Skip to content
Permalink
563bff4722
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
80 lines (60 sloc) 1.88 KB
#ifndef CONFIG_CRYPTO_H
#define CONFIG_CRYPTO_H
/** @file
*
* Cryptographic configuration
*
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
/** Minimum TLS version */
#define TLS_VERSION_MIN TLS_VERSION_TLS_1_1
/** RSA public-key algorithm */
#define CRYPTO_PUBKEY_RSA
/** AES-CBC block cipher */
#define CRYPTO_CIPHER_AES_CBC
/** AES-GCM block cipher */
#define CRYPTO_CIPHER_AES_GCM
/** MD4 digest algorithm */
//#define CRYPTO_DIGEST_MD4
/** MD5 digest algorithm */
//#define CRYPTO_DIGEST_MD5
/** SHA-1 digest algorithm */
#define CRYPTO_DIGEST_SHA1
/** SHA-224 digest algorithm */
#define CRYPTO_DIGEST_SHA224
/** SHA-256 digest algorithm */
#define CRYPTO_DIGEST_SHA256
/** SHA-384 digest algorithm */
#define CRYPTO_DIGEST_SHA384
/** SHA-512 digest algorithm */
#define CRYPTO_DIGEST_SHA512
/** SHA-512/224 digest algorithm */
//#define CRYPTO_DIGEST_SHA512_224
/** SHA-512/256 digest algorithm */
//#define CRYPTO_DIGEST_SHA512_256
/** Margin of error (in seconds) allowed in signed timestamps
*
* We default to allowing a reasonable margin of error: 12 hours to
* allow for the local time zone being non-GMT, plus 30 minutes to
* allow for general clock drift.
*/
#define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
/** Default cross-signed certificate source
*
* This is the default location from which iPXE will attempt to
* download cross-signed certificates in order to complete a
* certificate chain.
*/
#define CROSSCERT "http://ca.ipxe.org/auto"
/** Perform OCSP checks when applicable
*
* Some CAs provide non-functional OCSP servers, and some clients are
* forced to operate on networks without access to the OCSP servers.
* Allow the user to explicitly disable the use of OCSP checks.
*/
#define OCSP_CHECK
#include <config/named.h>
#include NAMED_CONFIG(crypto.h)
#include <config/local/crypto.h>
#include LOCAL_NAMED_CONFIG(crypto.h)
#endif /* CONFIG_CRYPTO_H */