3.8.6

configs/default/coreConfig.h

@@ -0,0 +1,83 @@
+/**
+ *	@file    coreConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for Matrix core module.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CORECONFIG
+#define _h_PS_CORECONFIG
+
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Enable various levels of trace.
+	When these option is turned off, messages are silently
+	discarded and their text does not take space in the binary image.
+*/
+//#define USE_CORE_TRACE
+#ifndef NO_CORE_ERROR
+ #define USE_CORE_ERROR
+#endif
+#ifndef NO_CORE_ASSERT
+ #define USE_CORE_ASSERT
+#endif
+
+/**
+	If enabled, calls to the psError set of APIs will perform a platform
+	abort on the exeutable to aid in debugging.
+*/
+#ifdef DEBUG
+//#define HALT_ON_PS_ERROR /* NOT RECOMMENDED FOR PRODUCTION BUILDS */
+#endif
+
+/**
+	Include the psCoreOsdepMutex family of APIs
+
+	@note If intending to compile crypto-cl, then this flag should
+	always be set.
+*/
+#ifndef NO_MULTITHREADING
+#define USE_MULTITHREADING
+#endif /* NO_MULTITHREADING */
+
+/**
+	Include the psNetwork family of APIs
+
+	These APIs allow simple high-level socket api.
+ */
+#define USE_PS_NETWORKING
+
+#endif /* _h_PS_CORECONFIG */
+
+/******************************************************************************/
+

configs/default/cryptoConfig.h

@@ -0,0 +1,217 @@
+/**
+ *	@file    cryptoConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration file for crypto features.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CRYPTOCONFIG
+#define _h_PS_CRYPTOCONFIG
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Define to enable psTrace*Crypto APIs for debugging the crypto module.
+*/
+//#define USE_CRYPTO_TRACE
+
+#ifdef DEBUG
+//#define CRYPTO_ASSERT	/**< Extra sanity asserts */
+#endif
+
+/******************************************************************************/
+/*
+	Use built-in cryptographic library delivered with MatrixSSL
+*/
+#define USE_NATIVE_RSA /* Default built-in software support */
+
+/******************************************************************************/
+/**
+	Security related settings.
+
+	@security MIN_*_BITS is the minimum supported key sizes in bits, weaker
+	keys will be rejected.
+*/
+#define MIN_ECC_BITS 192/**< @security Affects ECC curves below */
+
+#define MIN_RSA_BITS	1024
+
+#define MIN_DH_BITS	1024
+
+#define USE_BURN_STACK/**< @security Zero sensitive data from the stack. */
+
+/******************************************************************************/
+/**
+	Public-Key Algorithm Support.
+*/
+#define USE_RSA
+#define USE_ECC
+#define USE_DH
+/**< @note Enable verification of DSA signatures in certificate validation.
+   Works only when using the CL/SL library. */
+//#define USE_DSA_VERIFY
+
+/******************************************************************************/
+/**
+    Build the PKCS and ASN1 extra CL sublibraries.
+	These are needed by the CL_PKCS API.
+*/
+
+/******************************************************************************/
+
+/**
+	Define to enable the individual NIST Prime curves.
+	@see http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+*/
+#ifdef USE_ECC
+  #define USE_SECP192R1/**< @security FIPS allowed for sig ver only. */
+ #define USE_SECP224R1
+ #define USE_SECP256R1/**< @security NIST_SHALL */
+ #define USE_SECP384R1/**< @security NIST_SHALL */
+ #define USE_SECP521R1
+#endif
+
+/**
+	Define to enable the individual Brainpool curves.
+	@see https://tools.ietf.org/html/rfc5639
+	@security WARNING: Public points on Brainpool curves are not validated
+*/
+#ifdef USE_ECC
+//#define USE_BRAIN224R1
+//#define USE_BRAIN256R1
+//#define USE_BRAIN384R1
+//#define USE_BRAIN512R1
+#endif
+
+/******************************************************************************/
+/**
+	Symmetric and AEAD ciphers.
+	@security Deprecated ciphers must be enabled in cryptolib.h
+*/
+//#define USE_AES /* Enable/Disable AES */
+#define USE_AES_CBC
+#define USE_AES_GCM
+
+#ifdef USE_LIBSODIUM
+//#define USE_CHACHA20_POLY1305
+#endif
+
+/** @security 3DES is still relatively secure, however is deprecated for TLS */
+#define USE_3DES
+
+/******************************************************************************/
+/**
+	Digest algorithms.
+
+	@note SHA256 and above are used with TLS 1.2, and also used for
+	certificate signatures on some certificates regardless of TLS version.
+
+	@security MD5 is deprecated, but still required in combination with SHA-1
+	for TLS handshakes before TLS 1.2, meaning that the strength is at least
+	that of SHA-1 in this usage. The only other usage of MD5 by TLS is for
+	certificate signatures and MD5 based cipher suites. Both of which are
+	disabled at compile time by default.
+
+	@security SHA1 will be deprecated in the future, but is still required in
+	combination with MD5 for versions prior to TLS 1.2. In addition, SHA1
+	certificates are still commonly used, so SHA1 support may be needed
+	to validate older certificates. It is possible to completely disable
+	SHA1 using TLS 1.2 and SHA2 based ciphersuites, and interacting
+	only with newer certificates.
+*/
+//#define USE_SHA224	/**< @note Used only for cert signature */
+#define USE_SHA256/**< @note Required for TLS 1.2 and above */
+#define USE_HMAC_SHA256
+#define USE_SHA384/**< @pre USE_SHA512 */
+#define USE_HMAC_SHA384
+#define USE_SHA512
+
+/**
+	@security SHA-1 based hashes are deprecated but enabled by default
+	@note ENABLE_SHA1_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_SHA1
+#define USE_HMAC_SHA1
+
+/**
+	@security MD5 is considered insecure, but required by TLS < 1.2
+	@note ENABLE_MD5_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_MD5
+#define USE_MD5SHA1/* Required for < TLS 1.2 Handshake */
+#define USE_HMAC_MD5/* TODO currently needed for prf */
+
+/**
+    @security MD2 is considered insecure, but is sometimes used for
+	verification of legacy root certificate signatures.
+	@note MD2 signature verification also requires
+	ENABLE_MD5_SIGNED_CERTS and USE_MD5.
+*/
+//#define USE_MD2
+
+/* Please enable, unless using no HMAC algorithms. */
+#define USE_HMAC
+
+/******************************************************************************/
+/**
+	X.509 Certificates/PKI
+*/
+#define USE_BASE64_DECODE
+#define USE_X509
+#define USE_CERT_PARSE/**< Usually required. @pre USE_X509 */
+#define USE_FULL_CERT_PARSE/**< @pre USE_CERT_PARSE */
+ /**< Support extra distinguished name attributes that SHOULD be supported according to RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
+ /**< Support extra distinguished name attributes not mentioned in RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES
+//#define ENABLE_CA_CERT_HASH /**< Used only for TLS trusted CA ind ext. */
+//#define ENABLE_MD5_SIGNED_CERTS /** @security Accept MD5 signed certs? */
+#define ENABLE_SHA1_SIGNED_CERTS/** @security Accept SHA1 signed certs? */
+ /**< @security Allow parsing of locally trusted v1 root certs? */
+//#define ALLOW_VERSION_1_ROOT_CERT_PARSE
+#define USE_CRL/***< @pre USE_FULL_CERT_PARSE */
+#define USE_OCSP/**< @pre USE_SHA1 */
+
+/******************************************************************************/
+/**
+	Various PKCS standards support
+*/
+#define USE_PRIVATE_KEY_PARSING
+//#define USE_PKCS5		/**< v2.0 PBKDF encrypted priv keys. @pre USE_3DES */
+#define USE_PKCS8/* Alternative private key storage format */
+#define USE_PKCS12/**< @pre USE_PKCS8 */
+#define USE_PKCS1_OAEP/* OAEP padding algorithm */
+#define USE_PKCS1_PSS/* PSS padding algorithm */
+
+#endif /* _h_PS_CRYPTOCONFIG */
+
+/******************************************************************************/
+

