diff --git a/configs/README.txt b/configs/README.txt new file mode 100644 index 0000000000..7527fdb68a --- /dev/null +++ b/configs/README.txt @@ -0,0 +1,24 @@ +This directory contains example configuration files. + +The examples are generally focused on a particular usage case (eg, support for +a restricted number of ciphersuites) and aim at minimizing resource usage for +this target. They can be used as a basis for custom configurations. + +These files are complete replacements for the default config.h. To use one of +them, you can pick one of the following methods: + +1. Replace the default file include/polarssl/config.h with the chosen one. + +2. Define POLARSSL_CONFIG_FILE and adjust the include path accordingly. + For example, using make: + + CFLAGS="-I$PWD/configs -DPOLARSSL_CONFIG_FILE=''" make + + Or, using cmake: + + rm CMakeCache.txt + CFLAGS="-I$PWD/configs -DPOLARSSL_CONFIG_FILE=''" cmake . + make + +Note that the second method also works if you want to keep your custom +configuration file outside the PolarSSL tree. diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h index 81a95f063e..f6016e85b2 100644 --- a/configs/config-mini-tls1_1.h +++ b/configs/config-mini-tls1_1.h @@ -2,10 +2,17 @@ * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the * required ciphersuite: TLS_RSA_WITH_3DES_EDE_CBC_SHA * - * Can be activated with: - * scripts/activate-config.pl configs/config-mini-tls1_1.h + * See README.txt for usage instructions. */ +#ifndef POLARSSL_CONFIG_H +#define POLARSSL_CONFIG_H + +/* System support */ +#define POLARSSL_HAVE_ASM +#define POLARSSL_HAVE_TIME +#define POLARSSL_HAVE_IPV6 + /* PolarSSL feature support */ #define POLARSSL_CIPHER_MODE_CBC #define POLARSSL_PKCS1_V15 @@ -44,5 +51,4 @@ /* For testing with compat.sh */ #define POLARSSL_FS_IO -/* marker for activate-config.pl - * \} name SECTION: PolarSSL modules */ +#endif /* POLARSSL_CONFIG_H */ diff --git a/configs/config-psk-rc4-tls1_0.h b/configs/config-psk-rc4-tls1_0.h index 1da378c3c2..260b71341a 100644 --- a/configs/config-psk-rc4-tls1_0.h +++ b/configs/config-psk-rc4-tls1_0.h @@ -2,10 +2,16 @@ * Custom compact configuration for TLS 1.0 with PSK and RC4 * Distinguishing features: no bignum, no PK, no X509. * - * Can be activated with: - * scripts/activate-config.pl configs/config-mini-tls1_1.h + * See README.txt for usage instructions. */ +#ifndef POLARSSL_CONFIG_H +#define POLARSSL_CONFIG_H + +/* System support */ +#define POLARSSL_HAVE_TIME +#define POLARSSL_HAVE_IPV6 + /* PolarSSL feature support */ #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED #define POLARSSL_SSL_PROTO_TLS1 @@ -28,5 +34,4 @@ #define POLARSSL_SSL_SRV_C #define POLARSSL_SSL_TLS_C -/* marker for activate-config.pl - * \} name SECTION: PolarSSL modules */ +#endif /* POLARSSL_CONFIG_H */ diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 2bfb0e124c..7f085f4ff4 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -1,10 +1,17 @@ /* * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) * - * Can be activated with: - * scripts/activate-config.pl configs/config-mini-tls1_1.h + * See README.txt for usage instructions. */ +#ifndef POLARSSL_CONFIG_H +#define POLARSSL_CONFIG_H + +/* System support */ +#define POLARSSL_HAVE_ASM +#define POLARSSL_HAVE_TIME +#define POLARSSL_HAVE_IPV6 + /* PolarSSL feature support */ #define POLARSSL_ECP_DP_SECP256R1_ENABLED #define POLARSSL_ECP_DP_SECP384R1_ENABLED @@ -44,5 +51,4 @@ /* For testing with compat.sh */ #define POLARSSL_FS_IO -/* marker for activate-config.pl - * \} name SECTION: PolarSSL modules */ +#endif /* POLARSSL_CONFIG_H */ diff --git a/scripts/activate-config.pl b/scripts/activate-config.pl index caa8cdc13e..5b4e8f508b 100755 --- a/scripts/activate-config.pl +++ b/scripts/activate-config.pl @@ -1,68 +1,9 @@ #!/usr/bin/perl +# DEPRECATED! +# # activate a pre-defined configuration -use warnings; -use strict; - -my $config_h = "include/polarssl/config.h"; - -exit( main() ); - -sub read_default { - open my $fh, '<', $config_h or die "Failed to read $config_h: $!\n"; - - my (@pre, @post); - my $state = 'pre'; - - while( my $line = <$fh> ) { - if( $state eq 'pre' ) { - push @pre, $line; - $state = 'skip' if $line =~ /} name SECTION: System support/; - } - elsif( $state eq 'skip' ) { - $state = 'post' if $line =~/} name SECTION: PolarSSL modules/; - } - else { - push @post, $line; - } - } - - die "Failed to parse $config_h\n" if( $state ne 'post' ); - - close $fh; - - push @pre, "\n"; - - return \@pre, \@post; -} - -sub read_custom { - my ($file_name) = @_; - - open my $fh, '<', $file_name or die "Failed to read $file_name: $!\n"; - my @content = <$fh>; - close $fh; - - return \@content; -} - -sub write_custom { - my ($pre, $mid, $post) = @_; - - open my $fh, '>', $config_h or die "Failed to write $config_h: $!\n"; - print $fh @$pre; - print $fh @$mid; - print $fh @$post; - close $fh; -} - -sub main { - my $custom_file_name = $ARGV[0]; - - my ($pre, $post) = read_default(); - my $mine = read_custom( $custom_file_name ); - write_custom( $pre, $mine, $post ); - - return 0; -} +print "This script is deprecated!\n"; +print "See configs/README.txt regarding alternative config.h usage\n"; +exit 1; diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 4577252f66..42131be3a2 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -49,7 +49,7 @@ while( my ($conf, $args) = each %configs ) { print "* Testing configuration: $conf\n"; print "******************************************\n"; - system( "scripts/activate-config.pl configs/$conf" ) + system( "cp configs/$conf $config_h" ) and abort "Failed to activate $conf\n"; system( "make" ) and abort "Failed to build: $conf\n";