGES
808 * \def POLARSSL_SSL_DEBUG_ALL
810 * Enable the debug messages in SSL module for all issues.
811 * Debug messages have been disabled in some places to prevent timing
812 * attacks due to (unbalanced) debugging function calls.
814 * If you need all error reporting you should enable this during debugging,
815 * but remove this for production servers that should log as well.
817 * Uncomment this macro to report all debug messages on errors introducing
818 * a timing side-channel.
821 //#define POLARSSL_SSL_DEBUG_ALL
823 /** \def POLARSSL_SSL_ENCRYPT_THEN_MAC
825 * Enable support for Encrypt-then-MAC, RFC 7366.
827 * This allows peers that both support it to use a more robust protection for
828 * ciphersuites using CBC, providing deep resistance against timing attacks
829 * on the padding or underlying cipher.
831 * This only affects CBC ciphersuites, and is useless if none is defined.
833 * Requires: POLARSSL_SSL_PROTO_TLS1 or
834 * POLARSSL_SSL_PROTO_TLS1_1 or
835 * POLARSSL_SSL_PROTO_TLS1_2
837 * Comment this macro to disable support for Encrypt-then-MAC
839 #define POLARSSL_SSL_ENCRYPT_THEN_MAC
841 /** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET
843 * Enable support for Extended Master Secret, aka Session Hash
844 * (draft-ietf-tls-session-hash-02).
846 * This was introduced as "the proper fix" to the Triple Handshake family of
847 * attacks, but it is recommended to always use it (even if you disable
848 * renegotiation), since it actually fixes a more fundamental issue in the
849 * original SSL/TLS design, and has implications beyond Triple Handshake.
851 * Requires: POLARSSL_SSL_PROTO_TLS1 or
852 * POLARSSL_SSL_PROTO_TLS1_1 or
853 * POLARSSL_SSL_PROTO_TLS1_2
855 * Comment this macro to disable support for Extended Master Secret.
857 #define POLARSSL_SSL_EXTENDED_MASTER_SECRET
860 * \def POLARSSL_SSL_FALLBACK_SCSV
862 * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
864 * For servers, it is recommended to always enable this, unless you support
865 * only one version of TLS, or know for sure that none of your clients
866 * implements a fallback strategy.
868 * For clients, you only need this if you're using a fallback strategy, which
869 * is not recommended in the first place, unless you absolutely need it to
870 * interoperate with buggy (version-intolerant) servers.
872 * Comment this macro to disable support for FALLBACK_SCSV
874 #define POLARSSL_SSL_FALLBACK_SCSV
877 * \def POLARSSL_SSL_HW_RECORD_ACCEL
879 * Enable hooking functions in SSL module for hardware acceleration of
880 * individual records.
882 * Uncomment this macro to enable hooking functions.
884 //#define POLARSSL_SSL_HW_RECORD_ACCEL
887 * \def POLARSSL_SSL_CBC_RECORD_SPLITTING
889 * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
891 * This is a countermeasure to the BEAST attack, which also minimizes the risk
892 * of interoperability issues compared to sending 0-length records.
894 * Comment this macro to disable 1/n-1 record splitting.
896 #define POLARSSL_SSL_CBC_RECORD_SPLITTING
899 * \def POLARSSL_SSL_DISABLE_RENEGOTIATION
901 * Disable support for TLS renegotiation.
903 * The two main uses of renegotiation are (1) refresh keys on long-lived
904 * connections and (2) client authentication after the initial handshake.
905 * If you don't need renegotiation, it's probably better to disable it, since
906 * it has been associated with security issues in the past and is easy to
907 * misuse/misunderstand.
909 * Warning: in the next stable branch, this switch will be replaced by
910 * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation.
912 * Uncomment this to disable support for renegotiation.
914 //#define POLARSSL_SSL_DISABLE_RENEGOTIATION
917 * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
919 * Enable support for receiving and parsing SSLv2 Client Hello messages for the
920 * SSL Server module (POLARSSL_SSL_SRV_C).
922 * Comment this macro to disable support for SSLv2 Client Hello messages.
924 //#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO /* (swyter: we don't want this even if we had server-side support in schannel... which we don't) */
927 * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
929 * Pick the ciphersuite according to the client's preferences rather than ours
930 * in the SSL Server module (POLARSSL_SSL_SRV_C).
932 * Uncomment this macro to respect client's ciphersuite order
934 //#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
937 * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
939 * Enable support for RFC 6066 max_fragment_length extension in SSL.
941 * Comment this macro to disable support for the max_fragment_length extension
943 #define POLARSSL_SSL_MAX_FRAGMENT_LENGTH
946 * \def POLARSSL_SSL_PROTO_SSL3
948 * Enable support for SSL 3.0.
