Centralized module option values in config.h
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index e02db3f..afa9e61 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -3,7 +3,7 @@
*
* \brief Multi-precision integer library
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -65,6 +65,7 @@
*/
#define POLARSSL_MPI_MAX_LIMBS 10000
+#if !defined(POLARSSL_CONFIG_OPTIONS)
/*
* Maximum window size used for modular exponentiation. Default: 6
* Minimum value: 1. Maximum value: 6.
@@ -84,6 +85,9 @@
* of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher.
*/
#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+
+#endif /* !POLARSSL_CONFIG_OPTIONS */
+
#define POLARSSL_MPI_MAX_BITS ( 8 * POLARSSL_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
/*
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index cdf1137..3b0158b 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -3,7 +3,7 @@
*
* \brief Configuration options (set of defines)
*
- * Copyright (C) 2006-2012, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -957,4 +957,56 @@
#define POLARSSL_XTEA_C
/* \} name */
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ * Our advice is to enable POLARSSL_CONFIG_OPTIONS and change values here
+ * only if you have a good reason and know the consequences.
+ *
+ * If POLARSSL_CONFIG_OPTIONS is undefined here the options in the module
+ * header file take precedence.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ *
+ * Uncomment POLARSSL_CONFIG_OPTIONS to enable using the values defined here.
+ * \{
+ */
+//#define POLARSSL_CONFIG_OPTIONS /**< Enable config.h module value configuration */
+
+#if defined(POLARSSL_CONFIG_OPTIONS)
+
+// MPI / BIGNUM options
+//
+#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
+#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+
+// CTR_DRBG options
+//
+#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default */
+#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
+#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+
+// Entropy options
+//
+#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
+#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
+
+// SSL Cache options
+//
+#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
+#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
+
+// SSL options
+//
+#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
+
+#endif /* POLARSSL_CONFIG_OPTIONS */
+
+/* \} name */
#endif /* config.h */
diff --git a/include/polarssl/ctr_drbg.h b/include/polarssl/ctr_drbg.h
index 83861a9..5a26cde 100644
--- a/include/polarssl/ctr_drbg.h
+++ b/include/polarssl/ctr_drbg.h
@@ -3,7 +3,7 @@
*
* \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -41,11 +41,14 @@
#define CTR_DRBG_KEYBITS ( CTR_DRBG_KEYSIZE * 8 )
#define CTR_DRBG_SEEDLEN ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE )
/**< The seed length (counter + AES key) */
-#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default */
+
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default */
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
+#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
+#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
#define CTR_DRBG_PR_OFF 0 /**< No prediction resistance */
#define CTR_DRBG_PR_ON 1 /**< Prediction resistance enabled */
diff --git a/include/polarssl/entropy.h b/include/polarssl/entropy.h
index 53bce41..039f5cd 100644
--- a/include/polarssl/entropy.h
+++ b/include/polarssl/entropy.h
@@ -3,7 +3,7 @@
*
* \brief Entropy accumulator implementation
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -40,8 +40,11 @@
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */
+#if !defined(POLARSSL_CONFIG_OPTIONS)
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
+
#define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
#define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index eac894b..fa644fe 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -3,7 +3,7 @@
*
* \brief SSL/TLS functions.
*
- * Copyright (C) 2006-2012, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -123,7 +123,16 @@
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
#define SSL_LEGACY_BREAK_HANDSHAKE 2
-#define SSL_MAX_CONTENT_LEN 16384
+/*
+ * Size of the input / output buffer.
+ * Note: the RFC defines the default size of SSL / TLS messages. If you
+ * change the value here, other clients / servers may not be able to
+ * communicate with you anymore. Only change this value if you control
+ * both sides of the connection and have it reduced at both sides!
+ */
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
/*
* Allow an extra 512 bytes for the record header
diff --git a/include/polarssl/ssl_cache.h b/include/polarssl/ssl_cache.h
index 10cff20..8d66b5c 100644
--- a/include/polarssl/ssl_cache.h
+++ b/include/polarssl/ssl_cache.h
@@ -3,7 +3,7 @@
*
* \brief SSL session cache implementation
*
- * Copyright (C) 2006-2012, Brainspark B.V.
+ * Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -29,8 +29,10 @@
#include "ssl.h"
+#if !defined(POLARSSL_CONFIG_OPTIONS)
#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
+#endif /* !POLARSSL_CONFIG_OPTIONS */
#ifdef __cplusplus
extern "C" {