2
0

user_settings.h 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386
  1. /* user_settings.h
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* should be renamed to user_settings.h for customer use
  22. * generated from configure options ./configure --enable-all
  23. *
  24. * Cleaned up by David Garske
  25. */
  26. #ifndef WOLFSSL_USER_SETTINGS_H
  27. #define WOLFSSL_USER_SETTINGS_H
  28. #ifdef __cplusplus
  29. extern "C" {
  30. #endif
  31. #include <stdint.h>
  32. /* Usually comes from configure -> config.h */
  33. #define HAVE_SYS_TIME_H
  34. /* Explicitly define NETDB support */
  35. #define HAVE_NETDB_H
  36. /* Features */
  37. #define SINGLE_THREADED
  38. #define WOLFSSL_IGNORE_FILE_WARN /* Ignore *.c include warnings */
  39. #define WOLFSSL_PUBLIC_MP /* Make math API's public */
  40. #define WOLFSSL_ENCRYPTED_KEYS /* Support for encrypted keys PKCS8 */
  41. //#define WOLFSSL_SYS_CA_CERTS /* Enable ability to load CA certs from OS */
  42. #if 0 /* Not needed */
  43. #define KEEP_PEER_CERT /* Retain peer's certificate */
  44. #define KEEP_OUR_CERT /* Keep our certificate */
  45. #define WOLFSSL_ALWAYS_VERIFY_CB /* Always call verify callback (configured via wolfSSL_CTX_set_verify API) */
  46. #define WOLFSSL_VERIFY_CB_ALL_CERTS /* Call verify callback for all intermediate certs */
  47. #define WOLFSSL_ALWAYS_KEEP_SNI
  48. #define WOLFSSL_EXTRA_ALERTS /* Allow sending other TLS alerts */
  49. #define HAVE_EX_DATA /* Enable "extra" EX data API's for user information in CTX/WOLFSSL */
  50. #define HAVE_EXT_CACHE
  51. #define ATOMIC_USER /* Enable Atomic Record Layer callbacks */
  52. #define HAVE_PK_CALLBACKS /* Enable public key callbacks */
  53. #define WOLFSSL_ALT_NAMES /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */
  54. #define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */
  55. #define WOLFSSL_HAVE_CERT_SERVICE
  56. #define WOLFSSL_JNI
  57. #define WOLFSSL_SEP /* certificate policy set extension */
  58. #define WOLFCRYPT_HAVE_SRP
  59. #define WOLFSSL_HAVE_WOLFSCEP
  60. #define HAVE_PKCS7
  61. #define WOLFSSL_SIGNER_DER_CERT
  62. #define WOLFSSL_TRUST_PEER_CERT
  63. #define WOLFSSL_WOLFSSH
  64. #define WC_NO_ASYNC_THREADING
  65. #endif
  66. /* TLS Features */
  67. #define WOLFSSL_TLS13
  68. #define WOLFSSL_EITHER_SIDE /* allow generic server/client method for WOLFSSL_CTX new */
  69. #define WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE
  70. /* DTLS */
  71. #define WOLFSSL_DTLS
  72. // #define WOLFSSL_MULTICAST
  73. #define WOLFSSL_DTLS13
  74. /* DG Disabled SSLv3 and TLSv1.0 - should avoid using */
  75. //#define WOLFSSL_ALLOW_SSLV3
  76. //#define WOLFSSL_ALLOW_TLSV10
  77. /* TLS Extensions */
  78. #define HAVE_TLS_EXTENSIONS
  79. #define HAVE_SUPPORTED_CURVES
  80. #define HAVE_ONE_TIME_AUTH