configs/default/matrixsslConfig.h

@@ -0,0 +1,336 @@
+/**
+ *	@file    matrixsslConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for building the MatrixSSL library.
+ *	This configuration is intended to be used in FIPS Mode of operation.
+ *	The configuration aims to be compatible with NIST SP 800-52 Rev 1 and
+ *	to enable the most commonly used cipher suites.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_MATRIXSSLCONFIG
+#define _h_MATRIXSSLCONFIG
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+	NIST SP 800-52 Rev 1 Conformance.
+	Guidelines for the Selection, Configuration, and Use of Transport Layer
+	Security (TLS) Implementations
+	The key words "shall", "shall not", "should", "should not" and "may"
+	are used as references to the NIST SP 800-52 Rev 1. Algorithms marked as
+	"shall" must not be disabled unless NIST SP 800-52 Rev 1 compatibility
+	is not relevant.
+	@see http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
+*/
+
+/******************************************************************************/
+/**
+	Show which SSL messages are created and parsed
+*/
+//#define USE_SSL_HANDSHAKE_MSG_TRACE
+
+/**
+	Informational trace that could help pinpoint problems with SSL connections
+*/
+//#define USE_SSL_INFORMATIONAL_TRACE
+//#define USE_DTLS_DEBUG_TRACE
+
+/******************************************************************************/
+/**
+	Recommended cipher suites.
+	Define the following to enable various cipher suites
+	At least one of these must be defined.  If multiple are defined,
+	the handshake negotiation will determine which is best for the connection.
+	@note Ephemeral ciphersuites offer perfect forward security (PFS)
+	at the cost of a slower TLS handshake.
+*/
+
+/** Ephemeral ECC DH keys, ECC DSA certificates */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA/**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral ECC DH keys, RSA certificates */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+//#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+//#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+//#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+//#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+
+/** Non-Ephemeral RSA keys/certificates */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD */
+/* TLS 1.2 ciphers */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	These cipher suites are secure, but not widely deployed.
+*/
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+//#define USE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+
+/** Ephemeral Diffie-Hellman ciphersuites, with PSK authentication */
+//#define USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA /**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA /**< @security NIST_SHOULD_NOT */
+
+/** Ephemeral ECC DH keys, RSA certificates */
+//#define USE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHOULD */
+
+/** Pre-Shared Key Ciphers.
+	NIST SP 800-52 Rev 1 recommends against using PSK unless neccessary
+    See NIST SP 800-52 Rev 1 Appendix C */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+/* TLS 1.2 ciphers */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA384/**< @security NIST_SHOULD_NOT */
+
+/** Non-Ephemeral ECC DH keys, ECC DSA certificates */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA/**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384/**< @security NIST_MAY */
+
+/** Non-Ephemeral ECC DH keys, RSA certificates */
+#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+#define USE_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+#define USE_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+
+/** Non-Ephemeral RSA keys/certificates */
+//#define USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHALL */
+
+/** @note Some of (non-mandatory) cipher suites mentioned in NIST SP 800-52
+    Rev 1 are not supported by the MatrixSSL / MatrixDTLS.
+    ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (NIST SP 800-52 Rev 1 "should")
+    is rarely used cipher suite and is not supported.
+    Also (NIST SP 800-52 Rev 1 "may") TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_* and TLS_RSA_WITH_AES_*_CCM cipher suites cannot be
+    enabled as they are not supported. */
+
+/******************************************************************************/
+/**
+	Ephemeral key cache support.
+	If not using cache, new key exchange keys are created for each TLS session.
+	If using cache, keys are generated initially, and re-used in each
+	subsequent TLS connection within a given time frame and usage count.
+	@see ECC_EPHEMERAL_CACHE_SECONDS and ECC_EPHEMERAL_CACHE_USAGE
+
+	@security Do not cache Ephemeral ECC keys as it is against some standards,
+	including NIST SP 800-56A, when in FIPS 140-2 mode of operation.
+*/
+//#define NO_ECC_EPHEMERAL_CACHE /**< @security NIST_SHALL */
+
+/******************************************************************************/
+/**
+	Configure Support for TLS protocol versions.
+	Define one of:
+		USE_TLS_1_2_AND_ABOVE
+		USE_TLS_1_1_AND_ABOVE
+		USE_TLS_1_0_AND_ABOVE
+	@note There is no option for enabling SSL3.0 at this level
+*/
+#define USE_TLS_1_1_AND_ABOVE/**< @security default 1_1_AND_ABOVE */
+//#define USE_TLS_1_2_AND_ABOVE /**< @security better than 1_1_AND_ABOVE if no backwards compatiblity concerns */
+//#define USE_TLS_1_0_AND_ABOVE /**< @security no longer recommended. */
+
+/******************************************************************************/
+/**
+	Datagram TLS support.
+	Enables DTLS in addition to TLS.
+	@pre TLS_1_1
+*/
+#define USE_DTLS
+
+/******************************************************************************/
+/**
+	Compile time support for server or client side SSL
+*/
+#define USE_CLIENT_SIDE_SSL
+#define USE_SERVER_SIDE_SSL
+
+/******************************************************************************/
+/**
+	Client certificate authentication
+*/
+#define USE_CLIENT_AUTH
+
+/**
+	Enable if the server should send an empty CertificateRequest message if
+	no CA files have been loaded
+*/
+//#define SERVER_CAN_SEND_EMPTY_CERT_REQUEST
+
+/**
+	Enabling this define will allow the server to "downgrade" a client auth
+	handshake to a standard handshake if the client replies to a
+	CERTIFICATE_REQUEST with an empty CERTIFICATE message.  The user callback
+	will be called with a NULL cert in this case and the user can determine if
+	the handshake should continue in a non-client auth state.
+*/
+//#define SERVER_WILL_ACCEPT_EMPTY_CLIENT_CERT_MSG
+
+/******************************************************************************/
+/**
+ 	Enable the Application Layer Protocol Negotiation extension.
+	Servers and	Clients will still have to use the required public API to
+	set protocols and register application callbacks to negotiate the
+	protocol that will be tunneled over TLS.
+	@see ALPN section in the developer's guide for information.
+ */
+//#define USE_ALPN
+
+/******************************************************************************/
+/**
+	Enable the Trusted CA Indication CLIENT_HELLO extension.  Will send the
+	sha1 hash of each CA file to the server for help in server selection.
+	This extra level of define is to help isolate the SHA1 requirement
+*/
+//#define USE_TRUSTED_CA_INDICATION /**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	A client side configuration that requires a server to provide an OCSP
+	response if the client uses the certitificate status request extension.
+	The "must staple" terminology is typically associated with certificates
+	at the X.509 layer but it is a good description of what is being required
+	of the server at the TLS level.
+	@pre USE_OCSP must be enbled at the crypto level and the client application
+	must use the OCSPstapling session option at run time for this setting to
+	have any effect
+*/
+#ifdef USE_OCSP
+#define USE_OCSP_MUST_STAPLE	/**< @security NIST_SHALL */
+#endif
+
+/******************************************************************************/
+/**
+	Rehandshaking support.
+
+	Enabling USE_REHANDSHAKING will allow secure-rehandshakes using the
+	protocol defined in RFC 5748 which fixed a critical exploit in
+	the standard TLS specification.
+
+	@security Looking towards TLS 1.3, which removes re-handshaking, this
+	feature is disabled by default.
+*/
+//#define USE_REHANDSHAKING
+
+/******************************************************************************/
+/**
+	If SERVER you may define the number of sessions to cache and how
+	long a session will remain valid in the cache from first access.
+	Session caching enables very fast "session resumption handshakes".
+
+	SSL_SESSION_TABLE_SIZE minimum value is 1
+	SSL_SESSION_ENTRY_LIFE is in milliseconds, minimum 0
+
+	@note Session caching can be disabled by setting SSL_SESSION_ENTRY_LIFE to 0
+	however, this will also immediately expire SESSION_TICKETS below.
+*/
+#ifdef USE_SERVER_SIDE_SSL
+#define SSL_SESSION_TABLE_SIZE 32
+#define SSL_SESSION_ENTRY_LIFE (86400*1000)/* one day, in milliseconds */
+#endif
+
+/******************************************************************************/
+/**
+	Use RFC 5077 session resumption mechanism. The SSL_SESSION_ENTRY_LIFE
+	define applies to this method as well as the standard method. The
+	SSL_SESSION_TICKET_LIST_LEN is the max size of the server key list.
+*/
+#define USE_STATELESS_SESSION_TICKETS
+#define SSL_SESSION_TICKET_LIST_LEN 32
+
+/******************************************************************************/
+/**
+	The initial buffer sizes for send and receive buffers in each ssl_t session.
+	Buffers are internally grown if more incoming or outgoing data storage is
+	needed, up to a maximum of SSL_MAX_BUF_SIZE. Once the memory used by the
+	buffer again drops below SSL_DEFAULT_X_BUF_SIZE, the buffer will be reduced
+	to this size. Most standard SSL handshakes require on the order of 1024 B.
+
+	SSL_DEFAULT_x_BUF_SIZE	value in bytes, maximum SSL_MAX_BUF_SIZE
+ */
+#ifndef USE_DTLS
+#can_define	SSL_DEFAULT_IN_BUF_SIZE		1500		/* Base recv buf size, bytes */
+#can_define	SSL_DEFAULT_OUT_BUF_SIZE	1500		/* Base send buf size, bytes */
+#else
+/******************************************************************************/
+/**
+	The Path Maximum Transmission Unit is the largest datagram that can be
+	sent or recieved.  It is beyond the scope of DTLS to negotiate this value
+	so make sure both sides have agreed on this value.  This is an enforced
+	limitation in MatrixDTLS so connections will not succeed if a peer has a
+	PTMU set larger than this value.
+*/
+#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
+#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+
+//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _h_MATRIXCONFIG */
+/******************************************************************************/
+

configs/noecc/coreConfig.h

@@ -0,0 +1,83 @@
+/**
+ *	@file    coreConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for Matrix core module.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CORECONFIG
+#define _h_PS_CORECONFIG
+
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Enable various levels of trace.
+	When these option is turned off, messages are silently
+	discarded and their text does not take space in the binary image.
+*/
+//#define USE_CORE_TRACE
+#ifndef NO_CORE_ERROR
+ #define USE_CORE_ERROR
+#endif
+#ifndef NO_CORE_ASSERT
+ #define USE_CORE_ASSERT
+#endif
+
+/**
+	If enabled, calls to the psError set of APIs will perform a platform
+	abort on the exeutable to aid in debugging.
+*/
+#ifdef DEBUG
+//#define HALT_ON_PS_ERROR /* NOT RECOMMENDED FOR PRODUCTION BUILDS */
+#endif
+
+/**
+	Include the psCoreOsdepMutex family of APIs
+
+	@note If intending to compile crypto-cl, then this flag should
+	always be set.
+*/
+#ifndef NO_MULTITHREADING
+#define USE_MULTITHREADING
+#endif /* NO_MULTITHREADING */
+
+/**
+	Include the psNetwork family of APIs
+
+	These APIs allow simple high-level socket api.
+ */
+#define USE_PS_NETWORKING
+
+#endif /* _h_PS_CORECONFIG */
+
+/******************************************************************************/
+

configs/noecc/cryptoConfig.h

@@ -0,0 +1,217 @@
+/**
+ *	@file    cryptoConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration file for crypto features.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CRYPTOCONFIG
+#define _h_PS_CRYPTOCONFIG
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Define to enable psTrace*Crypto APIs for debugging the crypto module.
+*/
+//#define USE_CRYPTO_TRACE
+
+#ifdef DEBUG
+//#define CRYPTO_ASSERT	/**< Extra sanity asserts */
+#endif
+
+/******************************************************************************/
+/*
+	Use built-in cryptographic library delivered with MatrixSSL
+*/
+#define USE_NATIVE_RSA /* Default built-in software support */
+
+/******************************************************************************/
+/**
+	Security related settings.
+
+	@security MIN_*_BITS is the minimum supported key sizes in bits, weaker
+	keys will be rejected.
+*/
+#define MIN_ECC_BITS 192/**< @security Affects ECC curves below */
+
+#define MIN_RSA_BITS	1024
+
+#define MIN_DH_BITS	1024
+
+#define USE_BURN_STACK/**< @security Zero sensitive data from the stack. */
+
+/******************************************************************************/
+/**
+	Public-Key Algorithm Support.
+*/
+#define USE_RSA
+//#define USE_ECC
+#define USE_DH
+/**< @note Enable verification of DSA signatures in certificate validation.
+   Works only when using the CL/SL library. */
+//#define USE_DSA_VERIFY
+
+/******************************************************************************/
+/**
+    Build the PKCS and ASN1 extra CL sublibraries.
+	These are needed by the CL_PKCS API.
+*/
+
+/******************************************************************************/
+
+/**
+	Define to enable the individual NIST Prime curves.
+	@see http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+*/
+#ifdef USE_ECC
+  #define USE_SECP192R1/**< @security FIPS allowed for sig ver only. */
+ #define USE_SECP224R1
+ #define USE_SECP256R1/**< @security NIST_SHALL */
+ #define USE_SECP384R1/**< @security NIST_SHALL */
+ #define USE_SECP521R1
+#endif
+
+/**
+	Define to enable the individual Brainpool curves.
+	@see https://tools.ietf.org/html/rfc5639
+	@security WARNING: Public points on Brainpool curves are not validated
+*/
+#ifdef USE_ECC
+//#define USE_BRAIN224R1
+//#define USE_BRAIN256R1
+//#define USE_BRAIN384R1
+//#define USE_BRAIN512R1
+#endif
+
+/******************************************************************************/
+/**
+	Symmetric and AEAD ciphers.
+	@security Deprecated ciphers must be enabled in cryptolib.h
+*/
+//#define USE_AES /* Enable/Disable AES */
+#define USE_AES_CBC
+#define USE_AES_GCM
+
+#ifdef USE_LIBSODIUM
+//#define USE_CHACHA20_POLY1305
+#endif
+
+/** @security 3DES is still relatively secure, however is deprecated for TLS */
+#define USE_3DES
+
+/******************************************************************************/
+/**
+	Digest algorithms.
+
+	@note SHA256 and above are used with TLS 1.2, and also used for
+	certificate signatures on some certificates regardless of TLS version.
+
+	@security MD5 is deprecated, but still required in combination with SHA-1
+	for TLS handshakes before TLS 1.2, meaning that the strength is at least
+	that of SHA-1 in this usage. The only other usage of MD5 by TLS is for
+	certificate signatures and MD5 based cipher suites. Both of which are
+	disabled at compile time by default.
+
+	@security SHA1 will be deprecated in the future, but is still required in
+	combination with MD5 for versions prior to TLS 1.2. In addition, SHA1
+	certificates are still commonly used, so SHA1 support may be needed
+	to validate older certificates. It is possible to completely disable
+	SHA1 using TLS 1.2 and SHA2 based ciphersuites, and interacting
+	only with newer certificates.
+*/
+//#define USE_SHA224	/**< @note Used only for cert signature */
+#define USE_SHA256/**< @note Required for TLS 1.2 and above */
+#define USE_HMAC_SHA256
+#define USE_SHA384/**< @pre USE_SHA512 */
+#define USE_HMAC_SHA384
+#define USE_SHA512
+
+/**
+	@security SHA-1 based hashes are deprecated but enabled by default
+	@note ENABLE_SHA1_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_SHA1
+#define USE_HMAC_SHA1
+
+/**
+	@security MD5 is considered insecure, but required by TLS < 1.2
+	@note ENABLE_MD5_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_MD5
+#define USE_MD5SHA1/* Required for < TLS 1.2 Handshake */
+#define USE_HMAC_MD5/* TODO currently needed for prf */
+
+/**
+    @security MD2 is considered insecure, but is sometimes used for
+	verification of legacy root certificate signatures.
+	@note MD2 signature verification also requires
+	ENABLE_MD5_SIGNED_CERTS and USE_MD5.
+*/
+//#define USE_MD2
+
+/* Please enable, unless using no HMAC algorithms. */
+#define USE_HMAC
+
+/******************************************************************************/
+/**
+	X.509 Certificates/PKI
+*/
+#define USE_BASE64_DECODE
+#define USE_X509
+#define USE_CERT_PARSE/**< Usually required. @pre USE_X509 */
+#define USE_FULL_CERT_PARSE/**< @pre USE_CERT_PARSE */
+ /**< Support extra distinguished name attributes that SHOULD be supported according to RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
+ /**< Support extra distinguished name attributes not mentioned in RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES
+//#define ENABLE_CA_CERT_HASH /**< Used only for TLS trusted CA ind ext. */
+//#define ENABLE_MD5_SIGNED_CERTS /** @security Accept MD5 signed certs? */
+#define ENABLE_SHA1_SIGNED_CERTS/** @security Accept SHA1 signed certs? */
+ /**< @security Allow parsing of locally trusted v1 root certs? */
+//#define ALLOW_VERSION_1_ROOT_CERT_PARSE
+#define USE_CRL/***< @pre USE_FULL_CERT_PARSE */
+#define USE_OCSP/**< @pre USE_SHA1 */
+
+/******************************************************************************/
+/**
+	Various PKCS standards support
+*/
+#define USE_PRIVATE_KEY_PARSING
+//#define USE_PKCS5		/**< v2.0 PBKDF encrypted priv keys. @pre USE_3DES */
+#define USE_PKCS8/* Alternative private key storage format */
+#define USE_PKCS12/**< @pre USE_PKCS8 */
+#define USE_PKCS1_OAEP/* OAEP padding algorithm */
+#define USE_PKCS1_PSS/* PSS padding algorithm */
+
+#endif /* _h_PS_CRYPTOCONFIG */
+
+/******************************************************************************/
+

