config.h 42.9 KB
Newer Older
1 2 3
/**
 * \file config.h
 *
4 5
 * \brief Configuration options (set of defines)
 *
6
 *  Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker's avatar
Paul Bakker committed
7 8
 *
 *  This file is part of PolarSSL (http://www.polarssl.org)
9
 *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker's avatar
Paul Bakker committed
10
 *
11
 *  All rights reserved.
Paul Bakker's avatar
Paul Bakker committed
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
27 28 29 30
 * This set of compile-time options may be used to enable
 * or disable features selectively, and reduce the global
 * memory footprint.
 */
31 32
#ifndef POLARSSL_CONFIG_H
#define POLARSSL_CONFIG_H
33

34
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
35 36 37
#define _CRT_SECURE_NO_DEPRECATE 1
#endif

38
/**
39 40 41 42 43 44
 * \name SECTION: System support
 *
 * This section sets system specific settings.
 * \{
 */

45 46 47 48
/**
 * \def POLARSSL_HAVE_INT8
 *
 * The system uses 8-bit wide native integers.
49
 *
50
 * Uncomment if native integers are 8-bit wide.
51
#define POLARSSL_HAVE_INT8
52 53
 */

54 55 56 57
/**
 * \def POLARSSL_HAVE_INT16
 *
 * The system uses 16-bit wide native integers.
58
 *
59
 * Uncomment if native integers are 16-bit wide.
60
#define POLARSSL_HAVE_INT16
61 62
 */

63
/**
64
 * \def POLARSSL_HAVE_LONGLONG
65
 *
66 67
 * The compiler supports the 'long long' type.
 * (Only used on 32-bit platforms)
68
 */
69
#define POLARSSL_HAVE_LONGLONG
70

71 72 73 74 75
/**
 * \def POLARSSL_HAVE_ASM
 *
 * The compiler has support for asm()
 *
76
 * Uncomment to enable the use of assembly code.
77 78 79 80 81 82 83 84
 *
 * Requires support for asm() in compiler.
 *
 * Used in:
 *      library/timing.c
 *      library/padlock.c
 *      include/polarssl/bn_mul.h
 *
85
 */
86
#define POLARSSL_HAVE_ASM
87

88 89 90
/**
 * \def POLARSSL_HAVE_SSE2
 *
Paul Bakker's avatar
Paul Bakker committed
91
 * CPU supports SSE2 instruction set.
92
 *
93 94
 * Uncomment if the CPU supports SSE2 (IA-32 specific).
 *
95
#define POLARSSL_HAVE_SSE2
96
 */
97 98 99 100 101 102 103 104 105

/**
 * \def POLARSSL_HAVE_TIME
 *
 * System has time.h and time() / localtime()  / gettimeofday()
 *
 * Comment if your system does not support time functions
 */
#define POLARSSL_HAVE_TIME
106 107
/* \} name */

108
/**
109 110 111 112 113 114
 * \name SECTION: PolarSSL feature support
 *
 * This section sets support for features that are or are not needed
 * within the modules that are enabled.
 * \{
 */
115

116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
/**
 * \def POLARSSL_XXX_ALT
 *
 * Uncomment a macro to let PolarSSL use your alternate core implementation of
 * a symmetric or hash algorithm (e.g. platform specific assembly optimized
 * implementations). Keep in mind that the function prototypes should remain
 * the same.
 *
 * Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer
 * provide the "struct aes_context" definition and omit the base function
 * declarations and implementations. "aes_alt.h" will be included from
 * "aes.h" to include the new function definitions.
 *
 * Uncomment a macro to enable alternate implementation for core algorithm
 * functions
#define POLARSSL_AES_ALT
#define POLARSSL_ARC4_ALT
#define POLARSSL_BLOWFISH_ALT
#define POLARSSL_CAMELLIA_ALT
#define POLARSSL_DES_ALT
#define POLARSSL_XTEA_ALT
#define POLARSSL_MD2_ALT
#define POLARSSL_MD4_ALT
#define POLARSSL_MD5_ALT
#define POLARSSL_SHA1_ALT
141 142
#define POLARSSL_SHA256_ALT
#define POLARSSL_SHA512_ALT
143 144
 */

145 146 147 148 149 150 151 152 153 154
/**
 * \def POLARSSL_AES_ROM_TABLES
 *
 * Store the AES tables in ROM.
 *
 * Uncomment this macro to store the AES tables in ROM.
 *
#define POLARSSL_AES_ROM_TABLES
 */

155 156 157 158 159 160 161
/**
 * \def POLARSSL_CIPHER_MODE_CBC
 *
 * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
 */
#define POLARSSL_CIPHER_MODE_CBC

162 163 164 165 166 167 168 169 170 171 172 173 174 175
/**
 * \def POLARSSL_CIPHER_MODE_CFB
 *
 * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
 */
#define POLARSSL_CIPHER_MODE_CFB

