cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
config.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * cryptlib Configuration Settings *
4 * Copyright Peter Gutmann 1992-2011 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _CONFIG_DEFINED
9 
10 #define _CONFIG_DEFINED
11 
12 /* The following defines can be used to enable specific specific cryptlib
13  profiles that only enable the functionality needed for one particular
14  application:
15 
16  #define CONFIG_PROFILE_SMIME
17  #define CONFIG_PROFILE_SSL
18  #define CONFIG_PROFILE_SSH
19 
20  The configuration is set up in the section "Application Profiles" at the
21  end of this file.
22 
23  Note that VC 7.1 allows selective inheritance of defines set at the top
24  level into source files within projects. For some bizarre reason this
25  defaults to 'none' so that setting USE_xxx values at the project level
26  doesn't filter down to any of the source files unless it's manually
27  enabled in the compiler config options.
28 
29  In addition to the above profile defines, the following can be used to
30  remove entire blocks of cryptlib functionality. Note that this sort of
31  thing would normally be done by the build command (e.g. in a makefile),
32  the following is mostly intended for debugging */
33 
34 #if 0
35  #define CONFIG_NO_CERTIFICATES
36  #define CONFIG_NO_DEVICES
37  #define CONFIG_NO_ENVELOPES
38  #define CONFIG_NO_KEYSETS
39  #define CONFIG_NO_SESSIONS
40  #if defined( _WIN32 ) && defined( _MSC_VER ) && ( _MSC_VER == 1200 )
41  #define NO_OBSCURE_FEATURES
42  #endif /* Exception for testing rarely-used facilities under VC++ 6.0 */
43 #endif /* 0 */
44 
45 /* General capabilities that affect further config options */
46 
47 #if defined( __BEOS__ ) || defined( __CHORUS__ ) || \
48  ( defined( __ECOS__ ) && defined( CYGPKG_NET ) ) || \
49  defined( __MVS__ ) || defined( __PALMOS__ ) || defined( __RTEMS__ ) || \
50  defined( __SYMBIAN32__ ) || defined( __TANDEM_NSK__ ) || \
51  defined( __TANDEM_OSS__ ) || defined( __UNIX__ ) || \
52  defined( __WINDOWS__ )
53  #define USE_TCP
54 #endif /* Systems with TCP/IP networking available */
55 
56 /* Whether to use the RPC API or not. This provides total isolation of
57  input and output data, at the expense of some additional overhead due
58  to marshalling and unmarshalling */
59 
60 /* #define USE_RPCAPI */
61 
62 /* Whether to use FIPS 140 ACLs or not. Enabling this setting disables
63  all plaintext key loads. Note that this will cause several of the
64  self-tests, which assume that they can load keys directly, to fail */
65 
66 /* #define USE_FIPS140 */
67 
68 /* Whether to build the Java/JNI interface or not */
69 
70 /* #define USE_JAVA */
71 
72 /* Whether to provide descriptive text messages for errors or not.