950 * Requires: POLARSSL_MD5_C
953 * Comment this macro to disable support for SSL 3.0
955 //#define POLARSSL_SSL_PROTO_SSL3 /* (swyter: broken by the so-called 'BEAST' and more recently 'POODLE' attacks, there's a big-ass flaw in the protocol: http://disablessl3.com/) */
958 * \def POLARSSL_SSL_PROTO_TLS1
960 * Enable support for TLS 1.0.
962 * Requires: POLARSSL_MD5_C
965 * Comment this macro to disable support for TLS 1.0
967 #define POLARSSL_SSL_PROTO_TLS1
970 * \def POLARSSL_SSL_PROTO_TLS1_1
972 * Enable support for TLS 1.1.
974 * Requires: POLARSSL_MD5_C
977 * Comment this macro to disable support for TLS 1.1
979 #define POLARSSL_SSL_PROTO_TLS1_1
982 * \def POLARSSL_SSL_PROTO_TLS1_2
984 * Enable support for TLS 1.2.
986 * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C
987 * (Depends on ciphersuites)
989 * Comment this macro to disable support for TLS 1.2
991 #define POLARSSL_SSL_PROTO_TLS1_2
994 * \def POLARSSL_SSL_ALPN
996 * Enable support for RFC 7301 Application Layer Protocol Negotiation.
998 * Comment this macro to disable support for ALPN.
1000 #define POLARSSL_SSL_ALPN
1003 * \def POLARSSL_SSL_SESSION_TICKETS
1005 * Enable support for RFC 5077 session tickets in SSL.
1007 * Requires: POLARSSL_AES_C
1009 * POLARSSL_CIPHER_MODE_CBC
1011 * Comment this macro to disable support for SSL session tickets
1013 #define POLARSSL_SSL_SESSION_TICKETS
1016 * \def POLARSSL_SSL_SERVER_NAME_INDICATION
1018 * Enable support for RFC 6066 server name indication (SNI) in SSL.
1020 * Requires: POLARSSL_X509_CRT_PARSE_C
1022 * Comment this macro to disable support for server name indication in SSL
1024 #define POLARSSL_SSL_SERVER_NAME_INDICATION
1027 * \def POLARSSL_SSL_TRUNCATED_HMAC
1029 * Enable support for RFC 6066 truncated HMAC in SSL.
1031 * Comment this macro to disable support for truncated HMAC in SSL
1033 #define POLARSSL_SSL_TRUNCATED_HMAC
1036 * \def POLARSSL_SSL_SET_CURVES
1038 * Enable ssl_set_curves().
1040 * This is disabled by default since it breaks binary compatibility with the
1041 * 1.3.x line. If you choose to enable it, you will need to rebuild your
1042 * application against the new header files, relinking will not be enough.
1043 * It will be enabled by default, or no longer an option, in the 1.4 branch.
1045 * Uncomment to make ssl_set_curves() available.
1047 //#define POLARSSL_SSL_SET_CURVES
1050 * \def POLARSSL_THREADING_ALT
1052 * Provide your own alternate threading implementation.
1054 * Requires: POLARSSL_THREADING_C
1056 * Uncomment this to allow your own alternate threading implementation.
1058 //#define POLARSSL_THREADING_ALT
1061 * \def POLARSSL_THREADING_PTHREAD
1063 * Enable the pthread wrapper layer for the threading layer.
1065 * Requires: POLARSSL_THREADING_C
1067 * Uncomment this to enable pthread mutexes.
1069 //#define POLARSSL_THREADING_PTHREAD
1072 * \def POLARSSL_VERSION_FEATURES
1074 * Allow run-time checking of compile-time enabled features. Thus allowing users
1075 * to check at run-time if the library is for instance compiled with threading
1076 * support via version_check_feature().
1078 * Requires: POLARSSL_VERSION_C
1080 * Comment this to disable run-time checking and save ROM space
1082 #define POLARSSL_VERSION_FEATURES
1085 * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
1087 * If set, the X509 parser will not break-off when parsing an X509 certificate
1088 * and encountering an extension in a v1 or v2 certificate.
1090 * Uncomment to prevent an error.
1092 //#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
1095 * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
1097 * If set, the X509 parser will not break-off when parsing an X509 certificate
1098 * and encountering an unknown critical extension.
1100 * Uncomment to prevent an error.
1102 //#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
1105 * \def POLARSSL_X509_CHECK_KEY_USAGE
1107 * Enable verification of the keyUsage extension (CA and leaf certificates).
