Macros | Functions
crypto.h File Reference

Cryptographic configuration. More...

#include <config/named.h>
#include <NAMED_CONFIG(crypto.h)>
#include <config/local/crypto.h>
#include <LOCAL_NAMED_CONFIG(crypto.h)>

Go to the source code of this file.


 Minimum TLS version. More...
 RSA public-key algorithm. More...
 AES-CBC block cipher. More...
 AES-GCM block cipher. More...
 MD4 digest algorithm. More...
 SHA-224 digest algorithm. More...
 SHA-256 digest algorithm. More...
 SHA-384 digest algorithm. More...
 SHA-512 digest algorithm. More...
#define TIMESTAMP_ERROR_MARGIN   ( ( 12 * 60 + 30 ) * 60 )
 SHA-512/224 digest algorithm. More...
#define CROSSCERT   "http://ca.ipxe.org/auto"
 Default cross-signed certificate source. More...
#define OCSP_CHECK
 Perform OCSP checks when applicable. More...



Detailed Description

Cryptographic configuration.

Definition in file crypto.h.

Macro Definition Documentation



Minimum TLS version.

Definition at line 13 of file crypto.h.



RSA public-key algorithm.

Definition at line 16 of file crypto.h.



AES-CBC block cipher.

Definition at line 19 of file crypto.h.



AES-GCM block cipher.

Definition at line 22 of file crypto.h.



MD4 digest algorithm.

MD5 digest algorithm SHA-1 digest algorithm

Definition at line 31 of file crypto.h.



SHA-224 digest algorithm.

Definition at line 34 of file crypto.h.



SHA-256 digest algorithm.

Definition at line 37 of file crypto.h.



SHA-384 digest algorithm.

Definition at line 40 of file crypto.h.



SHA-512 digest algorithm.

Definition at line 43 of file crypto.h.


#define TIMESTAMP_ERROR_MARGIN   ( ( 12 * 60 + 30 ) * 60 )

SHA-512/224 digest algorithm.

SHA-512/256 digest algorithm Margin of error (in seconds) allowed in signed timestamps

We default to allowing a reasonable margin of error: 12 hours to allow for the local time zone being non-GMT, plus 30 minutes to allow for general clock drift.

Definition at line 57 of file crypto.h.


#define CROSSCERT   "http://ca.ipxe.org/auto"

Default cross-signed certificate source.

This is the default location from which iPXE will attempt to download cross-signed certificates in order to complete a certificate chain.

Definition at line 65 of file crypto.h.


#define OCSP_CHECK

Perform OCSP checks when applicable.

Some CAs provide non-functional OCSP servers, and some clients are forced to operate on networks without access to the OCSP servers. Allow the user to explicitly disable the use of OCSP checks.

Definition at line 73 of file crypto.h.

Function Documentation