73  Disabling these can reduce code size, at the expense of making error
74  diagnosis reliant solely on error codes */
75 
76 #ifndef CONFIG_CONSERVE_MEMORY
77  #define USE_ERRMSGS
78 #endif /* Low-memory builds */
79 
80 /****************************************************************************
81 * *
82 * Contexts *
83 * *
84 ****************************************************************************/
85 
86 /* The umbrella define USE_PATENTED_ALGORITHMS can be used to drop all
87  patented algorithms (note that this removes IDEA, which is needed for PGP
88  2.x private keyring reads and message decryption),
89  USE_DEPRECATED_ALGORITHMS can be used to drop deprecated (obsolete or
90  weak) algorithms, and USE_OBSCURE_ALGORITHMS can be used to drop little-
91  used algorithms. Technically both DES and MD5 are also deprecated but
92  they're still so widely used that it's not really possible to drop them */
93 
94 #if 0
95  #define USE_DEPRECATED_ALGORITHMS
96 #endif /* 0 */
97 #ifndef CONFIG_CONSERVE_MEMORY
98  #define USE_PATENTED_ALGORITHMS
99  #define USE_OBSCURE_ALGORITHMS
100 #endif /* Low-memory builds */
101 
102 /* Patented algorithms */
103 
104 #ifdef USE_PATENTED_ALGORITHMS
105  #define USE_IDEA
106  #define USE_RC5
107 #endif /* Use of patented algorithms */
108 
109 /* Obsolete and/or weak algorithms, disabled by default. There are some
110  algorithms that are never enabled, among them KEA (which never gained any
111  real acceptance, and in any case when it was finally analysed by Kristin
112  Lauter and Anton Mityagin was found to have a variety of problems) and
113  MD2, MD4, and CAST (which are either completely broken or obsolete/never
114  used any more) */
115 
116 #ifdef USE_DEPRECATED_ALGORITHMS
117  #define USE_RC2
118  #define USE_RC4
119 #endif /* Obsolete and/or weak algorithms */
120 
121 /* Obscure algorithms */
122 
123 #ifdef USE_OBSCURE_ALGORITHMS
124  #define USE_ELGAMAL
125  #define USE_HMAC_MD5
126  #define USE_HMAC_RIPEMD160
127  #define USE_RIPEMD160
128 #endif /* Obscure algorithms */
129 
130 /* Obscure algorithms and modes not supported by most other implementations.
131  Note that AES-GCM uses eight times as much memory as straight AES, and
132  that's for the variant with the small lookup tables */
133 
134 #if !defined( NDEBUG ) && 0
135  #define USE_ECDH
136  #define USE_ECDSA
137  #define USE_GCM
138 #endif /* Win32 debug */
139 
140 /* Other algorithms. Note that DES/3DES and SHA1 are always enabled as
141  they're used internally by cryptlib */
142 
143 #define USE_AES
144 #define USE_BLOWFISH
145 #define USE_DH
146 #define USE_DSA
147 #define USE_MD5
148 #define USE_RSA
149 #define USE_SHA2
150 #define USE_HMAC_SHA2
151 #if defined( __UNIX__ ) && defined( _CRAY )
152  /* The AES and SHA-2 reference code require a 32-bit data type, but Crays
153  only have 8-bit and 64-bit types */
154  #undef USE_AES
155  #undef USE_SHA2
156  #undef USE_HMAC_SHA2
157 #endif /* Crays */
158 #if defined( __MSDOS__ )
159  /* Remove some of the more memory-intensive or unlikely-to-be-used-under-DOS
160  algorithms */
161  #undef USE_BLOWFISH
162  #undef USE_DH
163  #undef USE_MD5
164  #undef USE_SHA2
165  #undef USE_HMAC_SHA2
166 
167  /* Remove further algorithms to save space */
168  #undef USE_DSA
169 #endif /* DOS */
170 
171 /* General PKC context usage */
172 
173 #if defined( USE_DH ) || defined( USE_DSA ) || defined( USE_ELGAMAL ) || \
174  defined( USE_RSA ) || defined( USE_ECDH ) || defined( USE_ECDSA )
175  #define USE_PKC
176 #endif /* PKC types */
177 