1109 * Disabling this avoids problems with mis-issued and/or misused
1110 * (intermediate) CA and leaf certificates.
1112 * \warning Depending on your PKI use, disabling this can be a security risk!
1114 * Comment to skip keyUsage checking for both CA and leaf certificates.
1116 #define POLARSSL_X509_CHECK_KEY_USAGE
1119 * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
1121 * Enable verification of the extendedKeyUsage extension (leaf certificates).
1123 * Disabling this avoids problems with mis-issued and/or misused certificates.
1125 * \warning Depending on your PKI use, disabling this can be a security risk!
1127 * Comment to skip extendedKeyUsage checking for certificates.
1129 #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
1132 * \def POLARSSL_X509_RSASSA_PSS_SUPPORT
1134 * Enable parsing and verification of X.509 certificates, CRLs and CSRS
1135 * signed with RSASSA-PSS (aka PKCS#1 v2.1).
1137 * Comment this macro to disallow using RSASSA-PSS in certificates.
1139 #define POLARSSL_X509_RSASSA_PSS_SUPPORT
1142 * \def POLARSSL_ZLIB_SUPPORT
1144 * If set, the SSL/TLS module uses ZLIB to support compression and
1145 * decompression of packet data.
1147 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
1148 * CRIME attack. Before enabling this option, you should examine with care if
1149 * CRIME or similar exploits may be a applicable to your use case.
1151 * Used in: library/ssl_tls.c
1155 * This feature requires zlib library and headers to be present.
1157 * Uncomment to enable use of ZLIB
1159 //#define POLARSSL_ZLIB_SUPPORT
1160 /* \} name SECTION: mbed TLS feature support */
1163 * \name SECTION: mbed TLS modules
1165 * This section enables or disables entire modules in mbed TLS
1170 * \def POLARSSL_AESNI_C
1172 * Enable AES-NI support on x86-64.
1174 * Module: library/aesni.c
1175 * Caller: library/aes.c
1177 * Requires: POLARSSL_HAVE_ASM
1179 * This modules adds support for the AES-NI instructions on x86-64
1181 #define POLARSSL_AESNI_C
1184 * \def POLARSSL_AES_C
1186 * Enable the AES block cipher.
1188 * Module: library/aes.c
1189 * Caller: library/ssl_tls.c
1191 * library/ctr_drbg.c
1193 * This module enables the following ciphersuites (if other requisites are
1195 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
1196 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
1197 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
1198 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
1199 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
1200 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
1201 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
1202 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
1203 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
1204 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
1205 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
1206 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
1207 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1208 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1209 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1210 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
1211 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
1212 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1213 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1214 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1215 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1216 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1217 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1218 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1219 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
1220 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
1221 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1222 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1223 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1224 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1225 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1226 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
1227 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1228 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
1229 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA
1230 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1231 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
1232 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1233 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
1234 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA
1235 * TLS_RSA_WITH_AES_256_GCM_SHA384
1236 * TLS_RSA_WITH_AES_256_CBC_SHA256
1237 * TLS_RSA_WITH_AES_256_CBC_SHA
1238 * TLS_RSA_WITH_AES_128_GCM_SHA256
1239 * TLS_RSA_WITH_AES_128_CBC_SHA256
1240 * TLS_RSA_WITH_AES_128_CBC_SHA
1241 * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
1242 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
1243 * TLS_RSA_PSK_WITH_AES_256_CBC_SHA
1244 * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
1245 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
1246 * TLS_RSA_PSK_WITH_AES_128_CBC_SHA
1247 * TLS_PSK_WITH_AES_256_GCM_SHA384
1248 * TLS_PSK_WITH_AES_256_CBC_SHA384
1249 * TLS_PSK_WITH_AES_256_CBC_SHA
1250 * TLS_PSK_WITH_AES_128_GCM_SHA256
1251 * TLS_PSK_WITH_AES_128_CBC_SHA256
1252 * TLS_PSK_WITH_AES_128_CBC_SHA
1254 * PEM_PARSE uses AES for decrypting encrypted keys.
1256 #define POLARSSL_AES_C
1259 * \def POLARSSL_ARC4_C
1261 * Enable the ARCFOUR stream cipher.
