mbed TLS v1.3.21
|
Configuration options (set of defines) More...
#include "check_config.h"
Go to the source code of this file.
Macros | |
SECTION: System support | |
This section sets system specific settings. | |
#define | POLARSSL_HAVE_LONGLONG |
The compiler supports the 'long long' type. More... | |
#define | POLARSSL_HAVE_ASM |
The compiler has support for asm(). More... | |
#define | POLARSSL_HAVE_TIME |
System has time.h and time() / localtime() / gettimeofday(). More... | |
#define | POLARSSL_HAVE_IPV6 |
System supports the basic socket interface for IPv6 (RFC 3493), specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage. More... | |
SECTION: mbed TLS feature support | |
This section sets support for features that are or are not needed within the modules that are enabled. | |
#define | POLARSSL_CIPHER_MODE_CBC |
Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. More... | |
#define | POLARSSL_CIPHER_MODE_CFB |
Enable Cipher Feedback mode (CFB) for symmetric ciphers. More... | |
#define | POLARSSL_CIPHER_MODE_CTR |
Enable Counter Block Cipher mode (CTR) for symmetric ciphers. More... | |
#define | POLARSSL_CIPHER_PADDING_PKCS7 |
#define | POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS |
#define | POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN |
#define | POLARSSL_CIPHER_PADDING_ZEROS |
#define | POLARSSL_ECP_DP_SECP192R1_ENABLED |
#define | POLARSSL_ECP_DP_SECP224R1_ENABLED |
#define | POLARSSL_ECP_DP_SECP256R1_ENABLED |
#define | POLARSSL_ECP_DP_SECP384R1_ENABLED |
#define | POLARSSL_ECP_DP_SECP521R1_ENABLED |
#define | POLARSSL_ECP_DP_SECP192K1_ENABLED |
#define | POLARSSL_ECP_DP_SECP224K1_ENABLED |
#define | POLARSSL_ECP_DP_SECP256K1_ENABLED |
#define | POLARSSL_ECP_DP_BP256R1_ENABLED |
#define | POLARSSL_ECP_DP_BP384R1_ENABLED |
#define | POLARSSL_ECP_DP_BP512R1_ENABLED |
#define | POLARSSL_ECP_DP_M255_ENABLED |
#define | POLARSSL_ECP_NIST_OPTIM |
Enable specific 'modulo p' routines for each NIST prime. More... | |
#define | POLARSSL_ECDSA_DETERMINISTIC |
Enable deterministic ECDSA (RFC 6979). More... | |
#define | POLARSSL_KEY_EXCHANGE_PSK_ENABLED |
Enable the PSK based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED |
Enable the DHE-PSK based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED |
Enable the RSA-PSK based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_RSA_ENABLED |
Enable the RSA-only based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED |
Enable the DHE-RSA based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED |
Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. More... | |
#define | POLARSSL_PK_PARSE_EC_EXTENDED |
Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480. More... | |
#define | POLARSSL_ERROR_STRERROR_BC |
Make available the backward compatible error_strerror() next to the current polarssl_strerror(). More... | |
#define | POLARSSL_ERROR_STRERROR_DUMMY |
Enable a dummy error function to make use of polarssl_strerror() in third party libraries easier when POLARSSL_ERROR_C is disabled (no effect when POLARSSL_ERROR_C is enabled). More... | |
#define | POLARSSL_GENPRIME |
Enable the prime-number generation code. More... | |
#define | POLARSSL_FS_IO |
Enable functions that use the filesystem. More... | |
#define | POLARSSL_PKCS1_V15 |
Enable support for PKCS#1 v1.5 encoding. More... | |
#define | POLARSSL_PKCS1_V21 |
Enable support for PKCS#1 v2.1 encoding. More... | |
#define | POLARSSL_SELF_TEST |
Enable the checkup functions (*_self_test). More... | |
#define | POLARSSL_SSL_ALERT_MESSAGES |
#define | POLARSSL_SSL_ENCRYPT_THEN_MAC |
Enable support for Encrypt-then-MAC, RFC 7366. More... | |
#define | POLARSSL_SSL_EXTENDED_MASTER_SECRET |
Enable support for Extended Master Secret, aka Session Hash (draft-ietf-tls-session-hash-02). More... | |
#define | POLARSSL_SSL_FALLBACK_SCSV |
Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). More... | |
#define | POLARSSL_SSL_CBC_RECORD_SPLITTING |
Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. More... | |
#define | POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO |
Enable support for receiving and parsing SSLv2 Client Hello messages for the SSL Server module (POLARSSL_SSL_SRV_C). More... | |
#define | POLARSSL_SSL_MAX_FRAGMENT_LENGTH |
Enable support for RFC 6066 max_fragment_length extension in SSL. More... | |
#define | POLARSSL_SSL_PROTO_TLS1 |
Enable support for TLS 1.0. More... | |
#define | POLARSSL_SSL_PROTO_TLS1_1 |
Enable support for TLS 1.1. More... | |
#define | POLARSSL_SSL_PROTO_TLS1_2 |
Enable support for TLS 1.2. More... | |
#define | POLARSSL_SSL_ALPN |
Enable support for RFC 7301 Application Layer Protocol Negotiation. More... | |
#define | POLARSSL_SSL_SESSION_TICKETS |
Enable support for RFC 5077 session tickets in SSL. More... | |
#define | POLARSSL_SSL_SERVER_NAME_INDICATION |
Enable support for RFC 6066 server name indication (SNI) in SSL. More... | |
#define | POLARSSL_SSL_TRUNCATED_HMAC |
Enable support for RFC 6066 truncated HMAC in SSL. More... | |
#define | POLARSSL_THREADING_PTHREAD |
Enable the pthread wrapper layer for the threading layer. More... | |
#define | POLARSSL_VERSION_FEATURES |
Allow run-time checking of compile-time enabled features. More... | |
#define | POLARSSL_X509_CHECK_KEY_USAGE |
Enable verification of the keyUsage extension (CA and leaf certificates). More... | |
#define | POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE |
Enable verification of the extendedKeyUsage extension (leaf certificates). More... | |
#define | POLARSSL_X509_RSASSA_PSS_SUPPORT |
Enable parsing and verification of X.509 certificates, CRLs and CSRS signed with RSASSA-PSS (aka PKCS#1 v2.1). More... | |
SECTION: mbed TLS modules | |
This section enables or disables entire modules in mbed TLS | |
#define | POLARSSL_AESNI_C |
Enable AES-NI support on x86-64. More... | |
#define | POLARSSL_AES_C |
Enable the AES block cipher. More... | |
#define | POLARSSL_ARC4_C |
Enable the ARCFOUR stream cipher. More... | |
#define | POLARSSL_ASN1_PARSE_C |
Enable the generic ASN1 parser. More... | |
#define | POLARSSL_ASN1_WRITE_C |
Enable the generic ASN1 writer. More... | |
#define | POLARSSL_BASE64_C |
Enable the Base64 module. More... | |
#define | POLARSSL_BIGNUM_C |
Enable the multi-precision integer library. More... | |
#define | POLARSSL_BLOWFISH_C |
Enable the Blowfish block cipher. More... | |
#define | POLARSSL_CAMELLIA_C |
Enable the Camellia block cipher. More... | |
#define | POLARSSL_CCM_C |
Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. More... | |
#define | POLARSSL_CERTS_C |
Enable the test certificates. More... | |
#define | POLARSSL_CIPHER_C |
Enable the generic cipher layer. More... | |
#define | POLARSSL_CTR_DRBG_C |
Enable the CTR_DRBG AES-256-based random generator. More... | |
#define | POLARSSL_DEBUG_C |
Enable the debug functions. More... | |
#define | POLARSSL_DES_C |
Enable the DES block cipher. More... | |
#define | POLARSSL_DHM_C |
Enable the Diffie-Hellman-Merkle module. More... | |
#define | POLARSSL_ECDH_C |
Enable the elliptic curve Diffie-Hellman library. More... | |
#define | POLARSSL_ECDSA_C |
Enable the elliptic curve DSA library. More... | |
#define | POLARSSL_ECP_C |
Enable the elliptic curve over GF(p) library. More... | |
#define | POLARSSL_ENTROPY_C |
Enable the platform-specific entropy code. More... | |
#define | POLARSSL_ERROR_C |
Enable error code to error string conversion. More... | |
#define | POLARSSL_GCM_C |
Enable the Galois/Counter Mode (GCM) for AES. More... | |
#define | POLARSSL_HMAC_DRBG_C |
Enable the HMAC_DRBG random generator. More... | |
#define | POLARSSL_MD_C |
Enable the generic message digest layer. More... | |
#define | POLARSSL_MD5_C |
Enable the MD5 hash algorithm. More... | |