178 /****************************************************************************
179 * *
180 * Certificates *
181 * *
182 ****************************************************************************/
183 
184 #ifndef CONFIG_NO_CERTIFICATES
185 
186 /* The certificate-processing code is so deeply intertwingled (almost all of
187  the code to manipulate certificate attributes is shared, with only a few
188  certificate type-specific routines) that it's quite difficult to separate
189  out individual sections so all that we can provide is the ability to
190  enable/disable general classes of certificate object */
191 
192 #define USE_CERTIFICATES
193 #define USE_CERTREV /* CRL, OCSP */
194 #define USE_CERTVAL /* RTCS */
195 #define USE_CERTREQ /* PKCS #10, CRMF */
196 #define USE_CMSATTR /* CMS attributes */
197 #define USE_PKIUSER /* pkiUser */
198 
199 /* Another side-effect of the complexity of the certificate-handling code is
200  that it carries around a large amount of code that's required in order to
201  support processing of bizarro attributes that no-one ever uses and whose
202  sole effect is to weaken the overall code by vastly increasing its attack
203  surface. The following defines can be used to control the maximum level
204  of compliance in the certificate-handling code. To enable use at
205  compliance level n it's necessary to have the values for level 0...n-1
206  defined as well, this makes checking in the code cleaner. Compliance
207  levels _OBLIVIOUS, _REDUCED, and _STANDARD are assumed by default, levels
208  _PKIX_PARTIAL and _PKIX_FULL need to be explicitly enabled. _PKIX_PARTIAL
209  enables a few extra attributes and extra checking that are skipped in
210  _STANDARD, in most cases there'll be no noticeable difference between
211  _STANDARD and _PKIX_PARTIAL so unless you specifically need it you can
212  disable it to save space and code complexity. _PKIX_FULL on the other
213  hand enables a large number of additional attributes and checks,
214  including ones that enforce downright bizarre requirements set by the
215  standards. Unless you understand the implications of this (or you need
216  to pass some sort of external compliance test) you shouldn't enable this
217  level of processing since all it does is increase the code size and
218  attack surface, complicate processing, and (if triggered) produce results
219  that can be quite counterintuitive unless you really understand the
220  peculiarities in the standards */
221 
222 #if !defined( USE_CERTLEVEL_PKIX_FULL ) && \
223  !defined( USE_CERTLEVEL_PKIX_PARTIAL ) && \
224  !defined( USE_CERTLEVEL_STANDARD )
225  #define USE_CERTLEVEL_PKIX_PARTIAL /* Default level is PKIX_PARTIAL */
226 #endif /* PKIX compliance level */
227 #if defined( USE_CERTLEVEL_PKIX_FULL ) && !defined( USE_CERTLEVEL_PKIX_PARTIAL )
228  /* USE_CERTLEVEL_PKIX_FULL implies USE_CERTLEVEL_PKIX_PARTIAL */
229  #define USE_CERTLEVEL_PKIX_PARTIAL
230 #endif /* USE_CERTLEVEL_PKIX_FULL && !USE_CERTLEVEL_PKIX_PARTIAL */
231 
232 /* The following are used to control handling of obscure certificate and CMS
233  attributes like qualified certificates, SigG certificates, CMS receipts,
234  security labels, and AuthentiCode, and completely obsolete certificate
235  attributes like the old Thawte and Netscape certificate extensions. These
236  are disabled by default */
237 
238 #if 0
239  #define USE_CERT_OBSCURE
240  #define USE_CMSATTR_OBSCURE
241  #define USE_CERT_OBSOLETE
242 #endif /* 0 */
243 
244 /* Finally, we provide the ability to disable various complex and therefore