/**
 * \def POLARSSL_CIPHER_MODE_CTR
 *
 * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
 */
#define POLARSSL_CIPHER_MODE_CTR

176 177 178 179 180 181 182 183 184
/**
 * \def POLARSSL_CIPHER_NULL_CIPHER
 *
 * Enable NULL cipher.
 * Warning: Only do so when you know what you are doing. This allows for
 * encryption or channels without any security!
 *
 * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
 * the following ciphersuites:
185 186 187
 *      TLS_RSA_WITH_NULL_MD5
 *      TLS_RSA_WITH_NULL_SHA
 *      TLS_RSA_WITH_NULL_SHA256
188
 *      TLS_ECDHE_RSA_WITH_NULL_SHA
189 190 191 192 193 194 195 196 197
 *      TLS_PSK_WITH_NULL
 *      TLS_PSK_WITH_NULL256
 *      TLS_PSK_WITH_NULL384
 *      TLS_DHE_PSK_WITH_NULL
 *      TLS_DHE_PSK_WITH_NULL256
 *      TLS_DHE_PSK_WITH_NULL384
 *      TLS_RSA_PSK_WITH_NULL
 *      TLS_RSA_PSK_WITH_NULL256
 *      TLS_RSA_PSK_WITH_NULL384
198 199 200 201 202
 *
 * Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER
 */

203 204 205 206 207 208 209 210 211 212 213 214 215 216 217
/**
 * \def POLARSSL_CIPHER_PADDING_XXX
 *
 * Uncomment or comment macros to add support for specific padding modes
 * in the cipher layer with cipher modes that support padding (e.g. CBC)
 *
 * If you disable all padding modes, only full blocks can be used with CBC.
 *
 * Enable padding modes in the cipher layer.
 */
#define POLARSSL_CIPHER_PADDING_PKCS7
#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
#define POLARSSL_CIPHER_PADDING_ZEROS

218 219 220
/**
 * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
 *
221
 * Enable weak ciphersuites in SSL / TLS
222
 * Warning: Only do so when you know what you are doing. This allows for
223
 * channels with virtually no security at all!
224 225
 *
 * This enables the following ciphersuites:
226 227
 *      TLS_RSA_WITH_DES_CBC_SHA
 *      TLS_DHE_RSA_WITH_DES_CBC_SHA
228 229 230 231 232
 *
 * Uncomment this macro to enable weak ciphersuites
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
 */

233 234 235 236 237 238 239 240 241 242 243 244 245 246
/**
 * \def POLARSSL_ECP_XXXX_ENABLED
 *
 * Enables specific curves within the Elliptic Curve module.
 * By default all supported curves are enables.
 *
 * Comment macros to disable the curve and functions for it
 */
#define POLARSSL_ECP_DP_SECP192R1_ENABLED
#define POLARSSL_ECP_DP_SECP224R1_ENABLED
#define POLARSSL_ECP_DP_SECP256R1_ENABLED
#define POLARSSL_ECP_DP_SECP384R1_ENABLED
#define POLARSSL_ECP_DP_SECP521R1_ENABLED

247 248 249 250 251
/**
 * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
 *
 * Enable the PSK based ciphersuite modes in SSL / TLS
 *
252 253
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
254 255 256 257
 *      TLS_PSK_WITH_RC4_128_SHA
 *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
 *      TLS_PSK_WITH_AES_128_CBC_SHA
 *      TLS_PSK_WITH_AES_256_CBC_SHA
258 259 260 261
 *      TLS_PSK_WITH_AES_128_CBC_SHA256
 *      TLS_PSK_WITH_AES_256_CBC_SHA384
 *      TLS_PSK_WITH_AES_128_GCM_SHA256
 *      TLS_PSK_WITH_AES_256_GCM_SHA384
262 263 264
 */
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED

265 266 267 268 269 270 271 272 273 274 275 276 277
/**
 * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
 *
 * Enable the DHE-PSK based ciphersuite modes in SSL / TLS
 *
 * Requires: POLARSSL_DHM_C
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_DHE_PSK_WITH_RC4_128_SHA
 *      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA
 *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA
278 279 280 281
 *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
 *      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
 *      TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
282
 */
283
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
284 285 286 287 288

/**
 * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
 *
 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS
289
 * (NOT YET IMPLEMENTED)
290
 * Requires: POLARSSL_RSA_C, POLARSSL_X509_PARSE_C, POLARSSL_PKCS1_V15
291 292 293 294 295 296 297
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_RSA_PSK_WITH_RC4_128_SHA
 *      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
 *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA
 *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA
298 299 300 301
 *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
 *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
 *      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
 *      TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
302 303 304 305 306 307 308 309
#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
 */