configs/noecc/matrixsslConfig.h

@@ -0,0 +1,336 @@
+/**
+ *	@file    matrixsslConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for building the MatrixSSL library.
+ *	This configuration is intended to be used in FIPS Mode of operation.
+ *	The configuration aims to be compatible with NIST SP 800-52 Rev 1 and
+ *	to enable the most commonly used cipher suites.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_MATRIXSSLCONFIG
+#define _h_MATRIXSSLCONFIG
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+	NIST SP 800-52 Rev 1 Conformance.
+	Guidelines for the Selection, Configuration, and Use of Transport Layer
+	Security (TLS) Implementations
+	The key words "shall", "shall not", "should", "should not" and "may"
+	are used as references to the NIST SP 800-52 Rev 1. Algorithms marked as
+	"shall" must not be disabled unless NIST SP 800-52 Rev 1 compatibility
+	is not relevant.
+	@see http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
+*/
+
+/******************************************************************************/
+/**
+	Show which SSL messages are created and parsed
+*/
+//#define USE_SSL_HANDSHAKE_MSG_TRACE
+
+/**
+	Informational trace that could help pinpoint problems with SSL connections
+*/
+//#define USE_SSL_INFORMATIONAL_TRACE
+//#define USE_DTLS_DEBUG_TRACE
+
+/******************************************************************************/
+/**
+	Recommended cipher suites.
+	Define the following to enable various cipher suites
+	At least one of these must be defined.  If multiple are defined,
+	the handshake negotiation will determine which is best for the connection.
+	@note Ephemeral ciphersuites offer perfect forward security (PFS)
+	at the cost of a slower TLS handshake.
+*/
+
+/** Ephemeral ECC DH keys, ECC DSA certificates */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA /**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 /**< @security NIST_MAY */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral ECC DH keys, RSA certificates */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 /**< @security NIST_MAY */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+
+/** Non-Ephemeral RSA keys/certificates */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD */
+/* TLS 1.2 ciphers */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	These cipher suites are secure, but not widely deployed.
+*/
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+//#define USE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+
+/** Ephemeral Diffie-Hellman ciphersuites, with PSK authentication */
+#define USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+
+/** Ephemeral ECC DH keys, RSA certificates */
+//#define USE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHOULD */
+
+/** Pre-Shared Key Ciphers.
+	NIST SP 800-52 Rev 1 recommends against using PSK unless neccessary
+    See NIST SP 800-52 Rev 1 Appendix C */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+/* TLS 1.2 ciphers */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA384/**< @security NIST_SHOULD_NOT */
+
+/** Non-Ephemeral ECC DH keys, ECC DSA certificates */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA /**< @security NIST_MAY */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA /**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 /**< @security NIST_MAY */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 /**< @security NIST_MAY */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 /**< @security NIST_MAY */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 /**< @security NIST_MAY */
+
+/** Non-Ephemeral ECC DH keys, RSA certificates */
+//#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+//#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+//#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+//#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+//#define USE_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+//#define USE_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+
+/** Non-Ephemeral RSA keys/certificates */
+//#define USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHALL */
+
+/** @note Some of (non-mandatory) cipher suites mentioned in NIST SP 800-52
+    Rev 1 are not supported by the MatrixSSL / MatrixDTLS.
+    ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (NIST SP 800-52 Rev 1 "should")
+    is rarely used cipher suite and is not supported.
+    Also (NIST SP 800-52 Rev 1 "may") TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_* and TLS_RSA_WITH_AES_*_CCM cipher suites cannot be
+    enabled as they are not supported. */
+
+/******************************************************************************/
+/**
+	Ephemeral key cache support.
+	If not using cache, new key exchange keys are created for each TLS session.
+	If using cache, keys are generated initially, and re-used in each
+	subsequent TLS connection within a given time frame and usage count.
+	@see ECC_EPHEMERAL_CACHE_SECONDS and ECC_EPHEMERAL_CACHE_USAGE
+
+	@security Do not cache Ephemeral ECC keys as it is against some standards,
+	including NIST SP 800-56A, when in FIPS 140-2 mode of operation.
+*/
+//#define NO_ECC_EPHEMERAL_CACHE /**< @security NIST_SHALL */
+
+/******************************************************************************/
+/**
+	Configure Support for TLS protocol versions.
+	Define one of:
+		USE_TLS_1_2_AND_ABOVE
+		USE_TLS_1_1_AND_ABOVE
+		USE_TLS_1_0_AND_ABOVE
+	@note There is no option for enabling SSL3.0 at this level
+*/
+#define USE_TLS_1_1_AND_ABOVE/**< @security default 1_1_AND_ABOVE */
+//#define USE_TLS_1_2_AND_ABOVE /**< @security better than 1_1_AND_ABOVE if no backwards compatiblity concerns */
+//#define USE_TLS_1_0_AND_ABOVE /**< @security no longer recommended. */
+
+/******************************************************************************/
+/**
+	Datagram TLS support.
+	Enables DTLS in addition to TLS.
+	@pre TLS_1_1
+*/
+#define USE_DTLS
+
+/******************************************************************************/
+/**
+	Compile time support for server or client side SSL
+*/
+#define USE_CLIENT_SIDE_SSL
+#define USE_SERVER_SIDE_SSL
+
+/******************************************************************************/
+/**
+	Client certificate authentication
+*/
+#define USE_CLIENT_AUTH
+
+/**
+	Enable if the server should send an empty CertificateRequest message if
+	no CA files have been loaded
+*/
+//#define SERVER_CAN_SEND_EMPTY_CERT_REQUEST
+
+/**
+	Enabling this define will allow the server to "downgrade" a client auth
+	handshake to a standard handshake if the client replies to a
+	CERTIFICATE_REQUEST with an empty CERTIFICATE message.  The user callback
+	will be called with a NULL cert in this case and the user can determine if
+	the handshake should continue in a non-client auth state.
+*/
+//#define SERVER_WILL_ACCEPT_EMPTY_CLIENT_CERT_MSG
+
+/******************************************************************************/
+/**
+ 	Enable the Application Layer Protocol Negotiation extension.
+	Servers and	Clients will still have to use the required public API to
+	set protocols and register application callbacks to negotiate the
+	protocol that will be tunneled over TLS.
+	@see ALPN section in the developer's guide for information.
+ */
+//#define USE_ALPN
+
+/******************************************************************************/
+/**
+	Enable the Trusted CA Indication CLIENT_HELLO extension.  Will send the
+	sha1 hash of each CA file to the server for help in server selection.
+	This extra level of define is to help isolate the SHA1 requirement
+*/
+//#define USE_TRUSTED_CA_INDICATION /**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	A client side configuration that requires a server to provide an OCSP
+	response if the client uses the certitificate status request extension.
+	The "must staple" terminology is typically associated with certificates
+	at the X.509 layer but it is a good description of what is being required
+	of the server at the TLS level.
+	@pre USE_OCSP must be enbled at the crypto level and the client application
+	must use the OCSPstapling session option at run time for this setting to
+	have any effect
+*/
+#ifdef USE_OCSP
+#define USE_OCSP_MUST_STAPLE	/**< @security NIST_SHALL */
+#endif
+
+/******************************************************************************/
+/**
+	Rehandshaking support.
+
+	Enabling USE_REHANDSHAKING will allow secure-rehandshakes using the
+	protocol defined in RFC 5748 which fixed a critical exploit in
+	the standard TLS specification.
+
+	@security Looking towards TLS 1.3, which removes re-handshaking, this
+	feature is disabled by default.
+*/
+//#define USE_REHANDSHAKING
+
+/******************************************************************************/
+/**
+	If SERVER you may define the number of sessions to cache and how
+	long a session will remain valid in the cache from first access.
+	Session caching enables very fast "session resumption handshakes".
+
+	SSL_SESSION_TABLE_SIZE minimum value is 1
+	SSL_SESSION_ENTRY_LIFE is in milliseconds, minimum 0
+
+	@note Session caching can be disabled by setting SSL_SESSION_ENTRY_LIFE to 0
+	however, this will also immediately expire SESSION_TICKETS below.
+*/
+#ifdef USE_SERVER_SIDE_SSL
+#define SSL_SESSION_TABLE_SIZE 32
+#define SSL_SESSION_ENTRY_LIFE (86400*1000)/* one day, in milliseconds */
+#endif
+
+/******************************************************************************/
+/**
+	Use RFC 5077 session resumption mechanism. The SSL_SESSION_ENTRY_LIFE
+	define applies to this method as well as the standard method. The
+	SSL_SESSION_TICKET_LIST_LEN is the max size of the server key list.
+*/
+#define USE_STATELESS_SESSION_TICKETS
+#define SSL_SESSION_TICKET_LIST_LEN 32
+
+/******************************************************************************/
+/**
+	The initial buffer sizes for send and receive buffers in each ssl_t session.
+	Buffers are internally grown if more incoming or outgoing data storage is
+	needed, up to a maximum of SSL_MAX_BUF_SIZE. Once the memory used by the
+	buffer again drops below SSL_DEFAULT_X_BUF_SIZE, the buffer will be reduced
+	to this size. Most standard SSL handshakes require on the order of 1024 B.
+
+	SSL_DEFAULT_x_BUF_SIZE	value in bytes, maximum SSL_MAX_BUF_SIZE
+ */
+#ifndef USE_DTLS
+#can_define	SSL_DEFAULT_IN_BUF_SIZE		1500		/* Base recv buf size, bytes */
+#can_define	SSL_DEFAULT_OUT_BUF_SIZE	1500		/* Base send buf size, bytes */
+#else
+/******************************************************************************/
+/**
+	The Path Maximum Transmission Unit is the largest datagram that can be
+	sent or recieved.  It is beyond the scope of DTLS to negotiate this value
+	so make sure both sides have agreed on this value.  This is an enforced
+	limitation in MatrixDTLS so connections will not succeed if a peer has a
+	PTMU set larger than this value.
+*/
+#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
+#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+
+//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _h_MATRIXCONFIG */
+/******************************************************************************/
+