245  error-prone mechanisms that aren't likely to see much use. By default
246  these are disabled */
247 
248 #if 0
249  #define USE_CERT_DNSTRING
250 #endif /* 0 */
251 
252 #if defined( USE_CERTIFICATES ) && !defined( USE_PKC )
253  #error Use of certificates requires use of PKC algorithms to be enabled
254 #endif /* USE_CERTIFICATES && !USE_PKC */
255 
256 #endif /* CONFIG_NO_CERTIFICATES */
257 
258 /****************************************************************************
259 * *
260 * Devices *
261 * *
262 ****************************************************************************/
263 
264 #ifndef CONFIG_NO_DEVICES
265 
266 /* Device types. PKCS #11 can also be enabled under Unix by the auto-config
267  mechanism, which sets HAS_PKCS11 if PKCS #11 support is available */
268 
269 #if defined( __WIN32__ )
270  #ifndef __BORLANDC__
271  #define USE_PKCS11
272  #endif /* Borland C can't handle PKCS #11 headers */
273  #if !defined( NDEBUG )
274  #define USE_HARDWARE
275  #endif /* Windows debug mode only */
276 #endif /* __WIN32__ */
277 #ifdef HAS_PKCS11
278  #define USE_PKCS11
279 #endif /* PKCS #11 under Unix autoconfig */
280 
281 /* General device usage */
282 
283 #if defined( USE_PKCS11 ) || defined( USE_CRYPTOAPI )
284  #define USE_DEVICES
285 #endif /* Device types */
286 
287 #endif /* CONFIG_NO_DEVICES */
288 
289 /****************************************************************************
290 * *
291 * Enveloping *
292 * *
293 ****************************************************************************/
294 
295 #ifndef CONFIG_NO_ENVELOPES
296 
297 /* CMS envelopes */
298 
299 #define USE_CMS
300 #if !defined( __MSDOS__ ) && !defined( __WIN16__ )
301  #define USE_COMPRESSION
302 #endif /* __MSDOS__ || __WIN16__ */
303 
304 /* PGP envelopes */
305 
306 #define USE_PGP
307 #if defined( USE_PGP ) && !defined( USE_ELGAMAL )
308  #define USE_ELGAMAL
309 #endif /* OpenPGP requires Elgamal */
310 
311 /* General envelope usage */
312 
313 #if defined( USE_CMS ) || defined( USE_PGP )
314  #define USE_ENVELOPES
315 #endif /* Enveloping types */
316 
317 #if defined( USE_ENVELOPES ) && !defined( USE_PKC )
318  #error Use of envelopes requires use of PKC algorithms to be enabled
319 #endif /* USE_ENVELOPES && !USE_PKC */
320 
321 #endif /* CONFIG_NO_ENVELOPES */
322 
323 /****************************************************************************
324 * *
325 * Keysets *
326 * *
327 ****************************************************************************/
328 
329 #ifndef CONFIG_NO_KEYSETS
330 
331 /* Database keysets. ODBC can also be enabled under Unix by the auto-config
332  mechanism, which sets HAS_ODBC if ODBC support is available */
333 
334 #if defined( __WIN32__ ) && !defined( NT_DRIVER )
335  #if !( defined( __BORLANDC__ ) && ( __BORLANDC__ < 0x550 ) )
336  #define USE_ODBC
337  #endif /* Old Borland C++ */
338 #endif /* Windows */
339 #ifdef HAS_ODBC
340  #define USE_ODBC
341 #endif /* ODBC under Unix autoconfig */
342 #if defined( USE_ODBC ) || defined( USE_DATABASE ) || \
343  defined( USE_DATABASE_PLUGIN )
344  #define USE_DBMS
345 #endif /* RDBMS types */
346 
347 /* Network keysets. LDAP can also be enabled under Unix by the auto-config
348  mechanism, which sets HAS_LDAP if LDAP support is available.
349 
350  Note that LDAP is disabled by default because of its very large attack
351  surface, you should only enable this if it's absolutely essential, and
352  your security guarantee is void when using it */
353 
354 #if defined( __WIN32__ ) && \
355  !( defined( NT_DRIVER ) || defined( WIN_DDK ) || \