1263 * Module: library/arc4.c
1264 * Caller: library/ssl_tls.c
1266 * This module enables the following ciphersuites (if other requisites are
1268 * TLS_ECDH_ECDSA_WITH_RC4_128_SHA
1269 * TLS_ECDH_RSA_WITH_RC4_128_SHA
1270 * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
1271 * TLS_ECDHE_RSA_WITH_RC4_128_SHA
1272 * TLS_ECDHE_PSK_WITH_RC4_128_SHA
1273 * TLS_DHE_PSK_WITH_RC4_128_SHA
1274 * TLS_RSA_WITH_RC4_128_SHA
1275 * TLS_RSA_WITH_RC4_128_MD5
1276 * TLS_RSA_PSK_WITH_RC4_128_SHA
1277 * TLS_PSK_WITH_RC4_128_SHA
1279 #define POLARSSL_ARC4_C
1282 * \def POLARSSL_ASN1_PARSE_C
1284 * Enable the generic ASN1 parser.
1286 * Module: library/asn1.c
1287 * Caller: library/x509.c
1293 #define POLARSSL_ASN1_PARSE_C
1296 * \def POLARSSL_ASN1_WRITE_C
1298 * Enable the generic ASN1 writer.
1300 * Module: library/asn1write.c
1301 * Caller: library/ecdsa.c
1303 * library/x509_create.c
1304 * library/x509write_crt.c
1305 * library/x509write_csr.c
1307 #define POLARSSL_ASN1_WRITE_C
1310 * \def POLARSSL_BASE64_C
1312 * Enable the Base64 module.
1314 * Module: library/base64.c
1315 * Caller: library/pem.c
1317 * This module is required for PEM support (required by X.509).
1319 #define POLARSSL_BASE64_C
1322 * \def POLARSSL_BIGNUM_C
1324 * Enable the multi-precision integer library.
1326 * Module: library/bignum.c
1327 * Caller: library/dhm.c
1333 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
1335 #define POLARSSL_BIGNUM_C
1338 * \def POLARSSL_BLOWFISH_C
1340 * Enable the Blowfish block cipher.
1342 * Module: library/blowfish.c
1344 #define POLARSSL_BLOWFISH_C
1347 * \def POLARSSL_CAMELLIA_C
1349 * Enable the Camellia block cipher.
1351 * Module: library/camellia.c
1352 * Caller: library/ssl_tls.c
1354 * This module enables the following ciphersuites (if other requisites are
1356 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1357 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1358 * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
1359 * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
1360 * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1361 * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1362 * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
1363 * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
1364 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
1365 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1366 * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
1367 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
1368 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
1369 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
1370 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1371 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
1372 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1373 * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
1374 * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
1375 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1376 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1377 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1378 * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
1379 * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
1380 * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
1381 * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
1382 * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
1383 * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
1384 * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
1385 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1386 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1387 * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
1388 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1389 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1390 * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
1391 * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
1392 * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
1393 * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
1394 * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
1395 * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
1396 * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
1397 * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
1399 #define POLARSSL_CAMELLIA_C
1402 * \def POLARSSL_CCM_C
1404 * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
1406 * Module: library/ccm.c
1408 * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
1410 * This module enables the AES-CCM ciphersuites, if other requisites are
1413 #define POLARSSL_CCM_C
1416 * \def POLARSSL_CERTS_C
1418 * Enable the test certificates.
1420 * Module: library/certs.c
1423 * Requires: POLARSSL_PEM_PARSE_C
1425 * This module is used for testing (ssl_client/server).
1427 //#define POLARSSL_CERTS_C
1430 * \def POLARSSL_CIPHER_C
1432 * Enable the generic cipher layer.
1434 * Module: library/cipher.c
1435 * Caller: library/ssl_tls.c
1437 * Uncomment to enable generic cipher wrappers.
1439 #define POLARSSL_CIPHER_C
1442 * \def POLARSSL_CTR_DRBG_C
1444 * Enable the CTR_DRBG AES-256-based random generator.
1446 * Module: library/ctr_drbg.c
1449 * Requires: POLARSSL_AES_C
1451 * This module provides the CTR_DRBG AES-256 random number generator.
1453 #define POLARSSL_CTR_DRBG_C
1456 * \def POLARSSL_DEBUG_C
1458 * Enable the debug functions.
1460 * Module: library/debug.c
1461 * Caller: library/ssl_cli.c
1465 * This module provides debugging functions.
1468 #define POLARSSL_DEBUG_C /* (enable debug prints only if ReactOS is being built with tracing) */
1472 * \def POLARSSL_DES_C
1474 * Enable the DES block cipher.
1476 * Module: library/des.c
1477 * Caller: library/pem.c
1480 * This module enables the following ciphersuites (if other requisites are
1482 * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
1483 * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
1484 * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
1485 * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
1486 * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1487 * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
1488 * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
1489 * TLS_RSA_WITH_3DES_EDE_CBC_SHA
1490 * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
1491 * TLS_PSK_WITH_3DES_EDE_CBC_SHA
1493 * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
1495 #define POLARSSL_DES_C
1498 * \def POLARSSL_DHM_C
1500 * Enable the Diffie-Hellman-Merkle module.