#define | POLARSSL_NET_C |
Enable the TCP/IP networking routines. More... | |
#define | POLARSSL_OID_C |
Enable the OID database. More... | |
#define | POLARSSL_PADLOCK_C |
Enable VIA Padlock support on x86. More... | |
#define | POLARSSL_PBKDF2_C |
Enable PKCS#5 PBKDF2 key derivation function. More... | |
#define | POLARSSL_PEM_PARSE_C |
Enable PEM decoding / parsing. More... | |
#define | POLARSSL_PEM_WRITE_C |
Enable PEM encoding / writing. More... | |
#define | POLARSSL_PK_C |
Enable the generic public (asymetric) key layer. More... | |
#define | POLARSSL_PK_PARSE_C |
Enable the generic public (asymetric) key parser. More... | |
#define | POLARSSL_PK_WRITE_C |
Enable the generic public (asymetric) key writer. More... | |
#define | POLARSSL_PKCS5_C |
Enable PKCS#5 functions. More... | |
#define | POLARSSL_PKCS12_C |
Enable PKCS#12 PBE functions. More... | |
#define | POLARSSL_PLATFORM_C |
Enable the platform abstraction layer that allows you to re-assign functions like malloc(), free(), snprintf(), printf(), fprintf(), exit() More... | |
#define | POLARSSL_RIPEMD160_C |
Enable the RIPEMD-160 hash algorithm. More... | |
#define | POLARSSL_RSA_C |
Enable the RSA public-key cryptosystem. More... | |
#define | POLARSSL_SHA1_C |
Enable the SHA1 cryptographic hash algorithm. More... | |
#define | POLARSSL_SHA256_C |
Enable the SHA-224 and SHA-256 cryptographic hash algorithms. More... | |
#define | POLARSSL_SHA512_C |
Enable the SHA-384 and SHA-512 cryptographic hash algorithms. More... | |
#define | POLARSSL_SSL_CACHE_C |
Enable simple SSL cache implementation. More... | |
#define | POLARSSL_SSL_CLI_C |
Enable the SSL/TLS client code. More... | |
#define | POLARSSL_SSL_SRV_C |
Enable the SSL/TLS server code. More... | |
#define | POLARSSL_SSL_TLS_C |
Enable the generic SSL/TLS code. More... | |
#define | POLARSSL_THREADING_C |
Enable the threading abstraction layer. More... | |
#define | POLARSSL_TIMING_C |
Enable the portable timing interface. More... | |
#define | POLARSSL_VERSION_C |
Enable run-time version information. More... | |
#define | POLARSSL_X509_USE_C |
Enable X.509 core for using certificates. More... | |
#define | POLARSSL_X509_CRT_PARSE_C |
Enable X.509 certificate parsing. More... | |
#define | POLARSSL_X509_CRL_PARSE_C |
Enable X.509 CRL parsing. More... | |
#define | POLARSSL_X509_CSR_PARSE_C |
Enable X.509 Certificate Signing Request (CSR) parsing. More... | |
#define | POLARSSL_X509_CREATE_C |
Enable X.509 core for creating certificates. More... | |
#define | POLARSSL_X509_CRT_WRITE_C |
Enable creating X.509 certificates. More... | |
#define | POLARSSL_X509_CSR_WRITE_C |
Enable creating X.509 Certificate Signing Requests (CSR). More... | |
#define | POLARSSL_XTEA_C |
Enable the XTEA block cipher. More... | |
Configuration options (set of defines)
Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
This file is part of mbed TLS (https://tls.mbed.org)
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
This set of compile-time options may be used to enable or disable features selectively, and reduce the global memory footprint.
Definition in file config.h.
#define POLARSSL_AES_C |
Enable the AES block cipher.
Module: library/aes.c Caller: library/ssl_tls.c library/pem.c library/ctr_drbg.c
This module enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA TLS_DHE_PSK_WITH_AES_256_CBC_SHA TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA TLS_DHE_PSK_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 TLS_RSA_PSK_WITH_AES_256_CBC_SHA TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 TLS_RSA_PSK_WITH_AES_128_CBC_SHA TLS_PSK_WITH_AES_256_GCM_SHA384 TLS_PSK_WITH_AES_256_CBC_SHA384 TLS_PSK_WITH_AES_256_CBC_SHA TLS_PSK_WITH_AES_128_GCM_SHA256 TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_PSK_WITH_AES_128_CBC_SHA
PEM_PARSE uses AES for decrypting encrypted keys.