356  defined( __BORLANDC__ ) ) && 0
357  #define USE_LDAP
358 #endif /* Windows */
359 #if defined( HAS_LDAP ) && 0
360  #define USE_LDAP
361 #endif /* LDAP under Unix autoconfig */
362 #ifdef USE_TCP
363  #define USE_HTTP
364 #endif /* TCP/IP networking */
365 
366 /* File keysets */
367 
368 /* By uncommenting the following PKCS #12 define or enabling equivalent
369  functionality in any other manner you acknowledge that you are disabling
370  safety features in the code and take full responbility for any
371  consequences arising from this action. You also indemnify the cryptlib
372  authors against all actions, claims, losses, costs, and expenses that
373  may be suffered or incurred and that may have arisen directly or
374  indirectly as a result of any use of cryptlib with this change made. If
375  you receive the code with the safety features already disabled, you must
376  obtain an original, unmodified version */
377 /* #define USE_PKCS12 */
378 #ifdef USE_PKCS12
379  /* If we use PKCS #12 then we have to enable RC2 in order to handle
380  Microsoft's continuing use of RC2-40 */
381  #define USE_RC2
382 #endif /* USE_PKCS12 */
383 
384 #define USE_PGPKEYS
385 #define USE_PKCS15
386 #if defined( USE_PGPKEYS ) || defined( USE_PKCS15 )
387  #ifndef USE_PKC
388  #error Use of PGP/PKCS #15 keysets requires use of PKC algorithms to be enabled
389  #endif /* USE_PKC */
390 #endif /* USE_PGPKEYS || USE_PKCS15 */
391 
392 /* General keyset usage */
393 
394 #if defined( USE_DBMS ) || defined( USE_HTTP ) || defined( USE_LDAP ) || \
395  defined( USE_PGPKEYS ) || defined( USE_PKCS12 ) || defined( USE_PKCS15 )
396  #define USE_KEYSETS
397 #endif /* Keyset types */
398 
399 #endif /* CONFIG_NO_KEYSETS */
400 
401 /****************************************************************************
402 * *
403 * Sessions *
404 * *
405 ****************************************************************************/
406 
407 #ifndef CONFIG_NO_SESSIONS
408 
409 /* SSHv1 is explicitly disabled (or at least not enabled), you should only
410  enable this if there's a very good reason to use it since this code is
411  very old, unmaintained, and hasn't been subject to ongoing security
412  audits. Enabling it here will also produce a double-check warning in
413  ssh1.c that needs to be turned off to allow the code to build */
414 
415 #ifdef USE_TCP
416  #define USE_CERTSTORE
417  #define USE_CMP
418  #define USE_RTCS
419  #define USE_OCSP
420  #define USE_SCEP
421  #define USE_SSH
422  #define USE_SSL
423  #define USE_TSP
424 #endif /* USE_TCP */
425 
426 /* Make sure that prerequisites are met for sessions that require
427  certificate components */
428 
429 #if defined( USE_CERTSTORE ) && !defined( USE_CERTIFICATES )
430  #error Use of a certificate store requires use of certificates to be enabled
431 #endif /* USE_CERTSTORE && !USE_CERTIFICATES */
432 #if defined( USE_CMP ) && !defined( USE_CERTREQ )
433  #error Use of CMP requires use of certificate requests to be enabled
434 #endif /* USE_CMP && !USE_CERTREQ */
435 #if defined( USE_RTCS ) && !( defined( USE_CERTVAL ) && defined( USE_CMSATTR ) )
436  /* RTCS needs CRYPT_CERTINFO_CMS_NONCE */
437  #error Use of RTCS requires use of certificate validation and CMS attributes to be enabled
438 #endif /* USE_RTCS && !( USE_CERTVAL && USE_CMSATTR ) */
439 #if defined( USE_OCSP ) && !defined( USE_CERTREV )
440  #error Use of OCSP requires use of certificate revocation to be enabled
441 #endif /* USE_OCSP && !USE_CERTREV */
442 #if defined( USE_SCEP ) && !( defined( USE_CERTREQ ) && defined( USE_CMSATTR ) )