/**
 * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
 *
 * Enable the RSA-only based ciphersuite modes in SSL / TLS
 *
310
 * Requires: POLARSSL_RSA_C, POLARSSL_X509_PARSE_C, POLARSSL_PKCS1_V15
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_RSA_WITH_AES_128_CBC_SHA
 *      TLS_RSA_WITH_AES_256_CBC_SHA
 *      TLS_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_RSA_WITH_AES_256_CBC_SHA256
 *      TLS_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_RSA_WITH_AES_256_GCM_SHA384
 *      TLS_RSA_WITH_RC4_128_MD5
 *      TLS_RSA_WITH_RC4_128_SHA
 *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
 *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
 */
#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED

/**
 * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
 *
 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS
 *
335 336
 * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_PARSE_C,
 *           POLARSSL_PKCS1_V15
337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 */
#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED

/**
 * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 *
 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS
 *
357 358
 * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_PARSE_C,
 *           POLARSSL_PKCS1_V15
359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
 *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 *      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
 */
#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED

375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396
/**
 * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 *
 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS
 *
 * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_PARSE_C
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
 *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
 *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
 *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
 *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
 *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
 */
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED

397 398 399 400 401 402 403 404 405 406 407
/**
 * \def POLARSSL_ERROR_STRERROR_BC
 *
 * Make available the backward compatible error_strerror() next to the
 * current polarssl_strerror().
 *
 * Disable if you run into name conflicts and want to really remove the
 * error_strerror()
 */
#define POLARSSL_ERROR_STRERROR_BC

408 409 410
/**
 * \def POLARSSL_ERROR_STRERROR_DUMMY
 *
Paul Bakker's avatar
Paul Bakker committed
411
 * Enable a dummy error function to make use of polarssl_strerror() in
412 413 414
 * third party libraries easier.
 *
 * Disable if you run into name conflicts and want to really remove the
Paul Bakker's avatar
Paul Bakker committed
415
 * polarssl_strerror()
416 417 418
 */
#define POLARSSL_ERROR_STRERROR_DUMMY

419
/**
420
 * \def POLARSSL_GENPRIME
421
 *
422 423
 * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
 *
424
 * Enable the RSA prime-number generation code.
425
 */
426
#define POLARSSL_GENPRIME
427

428 429 430 431 432 433 434
/**
 * \def POLARSSL_FS_IO
 *
 * Enable functions that use the filesystem.
 */
#define POLARSSL_FS_IO

435 436 437 438 439 440 441 442 443 444 445 446 447
/**
 * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
 *
 * Do not add default entropy sources. These are the platform specific,
 * hardclock and HAVEGE based poll functions.
 *
 * This is useful to have more control over the added entropy sources in an 
 * application.
 *
 * Uncomment this macro to prevent loading of default entropy functions.
#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
 */

448 449 450 451 452 453 454 455 456 457 458
/**
 * \def POLARSSL_NO_PLATFORM_ENTROPY
 *
 * Do not use built-in platform entropy functions.
 * This is useful if your platform does not support
 * standards like the /dev/urandom or Windows CryptoAPI.
 *
 * Uncomment this macro to disable the built-in platform entropy functions.
#define POLARSSL_NO_PLATFORM_ENTROPY
 */

459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484
/**
 * \def POLARSSL_MEMORY_DEBUG
 *
 * Enable debugging of buffer allocator memory issues. Automatically prints
 * (to stderr) all (fatal) messages on memory allocation issues. Enables
 * function for 'debug output' of allocated memory.
 *
 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
 *           fprintf()
 *
 * Uncomment this macro to let the buffer allocator print out error messages.
#define POLARSSL_MEMORY_DEBUG
*/

/**
 * \def POLARSSL_MEMORY_BACKTRACE
 *
 * Include backtrace information with each allocated block.
 *
 * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
 *           GLIBC-compatible backtrace() an backtrace_symbols() support
 *
 * Uncomment this macro to include backtrace information
#define POLARSSL_MEMORY_BACKTRACE
 */

485 486 487 488 489 490 491 492 493 494
/**
 * \def POLARSSL_PKCS1_V15
 *
 * Requires: POLARSSL_RSA_C
 *
 * Enable support for PKCS#1 v1.5 encoding.
 * This enables support for PKCS#1 v1.5 operations.
 */
#define POLARSSL_PKCS1_V15

495 496 497
/**
 * \def POLARSSL_PKCS1_V21
 *
498 499
 * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
 *
500 501 502 503 504
 * Enable support for PKCS#1 v2.1 encoding.
 * This enables support for RSAES-OAEP and RSASSA-PSS operations.
 */
#define POLARSSL_PKCS1_V21

505 506 507 508 509 510 511 512 513
/**
 * \def POLARSSL_RSA_NO_CRT
 *
 * Do not use the Chinese Remainder Theorem for the RSA private operation.
 *
 * Uncomment this macro to disable the use of CRT in RSA.
 *
#define POLARSSL_RSA_NO_CRT
 */
514 515 516 517 518 519 520