1502 * Module: library/dhm.c
1503 * Caller: library/ssl_cli.c
1506 * This module is used by the following key exchanges:
1509 #define POLARSSL_DHM_C
1512 * \def POLARSSL_ECDH_C
1514 * Enable the elliptic curve Diffie-Hellman library.
1516 * Module: library/ecdh.c
1517 * Caller: library/ssl_cli.c
1520 * This module is used by the following key exchanges:
1521 * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
1523 * Requires: POLARSSL_ECP_C
1525 #define POLARSSL_ECDH_C
1528 * \def POLARSSL_ECDSA_C
1530 * Enable the elliptic curve DSA library.
1532 * Module: library/ecdsa.c
1535 * This module is used by the following key exchanges:
1538 * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
1540 #define POLARSSL_ECDSA_C
1543 * \def POLARSSL_ECP_C
1545 * Enable the elliptic curve over GF(p) library.
1547 * Module: library/ecp.c
1548 * Caller: library/ecdh.c
1551 * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
1553 #define POLARSSL_ECP_C
1556 * \def POLARSSL_ENTROPY_C
1558 * Enable the platform-specific entropy code.
1560 * Module: library/entropy.c
1563 * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C
1565 * This module provides a generic entropy pool
1567 #define POLARSSL_ENTROPY_C
1570 * \def POLARSSL_ERROR_C
1572 * Enable error code to error string conversion.
1574 * Module: library/error.c
1577 * This module enables polarssl_strerror().
1579 //#define POLARSSL_ERROR_C
1582 * \def POLARSSL_GCM_C
1584 * Enable the Galois/Counter Mode (GCM) for AES.
1586 * Module: library/gcm.c
1588 * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
1590 * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
1591 * requisites are enabled as well.
1593 #define POLARSSL_GCM_C
1596 * \def POLARSSL_HAVEGE_C
1598 * Enable the HAVEGE random generator.
1600 * Warning: the HAVEGE random generator is not suitable for virtualized
1603 * Warning: the HAVEGE random generator is dependent on timing and specific
1604 * processor traits. It is therefore not advised to use HAVEGE as
1605 * your applications primary random generator or primary entropy pool
1606 * input. As a secondary input to your entropy pool, it IS able add
1607 * the (limited) extra entropy it provides.
1609 * Module: library/havege.c
1612 * Requires: POLARSSL_TIMING_C
1614 * Uncomment to enable the HAVEGE random generator.
1616 //#define POLARSSL_HAVEGE_C
1619 * \def POLARSSL_HMAC_DRBG_C
1621 * Enable the HMAC_DRBG random generator.
1623 * Module: library/hmac_drbg.c
1626 * Requires: POLARSSL_MD_C
1628 * Uncomment to enable the HMAC_DRBG random number geerator.
1630 #define POLARSSL_HMAC_DRBG_C
1633 * \def POLARSSL_MD_C
1635 * Enable the generic message digest layer.
1637 * Module: library/md.c
1640 * Uncomment to enable generic message digest wrappers.
1642 #define POLARSSL_MD_C
1645 * \def POLARSSL_MD2_C
1647 * Enable the MD2 hash algorithm.
1649 * Module: library/md2.c
1652 * Uncomment to enable support for (rare) MD2-signed X.509 certs.
1654 //#define POLARSSL_MD2_C
1657 * \def POLARSSL_MD4_C
1659 * Enable the MD4 hash algorithm.
1661 * Module: library/md4.c
1664 * Uncomment to enable support for (rare) MD4-signed X.509 certs.
1666 //#define POLARSSL_MD4_C
1669 * \def POLARSSL_MD5_C
1671 * Enable the MD5 hash algorithm.
1673 * Module: library/md5.c
1674 * Caller: library/md.c
1678 * This module is required for SSL/TLS and X.509.
1679 * PEM_PARSE uses MD5 for decrypting encrypted keys.
1681 #define POLARSSL_MD5_C
1684 * \def POLARSSL_MEMORY_C
1685 * Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead.
1686 * Depends on: POLARSSL_PLATFORM_C
1688 //#define POLARSSL_MEMORY_C
1691 * \def POLARSSL_MEMORY_BUFFER_ALLOC_C
1693 * Enable the buffer allocator implementation that makes use of a (stack)
1694 * based buffer to 'allocate' dynamic memory. (replaces malloc() and free()
1697 * Module: library/memory_buffer_alloc.c
1699 * Requires: POLARSSL_PLATFORM_C
1700 * POLARSSL_PLATFORM_MEMORY (to use it within mbed TLS)
1702 * Enable this module to enable the buffer memory allocator.