443  /* SCEP needs CRYPT_CERTINFO_CHALLENGEPASSWORD for PKCS #10 requests and
444  CRYPT_CERTINFO_SCEP_xyz for CMS attributes */
445  #error Use of SCEP requires use of certificate requests and CMS attributes to be enabled
446 #endif /* USE_SCEP && !( USE_CERTREQ && USE_CMSATTR ) */
447 #if defined( USE_SSL ) && !defined( USE_CERTIFICATES )
448  #error Use of SSL requires use of certificates to be enabled
449 #endif /* USE_SSL && !USE_CERTIFICATES */
450 #if defined( USE_TSP ) && !defined( USE_CMSATTR )
451  /* TSP requires CRYPT_CERTINFO_CMS_SIGNINGCERT_ESSCERTID */
452  #error Use of TSP requires use of CMS attributes to be enabled
453 #endif /* USE_TSP && !USE_CERTIFICATES */
454 
455 /* General session usage */
456 
457 #if defined( USE_CMP ) || defined( USE_RTCS ) || defined( USE_OCSP ) || \
458  defined( USE_SCEP ) || defined( USE_SSH1 ) || defined( USE_SSH ) || \
459  defined( USE_SSL ) || defined( USE_TSP )
460  #define USE_SESSIONS
461 #endif /* Session types */
462 
463 #if defined( USE_SESSIONS ) && !defined( USE_PKC )
464  #error Use of secure sessions requires use of PKC algorithms to be enabled
465 #endif /* USE_SESSIONS && !USE_PKC */
466 
467 /* Finally, we provide the ability to disable various complex and therefore
468  error-prone mechanisms that aren't likely to see much use. By default
469  these are disabled */
470 
471 #if 0
472  #define USE_SSH_EXTENDED
473 #endif /* 0 */
474 
475 #endif /* CONFIG_NO_SESSIONS */
476 
477 /****************************************************************************
478 * *
479 * OS Services and Resources *
480 * *
481 ****************************************************************************/
482 
483 /* Threads */
484 
485 #if defined( __AMX__ ) || defined( __BEOS__ ) || defined( __CHORUS__ ) || \
486  defined( __ECOS__ ) || defined( __EmbOS__ ) || defined( __FreeRTOS__ ) || \
487  defined( __ITRON__ ) || defined( __MQX__ ) || defined( __OS2__ ) || \
488  defined( __PALMOS__ ) || defined( __RTEMS__ ) || defined( __ThreadX__ ) || \
489  defined( __TKernel__ ) || defined( __UCOS__ ) || defined( __VDK__ ) || \
490  defined( __VXWORKS__ ) || defined( __WIN32__ ) || defined( __WINCE__ ) || \
491  defined( __XMK__ ) || defined( __VXWORKS__ )
492  #define USE_THREADS
493 #endif /* Non-Unix systems with threads */
494 
495 #ifdef __UNIX__
496  #if !( ( defined( __QNX__ ) && ( OSVERSION <= 4 ) ) || \
497  ( defined( sun ) && ( OSVERSION <= 4 ) ) || defined( __TANDEM ) )
498  #define USE_THREADS
499  #endif
500 #endif /* Unix systems with threads */
501 
502 #ifdef NO_THREADS
503  /* Allow thread use to be overridden by the user if required */
504  #undef USE_THREADS
505 #endif /* NO_THREADS */
506 
507 /* Widechars */
508 
509 #if defined( __BEOS__ ) || defined( __ECOS__ ) || defined( __MSDOS32__ ) || \
510  defined( __OS2__ ) || defined( __RTEMS__ ) || \
511  ( ( defined( __WIN32__ ) || defined( __WINCE__ ) ) && \
512  !( defined( __BORLANDC__ ) && ( __BORLANDC__ < 0x500 ) ) ) || \
513  defined( __XMK__ )
514  #define USE_WIDECHARS
515 #endif /* Non-Unix systems with widechars */
516 
517 #ifdef __UNIX__
518  #if !( ( defined( __APPLE__ ) && OSVERSION < 7 ) || \
519  defined( __bsdi__ ) || defined( __OpenBSD__ ) || \
520  ( defined( __SCO_VERSION__ ) && OSVERSION < 5 ) || \
521  ( defined( sun ) && OSVERSION < 5 ) || \
522  defined( __SYMBIAN32__ ) )
523  #define USE_WIDECHARS
524  #endif
525 #endif /* Unix systems with widechars */
526 
527 /* Embedded OSes are a bit of a special case in that they're usually cross-