/**
 * \def POLARSSL_SELF_TEST
 *
 * Enable the checkup functions (*_self_test).
 */
#define POLARSSL_SELF_TEST
521

522 523 524 525 526 527 528 529 530 531 532 533 534 535
/**
 * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
 *
 * Enable sending of alert messages in case of encountered errors as per RFC.
 * If you choose not to send the alert messages, PolarSSL can still communicate
 * with other servers, only debugging of failures is harder.
 *
 * The advantage of not sending alert messages, is that no information is given
 * about reasons for failures thus preventing adversaries of gaining intel.
 *
 * Enable sending of all alert messages
 */
#define POLARSSL_SSL_ALERT_MESSAGES

536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551
/**
 * \def POLARSSL_SSL_DEBUG_ALL
 *
 * Enable the debug messages in SSL module for all issues.
 * Debug messages have been disabled in some places to prevent timing
 * attacks due to (unbalanced) debugging function calls.
 *
 * If you need all error reporting you should enable this during debugging,
 * but remove this for production servers that should log as well.
 *
 * Uncomment this macro to report all debug messages on errors introducing
 * a timing side-channel.
 *
#define POLARSSL_SSL_DEBUG_ALL
 */

552 553 554 555 556 557 558 559 560 561
/**
 * \def POLARSSL_SSL_HW_RECORD_ACCEL
 *
 * Enable hooking functions in SSL module for hardware acceleration of
 * individual records.
 *
 * Uncomment this macro to enable hooking functions.
#define POLARSSL_SSL_HW_RECORD_ACCEL
 */

562 563 564 565 566 567 568 569 570 571
/**
 * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
 *
 * Enable support for receiving and parsing SSLv2 Client Hello messages for the
 * SSL Server module (POLARSSL_SSL_SRV_C)
 *
 * Comment this macro to disable support for SSLv2 Client Hello messages.
 */
#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO

572 573 574 575 576 577 578 579 580
/**
 * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
 *
 * Enable support for RFC 6066 max_fragment_length extension in SSL
 *
 * Comment this macro to disable support for the max_fragment_length extension
 */
#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH

581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628
/**
 * \def POLARSSL_SSL_PROTO_SSL3
 *
 * Enable support for SSL 3.0
 *
 * Requires: POLARSSL_MD5_C
 *           POLARSSL_SHA1_C
 *
 * Comment this macro to disable support for SSL 3.0
 */
#define POLARSSL_SSL_PROTO_SSL3

/**
 * \def POLARSSL_SSL_PROTO_TLS1
 *
 * Enable support for TLS 1.0
 *
 * Requires: POLARSSL_MD5_C
 *           POLARSSL_SHA1_C
 *
 * Comment this macro to disable support for TLS 1.0
 */
#define POLARSSL_SSL_PROTO_TLS1

/**
 * \def POLARSSL_SSL_PROTO_TLS1_1
 *
 * Enable support for TLS 1.1
 *
 * Requires: POLARSSL_MD5_C
 *           POLARSSL_SHA1_C
 *
 * Comment this macro to disable support for TLS 1.1
 */
#define POLARSSL_SSL_PROTO_TLS1_1

/**
 * \def POLARSSL_SSL_PROTO_TLS1_2
 *
 * Enable support for TLS 1.2
 *
 * Requires: POLARSSL_SHA256_C or POLARSSL_SHA512_C
 *           (Depends on ciphersuites)
 *
 * Comment this macro to disable support for TLS 1.2
 */
#define POLARSSL_SSL_PROTO_TLS1_2

629 630 631 632 633 634 635
/**
 * \def POLARSSL_SSL_SESSION_TICKETS
 *
 * Enable support for RFC 5077 session tickets in SSL
 *
 * Requires: POLARSSL_AES_C
 *           POLARSSL_SHA256_C
636
 *           POLARSSL_CIPHER_MODE_CBC
637 638 639 640 641
 *
 * Comment this macro to disable support for SSL session tickets
 */
#define POLARSSL_SSL_SESSION_TICKETS

642 643 644 645 646 647 648 649 650
/**
 * \def POLARSSL_SSL_SERVER_NAME_INDICATION
 *
 * Enable support for RFC 6066 server name indication (SNI) in SSL
 *
 * Comment this macro to disable support for server name indication in SSL
 */
#define POLARSSL_SSL_SERVER_NAME_INDICATION

651 652 653 654 655 656 657 658 659
/**
 * \def POLARSSL_SSL_TRUNCATED_HMAC
 *
 * Enable support for RFC 6066 truncated HMAC in SSL
 *
 * Comment this macro to disable support for truncated HMAC in SSL
 */
#define POLARSSL_SSL_TRUNCATED_HMAC

660 661 662 663 664 665 666 667 668 669
/**
 * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 *
 * If set, the X509 parser will not break-off when parsing an X509 certificate
 * and encountering an unknown critical extension.
 *
 * Uncomment to prevent an error.
 *
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 */
670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685