#define POLARSSL_AESNI_C |
#define POLARSSL_ARC4_C |
Enable the ARCFOUR stream cipher.
Module: library/arc4.c Caller: library/ssl_tls.c
This module enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDHE_PSK_WITH_RC4_128_SHA TLS_DHE_PSK_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_PSK_WITH_RC4_128_SHA TLS_PSK_WITH_RC4_128_SHA
#define POLARSSL_ASN1_PARSE_C |
#define POLARSSL_ASN1_WRITE_C |
#define POLARSSL_BASE64_C |
#define POLARSSL_BIGNUM_C |
#define POLARSSL_BLOWFISH_C |
#define POLARSSL_CAMELLIA_C |
Enable the Camellia block cipher.
Module: library/camellia.c Caller: library/ssl_tls.c
This module enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
#define POLARSSL_CCM_C |
#define POLARSSL_CERTS_C |
#define POLARSSL_CIPHER_C |
#define POLARSSL_CIPHER_MODE_CBC |
#define POLARSSL_CIPHER_MODE_CFB |
#define POLARSSL_CIPHER_MODE_CTR |
#define POLARSSL_CTR_DRBG_C |
#define POLARSSL_DEBUG_C |
#define POLARSSL_DES_C |
Enable the DES block cipher.
Module: library/des.c Caller: library/pem.c library/ssl_tls.c
This module enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA TLS_PSK_WITH_3DES_EDE_CBC_SHA
PEM_PARSE uses DES/3DES for decrypting encrypted keys.
#define POLARSSL_DHM_C |
#define POLARSSL_ECDH_C |
#define POLARSSL_ECDSA_C |
#define POLARSSL_ECDSA_DETERMINISTIC |
Enable deterministic ECDSA (RFC 6979).
Standard ECDSA is "fragile" in the sense that lack of entropy when signing may result in a compromise of the long-term signing key. This is avoided by the deterministic variant.
Requires: POLARSSL_HMAC_DRBG_C
Comment this macro to disable deterministic ECDSA.
#define POLARSSL_ECP_C |
#define POLARSSL_ECP_NIST_OPTIM |
#define POLARSSL_ENTROPY_C |
#define POLARSSL_ERROR_C |
Enable error code to error string conversion.
Module: library/error.c Caller:
This module enables polarssl_strerror().
#define POLARSSL_ERROR_STRERROR_BC |
Make available the backward compatible error_strerror() next to the current polarssl_strerror().
Disable if you want to really remove the error_strerror() name
#define POLARSSL_ERROR_STRERROR_DUMMY |
Enable a dummy error function to make use of polarssl_strerror() in third party libraries easier when POLARSSL_ERROR_C is disabled (no effect when POLARSSL_ERROR_C is enabled).
You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're not using polarssl_strerror() or error_strerror() in your application.
Disable if you run into name conflicts and want to really remove the polarssl_strerror()
#define POLARSSL_FS_IO |
#define POLARSSL_GCM_C |
#define POLARSSL_GENPRIME |
#define POLARSSL_HAVE_ASM |
The compiler has support for asm().
Requires support for asm() in compiler.
Used in: library/timing.c library/padlock.c include/polarssl/bn_mul.h
Comment to disable the use of assembly code.
#define POLARSSL_HAVE_IPV6 |
System supports the basic socket interface for IPv6 (RFC 3493), specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage.
Note: on Windows/MingW, XP or higher is required.
Comment if your system does not support the IPv6 socket interface
#define POLARSSL_HAVE_LONGLONG |
#define POLARSSL_HAVE_TIME |
#define POLARSSL_HMAC_DRBG_C |
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED |
Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_DHM_C
This enables the following ciphersuites (if other requisites are enabled as well): TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 TLS_DHE_PSK_WITH_AES_256_CBC_SHA TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA TLS_DHE_PSK_WITH_RC4_128_SHA
#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED |
Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, POLARSSL_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED |
Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED |
Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
This enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED |
Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_ECDH_C
This enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_PSK_WITH_RC4_128_SHA
#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, POLARSSL_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED |
Enable the PSK based ciphersuite modes in SSL / TLS.
