robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5940 Commits
2 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ipxe/src/config/crypto.h

crypto.h 1.8KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. #ifndef CONFIG_CRYPTO_H

  2. #define CONFIG_CRYPTO_H

  3. 

  4. /** @file

  5.  *

  6.  * Cryptographic configuration

  7.  *

  8.  */

  9. 

  10. FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );

  11. 

  12. /** RSA public-key algorithm */

  13. #define CRYPTO_PUBKEY_RSA

  14. 

  15. /** AES-CBC block cipher */

  16. #define CRYPTO_CIPHER_AES_CBC

  17. 

  18. /** MD5 digest algorithm

  19.  *

  20.  * Note that use of MD5 is implicit when using TLSv1.1 or earlier.

  21.  */

  22. #define CRYPTO_DIGEST_MD5

  23. 

  24. /** SHA-1 digest algorithm

  25.  *

  26.  * Note that use of SHA-1 is implicit when using TLSv1.1 or earlier.

  27.  */

  28. #define CRYPTO_DIGEST_SHA1

  29. 

  30. /** SHA-224 digest algorithm */

  31. #define CRYPTO_DIGEST_SHA224

  32. 

  33. /** SHA-256 digest algorithm

  34.  *

  35.  * Note that use of SHA-256 is implicit when using TLSv1.2.

  36.  */

  37. #define CRYPTO_DIGEST_SHA256

  38. 

  39. /** SHA-384 digest algorithm */

  40. #define CRYPTO_DIGEST_SHA384

  41. 

  42. /** SHA-512 digest algorithm */

  43. #define CRYPTO_DIGEST_SHA512

  44. 

  45. /** Margin of error (in seconds) allowed in signed timestamps

  46.  *

  47.  * We default to allowing a reasonable margin of error: 12 hours to

  48.  * allow for the local time zone being non-GMT, plus 30 minutes to

  49.  * allow for general clock drift.

  50.  */

  51. #define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )

  52. 

  53. /** Default cross-signed certificate source

  54.  *

  55.  * This is the default location from which iPXE will attempt to

  56.  * download cross-signed certificates in order to complete a

  57.  * certificate chain.

  58.  */

  59. #define CROSSCERT "http://ca.ipxe.org/auto"

  60. 

  61. /** Perform OCSP checks when applicable

  62.  *

  63.  * Some CAs provide non-functional OCSP servers, and some clients are

  64.  * forced to operate on networks without access to the OCSP servers.

  65.  * Allow the user to explicitly disable the use of OCSP checks.

  66.  */

  67. #define OCSP_CHECK

  68. 

  69. #include <config/named.h>

  70. #include NAMED_CONFIG(crypto.h)

  71. #include <config/local/crypto.h>

  72. #include LOCAL_NAMED_CONFIG(crypto.h)

  73. 

  74. #endif /* CONFIG_CRYPTO_H */