/**
 * \def POLARSSL_ZLIB_SUPPORT
 *
 * If set, the SSL/TLS module uses ZLIB to support compression and
 * decompression of packet data.
 *
 * Used in: library/ssl_tls.c
 *          library/ssl_cli.c
 *          library/ssl_srv.c
 *
 * This feature requires zlib library and headers to be present.
 *
 * Uncomment to enable use of ZLIB
#define POLARSSL_ZLIB_SUPPORT
 */
686 687
/* \} name */

688
/**
689 690 691 692 693
 * \name SECTION: PolarSSL modules
 *
 * This section enables or disables entire modules in PolarSSL
 * \{
 */
694

695 696 697 698 699
/**
 * \def POLARSSL_AES_C
 *
 * Enable the AES block cipher.
 *
700 701
 * Module:  library/aes.c
 * Caller:  library/ssl_tls.c
702
 *          library/pem.c
703
 *          library/ctr_drbg.c
704
 *
705 706 707 708 709 710 711 712 713 714 715 716
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_RSA_WITH_AES_128_CBC_SHA
 *      TLS_RSA_WITH_AES_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 *      TLS_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_RSA_WITH_AES_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 *      TLS_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_RSA_WITH_AES_256_GCM_SHA384
717 718
 *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
719 720
 *      TLS_PSK_WITH_AES_128_CBC_SHA
 *      TLS_PSK_WITH_AES_256_CBC_SHA
721 722
 *
 * PEM uses AES for decrypting encrypted keys.
723
 */
724
#define POLARSSL_AES_C
725

726 727 728 729 730
/**
 * \def POLARSSL_ARC4_C
 *
 * Enable the ARCFOUR stream cipher.
 *
731 732 733
 * Module:  library/arc4.c
 * Caller:  library/ssl_tls.c
 *
734 735
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
736 737
 *      TLS_RSA_WITH_RC4_128_MD5
 *      TLS_RSA_WITH_RC4_128_SHA
738
 *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
739
 *      TLS_PSK_WITH_RC4_128_SHA
740
 */
741
#define POLARSSL_ARC4_C
742

743 744 745 746 747 748 749 750 751 752
/**
 * \def POLARSSL_ASN1_PARSE_C
 *
 * Enable the generic ASN1 parser.
 *
 * Module:  library/asn1.c
 * Caller:  library/x509parse.c
 */
#define POLARSSL_ASN1_PARSE_C

753 754 755 756 757 758 759 760 761
/**
 * \def POLARSSL_ASN1_WRITE_C
 *
 * Enable the generic ASN1 writer.
 *
 * Module:  library/asn1write.c
 */
#define POLARSSL_ASN1_WRITE_C

762 763 764 765 766
/**
 * \def POLARSSL_BASE64_C
 *
 * Enable the Base64 module.
 *
767
 * Module:  library/base64.c
768
 * Caller:  library/pem.c
769
 *
770
 * This module is required for PEM support (required by X.509).
771
 */
772
#define POLARSSL_BASE64_C
773

774 775 776
/**
 * \def POLARSSL_BIGNUM_C
 *
777
 * Enable the multi-precision integer library.
778
 *
779 780 781 782 783 784 785 786
 * Module:  library/bignum.c
 * Caller:  library/dhm.c
 *          library/rsa.c
 *          library/ssl_tls.c
 *          library/x509parse.c
 *
 * This module is required for RSA and DHM support.
 */
787
#define POLARSSL_BIGNUM_C
788

789 790 791 792 793 794 795 796 797
/**
 * \def POLARSSL_BLOWFISH_C
 *
 * Enable the Blowfish block cipher.
 *
 * Module:  library/blowfish.c
 */
#define POLARSSL_BLOWFISH_C

798 799 800 801 802
/**
 * \def POLARSSL_CAMELLIA_C
 *
 * Enable the Camellia block cipher.
 *
803
 * Module:  library/camellia.c
804
 * Caller:  library/ssl_tls.c
805
 *
806 807 808 809 810 811 812 813 814 815
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
816 817 818
 */
#define POLARSSL_CAMELLIA_C

819 820 821 822 823
/**
 * \def POLARSSL_CERTS_C
 *
 * Enable the test certificates.
 *
824 825 826 827 828
 * Module:  library/certs.c
 * Caller:
 *
 * This module is used for testing (ssl_client/server).
 */
829
#define POLARSSL_CERTS_C
830

831 832 833 834 835
/**
 * \def POLARSSL_CIPHER_C
 *
 * Enable the generic cipher layer.
 *
836
 * Module:  library/cipher.c
837
 * Caller:  library/ssl_tls.c
838 839 840 841 842
 *
 * Uncomment to enable generic cipher wrappers.
 */
#define POLARSSL_CIPHER_C