1704 //#define POLARSSL_MEMORY_BUFFER_ALLOC_C
1707 * \def POLARSSL_NET_C
1709 * Enable the TCP/IP networking routines.
1711 * Module: library/net.c
1713 * This module provides TCP/IP networking routines.
1715 //#define POLARSSL_NET_C /* (swyter: we don't use the network routines, in fact in schannel we replace them with our own shim to forward the managed network buffers) */
1718 * \def POLARSSL_OID_C
1720 * Enable the OID database.
1722 * Module: library/oid.c
1723 * Caller: library/asn1write.c
1729 * library/x509_create.c
1730 * library/x509_crl.c
1731 * library/x509_crt.c
1732 * library/x509_csr.c
1733 * library/x509write_crt.c
1734 * library/x509write_csr.c
1736 * This modules translates between OIDs and internal values.
1738 #define POLARSSL_OID_C
1741 * \def POLARSSL_PADLOCK_C
1743 * Enable VIA Padlock support on x86.
1745 * Module: library/padlock.c
1746 * Caller: library/aes.c
1748 * Requires: POLARSSL_HAVE_ASM
1750 * This modules adds support for the VIA PadLock on x86.
1752 #define POLARSSL_PADLOCK_C
1755 * \def POLARSSL_PBKDF2_C
1757 * Enable PKCS#5 PBKDF2 key derivation function.
1758 * DEPRECATED: Use POLARSSL_PKCS5_C instead
1760 * Module: library/pbkdf2.c
1762 * Requires: POLARSSL_PKCS5_C
1764 * This module adds support for the PKCS#5 PBKDF2 key derivation function.
1766 #define POLARSSL_PBKDF2_C
1769 * \def POLARSSL_PEM_PARSE_C
1771 * Enable PEM decoding / parsing.
1773 * Module: library/pem.c
1774 * Caller: library/dhm.c
1776 * library/x509_crl.c
1777 * library/x509_crt.c
1778 * library/x509_csr.c
1780 * Requires: POLARSSL_BASE64_C
1782 * This modules adds support for decoding / parsing PEM files.
1784 #define POLARSSL_PEM_PARSE_C
1787 * \def POLARSSL_PEM_WRITE_C
1789 * Enable PEM encoding / writing.
1791 * Module: library/pem.c
1792 * Caller: library/pkwrite.c
1793 * library/x509write_crt.c
1794 * library/x509write_csr.c
1796 * Requires: POLARSSL_BASE64_C
1798 * This modules adds support for encoding / writing PEM files.
1800 #define POLARSSL_PEM_WRITE_C
1803 * \def POLARSSL_PK_C
1805 * Enable the generic public (asymetric) key layer.
1807 * Module: library/pk.c
1808 * Caller: library/ssl_tls.c
1812 * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
1814 * Uncomment to enable generic public key wrappers.
1816 #define POLARSSL_PK_C
1819 * \def POLARSSL_PK_PARSE_C
1821 * Enable the generic public (asymetric) key parser.
1823 * Module: library/pkparse.c
1824 * Caller: library/x509_crt.c
1825 * library/x509_csr.c
1827 * Requires: POLARSSL_PK_C
1829 * Uncomment to enable generic public key parse functions.
1831 #define POLARSSL_PK_PARSE_C
1834 * \def POLARSSL_PK_WRITE_C
1836 * Enable the generic public (asymetric) key writer.
1838 * Module: library/pkwrite.c
1839 * Caller: library/x509write.c
1841 * Requires: POLARSSL_PK_C
1843 * Uncomment to enable generic public key write functions.
1845 //#define POLARSSL_PK_WRITE_C
1848 * \def POLARSSL_PKCS5_C
1850 * Enable PKCS#5 functions.
1852 * Module: library/pkcs5.c
1854 * Requires: POLARSSL_MD_C
1856 * This module adds support for the PKCS#5 functions.
1858 #define POLARSSL_PKCS5_C
1861 * \def POLARSSL_PKCS11_C
1863 * Enable wrapper for PKCS#11 smartcard support.
1865 * Module: library/pkcs11.c
1866 * Caller: library/pk.c
1868 * Requires: POLARSSL_PK_C
1870 * This module enables SSL/TLS PKCS #11 smartcard support.
1871 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
1873 //#define POLARSSL_PKCS11_C
1876 * \def POLARSSL_PKCS12_C
1878 * Enable PKCS#12 PBE functions.
1879 * Adds algorithms for parsing PKCS#8 encrypted private keys
1881 * Module: library/pkcs12.c
1882 * Caller: library/pkparse.c
1884 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C
1885 * Can use: POLARSSL_ARC4_C
1887 * This module enables PKCS#12 functions.
