summaryrefslogtreecommitdiffstats
path: root/src/VBox/Devices/PC/ipxe/src/config/crypto.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/VBox/Devices/PC/ipxe/src/config/crypto.h77
1 files changed, 77 insertions, 0 deletions
diff --git a/src/VBox/Devices/PC/ipxe/src/config/crypto.h b/src/VBox/Devices/PC/ipxe/src/config/crypto.h
new file mode 100644
index 00000000..7c025175
--- /dev/null
+++ b/src/VBox/Devices/PC/ipxe/src/config/crypto.h
@@ -0,0 +1,77 @@
+#ifndef CONFIG_CRYPTO_H
+#define CONFIG_CRYPTO_H
+
+/** @file
+ *
+ * Cryptographic configuration
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+/** Minimum TLS version */
+#define TLS_VERSION_MIN TLS_VERSION_TLS_1_1
+
+/** RSA public-key algorithm */
+#define CRYPTO_PUBKEY_RSA
+
+/** AES-CBC block cipher */
+#define CRYPTO_CIPHER_AES_CBC
+
+/** MD4 digest algorithm */
+//#define CRYPTO_DIGEST_MD4
+
+/** MD5 digest algorithm */
+//#define CRYPTO_DIGEST_MD5
+
+/** SHA-1 digest algorithm */
+#define CRYPTO_DIGEST_SHA1
+
+/** SHA-224 digest algorithm */
+#define CRYPTO_DIGEST_SHA224
+
+/** SHA-256 digest algorithm */
+#define CRYPTO_DIGEST_SHA256
+
+/** SHA-384 digest algorithm */
+#define CRYPTO_DIGEST_SHA384
+
+/** SHA-512 digest algorithm */
+#define CRYPTO_DIGEST_SHA512
+
+/** SHA-512/224 digest algorithm */
+//#define CRYPTO_DIGEST_SHA512_224
+
+/** SHA-512/256 digest algorithm */
+//#define CRYPTO_DIGEST_SHA512_256
+
+/** Margin of error (in seconds) allowed in signed timestamps
+ *
+ * We default to allowing a reasonable margin of error: 12 hours to
+ * allow for the local time zone being non-GMT, plus 30 minutes to
+ * allow for general clock drift.
+ */
+#define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
+
+/** Default cross-signed certificate source
+ *
+ * This is the default location from which iPXE will attempt to
+ * download cross-signed certificates in order to complete a
+ * certificate chain.
+ */
+#define CROSSCERT "http://ca.ipxe.org/auto"
+
+/** Perform OCSP checks when applicable
+ *
+ * Some CAs provide non-functional OCSP servers, and some clients are
+ * forced to operate on networks without access to the OCSP servers.
+ * Allow the user to explicitly disable the use of OCSP checks.
+ */
+#define OCSP_CHECK
+
+#include <config/named.h>
+#include NAMED_CONFIG(crypto.h)
+#include <config/local/crypto.h>
+#include LOCAL_NAMED_CONFIG(crypto.h)
+
+#endif /* CONFIG_CRYPTO_H */
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 18:33:19 +0000