This enables the following ciphersuites (if other requisites are enabled as well): TLS_PSK_WITH_AES_256_GCM_SHA384 TLS_PSK_WITH_AES_256_CBC_SHA384 TLS_PSK_WITH_AES_256_CBC_SHA TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLS_PSK_WITH_AES_128_GCM_SHA256 TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_PSK_WITH_AES_128_CBC_SHA TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLS_PSK_WITH_3DES_EDE_CBC_SHA TLS_PSK_WITH_RC4_128_SHA
#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED |
Enable the RSA-only based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, POLARSSL_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5
#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED |
Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, POLARSSL_X509_CRT_PARSE_C
This enables the following ciphersuites (if other requisites are enabled as well): TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 TLS_RSA_PSK_WITH_AES_256_CBC_SHA TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 TLS_RSA_PSK_WITH_AES_128_CBC_SHA TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA TLS_RSA_PSK_WITH_RC4_128_SHA
#define POLARSSL_MD5_C |
#define POLARSSL_MD_C |
#define POLARSSL_NET_C |
#define POLARSSL_OID_C |
Enable the OID database.
Module: library/oid.c Caller: library/asn1write.c library/pkcs5.c library/pkparse.c library/pkwrite.c library/rsa.c library/x509.c library/x509_create.c library/x509_crl.c library/x509_crt.c library/x509_csr.c library/x509write_crt.c library/x509write_csr.c
This modules translates between OIDs and internal values.
#define POLARSSL_PADLOCK_C |
#define POLARSSL_PBKDF2_C |
Enable PKCS#5 PBKDF2 key derivation function.
Module: library/pbkdf2.c
Requires: POLARSSL_PKCS5_C
This module adds support for the PKCS#5 PBKDF2 key derivation function.
#define POLARSSL_PEM_PARSE_C |
#define POLARSSL_PEM_WRITE_C |
#define POLARSSL_PK_C |
#define POLARSSL_PK_PARSE_C |
#define POLARSSL_PK_PARSE_EC_EXTENDED |
Enhance support for reading EC keys using variants of SEC1 not allowed by RFC 5915 and RFC 5480.
Currently this means parsing the SpecifiedECDomain choice of EC parameters (only known groups are supported, not arbitrary domains, to avoid validation issues).
Disable if you only need to support RFC 5915 + 5480 key formats.
#define POLARSSL_PK_WRITE_C |
#define POLARSSL_PKCS12_C |
Enable PKCS#12 PBE functions.
Adds algorithms for parsing PKCS#8 encrypted private keys
Module: library/pkcs12.c Caller: library/pkparse.c
Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C Can use: POLARSSL_ARC4_C
This module enables PKCS#12 functions.
#define POLARSSL_PKCS1_V15 |
#define POLARSSL_PKCS1_V21 |
#define POLARSSL_PKCS5_C |
#define POLARSSL_PLATFORM_C |
Enable the platform abstraction layer that allows you to re-assign functions like malloc(), free(), snprintf(), printf(), fprintf(), exit()
Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT or POLARSSL_PLATFORM_XXX_MACRO directives, allowing the functions mentioned above to be specified at runtime or compile time respectively.
Module: library/platform.c Caller: Most other .c files
This module enables abstraction of common (libc) functions.
#define POLARSSL_RIPEMD160_C |
#define POLARSSL_RSA_C |
Enable the RSA public-key cryptosystem.
Module: library/rsa.c Caller: library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c library/x509.c
This module is used by the following key exchanges: RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
#define POLARSSL_SELF_TEST |
#define POLARSSL_SHA1_C |
#define POLARSSL_SHA256_C |
Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
(Used to be POLARSSL_SHA2_C)
Module: library/sha256.c Caller: library/entropy.c library/md.c library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c
This module adds support for SHA-224 and SHA-256. This module is required for the SSL/TLS 1.2 PRF function.
#define POLARSSL_SHA512_C |
#define POLARSSL_SSL_ALPN |
#define POLARSSL_SSL_CACHE_C |
#define POLARSSL_SSL_CBC_RECORD_SPLITTING |
Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
This is a countermeasure to the BEAST attack, which also minimizes the risk of interoperability issues compared to sending 0-length records.
Comment this macro to disable 1/n-1 record splitting.