1889 #define POLARSSL_PKCS12_C
1892 * \def POLARSSL_PLATFORM_C
1894 * Enable the platform abstraction layer that allows you to re-assign
1895 * functions like malloc(), free(), printf(), fprintf()
1897 * Module: library/platform.c
1898 * Caller: Most other .c files
1900 * This module enables abstraction of common (libc) functions.
1902 #define POLARSSL_PLATFORM_C
1905 * \def POLARSSL_RIPEMD160_C
1907 * Enable the RIPEMD-160 hash algorithm.
1909 * Module: library/ripemd160.c
1910 * Caller: library/md.c
1913 #define POLARSSL_RIPEMD160_C
1916 * \def POLARSSL_RSA_C
1918 * Enable the RSA public-key cryptosystem.
1920 * Module: library/rsa.c
1921 * Caller: library/ssl_cli.c
1926 * This module is used by the following key exchanges:
1927 * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
1929 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
1931 #define POLARSSL_RSA_C
1934 * \def POLARSSL_SHA1_C
1936 * Enable the SHA1 cryptographic hash algorithm.
1938 * Module: library/sha1.c
1939 * Caller: library/md.c
1943 * library/x509write_crt.c
1945 * This module is required for SSL/TLS and SHA1-signed certificates.
1947 #define POLARSSL_SHA1_C
1950 * \def POLARSSL_SHA256_C
1952 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
1953 * (Used to be POLARSSL_SHA2_C)
1955 * Module: library/sha256.c
1956 * Caller: library/entropy.c
1962 * This module adds support for SHA-224 and SHA-256.
1963 * This module is required for the SSL/TLS 1.2 PRF function.
1965 #define POLARSSL_SHA256_C
1968 * \def POLARSSL_SHA512_C
1970 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
1971 * (Used to be POLARSSL_SHA4_C)
1973 * Module: library/sha512.c
1974 * Caller: library/entropy.c
1979 * This module adds support for SHA-384 and SHA-512.
1981 #define POLARSSL_SHA512_C
1984 * \def POLARSSL_SSL_CACHE_C
1986 * Enable simple SSL cache implementation.
1988 * Module: library/ssl_cache.c
1991 * Requires: POLARSSL_SSL_CACHE_C
1993 //#define POLARSSL_SSL_CACHE_C /* (swyter: the schannel API shim thingie does not expose enough data for this one, maybe in the future, but not prioritary) */
1996 * \def POLARSSL_SSL_CLI_C
1998 * Enable the SSL/TLS client code.
2000 * Module: library/ssl_cli.c
2003 * Requires: POLARSSL_SSL_TLS_C
2005 * This module is required for SSL/TLS client support.
2007 #define POLARSSL_SSL_CLI_C
2010 * \def POLARSSL_SSL_SRV_C
2012 * Enable the SSL/TLS server code.
2014 * Module: library/ssl_srv.c
2017 * Requires: POLARSSL_SSL_TLS_C
2019 * This module is required for SSL/TLS server support.
2021 //#define POLARSSL_SSL_SRV_C
2024 * \def POLARSSL_SSL_TLS_C
2026 * Enable the generic SSL/TLS code.
2028 * Module: library/ssl_tls.c
2029 * Caller: library/ssl_cli.c
2032 * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
2033 * and at least one of the POLARSSL_SSL_PROTO_* defines
2035 * This module is required for SSL/TLS.
2037 #define POLARSSL_SSL_TLS_C
2040 * \def POLARSSL_THREADING_C
2042 * Enable the threading abstraction layer.
2043 * By default mbed TLS assumes it is used in a non-threaded environment or that
2044 * contexts are not shared between threads. If you do intend to use contexts
2045 * between threads, you will need to enable this layer to prevent race
2048 * Module: library/threading.c
2050 * This allows different threading implementations (self-implemented or
2053 * You will have to enable either POLARSSL_THREADING_ALT or
2054 * POLARSSL_THREADING_PTHREAD.
2056 * Enable this layer to allow use of mutexes within mbed TLS
2058 //#define POLARSSL_THREADING_C
2061 * \def POLARSSL_TIMING_C
2063 * Enable the portable timing interface.
2065 * Module: library/timing.c
2066 * Caller: library/havege.c
2068 * This module is used by the HAVEGE random number generator.
2070 #define POLARSSL_TIMING_C
2073 * \def POLARSSL_VERSION_C
2075 * Enable run-time version information.
2077 * Module: library/version.c
2079 * This module provides run-time version information.
