/** * \file config.h * * \brief Configuration options (set of defines) * * Copyright (C) 2006-2012, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker * * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * This set of compile-time options may be used to enable * or disable features selectively, and reduce the global * memory footprint. */ #ifndef POLARSSL_CONFIG_H #define POLARSSL_CONFIG_H #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif /** * \name SECTION: System support * * This section sets system specific settings. * \{ */ /** * \def POLARSSL_HAVE_INT8 * * The system uses 8-bit wide native integers. * * Uncomment if native integers are 8-bit wide. #define POLARSSL_HAVE_INT8 */ /** * \def POLARSSL_HAVE_INT16 * * The system uses 16-bit wide native integers. * * Uncomment if native integers are 16-bit wide. #define POLARSSL_HAVE_INT16 */ /** * \def POLARSSL_HAVE_LONGLONG * * The compiler supports the 'long long' type. * (Only used on 32-bit platforms) */ #define POLARSSL_HAVE_LONGLONG /** * \def POLARSSL_HAVE_ASM * * The compiler has support for asm() * * Uncomment to enable the use of assembly code. * * Requires support for asm() in compiler. * * Used in: * library/timing.c * library/padlock.c * include/polarssl/bn_mul.h * */ #define POLARSSL_HAVE_ASM /** * \def POLARSSL_HAVE_SSE2 * * CPU supports SSE2 instruction set. * * Uncomment if the CPU supports SSE2 (IA-32 specific). * #define POLARSSL_HAVE_SSE2 */ /* \} name */ /** * \name SECTION: PolarSSL feature support * * This section sets support for features that are or are not needed * within the modules that are enabled. * \{ */ /** * \def POLARSSL_AES_ROM_TABLES * * Store the AES tables in ROM. * * Uncomment this macro to store the AES tables in ROM. * #define POLARSSL_AES_ROM_TABLES */ /** * \def POLARSSL_CIPHER_MODE_CFB * * Enable Cipher Feedback mode (CFB) for symmetric ciphers. */ #define POLARSSL_CIPHER_MODE_CFB /** * \def POLARSSL_CIPHER_MODE_CTR * * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. */ #define POLARSSL_CIPHER_MODE_CTR /** * \def POLARSSL_CIPHER_NULL_CIPHER * * Enable NULL cipher. * Warning: Only do so when you know what you are doing. This allows for * encryption or channels without any security! * * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable * the following ciphersuites: * TLS_RSA_WITH_NULL_MD5 * TLS_RSA_WITH_NULL_SHA * TLS_RSA_WITH_NULL_SHA256 * * Uncomment this macro to enable the NULL cipher and ciphersuites #define POLARSSL_CIPHER_NULL_CIPHER */ /** * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES * * Enable weak ciphersuites in SSL / TLS * Warning: Only do so when you know what you are doing. This allows for * channels with virtually no security at all! * * This enables the following ciphersuites: * TLS_RSA_WITH_DES_CBC_SHA * TLS_DHE_RSA_WITH_DES_CBC_SHA * * Uncomment this macro to enable weak ciphersuites #define POLARSSL_ENABLE_WEAK_CIPHERSUITES */ /** * \def POLARSSL_ERROR_STRERROR_DUMMY * * Enable a dummy error function to make use of error_strerror() in * third party libraries easier. * * Disable if you run into name conflicts and want to really remove the * error_strerror() */ #define POLARSSL_ERROR_STRERROR_DUMMY /** * \def POLARSSL_GENPRIME * * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C * * Enable the RSA prime-number generation code. */ #define POLARSSL_GENPRIME /** * \def POLARSSL_FS_IO * * Enable functions that use the filesystem. */ #define POLARSSL_FS_IO /** * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES * * Do not add default entropy sources. These are the platform specific, * hardclock and HAVEGE based poll functions. * * This is useful to have more control over the added entropy sources in an * application. * * Uncomment this macro to prevent loading of default entropy functions. #define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */ /** * \def POLARSSL_NO_PLATFORM_ENTROPY * * Do not use built-in platform entropy functions. * This is useful if your platform does not support * standards like the /dev/urandom or Windows CryptoAPI. * * Uncomment this macro to disable the built-in platform entropy functions. #define POLARSSL_NO_PLATFORM_ENTROPY */ /** * \def