configs/nonfips/coreConfig.h

@@ -0,0 +1,83 @@
+/**
+ *	@file    coreConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for Matrix core module.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CORECONFIG
+#define _h_PS_CORECONFIG
+
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Enable various levels of trace.
+	When these option is turned off, messages are silently
+	discarded and their text does not take space in the binary image.
+*/
+//#define USE_CORE_TRACE
+#ifndef NO_CORE_ERROR
+ #define USE_CORE_ERROR
+#endif
+#ifndef NO_CORE_ASSERT
+ #define USE_CORE_ASSERT
+#endif
+
+/**
+	If enabled, calls to the psError set of APIs will perform a platform
+	abort on the exeutable to aid in debugging.
+*/
+#ifdef DEBUG
+//#define HALT_ON_PS_ERROR /* NOT RECOMMENDED FOR PRODUCTION BUILDS */
+#endif
+
+/**
+	Include the psCoreOsdepMutex family of APIs
+
+	@note If intending to compile crypto-cl, then this flag should
+	always be set.
+*/
+#ifndef NO_MULTITHREADING
+#define USE_MULTITHREADING
+#endif /* NO_MULTITHREADING */
+
+/**
+	Include the psNetwork family of APIs
+
+	These APIs allow simple high-level socket api.
+ */
+#define USE_PS_NETWORKING
+
+#endif /* _h_PS_CORECONFIG */
+
+/******************************************************************************/
+

configs/nonfips/cryptoConfig.h

@@ -0,0 +1,217 @@
+/**
+ *	@file    cryptoConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration file for crypto features.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CRYPTOCONFIG
+#define _h_PS_CRYPTOCONFIG
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Define to enable psTrace*Crypto APIs for debugging the crypto module.
+*/
+//#define USE_CRYPTO_TRACE
+
+#ifdef DEBUG
+//#define CRYPTO_ASSERT	/**< Extra sanity asserts */
+#endif
+
+/******************************************************************************/
+/*
+	Use built-in cryptographic library delivered with MatrixSSL
+*/
+#define USE_NATIVE_RSA /* Default built-in software support */
+
+/******************************************************************************/
+/**
+	Security related settings.
+
+	@security MIN_*_BITS is the minimum supported key sizes in bits, weaker
+	keys will be rejected.
+*/
+#define MIN_ECC_BITS 192/**< @security Affects ECC curves below */
+
+#define MIN_RSA_BITS	1024
+
+#define MIN_DH_BITS	1024
+
+#define USE_BURN_STACK/**< @security Zero sensitive data from the stack. */
+
+/******************************************************************************/
+/**
+	Public-Key Algorithm Support.
+*/
+#define USE_RSA
+#define USE_ECC
+#define USE_DH
+/**< @note Enable verification of DSA signatures in certificate validation.
+   Works only when using the CL/SL library. */
+//#define USE_DSA_VERIFY
+
+/******************************************************************************/
+/**
+    Build the PKCS and ASN1 extra CL sublibraries.
+	These are needed by the CL_PKCS API.
+*/
+
+/******************************************************************************/
+
+/**
+	Define to enable the individual NIST Prime curves.
+	@see http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+*/
+#ifdef USE_ECC
+  #define USE_SECP192R1/**< @security FIPS allowed for sig ver only. */
+ #define USE_SECP224R1
+ #define USE_SECP256R1/**< @security NIST_SHALL */
+ #define USE_SECP384R1/**< @security NIST_SHALL */
+ #define USE_SECP521R1
+#endif
+
+/**
+	Define to enable the individual Brainpool curves.
+	@see https://tools.ietf.org/html/rfc5639
+	@security WARNING: Public points on Brainpool curves are not validated
+*/
+#ifdef USE_ECC
+//#define USE_BRAIN224R1
+//#define USE_BRAIN256R1
+//#define USE_BRAIN384R1
+//#define USE_BRAIN512R1
+#endif
+
+/******************************************************************************/
+/**
+	Symmetric and AEAD ciphers.
+	@security Deprecated ciphers must be enabled in cryptolib.h
+*/
+//#define USE_AES /* Enable/Disable AES */
+#define USE_AES_CBC
+#define USE_AES_GCM
+
+#ifdef USE_LIBSODIUM
+//#define USE_CHACHA20_POLY1305
+#endif
+
+/** @security 3DES is still relatively secure, however is deprecated for TLS */
+#define USE_3DES
+
+/******************************************************************************/
+/**
+	Digest algorithms.
+
+	@note SHA256 and above are used with TLS 1.2, and also used for
+	certificate signatures on some certificates regardless of TLS version.
+
+	@security MD5 is deprecated, but still required in combination with SHA-1
+	for TLS handshakes before TLS 1.2, meaning that the strength is at least
+	that of SHA-1 in this usage. The only other usage of MD5 by TLS is for
+	certificate signatures and MD5 based cipher suites. Both of which are
+	disabled at compile time by default.
+
+	@security SHA1 will be deprecated in the future, but is still required in
+	combination with MD5 for versions prior to TLS 1.2. In addition, SHA1
+	certificates are still commonly used, so SHA1 support may be needed
+	to validate older certificates. It is possible to completely disable
+	SHA1 using TLS 1.2 and SHA2 based ciphersuites, and interacting
+	only with newer certificates.
+*/
+//#define USE_SHA224	/**< @note Used only for cert signature */
+#define USE_SHA256/**< @note Required for TLS 1.2 and above */
+#define USE_HMAC_SHA256
+#define USE_SHA384/**< @pre USE_SHA512 */
+#define USE_HMAC_SHA384
+#define USE_SHA512
+
+/**
+	@security SHA-1 based hashes are deprecated but enabled by default
+	@note ENABLE_SHA1_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_SHA1
+#define USE_HMAC_SHA1
+
+/**
+	@security MD5 is considered insecure, but required by TLS < 1.2
+	@note ENABLE_MD5_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_MD5
+#define USE_MD5SHA1/* Required for < TLS 1.2 Handshake */
+#define USE_HMAC_MD5/* TODO currently needed for prf */
+
+/**
+    @security MD2 is considered insecure, but is sometimes used for
+	verification of legacy root certificate signatures.
+	@note MD2 signature verification also requires
+	ENABLE_MD5_SIGNED_CERTS and USE_MD5.
+*/
+//#define USE_MD2
+
+/* Please enable, unless using no HMAC algorithms. */
+#define USE_HMAC
+
+/******************************************************************************/
+/**
+	X.509 Certificates/PKI
+*/
+#define USE_BASE64_DECODE
+#define USE_X509
+#define USE_CERT_PARSE/**< Usually required. @pre USE_X509 */
+#define USE_FULL_CERT_PARSE/**< @pre USE_CERT_PARSE */
+ /**< Support extra distinguished name attributes that SHOULD be supported according to RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
+ /**< Support extra distinguished name attributes not mentioned in RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES
+//#define ENABLE_CA_CERT_HASH /**< Used only for TLS trusted CA ind ext. */
+//#define ENABLE_MD5_SIGNED_CERTS /** @security Accept MD5 signed certs? */
+#define ENABLE_SHA1_SIGNED_CERTS/** @security Accept SHA1 signed certs? */
+ /**< @security Allow parsing of locally trusted v1 root certs? */
+//#define ALLOW_VERSION_1_ROOT_CERT_PARSE
+#define USE_CRL/***< @pre USE_FULL_CERT_PARSE */
+#define USE_OCSP/**< @pre USE_SHA1 */
+
+/******************************************************************************/
+/**
+	Various PKCS standards support
+*/
+#define USE_PRIVATE_KEY_PARSING
+//#define USE_PKCS5		/**< v2.0 PBKDF encrypted priv keys. @pre USE_3DES */
+#define USE_PKCS8/* Alternative private key storage format */
+#define USE_PKCS12/**< @pre USE_PKCS8 */
+#define USE_PKCS1_OAEP/* OAEP padding algorithm */
+#define USE_PKCS1_PSS/* PSS padding algorithm */
+
+#endif /* _h_PS_CRYPTOCONFIG */
+
+/******************************************************************************/
+