2081 #define POLARSSL_VERSION_C
2084 * \def POLARSSL_X509_USE_C
2086 * Enable X.509 core for using certificates.
2088 * Module: library/x509.c
2089 * Caller: library/x509_crl.c
2090 * library/x509_crt.c
2091 * library/x509_csr.c
2093 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
2094 * POLARSSL_PK_PARSE_C
2096 * This module is required for the X.509 parsing modules.
2098 #define POLARSSL_X509_USE_C
2101 * \def POLARSSL_X509_CRT_PARSE_C
2103 * Enable X.509 certificate parsing.
2105 * Module: library/x509_crt.c
2106 * Caller: library/ssl_cli.c
2110 * Requires: POLARSSL_X509_USE_C
2112 * This module is required for X.509 certificate parsing.
2114 #define POLARSSL_X509_CRT_PARSE_C
2117 * \def POLARSSL_X509_CRL_PARSE_C
2119 * Enable X.509 CRL parsing.
2121 * Module: library/x509_crl.c
2122 * Caller: library/x509_crt.c
2124 * Requires: POLARSSL_X509_USE_C
2126 * This module is required for X.509 CRL parsing.
2128 //#define POLARSSL_X509_CRL_PARSE_C
2131 * \def POLARSSL_X509_CSR_PARSE_C
2133 * Enable X.509 Certificate Signing Request (CSR) parsing.
2135 * Module: library/x509_csr.c
2136 * Caller: library/x509_crt_write.c
2138 * Requires: POLARSSL_X509_USE_C
2140 * This module is used for reading X.509 certificate request.
2142 //#define POLARSSL_X509_CSR_PARSE_C
2145 * \def POLARSSL_X509_CREATE_C
2147 * Enable X.509 core for creating certificates.
2149 * Module: library/x509_create.c
2151 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
2153 * This module is the basis for creating X.509 certificates and CSRs.
2155 //#define POLARSSL_X509_CREATE_C
2158 * \def POLARSSL_X509_CRT_WRITE_C
2160 * Enable creating X.509 certificates.
2162 * Module: library/x509_crt_write.c
2164 * Requires: POLARSSL_CREATE_C
2166 * This module is required for X.509 certificate creation.
2168 //#define POLARSSL_X509_CRT_WRITE_C
2171 * \def POLARSSL_X509_CSR_WRITE_C
2173 * Enable creating X.509 Certificate Signing Requests (CSR).
2175 * Module: library/x509_csr_write.c
2177 * Requires: POLARSSL_CREATE_C
2179 * This module is required for X.509 certificate request writing.
2181 //#define POLARSSL_X509_CSR_WRITE_C
2184 * \def POLARSSL_XTEA_C
2186 * Enable the XTEA block cipher.
2188 * Module: library/xtea.c
2191 #define POLARSSL_XTEA_C
2193 /* \} name SECTION: mbed TLS modules */
2196 * \name SECTION: Module configuration options
2198 * This section allows for the setting of module specific sizes and
2199 * configuration options. The default values are already present in the
2200 * relevant header files and should suffice for the regular use cases.
2202 * Our advice is to enable options and change their values here
2203 * only if you have a good reason and know the consequences.
2205 * Please check the respective header file for documentation on these
2206 * parameters (to prevent duplicate documentation).
2210 /* MPI / BIGNUM options */
2211 //#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
2212 //#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
2214 /* CTR_DRBG options */
2215 //#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
2216 //#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
2217 //#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
2218 //#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
2219 //#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
2221 /* HMAC_DRBG options */
2222 //#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
2223 //#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
2224 //#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
2225 //#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
2228 //#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
2229 //#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
2230 //#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
2232 /* Entropy options */
2233 //#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
2234 //#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
2236 /* Memory buffer allocator options */
2237 //#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
2239 /* Platform options */
2240 //#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
2241 //#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */
2242 //#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
2243 //#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
2244 //#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
2246 /* SSL Cache options */
2247 //#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
2248 //#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
2251 //#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
2252 //#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
2253 //#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
2256 * Complete list of ciphersuites to use, in order of preference.
2258 * \warning No dependency checking is done on that field! This option can only
2259 * be used to restrict the set of available ciphersuites. It is your
2260 * responsibility to make sure the needed modules are active.
2262 * Use this to save a few hundred bytes of ROM (default ordering of all
2263 * available ciphersuites) and a few to a few hundred bytes of RAM.
2265 * The value below is only an example, not the default.
2267 //#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2270 //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
2273 //#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
2275 /* \} name SECTION: Module configuration options */
2277 #include "check_config.h"
2279 #endif /* POLARSSL_CONFIG_H */