528  compiled, which means that we can't just pick up the native defines and
529  headers and go with those. To help handle things like conditional
530  includes we define a special symbol used to indicate a non-native cross-
531  compile. Note that this is distinct from specific embedded OSes like
532  WinCE and PalmOS which are treated as OSes in their own right, while all
533  USE_EMBEDDED_OS OSes are a single amorphous blob */
534 
535 #if defined( __AMX__ ) || defined( __CHORUS__ ) || defined( __ECOS__ ) || \
536  defined( __EmbOS__ ) || defined( __FreeRTOS__ ) || defined( __ITRON__ ) || \
537  defined( __MQX__ ) || defined( __RTEMS__ ) || defined( __ThreadX__ ) || \
538  defined( __TKernel__ ) || defined( __UCOS__ ) || defined( __VDK__ ) || \
539  defined( __VXWORKS__ ) || defined( __XMK__ )
540  #define USE_EMBEDDED_OS
541 #endif /* Embedded OSes */
542 
543 /* If it's an embededd OS there probably won't be much in the way of entropy
544  sources available so we enable the use of the random seed file by
545  default */
546 
547 #ifdef USE_EMBEDDED_OS
548  #define CONFIG_RANDSEED
549 #endif /* USE_EMBEDDED_OS */
550 
551 /* Networking. DNS SRV is very rarely used and somewhat risky to leave
552  enabled by default because the high level of complexity of DNS packet
553  parsing combined with the primitiveness of some of the APIs (specifically
554  the Unix ones) make it a bit risky to leave enabled by default, so we
555  disabled it by default for attack surface reduction */
556 
557 #if defined( USE_TCP ) && \
558  ( defined( __WINDOWS__ ) || defined( __UNIX__ ) ) && 0
559  #define USE_DNSSRV
560 #endif /* Windows || Unix */
561 
562 /****************************************************************************
563 * *
564 * Application Profiles *
565 * *
566 ****************************************************************************/
567 
568 /* The following profiles can be used to enable specific functionality for
569  applications like SSL, SSH, and S/MIME */
570 
571 #if defined( CONFIG_PROFILE_SMIME ) || defined( CONFIG_PROFILE_SSH ) || \
572  defined( CONFIG_PROFILE_SSL )
573 
574  /* Contexts */
575  #undef USE_BLOWFISH
576  #undef USE_ELGAMAL
577  #undef USE_HMAC_MD5
578  #undef USE_HMAC_RIPEMD160
579  #undef USE_IDEA
580  #undef USE_RC2
581  #undef USE_RC4
582  #undef USE_RC5
583  #undef USE_RIPEMD160
584 
585  /* Certificates */
586  #undef USE_CERTREV
587  #undef USE_CERTVAL
588  #undef USE_CERTREQ
589  #undef USE_PKIUSER
590 
591  /* Devices */
592  #undef USE_CRYPTOAPI
593  #undef USE_HARDWARE
594  #undef USE_PKCS11
595  #undef USE_DEVICES
596 
597  /* Keysets */
598  #undef USE_DBMS
599  #undef USE_HTTP
600  #undef USE_LDAP
601  #undef USE_ODBC
602 
603  /* Sessions */
604  #undef USE_CERTSTORE
605  #undef USE_CMP
606  #undef USE_OCSP
607  #undef USE_RTCS
608  #undef USE_SCEP
609  #undef USE_SSH1
610  #undef USE_TSP
611  #undef USE_DNSSRV
612 
613 #endif /* Application-specific profiles */
614 
615 #ifdef CONFIG_PROFILE_SSL
616  /* Contexts */
617  #undef USE_DSA
618 
619  /* Certificates */
620  #undef USE_CMSATTR
621 
622  /* Envelopes */
623  #undef USE_PGP
624  #undef USE_COMPRESSION
625 
626  /* Keysets */
627  #undef USE_PGPKEYS
628 
629  /* Sessions */
630  #undef USE_SSH
631 
632 #endif /* CONFIG_PROFILE_SSL */
633 
634 #ifdef CONFIG_PROFILE_SSH
635  /* Contexts */
636  #undef USE_DSA
637 
638  /* Certificates */
639  #undef USE_CERTIFICATES
640  #undef USE_CMSATTR
641 
642  /* Envelopes */
643  #undef USE_PGP
644  #undef USE_COMPRESSION
645 
646  /* Keysets */
647  #undef USE_PGPKEYS
648 
649  /* Sessions */