configs/nonfips/matrixsslConfig.h

@@ -0,0 +1,336 @@
+/**
+ *	@file    matrixsslConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for building the MatrixSSL library.
+ *	This configuration is intended to be used in FIPS Mode of operation.
+ *	The configuration aims to be compatible with NIST SP 800-52 Rev 1 and
+ *	to enable the most commonly used cipher suites.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_MATRIXSSLCONFIG
+#define _h_MATRIXSSLCONFIG
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+	NIST SP 800-52 Rev 1 Conformance.
+	Guidelines for the Selection, Configuration, and Use of Transport Layer
+	Security (TLS) Implementations
+	The key words "shall", "shall not", "should", "should not" and "may"
+	are used as references to the NIST SP 800-52 Rev 1. Algorithms marked as
+	"shall" must not be disabled unless NIST SP 800-52 Rev 1 compatibility
+	is not relevant.
+	@see http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
+*/
+
+/******************************************************************************/
+/**
+	Show which SSL messages are created and parsed
+*/
+//#define USE_SSL_HANDSHAKE_MSG_TRACE
+
+/**
+	Informational trace that could help pinpoint problems with SSL connections
+*/
+//#define USE_SSL_INFORMATIONAL_TRACE
+//#define USE_DTLS_DEBUG_TRACE
+
+/******************************************************************************/
+/**
+	Recommended cipher suites.
+	Define the following to enable various cipher suites
+	At least one of these must be defined.  If multiple are defined,
+	the handshake negotiation will determine which is best for the connection.
+	@note Ephemeral ciphersuites offer perfect forward security (PFS)
+	at the cost of a slower TLS handshake.
+*/
+
+/** Ephemeral ECC DH keys, ECC DSA certificates */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA/**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral ECC DH keys, RSA certificates */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+
+/** Non-Ephemeral RSA keys/certificates */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD */
+/* TLS 1.2 ciphers */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	These cipher suites are secure, but not widely deployed.
+*/
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+#define USE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+
+/** Ephemeral Diffie-Hellman ciphersuites, with PSK authentication */
+#define USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+
+/** Ephemeral ECC DH keys, RSA certificates */
+#define USE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA/**< @security NIST_SHOULD */
+
+/** Pre-Shared Key Ciphers.
+	NIST SP 800-52 Rev 1 recommends against using PSK unless neccessary
+    See NIST SP 800-52 Rev 1 Appendix C */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+/* TLS 1.2 ciphers */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA384/**< @security NIST_SHOULD_NOT */
+
+/** Non-Ephemeral ECC DH keys, ECC DSA certificates */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA/**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384/**< @security NIST_MAY */
+
+/** Non-Ephemeral ECC DH keys, RSA certificates */
+#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+#define USE_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+#define USE_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+
+/** Non-Ephemeral RSA keys/certificates */
+#define USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA/**< @security NIST_SHALL */
+
+/** @note Some of (non-mandatory) cipher suites mentioned in NIST SP 800-52
+    Rev 1 are not supported by the MatrixSSL / MatrixDTLS.
+    ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (NIST SP 800-52 Rev 1 "should")
+    is rarely used cipher suite and is not supported.
+    Also (NIST SP 800-52 Rev 1 "may") TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_* and TLS_RSA_WITH_AES_*_CCM cipher suites cannot be
+    enabled as they are not supported. */
+
+/******************************************************************************/
+/**
+	Ephemeral key cache support.
+	If not using cache, new key exchange keys are created for each TLS session.
+	If using cache, keys are generated initially, and re-used in each
+	subsequent TLS connection within a given time frame and usage count.
+	@see ECC_EPHEMERAL_CACHE_SECONDS and ECC_EPHEMERAL_CACHE_USAGE
+
+	@security Do not cache Ephemeral ECC keys as it is against some standards,
+	including NIST SP 800-56A, when in FIPS 140-2 mode of operation.
+*/
+//#define NO_ECC_EPHEMERAL_CACHE /**< @security NIST_SHALL */
+
+/******************************************************************************/
+/**
+	Configure Support for TLS protocol versions.
+	Define one of:
+		USE_TLS_1_2_AND_ABOVE
+		USE_TLS_1_1_AND_ABOVE
+		USE_TLS_1_0_AND_ABOVE
+	@note There is no option for enabling SSL3.0 at this level
+*/
+#define USE_TLS_1_1_AND_ABOVE/**< @security default 1_1_AND_ABOVE */
+//#define USE_TLS_1_2_AND_ABOVE /**< @security better than 1_1_AND_ABOVE if no backwards compatiblity concerns */
+//#define USE_TLS_1_0_AND_ABOVE /**< @security no longer recommended. */
+
+/******************************************************************************/
+/**
+	Datagram TLS support.
+	Enables DTLS in addition to TLS.
+	@pre TLS_1_1
+*/
+#define USE_DTLS
+
+/******************************************************************************/
+/**
+	Compile time support for server or client side SSL
+*/
+#define USE_CLIENT_SIDE_SSL
+#define USE_SERVER_SIDE_SSL
+
+/******************************************************************************/
+/**
+	Client certificate authentication
+*/
+#define USE_CLIENT_AUTH
+
+/**
+	Enable if the server should send an empty CertificateRequest message if
+	no CA files have been loaded
+*/
+//#define SERVER_CAN_SEND_EMPTY_CERT_REQUEST
+
+/**
+	Enabling this define will allow the server to "downgrade" a client auth
+	handshake to a standard handshake if the client replies to a
+	CERTIFICATE_REQUEST with an empty CERTIFICATE message.  The user callback
+	will be called with a NULL cert in this case and the user can determine if
+	the handshake should continue in a non-client auth state.
+*/
+//#define SERVER_WILL_ACCEPT_EMPTY_CLIENT_CERT_MSG
+
+/******************************************************************************/
+/**
+ 	Enable the Application Layer Protocol Negotiation extension.
+	Servers and	Clients will still have to use the required public API to
+	set protocols and register application callbacks to negotiate the
+	protocol that will be tunneled over TLS.
+	@see ALPN section in the developer's guide for information.
+ */
+//#define USE_ALPN
+
+/******************************************************************************/
+/**
+	Enable the Trusted CA Indication CLIENT_HELLO extension.  Will send the
+	sha1 hash of each CA file to the server for help in server selection.
+	This extra level of define is to help isolate the SHA1 requirement
+*/
+//#define USE_TRUSTED_CA_INDICATION /**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	A client side configuration that requires a server to provide an OCSP
+	response if the client uses the certitificate status request extension.
+	The "must staple" terminology is typically associated with certificates
+	at the X.509 layer but it is a good description of what is being required
+	of the server at the TLS level.
+	@pre USE_OCSP must be enbled at the crypto level and the client application
+	must use the OCSPstapling session option at run time for this setting to
+	have any effect
+*/
+#ifdef USE_OCSP
+#define USE_OCSP_MUST_STAPLE	/**< @security NIST_SHALL */
+#endif
+
+/******************************************************************************/
+/**
+	Rehandshaking support.
+
+	Enabling USE_REHANDSHAKING will allow secure-rehandshakes using the
+	protocol defined in RFC 5748 which fixed a critical exploit in
+	the standard TLS specification.
+
+	@security Looking towards TLS 1.3, which removes re-handshaking, this
+	feature is disabled by default.
+*/
+//#define USE_REHANDSHAKING
+
+/******************************************************************************/
+/**
+	If SERVER you may define the number of sessions to cache and how
+	long a session will remain valid in the cache from first access.
+	Session caching enables very fast "session resumption handshakes".
+
+	SSL_SESSION_TABLE_SIZE minimum value is 1
+	SSL_SESSION_ENTRY_LIFE is in milliseconds, minimum 0
+
+	@note Session caching can be disabled by setting SSL_SESSION_ENTRY_LIFE to 0
+	however, this will also immediately expire SESSION_TICKETS below.
+*/
+#ifdef USE_SERVER_SIDE_SSL
+#define SSL_SESSION_TABLE_SIZE 32
+#define SSL_SESSION_ENTRY_LIFE (86400*1000)/* one day, in milliseconds */
+#endif
+
+/******************************************************************************/
+/**
+	Use RFC 5077 session resumption mechanism. The SSL_SESSION_ENTRY_LIFE
+	define applies to this method as well as the standard method. The
+	SSL_SESSION_TICKET_LIST_LEN is the max size of the server key list.
+*/
+#define USE_STATELESS_SESSION_TICKETS
+#define SSL_SESSION_TICKET_LIST_LEN 32
+
+/******************************************************************************/
+/**
+	The initial buffer sizes for send and receive buffers in each ssl_t session.
+	Buffers are internally grown if more incoming or outgoing data storage is
+	needed, up to a maximum of SSL_MAX_BUF_SIZE. Once the memory used by the
+	buffer again drops below SSL_DEFAULT_X_BUF_SIZE, the buffer will be reduced
+	to this size. Most standard SSL handshakes require on the order of 1024 B.
+
+	SSL_DEFAULT_x_BUF_SIZE	value in bytes, maximum SSL_MAX_BUF_SIZE
+ */
+#ifndef USE_DTLS
+#can_define	SSL_DEFAULT_IN_BUF_SIZE		1500		/* Base recv buf size, bytes */
+#can_define	SSL_DEFAULT_OUT_BUF_SIZE	1500		/* Base send buf size, bytes */
+#else
+/******************************************************************************/
+/**
+	The Path Maximum Transmission Unit is the largest datagram that can be
+	sent or recieved.  It is beyond the scope of DTLS to negotiate this value
+	so make sure both sides have agreed on this value.  This is an enforced
+	limitation in MatrixDTLS so connections will not succeed if a peer has a
+	PTMU set larger than this value.
+*/
+#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
+#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+
+//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _h_MATRIXCONFIG */
+/******************************************************************************/
+

configs/rsaonly/coreConfig.h

@@ -0,0 +1,83 @@
+/**
+ *	@file    coreConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for Matrix core module.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CORECONFIG
+#define _h_PS_CORECONFIG
+
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Enable various levels of trace.
+	When these option is turned off, messages are silently
+	discarded and their text does not take space in the binary image.
+*/
+//#define USE_CORE_TRACE
+#ifndef NO_CORE_ERROR
+ #define USE_CORE_ERROR
+#endif
+#ifndef NO_CORE_ASSERT
+ #define USE_CORE_ASSERT
+#endif
+
+/**
+	If enabled, calls to the psError set of APIs will perform a platform
+	abort on the exeutable to aid in debugging.
+*/
+#ifdef DEBUG
+//#define HALT_ON_PS_ERROR /* NOT RECOMMENDED FOR PRODUCTION BUILDS */
+#endif
+
+/**
+	Include the psCoreOsdepMutex family of APIs
+
+	@note If intending to compile crypto-cl, then this flag should
+	always be set.
+*/
+#ifndef NO_MULTITHREADING
+#define USE_MULTITHREADING
+#endif /* NO_MULTITHREADING */
+
+/**
+	Include the psNetwork family of APIs
+
+	These APIs allow simple high-level socket api.
+ */
+#define USE_PS_NETWORKING
+
+#endif /* _h_PS_CORECONFIG */
+
+/******************************************************************************/
+