843 844 845 846 847 848 849 850
/**
 * \def POLARSSL_CTR_DRBG_C
 *
 * Enable the CTR_DRBG AES-256-based random generator
 *
 * Module:  library/ctr_drbg.c
 * Caller:
 *
851 852
 * Requires: POLARSSL_AES_C
 *
853 854 855 856
 * This module provides the CTR_DRBG AES-256 random number generator.
 */
#define POLARSSL_CTR_DRBG_C

857 858 859 860 861
/**
 * \def POLARSSL_DEBUG_C
 *
 * Enable the debug functions.
 *
862 863 864 865 866 867 868
 * Module:  library/debug.c
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
 *
 * This module provides debugging functions.
 */
869
#define POLARSSL_DEBUG_C
870

871 872 873 874 875
/**
 * \def POLARSSL_DES_C
 *
 * Enable the DES block cipher.
 *
876
 * Module:  library/des.c
877 878
 * Caller:  library/pem.c
 *          library/ssl_tls.c
879
 *
880 881 882 883
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
 *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
884
 *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
885
 *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
886 887
 *
 * PEM uses DES/3DES for decrypting encrypted keys.
888
 */
889
#define POLARSSL_DES_C
890

891 892 893 894 895
/**
 * \def POLARSSL_DHM_C
 *
 * Enable the Diffie-Hellman-Merkle key exchange.
 *
896 897 898 899
 * Module:  library/dhm.c
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *
900 901 902 903 904 905 906 907 908 909 910 911 912 913
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_DHE_RSA_WITH_DES_CBC_SHA
 *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
 *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
 *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
914
 */
915
#define POLARSSL_DHM_C
916

917 918 919 920 921 922
/**
 * \def POLARSSL_ECDH_C
 *
 * Enable the elliptic curve Diffie-Hellman library.
 *
 * Module:  library/ecdh.c
923 924 925 926 927 928 929 930 931 932
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_ECDHE_RSA_WITH_NULL_SHA
 *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
 *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
933 934 935 936 937 938 939 940 941 942 943 944 945
 *
 * Requires: POLARSSL_ECP_C
 */
#define POLARSSL_ECDH_C

/**
 * \def POLARSSL_ECDSA_C
 *
 * Enable the elliptic curve DSA library.
 *
 * Module:  library/ecdsa.c
 * Caller:
 *
946
 * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962
 */
#define POLARSSL_ECDSA_C

/**
 * \def POLARSSL_ECP_C
 *
 * Enable the elliptic curve over GF(p) library.
 *
 * Module:  library/ecp.c
 * Caller:  library/ecdh.c
 *          library/ecdsa.c
 *
 * Requires: POLARSSL_BIGNUM_C
 */
#define POLARSSL_ECP_C

963 964 965 966 967 968 969 970
/**
 * \def POLARSSL_ENTROPY_C
 *
 * Enable the platform-specific entropy code.
 *
 * Module:  library/entropy.c
 * Caller:
 *
971
 * Requires: POLARSSL_SHA512_C
972 973 974 975 976
 *
 * This module provides a generic entropy pool
 */
#define POLARSSL_ENTROPY_C

977 978 979 980 981 982 983 984 985 986 987 988
/**
 * \def POLARSSL_ERROR_C
 *
 * Enable error code to error string conversion.
 *
 * Module:  library/error.c
 * Caller:
 *
 * This module enables err_strerror().
 */
#define POLARSSL_ERROR_C

989 990 991 992 993 994 995 996
/**
 * \def POLARSSL_GCM_C
 *
 * Enable the Galois/Counter Mode (GCM) for AES
 *
 * Module:  library/gcm.c
 *
 * Requires: POLARSSL_AES_C
997 998 999 1000 1001
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      TLS_RSA_WITH_AES_128_GCM_SHA256
 *      TLS_RSA_WITH_AES_256_GCM_SHA384
1002 1003 1004
 */
#define POLARSSL_GCM_C

1005 1006 1007 1008 1009
/**
 * \def POLARSSL_HAVEGE_C
 *
 * Enable the HAVEGE random generator.
 *
1010 1011 1012 1013 1014 1015 1016 1017 1018
 * Warning: the HAVEGE random generator is not suitable for virtualized
 *          environments
 *
 * Warning: the HAVEGE random generator is dependent on timing and specific
 *          processor traits. It is therefore not advised to use HAVEGE as
 *          your applications primary random generator or primary entropy pool
 *          input. As a secondary input to your entropy pool, it IS able add
 *          the (limited) extra entropy it provides.
 *
1019 1020 1021
 * Module:  library/havege.c
 * Caller:
 *
1022 1023
 * Requires: POLARSSL_TIMING_C
 *
1024
 * Uncomment to enable the HAVEGE random generator.
1025
#define POLARSSL_HAVEGE_C
1026
 */
1027