650  #undef USE_SSL
651 
652 #endif /* CONFIG_PROFILE_SSH */
653 
654 #ifdef CONFIG_PROFILE_SMIME
655 
656  /* Contexts */
657  #undef USE_DH
658  #undef USE_DSA
659  #undef USE_HMAC_SHA2
660  #undef USE_SHA2
661 
662  /* Envelopes */
663  #undef USE_PGP
664 
665  /* Keysets */
666  #undef USE_PGPKEYS
667 
668  /* Sessions */
669  #undef USE_SSH
670  #undef USE_SSL
671  #undef USE_TCP
672  #undef USE_SESSIONS
673 
674 #endif /* CONFIG_PROFILE_SSH */
675 
676 /****************************************************************************
677 * *
678 * Defines for Testing and Custom Builds *
679 * *
680 ****************************************************************************/
681 
682 /* Unsafe or obsolete facilities that are disabled by default, except in the
683  Win32 debug build under VC++ 6.0. We have to be careful with the
684  preprocessor checks because the high-level feature-checking defines and
685  macros are only available if osspec.h is included, which it won't be at
686  this level */
687 
688 #if defined( _WIN32 ) && defined( _MSC_VER ) && ( _MSC_VER == 1200 ) && \
689  !defined( NDEBUG ) && !defined( NO_OBSCURE_FEATURES ) && \
690  !( defined( __WINCE__ ) || defined( CONFIG_PROFILE_SMIME ) || \
691  defined( CONFIG_PROFILE_SSH ) || defined( CONFIG_PROFILE_SSL ) )
692  #define USE_CERT_DNSTRING
693  #define USE_CRYPTOAPI
694  #define USE_ECDH
695  #define USE_ECDSA
696  #define USE_GCM
697  #define USE_LDAP
698  #define USE_OAEP
699  #define USE_PKCS12
700  #define USE_RC2 /* Needed for PKCS #12 */
701  #ifdef USE_TCP
702  #define USE_SSH_EXTENDED
703  #define USE_DNSSRV
704  #endif /* USE_TCP */
705 #endif /* Win32 debug build under VC++ 6.0 */
706 
707 /* If we're using a static analyser then we also enable some additional
708  functionality to allow the analyser to check it */
709 
710 #if ( defined( _MSC_VER ) && defined( _PREFAST_ ) ) || \
711  ( defined( __clang_analyzer__ ) )
712  #define USE_CERT_DNSTRING
713  #define USE_DNSSRV
714  #define USE_ECDH
715  #define USE_ECDSA
716  #define USE_GCM
717  #define USE_LDAP
718  #define USE_OAEP
719  #define USE_PKCS12
720  #define USE_SSH_EXTENDED
721 #endif /* Static analyser builds */
722 
723 /* If we're using Suite B we have to explicitly enable certain algorithms,
724  including extended forms of SHA-2 */
725 
726 #if defined( CONFIG_SUITEB_TESTS ) && !defined( CONFIG_SUITEB )
727  #define CONFIG_SUITEB
728 #endif /* CONFIG_SUITEB_TESTS && !CONFIG_SUITEB */
729 #if defined( CONFIG_SUITEB )
730  #define USE_ECDH
731  #define USE_ECDSA
732  #define USE_GCM
733  #define USE_SHA2_EXT
734 #endif /* Suite B */
735 
736 /* Rather than making everything even more complex and conditional than it
737  already is, it's easier to undefine the features that we don't want in
738  one place rather than trying to conditionally enable them */
739 
740 #if 0 /* Devices */
741  #undef USE_PKCS11
742  #undef USE_CRYPTOAPI
743 #endif /* 0 */
744 #if 0 /* Heavyweight keysets */
745  #undef USE_HTTP
746  #undef USE_LDAP
747  #undef USE_ODBC
748  #undef USE_DBMS
749 #endif /* 0 */
750 #if 0 /* Networking */
751  #undef USE_CERTSTORE
752  #undef USE_TCP
753  #undef USE_CMP
754  #undef USE_HTTP
755  #undef USE_RTCS
756  #undef USE_OCSP
757  #undef USE_SCEP
758  #undef USE_SSH1
759  #undef USE_SSH
760  #undef USE_SSL
761  #undef USE_TSP
762  #undef USE_SESSIONS
763 #endif /* 0 */
764 #if 0 /* Verbose error messages */
765  #undef USE_ERRMSGS
766 #endif /* 0 */
767 
768 #endif /* _CONFIG_DEFINED */
Generated on Thu Jan 10 2013 10:00:50 for cryptlib by   doxygen 1.8.2