configs/rsaonly/cryptoConfig.h

@@ -0,0 +1,217 @@
+/**
+ *	@file    cryptoConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration file for crypto features.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CRYPTOCONFIG
+#define _h_PS_CRYPTOCONFIG
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Define to enable psTrace*Crypto APIs for debugging the crypto module.
+*/
+//#define USE_CRYPTO_TRACE
+
+#ifdef DEBUG
+//#define CRYPTO_ASSERT	/**< Extra sanity asserts */
+#endif
+
+/******************************************************************************/
+/*
+	Use built-in cryptographic library delivered with MatrixSSL
+*/
+#define USE_NATIVE_RSA /* Default built-in software support */
+
+/******************************************************************************/
+/**
+	Security related settings.
+
+	@security MIN_*_BITS is the minimum supported key sizes in bits, weaker
+	keys will be rejected.
+*/
+#define MIN_ECC_BITS 192/**< @security Affects ECC curves below */
+
+#define MIN_RSA_BITS	1024
+
+#define MIN_DH_BITS	1024
+
+#define USE_BURN_STACK/**< @security Zero sensitive data from the stack. */
+
+/******************************************************************************/
+/**
+	Public-Key Algorithm Support.
+*/
+#define USE_RSA
+//#define USE_ECC
+//#define USE_DH
+/**< @note Enable verification of DSA signatures in certificate validation.
+   Works only when using the CL/SL library. */
+//#define USE_DSA_VERIFY
+
+/******************************************************************************/
+/**
+    Build the PKCS and ASN1 extra CL sublibraries.
+	These are needed by the CL_PKCS API.
+*/
+
+/******************************************************************************/
+
+/**
+	Define to enable the individual NIST Prime curves.
+	@see http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+*/
+#ifdef USE_ECC
+  #define USE_SECP192R1/**< @security FIPS allowed for sig ver only. */
+ #define USE_SECP224R1
+ #define USE_SECP256R1/**< @security NIST_SHALL */
+ #define USE_SECP384R1/**< @security NIST_SHALL */
+ #define USE_SECP521R1
+#endif
+
+/**
+	Define to enable the individual Brainpool curves.
+	@see https://tools.ietf.org/html/rfc5639
+	@security WARNING: Public points on Brainpool curves are not validated
+*/
+#ifdef USE_ECC
+//#define USE_BRAIN224R1
+//#define USE_BRAIN256R1
+//#define USE_BRAIN384R1
+//#define USE_BRAIN512R1
+#endif
+
+/******************************************************************************/
+/**
+	Symmetric and AEAD ciphers.
+	@security Deprecated ciphers must be enabled in cryptolib.h
+*/
+//#define USE_AES /* Enable/Disable AES */
+#define USE_AES_CBC
+#define USE_AES_GCM
+
+#ifdef USE_LIBSODIUM
+//#define USE_CHACHA20_POLY1305
+#endif
+
+/** @security 3DES is still relatively secure, however is deprecated for TLS */
+#define USE_3DES
+
+/******************************************************************************/
+/**
+	Digest algorithms.
+
+	@note SHA256 and above are used with TLS 1.2, and also used for
+	certificate signatures on some certificates regardless of TLS version.
+
+	@security MD5 is deprecated, but still required in combination with SHA-1
+	for TLS handshakes before TLS 1.2, meaning that the strength is at least
+	that of SHA-1 in this usage. The only other usage of MD5 by TLS is for
+	certificate signatures and MD5 based cipher suites. Both of which are
+	disabled at compile time by default.
+
+	@security SHA1 will be deprecated in the future, but is still required in
+	combination with MD5 for versions prior to TLS 1.2. In addition, SHA1
+	certificates are still commonly used, so SHA1 support may be needed
+	to validate older certificates. It is possible to completely disable
+	SHA1 using TLS 1.2 and SHA2 based ciphersuites, and interacting
+	only with newer certificates.
+*/
+//#define USE_SHA224	/**< @note Used only for cert signature */
+#define USE_SHA256/**< @note Required for TLS 1.2 and above */
+#define USE_HMAC_SHA256
+#define USE_SHA384/**< @pre USE_SHA512 */
+#define USE_HMAC_SHA384
+#define USE_SHA512
+
+/**
+	@security SHA-1 based hashes are deprecated but enabled by default
+	@note ENABLE_SHA1_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_SHA1
+#define USE_HMAC_SHA1
+
+/**
+	@security MD5 is considered insecure, but required by TLS < 1.2
+	@note ENABLE_MD5_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_MD5
+#define USE_MD5SHA1/* Required for < TLS 1.2 Handshake */
+#define USE_HMAC_MD5/* TODO currently needed for prf */
+
+/**
+    @security MD2 is considered insecure, but is sometimes used for
+	verification of legacy root certificate signatures.
+	@note MD2 signature verification also requires
+	ENABLE_MD5_SIGNED_CERTS and USE_MD5.
+*/
+//#define USE_MD2
+
+/* Please enable, unless using no HMAC algorithms. */
+#define USE_HMAC
+
+/******************************************************************************/
+/**
+	X.509 Certificates/PKI
+*/
+#define USE_BASE64_DECODE
+#define USE_X509
+#define USE_CERT_PARSE/**< Usually required. @pre USE_X509 */
+#define USE_FULL_CERT_PARSE/**< @pre USE_CERT_PARSE */
+ /**< Support extra distinguished name attributes that SHOULD be supported according to RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
+ /**< Support extra distinguished name attributes not mentioned in RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES
+//#define ENABLE_CA_CERT_HASH /**< Used only for TLS trusted CA ind ext. */
+//#define ENABLE_MD5_SIGNED_CERTS /** @security Accept MD5 signed certs? */
+#define ENABLE_SHA1_SIGNED_CERTS/** @security Accept SHA1 signed certs? */
+ /**< @security Allow parsing of locally trusted v1 root certs? */
+//#define ALLOW_VERSION_1_ROOT_CERT_PARSE
+#define USE_CRL/***< @pre USE_FULL_CERT_PARSE */
+#define USE_OCSP/**< @pre USE_SHA1 */
+
+/******************************************************************************/
+/**
+	Various PKCS standards support
+*/
+#define USE_PRIVATE_KEY_PARSING
+//#define USE_PKCS5		/**< v2.0 PBKDF encrypted priv keys. @pre USE_3DES */
+#define USE_PKCS8/* Alternative private key storage format */
+#define USE_PKCS12/**< @pre USE_PKCS8 */
+#define USE_PKCS1_OAEP/* OAEP padding algorithm */
+#define USE_PKCS1_PSS/* PSS padding algorithm */
+
+#endif /* _h_PS_CRYPTOCONFIG */
+
+/******************************************************************************/
+

configs/rsaonly/matrixsslConfig.h

@@ -0,0 +1,336 @@
+/**
+ *	@file    matrixsslConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for building the MatrixSSL library.
+ *	This configuration is intended to be used in FIPS Mode of operation.
+ *	The configuration aims to be compatible with NIST SP 800-52 Rev 1 and
+ *	to enable the most commonly used cipher suites.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_MATRIXSSLCONFIG
+#define _h_MATRIXSSLCONFIG
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+	NIST SP 800-52 Rev 1 Conformance.
+	Guidelines for the Selection, Configuration, and Use of Transport Layer
+	Security (TLS) Implementations
+	The key words "shall", "shall not", "should", "should not" and "may"
+	are used as references to the NIST SP 800-52 Rev 1. Algorithms marked as
+	"shall" must not be disabled unless NIST SP 800-52 Rev 1 compatibility
+	is not relevant.
+	@see http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
+*/
+
+/******************************************************************************/
+/**
+	Show which SSL messages are created and parsed
+*/
+//#define USE_SSL_HANDSHAKE_MSG_TRACE
+
+/**
+	Informational trace that could help pinpoint problems with SSL connections
+*/
+//#define USE_SSL_INFORMATIONAL_TRACE
+//#define USE_DTLS_DEBUG_TRACE
+
+/******************************************************************************/
+/**
+	Recommended cipher suites.
+	Define the following to enable various cipher suites
+	At least one of these must be defined.  If multiple are defined,
+	the handshake negotiation will determine which is best for the connection.
+	@note Ephemeral ciphersuites offer perfect forward security (PFS)
+	at the cost of a slower TLS handshake.
+*/
+
+/** Ephemeral ECC DH keys, ECC DSA certificates */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA /**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 /**< @security NIST_MAY */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral ECC DH keys, RSA certificates */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 /**< @security NIST_MAY */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 /**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+//#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+//#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+//#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+//#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+
+/** Non-Ephemeral RSA keys/certificates */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD */
+/* TLS 1.2 ciphers */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	These cipher suites are secure, but not widely deployed.
+*/
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+//#define USE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+
+/** Ephemeral Diffie-Hellman ciphersuites, with PSK authentication */
+//#define USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA /**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA /**< @security NIST_SHOULD_NOT */
+
+/** Ephemeral ECC DH keys, RSA certificates */
+//#define USE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHOULD */
+
+/** Pre-Shared Key Ciphers.
+	NIST SP 800-52 Rev 1 recommends against using PSK unless neccessary
+    See NIST SP 800-52 Rev 1 Appendix C */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+/* TLS 1.2 ciphers */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA384/**< @security NIST_SHOULD_NOT */
+
+/** Non-Ephemeral ECC DH keys, ECC DSA certificates */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA /**< @security NIST_MAY */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA /**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 /**< @security NIST_MAY */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 /**< @security NIST_MAY */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 /**< @security NIST_MAY */
+//#define USE_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 /**< @security NIST_MAY */
+
+/** Non-Ephemeral ECC DH keys, RSA certificates */
+//#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+//#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+//#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+//#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+//#define USE_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+//#define USE_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+
+/** Non-Ephemeral RSA keys/certificates */
+//#define USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHALL */
+
+/** @note Some of (non-mandatory) cipher suites mentioned in NIST SP 800-52
+    Rev 1 are not supported by the MatrixSSL / MatrixDTLS.
+    ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (NIST SP 800-52 Rev 1 "should")
+    is rarely used cipher suite and is not supported.
+    Also (NIST SP 800-52 Rev 1 "may") TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_* and TLS_RSA_WITH_AES_*_CCM cipher suites cannot be
+    enabled as they are not supported. */
+
+/******************************************************************************/
+/**
+	Ephemeral key cache support.
+	If not using cache, new key exchange keys are created for each TLS session.
+	If using cache, keys are generated initially, and re-used in each
+	subsequent TLS connection within a given time frame and usage count.
+	@see ECC_EPHEMERAL_CACHE_SECONDS and ECC_EPHEMERAL_CACHE_USAGE
+
+	@security Do not cache Ephemeral ECC keys as it is against some standards,
+	including NIST SP 800-56A, when in FIPS 140-2 mode of operation.
+*/
+//#define NO_ECC_EPHEMERAL_CACHE /**< @security NIST_SHALL */
+
+/******************************************************************************/
+/**
+	Configure Support for TLS protocol versions.
+	Define one of:
+		USE_TLS_1_2_AND_ABOVE
+		USE_TLS_1_1_AND_ABOVE
+		USE_TLS_1_0_AND_ABOVE
+	@note There is no option for enabling SSL3.0 at this level
+*/
+#define USE_TLS_1_1_AND_ABOVE/**< @security default 1_1_AND_ABOVE */
+//#define USE_TLS_1_2_AND_ABOVE /**< @security better than 1_1_AND_ABOVE if no backwards compatiblity concerns */
+//#define USE_TLS_1_0_AND_ABOVE /**< @security no longer recommended. */
+
+/******************************************************************************/
+/**
+	Datagram TLS support.
+	Enables DTLS in addition to TLS.
+	@pre TLS_1_1
+*/
+#define USE_DTLS
+
+/******************************************************************************/
+/**
+	Compile time support for server or client side SSL
+*/
+#define USE_CLIENT_SIDE_SSL
+#define USE_SERVER_SIDE_SSL
+
+/******************************************************************************/
+/**
+	Client certificate authentication
+*/
+#define USE_CLIENT_AUTH
+
+/**
+	Enable if the server should send an empty CertificateRequest message if
+	no CA files have been loaded
+*/
+//#define SERVER_CAN_SEND_EMPTY_CERT_REQUEST
+
+/**
+	Enabling this define will allow the server to "downgrade" a client auth
+	handshake to a standard handshake if the client replies to a
+	CERTIFICATE_REQUEST with an empty CERTIFICATE message.  The user callback
+	will be called with a NULL cert in this case and the user can determine if
+	the handshake should continue in a non-client auth state.
+*/
+//#define SERVER_WILL_ACCEPT_EMPTY_CLIENT_CERT_MSG
+
+/******************************************************************************/
+/**
+ 	Enable the Application Layer Protocol Negotiation extension.
+	Servers and	Clients will still have to use the required public API to
+	set protocols and register application callbacks to negotiate the
+	protocol that will be tunneled over TLS.
+	@see ALPN section in the developer's guide for information.
+ */
+//#define USE_ALPN
+
+/******************************************************************************/
+/**
+	Enable the Trusted CA Indication CLIENT_HELLO extension.  Will send the
+	sha1 hash of each CA file to the server for help in server selection.
+	This extra level of define is to help isolate the SHA1 requirement
+*/
+//#define USE_TRUSTED_CA_INDICATION /**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	A client side configuration that requires a server to provide an OCSP
+	response if the client uses the certitificate status request extension.
+	The "must staple" terminology is typically associated with certificates
+	at the X.509 layer but it is a good description of what is being required
+	of the server at the TLS level.
+	@pre USE_OCSP must be enbled at the crypto level and the client application
+	must use the OCSPstapling session option at run time for this setting to
+	have any effect
+*/
+#ifdef USE_OCSP
+#define USE_OCSP_MUST_STAPLE	/**< @security NIST_SHALL */
+#endif
+
+/******************************************************************************/
+/**
+	Rehandshaking support.
+
+	Enabling USE_REHANDSHAKING will allow secure-rehandshakes using the
+	protocol defined in RFC 5748 which fixed a critical exploit in
+	the standard TLS specification.
+
+	@security Looking towards TLS 1.3, which removes re-handshaking, this
+	feature is disabled by default.
+*/
+//#define USE_REHANDSHAKING
+
+/******************************************************************************/
+/**
+	If SERVER you may define the number of sessions to cache and how
+	long a session will remain valid in the cache from first access.
+	Session caching enables very fast "session resumption handshakes".
+
+	SSL_SESSION_TABLE_SIZE minimum value is 1
+	SSL_SESSION_ENTRY_LIFE is in milliseconds, minimum 0
+
+	@note Session caching can be disabled by setting SSL_SESSION_ENTRY_LIFE to 0
+	however, this will also immediately expire SESSION_TICKETS below.
+*/
+#ifdef USE_SERVER_SIDE_SSL
+#define SSL_SESSION_TABLE_SIZE 32
+#define SSL_SESSION_ENTRY_LIFE (86400*1000)/* one day, in milliseconds */
+#endif
+
+/******************************************************************************/
+/**
+	Use RFC 5077 session resumption mechanism. The SSL_SESSION_ENTRY_LIFE
+	define applies to this method as well as the standard method. The
+	SSL_SESSION_TICKET_LIST_LEN is the max size of the server key list.
+*/
+#define USE_STATELESS_SESSION_TICKETS
+#define SSL_SESSION_TICKET_LIST_LEN 32
+
+/******************************************************************************/
+/**
+	The initial buffer sizes for send and receive buffers in each ssl_t session.
+	Buffers are internally grown if more incoming or outgoing data storage is
+	needed, up to a maximum of SSL_MAX_BUF_SIZE. Once the memory used by the
+	buffer again drops below SSL_DEFAULT_X_BUF_SIZE, the buffer will be reduced
+	to this size. Most standard SSL handshakes require on the order of 1024 B.
+
+	SSL_DEFAULT_x_BUF_SIZE	value in bytes, maximum SSL_MAX_BUF_SIZE
+ */
+#ifndef USE_DTLS
+#can_define	SSL_DEFAULT_IN_BUF_SIZE		1500		/* Base recv buf size, bytes */
+#can_define	SSL_DEFAULT_OUT_BUF_SIZE	1500		/* Base send buf size, bytes */
+#else
+/******************************************************************************/
+/**
+	The Path Maximum Transmission Unit is the largest datagram that can be
+	sent or recieved.  It is beyond the scope of DTLS to negotiate this value
+	so make sure both sides have agreed on this value.  This is an enforced
+	limitation in MatrixDTLS so connections will not succeed if a peer has a
+	PTMU set larger than this value.
+*/
+#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
+#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+
+//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _h_MATRIXCONFIG */
+/******************************************************************************/
+