POLARSSL_PKCS1_V21 * * Requires: POLARSSL_MD_C, POLARSSL_RSA_C * * Enable support for PKCS#1 v2.1 encoding. * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ #define POLARSSL_PKCS1_V21 /** * \def POLARSSL_RSA_NO_CRT * * Do not use the Chinese Remainder Theorem for the RSA private operation. * * Uncomment this macro to disable the use of CRT in RSA. * #define POLARSSL_RSA_NO_CRT */ /** * \def POLARSSL_SELF_TEST * * Enable the checkup functions (*_self_test). */ #define POLARSSL_SELF_TEST /** * \def POLARSSL_SSL_ALL_ALERT_MESSAGES * * Enable sending of alert messages in case of encountered errors as per RFC. * If you choose not to send the alert messages, PolarSSL can still communicate * with other servers, only debugging of failures is harder. * * The advantage of not sending alert messages, is that no information is given * about reasons for failures thus preventing adversaries of gaining intel. * * Enable sending of all alert messages */ #define POLARSSL_SSL_ALERT_MESSAGES /** * \def POLARSSL_SSL_DEBUG_ALL * * Enable the debug messages in SSL module for all issues. * Debug messages have been disabled in some places to prevent timing * attacks due to (unbalanced) debugging function calls. * * If you need all error reporting you should enable this during debugging, * but remove this for production servers that should log as well. * * Uncomment this macro to report all debug messages on errors introducing * a timing side-channel. * #define POLARSSL_SSL_DEBUG_ALL */ /** * \def POLARSSL_SSL_HW_RECORD_ACCEL * * Enable hooking functions in SSL module for hardware acceleration of * individual records. * * Uncomment this macro to enable hooking functions. #define POLARSSL_SSL_HW_RECORD_ACCEL */ /** * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO * * Enable support for receiving and parsing SSLv2 Client Hello messages for the * SSL Server module (POLARSSL_SSL_SRV_C) * * Comment this macro to disable support for SSLv2 Client Hello messages. */ #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO /** * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION * * If set, the X509 parser will not break-off when parsing an X509 certificate * and encountering an unknown critical extension. * * Uncomment to prevent an error. * #define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ /** * \def POLARSSL_ZLIB_SUPPORT * * If set, the SSL/TLS module uses ZLIB to support compression and * decompression of packet data. * * Used in: library/ssl_tls.c * library/ssl_cli.c * library/ssl_srv.c * * This feature requires zlib library and headers to be present. * * Uncomment to enable use of ZLIB #define POLARSSL_ZLIB_SUPPORT */ /* \} name */ /** * \name SECTION: PolarSSL modules * * This section enables or disables entire modules in PolarSSL * \{ */ /** * \def POLARSSL_AES_C * * Enable the AES block cipher. * * Module: library/aes.c * Caller: library/ssl_tls.c * library/pem.c * library/ctr_drbg.c * * This module enables the following ciphersuites (if other requisites are * enabled as well): * TLS_RSA_WITH_AES_128_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA * TLS_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_256_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * TLS_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_256_GCM_SHA384 * * PEM uses AES for decrypting encrypted keys. */ #define POLARSSL_AES_C /** * \def POLARSSL_ARC4_C * * Enable the ARCFOUR stream cipher. * * Module: library/arc4.c * Caller: library/ssl_tls.c * * This module enables the following ciphersuites: * TLS_RSA_WITH_RC4_128_MD5 * TLS_RSA_WITH_RC4_128_SHA */ #define POLARSSL_ARC4_C /** * \def POLARSSL_ASN1_PARSE_C * * Enable the generic ASN1 parser. * * Module: library/asn1.c * Caller: library/x509parse.c */ #define POLARSSL_ASN1_PARSE_C /** * \def POLARSSL_ASN1_WRITE_C * * Enable the generic ASN1 writer. * * Module: library/asn1write.c */ #define POLARSSL_ASN1_WRITE_C /** * \def POLARSSL_BASE64_C * * Enable the Base64 module. * * Module: library/base64.c * Caller: library/pem.c * * This module is required for PEM support (required by X.509). */ #define POLARSSL_BASE64_C /** * \def POLARSSL_BIGNUM_C * * Enable the multi-precision integer library. * * Module: library/bignum.c * Caller: library/dhm.c * library/rsa.c * library/ssl_tls.c * library/x509parse.c * * This module is required for RSA and DHM support. */ #define POLARSSL_BIGNUM_C /** * \def POLARSSL_BLOWFISH_C * * Enable the Blowfish block cipher. * * Module: library/blowfish.c */ #define POLARSSL_BLOWFISH_C /** * \def POLARSSL_CAMELLIA_C * * Enable the Camellia block cipher. * * Module: library/camellia.c * Caller: library/ssl_tls.c * * This module enables the following ciphersuites (if other requisites are * enabled as well): * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ #define POLARSSL_CAMELLIA_C /** * \def POLARSSL_CERTS_C * * Enable the test certificates. * * Module: library/certs.c * Caller: * * This module is used for testing (ssl_client/server). */ #define POLARSSL_CERTS_C /** * \def POLARSSL_CIPHER_C * * Enable the generic cipher layer. * * Module: library/cipher.c * Caller: * * Uncomment to enable generic cipher wrappers. */ #define POLARSSL_CIPHER_C /** * \def POLARSSL_CTR_DRBG_C * * Enable the CTR_DRBG AES-256-based random generator * * Module: library/ctr_drbg.c * Caller: * * Requires: POLARSSL_AES_C * * This module provides the CTR_DRBG AES-256 random number generator. */ #define POLARSSL_CTR_DRBG_C /** * \def POLARSSL_DEBUG_C * * Enable the debug functions. * * Module: library/debug.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c * * This module provides debugging functions. */ #define POLARSSL_DEBUG_C /** * \def POLARSSL_DES_C * * Enable the DES block cipher. * * Module: library/des.c * Caller: library/pem.c * library/ssl_tls.c * * This module enables the following ciphersuites (if other requisites are * enabled as well): * TLS_RSA_WITH_3DES_EDE_CBC_SHA * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA * * PEM uses DES/3DES for decrypting encrypted keys. */ #define POLARSSL_DES_C /** * \def POLARSSL_DHM_C * * Enable the Diffie-Hellman-Merkle key exchange. * * Module: library/dhm.c * Caller: library/ssl_cli.c * library/ssl_srv.c * * This module enables the following ciphersuites (if other requisites are * enabled as well): * TLS_DHE_RSA_WITH_DES_CBC_SHA * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ #define POLARSSL_DHM_C /** * \def POLARSSL_ENTROPY_C * * Enable the platform-specific entropy code. * * Module: library/entropy.c * Caller: * * Requires: POLARSSL_SHA4_C * * This module provides a generic entropy pool */ #define POLARSSL_ENTROPY_C /** * \def POLARSSL_ERROR_C * * Enable error code to error string conversion. * * Module: library/error.c * Caller: * * This module enables err_strerror(). */ #define POLARSSL_ERROR_C /** * \def POLARSSL_GCM_C * * Enable the Galois/Counter Mode (GCM) for AES * * Module: library/gcm.c * * Requires: POLARSSL_AES_C * * This module enables the following ciphersuites (if other requisites are * enabled as well): * TLS_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_256_GCM_SHA384 */ #define POLARSSL_GCM_C /** * \def POLARSSL_HAVEGE_C * * Enable the HAVEGE random generator. * * Module: library/havege.c * Caller: * * Requires: POLARSSL_TIMING_C * * This module enables the HAVEGE random number generator. */ #define POLARSSL_HAVEGE_C /** * \def POLARSSL_MD_C * * Enable the generic message digest layer. * * Module: library/md.c * Caller: * * Uncomment to enable generic message digest wrappers. */ #define POLARSSL_MD_C /** * \def POLARSSL_MD2_C * * Enable the MD2 hash algorithm * * Module: library/md2.c * Caller: library/x509parse.c * * Uncomment to enable support for (rare) MD2-signed X.509 certs. * #define POLARSSL_MD2_C */ /** * \def POLARSSL_MD4_C * * Enable the MD4 hash algorithm * * Module: library/md4.c * Caller: library/x509parse.c * * Uncomment to enable support for (rare) MD4-signed X.509 certs. * #define POLARSSL_MD4_C */ /** * \def POLARSSL_MD5_C * * Enable the MD5 hash algorithm * * Module: library/md5.c * Caller: library/pem.c * library/ssl_tls.c * library/x509parse.c * * This module is required for SSL/TLS and X.509. * PEM uses MD5 for decrypting encrypted keys. */ #define POLARSSL_MD5_C /** * \def POLARSSL_NET_C * * Enable the TCP/IP networking routines. * * Module: library/net.c * Caller: * * This module provides TCP/IP networking