  81. #define HAVE_SNI
  82. #define HAVE_ALPN
  83. #define HAVE_MAX_FRAGMENT
  84. #define HAVE_TRUNCATED_HMAC
  85. #define HAVE_SESSION_TICKET
  86. #define WOLFSSL_TICKET_HAVE_ID
  87. #define WOLFSSL_FORCE_CACHE_ON_TICKET
  88. #define HAVE_EXTENDED_MASTER
  89. #define HAVE_TRUSTED_CA
  90. #define HAVE_ENCRYPT_THEN_MAC
  91. #define WOLFSSL_POST_HANDSHAKE_AUTH
  92. #define WOLFSSL_SEND_HRR_COOKIE /* Used by DTLS v1.3 */
  93. #define HAVE_ANON /* anon cipher suites */
  94. #define HAVE_FALLBACK_SCSV /* TLS_FALLBACK_SCSV */
  95. #define WOLFSSL_EARLY_DATA
  96. #define HAVE_SERVER_RENEGOTIATION_INFO
  97. /* TLS Session Cache */
  98. #define SESSION_CERTS
  99. #define PERSIST_SESSION_CACHE
  100. #define PERSIST_CERT_CACHE
  101. /* Key and Certificate Generation */
  102. #define WOLFSSL_KEY_GEN
  103. #define WOLFSSL_CERT_GEN
  104. #define WOLFSSL_CERT_REQ
  105. #define WOLFSSL_CERT_EXT
  106. #define WOLFSSL_MULTI_ATTRIB
  107. #define HAVE_SMIME
  108. #define WOLFSSL_DER_LOAD
  109. #define ASN_BER_TO_DER /* BER to DER support */
  110. #define WOLFSSL_HAVE_ISSUER_NAMES /* Store pointers to issuer name components and their lengths and encodings */
  111. #define WOLFSSL_SUBJ_DIR_ATTR /* Enable support for SubjectDirectoryAttributes extension */
  112. #define WOLFSSL_SUBJ_INFO_ACC /* Enable support for SubjectInfoAccess extension */
  113. #define WOLFSSL_CERT_NAME_ALL /* Adds more certificate name capability at the cost of taking up more memory. Adds initials, givenname, dnQualifer for example */
  114. #define WOLFSSL_FPKI /* Enable support for FPKI (Federal PKI) extensions */
  115. #define WOLFSSL_AKID_NAME /* Enable support for full AuthorityKeyIdentifier extension. Only supports copying full AKID from an existing certificate */
  116. #define HAVE_CTS /* Ciphertext stealing interface */
  117. #define WOLFSSL_PEM_TO_DER
  118. #define WOLFSSL_DER_TO_PEM
  119. #define WOLFSSL_CUSTOM_OID
  120. #define HAVE_OID_ENCODING
  121. #define WOLFSSL_ASN_TEMPLATE
  122. /* Certificate Revocation */
  123. #define HAVE_OCSP
  124. #define HAVE_CERTIFICATE_STATUS_REQUEST
  125. #define HAVE_CERTIFICATE_STATUS_REQUEST_V2
  126. #define HAVE_CRL
  127. #define HAVE_CRL_IO
  128. #define HAVE_IO_TIMEOUT
  129. //#define HAVE_CRL_MONITOR /* DG Disabled (Monitors CRL files on filesystem) - not portable feature */
  130. #if 1
  131. /* sp_int.c */
  132. #define WOLFSSL_SP_MATH_ALL
  133. #else
  134. /* Fast math key size 4096-bit max */
  135. #define USE_FAST_MATH
  136. #endif
  137. //#define HAVE___UINT128_T 1 /* DG commented: May not be portable */
  138. /* Max Sizes */
  139. #define RSA_MAX_SIZE 4096
  140. #define FP_MAX_BITS 8192
  141. #define SP_INT_BITS 4096
  142. /* Timing Resistance */
  143. #define TFM_TIMING_RESISTANT
  144. #define ECC_TIMING_RESISTANT