configs/tls/coreConfig.h

@@ -0,0 +1,83 @@
+/**
+ *	@file    coreConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for Matrix core module.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CORECONFIG
+#define _h_PS_CORECONFIG
+
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Enable various levels of trace.
+	When these option is turned off, messages are silently
+	discarded and their text does not take space in the binary image.
+*/
+//#define USE_CORE_TRACE
+#ifndef NO_CORE_ERROR
+ #define USE_CORE_ERROR
+#endif
+#ifndef NO_CORE_ASSERT
+ #define USE_CORE_ASSERT
+#endif
+
+/**
+	If enabled, calls to the psError set of APIs will perform a platform
+	abort on the exeutable to aid in debugging.
+*/
+#ifdef DEBUG
+//#define HALT_ON_PS_ERROR /* NOT RECOMMENDED FOR PRODUCTION BUILDS */
+#endif
+
+/**
+	Include the psCoreOsdepMutex family of APIs
+
+	@note If intending to compile crypto-cl, then this flag should
+	always be set.
+*/
+#ifndef NO_MULTITHREADING
+#define USE_MULTITHREADING
+#endif /* NO_MULTITHREADING */
+
+/**
+	Include the psNetwork family of APIs
+
+	These APIs allow simple high-level socket api.
+ */
+#define USE_PS_NETWORKING
+
+#endif /* _h_PS_CORECONFIG */
+
+/******************************************************************************/
+

configs/tls/cryptoConfig.h

@@ -0,0 +1,217 @@
+/**
+ *	@file    cryptoConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration file for crypto features.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PS_CRYPTOCONFIG
+#define _h_PS_CRYPTOCONFIG
+
+/******************************************************************************/
+/* Configurable features */
+/******************************************************************************/
+/**
+	Define to enable psTrace*Crypto APIs for debugging the crypto module.
+*/
+//#define USE_CRYPTO_TRACE
+
+#ifdef DEBUG
+//#define CRYPTO_ASSERT	/**< Extra sanity asserts */
+#endif
+
+/******************************************************************************/
+/*
+	Use built-in cryptographic library delivered with MatrixSSL
+*/
+#define USE_NATIVE_RSA /* Default built-in software support */
+
+/******************************************************************************/
+/**
+	Security related settings.
+
+	@security MIN_*_BITS is the minimum supported key sizes in bits, weaker
+	keys will be rejected.
+*/
+#define MIN_ECC_BITS 192/**< @security Affects ECC curves below */
+
+#define MIN_RSA_BITS	1024
+
+#define MIN_DH_BITS	1024
+
+#define USE_BURN_STACK/**< @security Zero sensitive data from the stack. */
+
+/******************************************************************************/
+/**
+	Public-Key Algorithm Support.
+*/
+#define USE_RSA
+#define USE_ECC
+//#define USE_DH
+/**< @note Enable verification of DSA signatures in certificate validation.
+   Works only when using the CL/SL library. */
+//#define USE_DSA_VERIFY
+
+/******************************************************************************/
+/**
+    Build the PKCS and ASN1 extra CL sublibraries.
+	These are needed by the CL_PKCS API.
+*/
+
+/******************************************************************************/
+
+/**
+	Define to enable the individual NIST Prime curves.
+	@see http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+*/
+#ifdef USE_ECC
+  #define USE_SECP192R1/**< @security FIPS allowed for sig ver only. */
+ #define USE_SECP224R1
+ #define USE_SECP256R1/**< @security NIST_SHALL */
+ #define USE_SECP384R1/**< @security NIST_SHALL */
+ #define USE_SECP521R1
+#endif
+
+/**
+	Define to enable the individual Brainpool curves.
+	@see https://tools.ietf.org/html/rfc5639
+	@security WARNING: Public points on Brainpool curves are not validated
+*/
+#ifdef USE_ECC
+//#define USE_BRAIN224R1
+//#define USE_BRAIN256R1
+//#define USE_BRAIN384R1
+//#define USE_BRAIN512R1
+#endif
+
+/******************************************************************************/
+/**
+	Symmetric and AEAD ciphers.
+	@security Deprecated ciphers must be enabled in cryptolib.h
+*/
+//#define USE_AES /* Enable/Disable AES */
+#define USE_AES_CBC
+#define USE_AES_GCM
+
+#ifdef USE_LIBSODIUM
+//#define USE_CHACHA20_POLY1305
+#endif
+
+/** @security 3DES is still relatively secure, however is deprecated for TLS */
+#define USE_3DES
+
+/******************************************************************************/
+/**
+	Digest algorithms.
+
+	@note SHA256 and above are used with TLS 1.2, and also used for
+	certificate signatures on some certificates regardless of TLS version.
+
+	@security MD5 is deprecated, but still required in combination with SHA-1
+	for TLS handshakes before TLS 1.2, meaning that the strength is at least
+	that of SHA-1 in this usage. The only other usage of MD5 by TLS is for
+	certificate signatures and MD5 based cipher suites. Both of which are
+	disabled at compile time by default.
+
+	@security SHA1 will be deprecated in the future, but is still required in
+	combination with MD5 for versions prior to TLS 1.2. In addition, SHA1
+	certificates are still commonly used, so SHA1 support may be needed
+	to validate older certificates. It is possible to completely disable
+	SHA1 using TLS 1.2 and SHA2 based ciphersuites, and interacting
+	only with newer certificates.
+*/
+//#define USE_SHA224	/**< @note Used only for cert signature */
+#define USE_SHA256/**< @note Required for TLS 1.2 and above */
+#define USE_HMAC_SHA256
+#define USE_SHA384/**< @pre USE_SHA512 */
+#define USE_HMAC_SHA384
+#define USE_SHA512
+
+/**
+	@security SHA-1 based hashes are deprecated but enabled by default
+	@note ENABLE_SHA1_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_SHA1
+#define USE_HMAC_SHA1
+
+/**
+	@security MD5 is considered insecure, but required by TLS < 1.2
+	@note ENABLE_MD5_SIGNED_CERTS can additionally be configured below.
+*/
+#define USE_MD5
+#define USE_MD5SHA1/* Required for < TLS 1.2 Handshake */
+#define USE_HMAC_MD5/* TODO currently needed for prf */
+
+/**
+    @security MD2 is considered insecure, but is sometimes used for
+	verification of legacy root certificate signatures.
+	@note MD2 signature verification also requires
+	ENABLE_MD5_SIGNED_CERTS and USE_MD5.
+*/
+//#define USE_MD2
+
+/* Please enable, unless using no HMAC algorithms. */
+#define USE_HMAC
+
+/******************************************************************************/
+/**
+	X.509 Certificates/PKI
+*/
+#define USE_BASE64_DECODE
+#define USE_X509
+#define USE_CERT_PARSE/**< Usually required. @pre USE_X509 */
+#define USE_FULL_CERT_PARSE/**< @pre USE_CERT_PARSE */
+ /**< Support extra distinguished name attributes that SHOULD be supported according to RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
+ /**< Support extra distinguished name attributes not mentioned in RFC 5280. */
+//#define USE_EXTRA_DN_ATTRIBUTES
+//#define ENABLE_CA_CERT_HASH /**< Used only for TLS trusted CA ind ext. */
+//#define ENABLE_MD5_SIGNED_CERTS /** @security Accept MD5 signed certs? */
+#define ENABLE_SHA1_SIGNED_CERTS/** @security Accept SHA1 signed certs? */
+ /**< @security Allow parsing of locally trusted v1 root certs? */
+//#define ALLOW_VERSION_1_ROOT_CERT_PARSE
+#define USE_CRL/***< @pre USE_FULL_CERT_PARSE */
+#define USE_OCSP/**< @pre USE_SHA1 */
+
+/******************************************************************************/
+/**
+	Various PKCS standards support
+*/
+#define USE_PRIVATE_KEY_PARSING
+//#define USE_PKCS5		/**< v2.0 PBKDF encrypted priv keys. @pre USE_3DES */
+#define USE_PKCS8/* Alternative private key storage format */
+#define USE_PKCS12/**< @pre USE_PKCS8 */
+#define USE_PKCS1_OAEP/* OAEP padding algorithm */
+#define USE_PKCS1_PSS/* PSS padding algorithm */
+
+#endif /* _h_PS_CRYPTOCONFIG */
+
+/******************************************************************************/
+