routines. */ #define POLARSSL_NET_C /** * \def POLARSSL_PADLOCK_C * * Enable VIA Padlock support on x86. * * Module: library/padlock.c * Caller: library/aes.c * * This modules adds support for the VIA PadLock on x86. */ #define POLARSSL_PADLOCK_C /** * \def POLARSSL_PBKDF2_C * * Enable PKCS#5 PBKDF2 key derivation function * * Module: library/pbkdf2.c * * Requires: POLARSSL_MD_C * * This module adds support for the PKCS#5 PBKDF2 key derivation function. #define POLARSSL_PBKDF2_C */ /** * \def POLARSSL_PEM_C * * Enable PEM decoding * * Module: library/pem.c * Caller: library/x509parse.c * * Requires: POLARSSL_BASE64_C * * This modules adds support for decoding PEM files. */ #define POLARSSL_PEM_C /** * \def POLARSSL_PKCS11_C * * Enable wrapper for PKCS#11 smartcard support. * * Module: library/ssl_srv.c * Caller: library/ssl_cli.c * library/ssl_srv.c * * Requires: POLARSSL_SSL_TLS_C * * This module enables SSL/TLS PKCS #11 smartcard support. * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) #define POLARSSL_PKCS11_C */ /** * \def POLARSSL_RSA_C * * Enable the RSA public-key cryptosystem. * * Module: library/rsa.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c * library/x509.c * * Requires: POLARSSL_BIGNUM_C * * This module is required for SSL/TLS and MD5-signed certificates. */ #define POLARSSL_RSA_C /** * \def POLARSSL_SHA1_C * * Enable the SHA1 cryptographic hash algorithm. * * Module: library/sha1.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c * library/x509parse.c * * This module is required for SSL/TLS and SHA1-signed certificates. */ #define POLARSSL_SHA1_C /** * \def POLARSSL_SHA2_C * * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * * Module: library/sha2.c * Caller: library/md_wrap.c * library/x509parse.c * * This module adds support for SHA-224 and SHA-256. * This module is required for the SSL/TLS 1.2 PRF function. */ #define POLARSSL_SHA2_C /** * \def POLARSSL_SHA4_C * * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * * Module: library/sha4.c * Caller: library/md_wrap.c * library/x509parse.c * * This module adds support for SHA-384 and SHA-512. */ #define POLARSSL_SHA4_C /** * \def POLARSSL_SSL_CACHE_C * * Enable simple SSL cache implementation. * * Module: library/ssl_cache.c * Caller: * * Requires: POLARSSL_SSL_CACHE_C */ #define POLARSSL_SSL_CACHE_C /** * \def POLARSSL_SSL_CLI_C * * Enable the SSL/TLS client code. * * Module: library/ssl_cli.c * Caller: * * Requires: POLARSSL_SSL_TLS_C * * This module is required for SSL/TLS client support. */ #define POLARSSL_SSL_CLI_C /** * \def POLARSSL_SSL_SRV_C * * Enable the SSL/TLS server code. * * Module: library/ssl_srv.c * Caller: * * Requires: POLARSSL_SSL_TLS_C * * This module is required for SSL/TLS server support. */ #define POLARSSL_SSL_SRV_C /** * \def POLARSSL_SSL_TLS_C * * Enable the generic SSL/TLS code. * * Module: library/ssl_tls.c * Caller: library/ssl_cli.c * library/ssl_srv.c * * Requires: POLARSSL_MD5_C, POLARSSL_SHA1_C, POLARSSL_X509_PARSE_C * * This module is required for SSL/TLS. */ #define POLARSSL_SSL_TLS_C /** * \def POLARSSL_TIMING_C * * Enable the portable timing interface. * * Module: library/timing.c * Caller: library/havege.c * * This module is used by the HAVEGE random number generator. */ #define POLARSSL_TIMING_C /** * \def POLARSSL_VERSION_C * * Enable run-time version information. * * Module: library/version.c * * This module provides run-time version information. */ #define POLARSSL_VERSION_C /** * \def POLARSSL_X509_PARSE_C * * Enable X.509 certificate parsing. * * Module: library/x509parse.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c * * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_RSA_C * * This module is required for X.509 certificate parsing. */ #define POLARSSL_X509_PARSE_C /** * \def POLARSSL_X509_WRITE_C * * Enable X.509 buffer writing. * * Module: library/x509write.c * * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C * * This module is required for X.509 certificate request writing. */ #define POLARSSL_X509_WRITE_C /** * \def POLARSSL_XTEA_C * * Enable the XTEA block cipher. * * Module: library/xtea.c * Caller: */ #define POLARSSL_XTEA_C /* \} name */ #endif /* config.h */