1028 1029 1030 1031 1032
/**
 * \def POLARSSL_MD_C
 *
 * Enable the generic message digest layer.
 *
1033 1034 1035 1036 1037 1038 1039
 * Module:  library/md.c
 * Caller:
 *
 * Uncomment to enable generic message digest wrappers.
 */
#define POLARSSL_MD_C

1040 1041 1042 1043 1044
/**
 * \def POLARSSL_MD2_C
 *
 * Enable the MD2 hash algorithm
 *
1045 1046 1047 1048 1049
 * Module:  library/md2.c
 * Caller:  library/x509parse.c
 *
 * Uncomment to enable support for (rare) MD2-signed X.509 certs.
 *
1050
#define POLARSSL_MD2_C
1051
 */
1052

1053 1054 1055 1056 1057
/**
 * \def POLARSSL_MD4_C
 *
 * Enable the MD4 hash algorithm
 *
1058 1059 1060 1061 1062
 * Module:  library/md4.c
 * Caller:  library/x509parse.c
 *
 * Uncomment to enable support for (rare) MD4-signed X.509 certs.
 *
1063
#define POLARSSL_MD4_C
1064
 */
1065

1066 1067 1068 1069 1070
/**
 * \def POLARSSL_MD5_C
 *
 * Enable the MD5 hash algorithm
 *
1071
 * Module:  library/md5.c
1072 1073
 * Caller:  library/pem.c
 *          library/ssl_tls.c
1074 1075 1076
 *          library/x509parse.c
 *
 * This module is required for SSL/TLS and X.509.
1077
 * PEM uses MD5 for decrypting encrypted keys.
1078
 */
1079
#define POLARSSL_MD5_C
1080

1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106
/**
 * \def POLARSSL_MEMORY_C
 *
 * Enable the memory allocation layer.
 * By default PolarSSL uses the system-provided malloc() and free().
 * (As long as POLARSSL_MEMORY_STDMALLOC and POLARSSL_MEMORY_STDFREE
 * are defined and unmodified)
 *
 * This allows different allocators (self-implemented or provided)
 *
 * Enable this layer to allow use of alternative memory allocators.
#define POLARSSL_MEMORY_C
 */

/**
 * The buffer allocator implementation that makes use of a (stack) based
 * buffer to 'allocate' dynamic memory. (replaces malloc() and free() calls)
 *
 * Module:  library/memory_buffer_alloc.c
 *
 * Requires: POLARSSL_MEMORY_C
 *
 * Enable this module to enable the buffer memory allocator.
#define POLARSSL_MEMORY_BUFFER_ALLOC_C
 */

1107 1108 1109 1110 1111
/**
 * \def POLARSSL_NET_C
 *
 * Enable the TCP/IP networking routines.
 *
1112 1113 1114 1115
 * Module:  library/net.c
 *
 * This module provides TCP/IP networking routines.
 */
1116
#define POLARSSL_NET_C
1117

1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131
/**
 * \def POLARSSL_OID_C
 *
 * Enable the OID database
 *
 * Module:  library/oid.c
 * Caller:  library/rsa.c
 *          library/x509parse.c
 *          library/x509write.c
 *
 * This modules translates between OIDs and internal values.
 */
#define POLARSSL_OID_C

1132 1133 1134 1135 1136
/**
 * \def POLARSSL_PADLOCK_C
 *
 * Enable VIA Padlock support on x86.
 *
1137 1138 1139 1140 1141
 * Module:  library/padlock.c
 * Caller:  library/aes.c
 *
 * This modules adds support for the VIA PadLock on x86.
 */
1142
#define POLARSSL_PADLOCK_C
1143

1144 1145 1146 1147
/**
 * \def POLARSSL_PBKDF2_C
 *
 * Enable PKCS#5 PBKDF2 key derivation function
1148
 * DEPRECATED: Use POLARSSL_PKCS5_C instead
1149 1150 1151
 *
 * Module:  library/pbkdf2.c
 *
1152
 * Requires: POLARSSL_PKCS5_C
1153 1154 1155
 *
 * This module adds support for the PKCS#5 PBKDF2 key derivation function.
 */
Paul Bakker's avatar
Paul Bakker committed
1156
#define POLARSSL_PBKDF2_C
1157

1158 1159 1160 1161 1162 1163 1164 1165
/**
 * \def POLARSSL_PEM_C
 *
 * Enable PEM decoding
 *
 * Module:  library/pem.c
 * Caller:  library/x509parse.c
 *
1166 1167
 * Requires: POLARSSL_BASE64_C
 *
1168 1169 1170 1171
 * This modules adds support for decoding PEM files.
 */
#define POLARSSL_PEM_C

1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186
/**
 * \def POLARSSL_PK_C
 *
 * Enable the generic public (asymetric) key layer.
 *
 * Module:  library/pk.c
 * Caller:  library/x509parse.c
 *          library/ssl_tls.c
 *          library/ssl_cli.c
 *          library/ssl_srv.c
 *
 * Uncomment to enable generic public key wrappers.
 */
#define POLARSSL_PK_C