#define POLARSSL_SSL_CLI_C |
#define POLARSSL_SSL_ENCRYPT_THEN_MAC |
Enable support for Encrypt-then-MAC, RFC 7366.
This allows peers that both support it to use a more robust protection for ciphersuites using CBC, providing deep resistance against timing attacks on the padding or underlying cipher.
This only affects CBC ciphersuites, and is useless if none is defined.
Requires: POLARSSL_SSL_PROTO_TLS1 or POLARSSL_SSL_PROTO_TLS1_1 or POLARSSL_SSL_PROTO_TLS1_2
Comment this macro to disable support for Encrypt-then-MAC
#define POLARSSL_SSL_EXTENDED_MASTER_SECRET |
Enable support for Extended Master Secret, aka Session Hash (draft-ietf-tls-session-hash-02).
This was introduced as "the proper fix" to the Triple Handshake familiy of attacks, but it is recommended to always use it (even if you disable renegotiation), since it actually fixes a more fundamental issue in the original SSL/TLS design, and has implications beyond Triple Handshake.
Requires: POLARSSL_SSL_PROTO_TLS1 or POLARSSL_SSL_PROTO_TLS1_1 or POLARSSL_SSL_PROTO_TLS1_2
Comment this macro to disable support for Extended Master Secret.
#define POLARSSL_SSL_FALLBACK_SCSV |
Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
For servers, it is recommended to always enable this, unless you support only one version of TLS, or know for sure that none of your clients implements a fallback strategy.
For clients, you only need this if you're using a fallback strategy, which is not recommended in the first place, unless you absolutely need it to interoperate with buggy (version-intolerant) servers.
Comment this macro to disable support for FALLBACK_SCSV
#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH |
#define POLARSSL_SSL_PROTO_TLS1 |
#define POLARSSL_SSL_PROTO_TLS1_1 |
#define POLARSSL_SSL_PROTO_TLS1_2 |
#define POLARSSL_SSL_SERVER_NAME_INDICATION |
#define POLARSSL_SSL_SESSION_TICKETS |
#define POLARSSL_SSL_SRV_C |
#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO |
#define POLARSSL_SSL_TLS_C |
#define POLARSSL_SSL_TRUNCATED_HMAC |
#define POLARSSL_THREADING_C |
Enable the threading abstraction layer.
By default mbed TLS assumes it is used in a non-threaded environment or that contexts are not shared between threads. If you do intend to use contexts between threads, you will need to enable this layer to prevent race conditions.
Module: library/threading.c
This allows different threading implementations (self-implemented or provided).
You will have to enable either POLARSSL_THREADING_ALT or POLARSSL_THREADING_PTHREAD.
Enable this layer to allow use of mutexes within mbed TLS
#define POLARSSL_THREADING_PTHREAD |
#define POLARSSL_TIMING_C |
#define POLARSSL_VERSION_C |
#define POLARSSL_VERSION_FEATURES |
Allow run-time checking of compile-time enabled features.
Thus allowing users to check at run-time if the library is for instance compiled with threading support via version_check_feature().
Requires: POLARSSL_VERSION_C
Comment this to disable run-time checking and save ROM space
#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE |
Enable verification of the extendedKeyUsage extension (leaf certificates).
Disabling this avoids problems with mis-issued and/or misused certificates.
Comment to skip extendedKeyUsage checking for certificates.
#define POLARSSL_X509_CHECK_KEY_USAGE |
Enable verification of the keyUsage extension (CA and leaf certificates).
Disabling this avoids problems with mis-issued and/or misused (intermediate) CA and leaf certificates.
Comment to skip keyUsage checking for both CA and leaf certificates.
#define POLARSSL_X509_CREATE_C |
#define POLARSSL_X509_CRL_PARSE_C |
#define POLARSSL_X509_CRT_PARSE_C |
#define POLARSSL_X509_CRT_WRITE_C |
#define POLARSSL_X509_CSR_PARSE_C |
#define POLARSSL_X509_CSR_WRITE_C |
#define POLARSSL_X509_RSASSA_PSS_SUPPORT |
#define POLARSSL_X509_USE_C |
Enable X.509 core for using certificates.
Module: library/x509.c Caller: library/x509_crl.c library/x509_crt.c library/x509_csr.c
Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_PARSE_C
This module is required for the X.509 parsing modules.