configs/tls/matrixsslConfig.h

@@ -0,0 +1,336 @@
+/**
+ *	@file    matrixsslConfig.h
+ *	@version $Format:%h%d$
+ *
+ *	Configuration settings for building the MatrixSSL library.
+ *	This configuration is intended to be used in FIPS Mode of operation.
+ *	The configuration aims to be compatible with NIST SP 800-52 Rev 1 and
+ *	to enable the most commonly used cipher suites.
+ */
+/*
+ *	Copyright (c) 2013-2016 INSIDE Secure Corporation
+ *	Copyright (c) PeerSec Networks, 2002-2011
+ *	All Rights Reserved
+ *
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software
+ *	into proprietary programs.  If you are unable to comply with the GPL, a
+ *	commercial license for this software may be purchased from INSIDE at
+ *	http://www.insidesecure.com/
+ *
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *	See the GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_MATRIXSSLCONFIG
+#define _h_MATRIXSSLCONFIG
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+	NIST SP 800-52 Rev 1 Conformance.
+	Guidelines for the Selection, Configuration, and Use of Transport Layer
+	Security (TLS) Implementations
+	The key words "shall", "shall not", "should", "should not" and "may"
+	are used as references to the NIST SP 800-52 Rev 1. Algorithms marked as
+	"shall" must not be disabled unless NIST SP 800-52 Rev 1 compatibility
+	is not relevant.
+	@see http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
+*/
+
+/******************************************************************************/
+/**
+	Show which SSL messages are created and parsed
+*/
+//#define USE_SSL_HANDSHAKE_MSG_TRACE
+
+/**
+	Informational trace that could help pinpoint problems with SSL connections
+*/
+//#define USE_SSL_INFORMATIONAL_TRACE
+//#define USE_DTLS_DEBUG_TRACE
+
+/******************************************************************************/
+/**
+	Recommended cipher suites.
+	Define the following to enable various cipher suites
+	At least one of these must be defined.  If multiple are defined,
+	the handshake negotiation will determine which is best for the connection.
+	@note Ephemeral ciphersuites offer perfect forward security (PFS)
+	at the cost of a slower TLS handshake.
+*/
+
+/** Ephemeral ECC DH keys, ECC DSA certificates */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA/**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral ECC DH keys, RSA certificates */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHOULD */
+#define USE_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+//#define USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+//#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+//#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+//#define USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+//#define USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+
+/** Non-Ephemeral RSA keys/certificates */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD */
+/* TLS 1.2 ciphers */
+#define USE_TLS_RSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_256_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_RSA_WITH_AES_128_GCM_SHA256/**< @security NIST_SHALL */
+#define USE_TLS_RSA_WITH_AES_256_GCM_SHA384/**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	These cipher suites are secure, but not widely deployed.
+*/
+
+/** Ephemeral Diffie-Hellman ciphersuites, with RSA certificates */
+//#define USE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+
+/** Ephemeral Diffie-Hellman ciphersuites, with PSK authentication */
+//#define USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA /**< @security NIST_SHOULD_NOT */
+//#define USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA /**< @security NIST_SHOULD_NOT */
+
+/** Ephemeral ECC DH keys, RSA certificates */
+//#define USE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHOULD */
+
+/** Pre-Shared Key Ciphers.
+	NIST SP 800-52 Rev 1 recommends against using PSK unless neccessary
+    See NIST SP 800-52 Rev 1 Appendix C */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA/**< @security NIST_SHOULD_NOT */
+/* TLS 1.2 ciphers */
+#define USE_TLS_PSK_WITH_AES_128_CBC_SHA256/**< @security NIST_SHOULD_NOT */
+#define USE_TLS_PSK_WITH_AES_256_CBC_SHA384/**< @security NIST_SHOULD_NOT */
+
+/** Non-Ephemeral ECC DH keys, ECC DSA certificates */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA/**< @security NIST_MAY */
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256/**< @security NIST_MAY */
+#define USE_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384/**< @security NIST_MAY */
+
+/** Non-Ephemeral ECC DH keys, RSA certificates */
+#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+/* TLS 1.2 ciphers */
+#define USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+#define USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+#define USE_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+#define USE_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+
+/** Non-Ephemeral RSA keys/certificates */
+//#define USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA /**< @security NIST_SHALL */
+
+/** @note Some of (non-mandatory) cipher suites mentioned in NIST SP 800-52
+    Rev 1 are not supported by the MatrixSSL / MatrixDTLS.
+    ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (NIST SP 800-52 Rev 1 "should")
+    is rarely used cipher suite and is not supported.
+    Also (NIST SP 800-52 Rev 1 "may") TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_* and TLS_RSA_WITH_AES_*_CCM cipher suites cannot be
+    enabled as they are not supported. */
+
+/******************************************************************************/
+/**
+	Ephemeral key cache support.
+	If not using cache, new key exchange keys are created for each TLS session.
+	If using cache, keys are generated initially, and re-used in each
+	subsequent TLS connection within a given time frame and usage count.
+	@see ECC_EPHEMERAL_CACHE_SECONDS and ECC_EPHEMERAL_CACHE_USAGE
+
+	@security Do not cache Ephemeral ECC keys as it is against some standards,
+	including NIST SP 800-56A, when in FIPS 140-2 mode of operation.
+*/
+//#define NO_ECC_EPHEMERAL_CACHE /**< @security NIST_SHALL */
+
+/******************************************************************************/
+/**
+	Configure Support for TLS protocol versions.
+	Define one of:
+		USE_TLS_1_2_AND_ABOVE
+		USE_TLS_1_1_AND_ABOVE
+		USE_TLS_1_0_AND_ABOVE
+	@note There is no option for enabling SSL3.0 at this level
+*/
+#define USE_TLS_1_1_AND_ABOVE/**< @security default 1_1_AND_ABOVE */
+//#define USE_TLS_1_2_AND_ABOVE /**< @security better than 1_1_AND_ABOVE if no backwards compatiblity concerns */
+//#define USE_TLS_1_0_AND_ABOVE /**< @security no longer recommended. */
+
+/******************************************************************************/
+/**
+	Datagram TLS support.
+	Enables DTLS in addition to TLS.
+	@pre TLS_1_1
+*/
+#define USE_DTLS
+
+/******************************************************************************/
+/**
+	Compile time support for server or client side SSL
+*/
+#define USE_CLIENT_SIDE_SSL
+#define USE_SERVER_SIDE_SSL
+
+/******************************************************************************/
+/**
+	Client certificate authentication
+*/
+#define USE_CLIENT_AUTH
+
+/**
+	Enable if the server should send an empty CertificateRequest message if
+	no CA files have been loaded
+*/
+//#define SERVER_CAN_SEND_EMPTY_CERT_REQUEST
+
+/**
+	Enabling this define will allow the server to "downgrade" a client auth
+	handshake to a standard handshake if the client replies to a
+	CERTIFICATE_REQUEST with an empty CERTIFICATE message.  The user callback
+	will be called with a NULL cert in this case and the user can determine if
+	the handshake should continue in a non-client auth state.
+*/
+//#define SERVER_WILL_ACCEPT_EMPTY_CLIENT_CERT_MSG
+
+/******************************************************************************/
+/**
+ 	Enable the Application Layer Protocol Negotiation extension.
+	Servers and	Clients will still have to use the required public API to
+	set protocols and register application callbacks to negotiate the
+	protocol that will be tunneled over TLS.
+	@see ALPN section in the developer's guide for information.
+ */
+//#define USE_ALPN
+
+/******************************************************************************/
+/**
+	Enable the Trusted CA Indication CLIENT_HELLO extension.  Will send the
+	sha1 hash of each CA file to the server for help in server selection.
+	This extra level of define is to help isolate the SHA1 requirement
+*/
+//#define USE_TRUSTED_CA_INDICATION /**< @security NIST_SHOULD */
+
+/******************************************************************************/
+/**
+	A client side configuration that requires a server to provide an OCSP
+	response if the client uses the certitificate status request extension.
+	The "must staple" terminology is typically associated with certificates
+	at the X.509 layer but it is a good description of what is being required
+	of the server at the TLS level.
+	@pre USE_OCSP must be enbled at the crypto level and the client application
+	must use the OCSPstapling session option at run time for this setting to
+	have any effect
+*/
+#ifdef USE_OCSP
+#define USE_OCSP_MUST_STAPLE	/**< @security NIST_SHALL */
+#endif
+
+/******************************************************************************/
+/**
+	Rehandshaking support.
+
+	Enabling USE_REHANDSHAKING will allow secure-rehandshakes using the
+	protocol defined in RFC 5748 which fixed a critical exploit in
+	the standard TLS specification.
+
+	@security Looking towards TLS 1.3, which removes re-handshaking, this
+	feature is disabled by default.
+*/
+//#define USE_REHANDSHAKING
+
+/******************************************************************************/
+/**
+	If SERVER you may define the number of sessions to cache and how
+	long a session will remain valid in the cache from first access.
+	Session caching enables very fast "session resumption handshakes".
+
+	SSL_SESSION_TABLE_SIZE minimum value is 1
+	SSL_SESSION_ENTRY_LIFE is in milliseconds, minimum 0
+
+	@note Session caching can be disabled by setting SSL_SESSION_ENTRY_LIFE to 0
+	however, this will also immediately expire SESSION_TICKETS below.
+*/
+#ifdef USE_SERVER_SIDE_SSL
+#define SSL_SESSION_TABLE_SIZE 32
+#define SSL_SESSION_ENTRY_LIFE (86400*1000)/* one day, in milliseconds */
+#endif
+
+/******************************************************************************/
+/**
+	Use RFC 5077 session resumption mechanism. The SSL_SESSION_ENTRY_LIFE
+	define applies to this method as well as the standard method. The
+	SSL_SESSION_TICKET_LIST_LEN is the max size of the server key list.
+*/
+#define USE_STATELESS_SESSION_TICKETS
+#define SSL_SESSION_TICKET_LIST_LEN 32
+
+/******************************************************************************/
+/**
+	The initial buffer sizes for send and receive buffers in each ssl_t session.
+	Buffers are internally grown if more incoming or outgoing data storage is
+	needed, up to a maximum of SSL_MAX_BUF_SIZE. Once the memory used by the
+	buffer again drops below SSL_DEFAULT_X_BUF_SIZE, the buffer will be reduced
+	to this size. Most standard SSL handshakes require on the order of 1024 B.
+
+	SSL_DEFAULT_x_BUF_SIZE	value in bytes, maximum SSL_MAX_BUF_SIZE
+ */
+#ifndef USE_DTLS
+#can_define	SSL_DEFAULT_IN_BUF_SIZE		1500		/* Base recv buf size, bytes */
+#can_define	SSL_DEFAULT_OUT_BUF_SIZE	1500		/* Base send buf size, bytes */
+#else
+/******************************************************************************/
+/**
+	The Path Maximum Transmission Unit is the largest datagram that can be
+	sent or recieved.  It is beyond the scope of DTLS to negotiate this value
+	so make sure both sides have agreed on this value.  This is an enforced
+	limitation in MatrixDTLS so connections will not succeed if a peer has a
+	PTMU set larger than this value.
+*/
+#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
+#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
+
+//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _h_MATRIXCONFIG */
+/******************************************************************************/
+