1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214
/**
 * \def POLARSSL_PK_PARSE_C
 *
 * Enable the generic public (asymetric) key parser.
 *
 * Module:  library/pkparse.c
 * Caller:  library/x509parse.c
 *
 * Requires: POLARSSL_PK_C
 *
 * Uncomment to enable generic public key parse functions.
 */
#define POLARSSL_PK_PARSE_C

/**
 * \def POLARSSL_PK_WRITE_C
 *
 * Enable the generic public (asymetric) key write.
 *
 * Module:  library/pkwrite.c
 * Caller:  library/x509write.c
 *
 * Requires: POLARSSL_PK_C
 *
 * Uncomment to enable generic public key write functions.
 */
#define POLARSSL_PK_WRITE_C

1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227
/**
 * \def POLARSSL_PKCS5_C
 *
 * Enable PKCS#5 functions
 *
 * Module:  library/pkcs5.c
 *
 * Requires: POLARSSL_MD_C
 *
 * This module adds support for the PKCS#5 functions.
 */
#define POLARSSL_PKCS5_C

1228 1229 1230
/**
 * \def POLARSSL_PKCS11_C
 *
1231
 * Enable wrapper for PKCS#11 smartcard support.
1232
 *
1233 1234
 * Module:  library/pkcs11.c
 * Caller:  library/pk.c
1235
 *
1236
 * Requires: POLARSSL_PK_C
1237
 *
1238
 * This module enables SSL/TLS PKCS #11 smartcard support.
1239 1240 1241 1242
 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
#define POLARSSL_PKCS11_C
 */

1243 1244 1245 1246 1247 1248 1249 1250 1251
/**
 * \def POLARSSL_PKCS12_C
 *
 * Enable PKCS#12 PBE functions
 * Adds algorithms for parsing PKCS#8 encrypted private keys
 *
 * Module:  library/pkcs12.c
 * Caller:  library/x509parse.c
 *
1252 1253
 * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C
 * Can use:  POLARSSL_ARC4_C
1254 1255 1256 1257 1258
 *
 * This module enables PKCS#12 functions.
 */
#define POLARSSL_PKCS12_C

1259 1260 1261 1262 1263
/**
 * \def POLARSSL_RSA_C
 *
 * Enable the RSA public-key cryptosystem.
 *
1264 1265 1266 1267 1268 1269
 * Module:  library/rsa.c
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
 *          library/x509.c
 *
1270
 * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
1271
 *
1272 1273
 * This module is required for SSL/TLS and MD5-signed certificates.
 */
1274
#define POLARSSL_RSA_C
1275

1276 1277 1278 1279 1280
/**
 * \def POLARSSL_SHA1_C
 *
 * Enable the SHA1 cryptographic hash algorithm.
 *
1281 1282 1283 1284 1285 1286 1287 1288
 * Module:  library/sha1.c
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
 *          library/x509parse.c
 *
 * This module is required for SSL/TLS and SHA1-signed certificates.
 */
1289
#define POLARSSL_SHA1_C
1290

1291
/**
1292
 * \def POLARSSL_SHA256_C
1293 1294
 *
 * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
1295
 * (Used to be POLARSSL_SHA2_C)
1296
 *
1297
 * Module:  library/sha256.c
1298 1299
 * Caller:  library/md_wrap.c
 *          library/x509parse.c
1300 1301
 *
 * This module adds support for SHA-224 and SHA-256.
1302
 * This module is required for the SSL/TLS 1.2 PRF function.
1303
 */
1304
#define POLARSSL_SHA256_C
1305

1306
/**
1307
 * \def POLARSSL_SHA512_C
1308 1309
 *
 * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
1310
 * (Used to be POLARSSL_SHA4_C)
1311
 *
1312
 * Module:  library/sha512.c
1313 1314
 * Caller:  library/md_wrap.c
 *          library/x509parse.c
1315 1316 1317
 *
 * This module adds support for SHA-384 and SHA-512.
 */
1318
#define POLARSSL_SHA512_C
1319

1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331
/**
 * \def POLARSSL_SSL_CACHE_C
 *
 * Enable simple SSL cache implementation.
 *
 * Module:  library/ssl_cache.c
 * Caller:
 *
 * Requires: POLARSSL_SSL_CACHE_C
 */
#define POLARSSL_SSL_CACHE_C

1332 1333 1334 1335 1336
/**
 * \def POLARSSL_SSL_CLI_C
 *
 * Enable the SSL/TLS client code.
 *
1337 1338 1339
 * Module:  library/ssl_cli.c
 * Caller:
 *
1340 1341
 * Requires: POLARSSL_SSL_TLS_C
 *
1342 1343
 * This module is required for SSL/TLS client support.
 */
1344
#define POLARSSL_SSL_CLI_C
1345