  145. #define WC_RSA_BLINDING
  146. /* DH Key Sizes */
  147. #define HAVE_FFDHE_2048
  148. #define HAVE_FFDHE_3072
  149. #define WOLFSSL_DH_EXTRA /* Enable additional DH key import/export */
  150. #define HAVE_DH_DEFAULT_PARAMS
  151. /* ECC Features */
  152. #define HAVE_ECC
  153. #define TFM_ECC256
  154. #define ECC_SHAMIR
  155. #define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */
  156. #define HAVE_ECC_SECPR2
  157. #define HAVE_ECC_SECPR3
  158. #define HAVE_ECC_BRAINPOOL
  159. #define HAVE_ECC_KOBLITZ
  160. #define HAVE_ECC_CDH /* Co-factor */
  161. #define HAVE_COMP_KEY /* Compressed key support */
  162. #define FP_ECC /* Fixed point caching - speed repeated operations against same key */
  163. #define HAVE_ECC_ENCRYPT
  164. #define WOLFCRYPT_HAVE_ECCSI
  165. #define WOLFCRYPT_HAVE_SAKKE
  166. #define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
  167. /* RSA */
  168. #define WC_RSA_PSS
  169. #define WOLFSSL_PSS_LONG_SALT
  170. #define WC_RSA_NO_PADDING
  171. /* AES */
  172. #define HAVE_AES_DECRYPT
  173. #define HAVE_AES_ECB
  174. #define WOLFSSL_AES_DIRECT
  175. #define WOLFSSL_AES_COUNTER
  176. #define HAVE_AESGCM
  177. #define GCM_TABLE_4BIT
  178. #define WOLFSSL_AESGCM_STREAM
  179. #define HAVE_AESCCM
  180. #define WOLFSSL_AES_OFB
  181. #define WOLFSSL_AES_CFB
  182. #define WOLFSSL_AES_XTS
  183. #define HAVE_AES_KEYWRAP
  184. #define WOLFSSL_AES_CBC_LENGTH_CHECKS
  185. #define WOLFSSL_USE_ALIGN
  186. #define WOLFSSL_AES_SIV
  187. /* Hashing */
  188. #define WOLFSSL_SHA224
  189. #define WOLFSSL_SHA512
  190. #define WOLFSSL_SHA384
  191. #define WOLFSSL_SHAKE256
  192. #define WOLFSSL_SHA3
  193. #define WOLFSSL_HASH_FLAGS /* enable hash flag API's */
  194. #define WOLFSSL_SHAKE256
  195. /* Additional Algorithms */
  196. #define HAVE_HASHDRBG
  197. #define HAVE_CURVE25519
  198. #define HAVE_ED25519
  199. #define WOLFSSL_ED25519_STREAMING_VERIFY
  200. #define CURVED25519_SMALL
  201. #define HAVE_ED448
  202. #define WOLFSSL_ED448_STREAMING_VERIFY
  203. #define HAVE_CURVE448
  204. #define HAVE_POLY1305
  205. #define HAVE_CHACHA
  206. #define HAVE_XCHACHA
  207. #define HAVE_HKDF
  208. #define HAVE_X963_KDF
  209. #define WOLFSSL_CMAC
  210. #define WOLFSSL_DES_ECB
  211. #define HAVE_BLAKE2
  212. #define HAVE_BLAKE2B
  213. #define HAVE_BLAKE2S
  214. #define WOLFSSL_SIPHASH
  215. #define HAVE_KEYING_MATERIAL
  216. #define WOLFSSL_HAVE_PRF
  217. /* Encrypted Client Hello */
  218. #define HAVE_HPKE
  219. #define HAVE_ECH
  220. /* Non-Standard Algorithms (DG disabled) */
  221. //#define HAVE_CAMELLIA
  222. //#define WOLFSSL_RIPEMD
  223. //#define HAVE_SCRYPT
  224. //#define WOLFSSL_MD2
  225. //#define WOLFSSL_ALLOW_RC4
  226. /* Encoding */
  227. #define WOLFSSL_BASE16
  228. #define WOLFSSL_BASE64_ENCODE
  229. /* Openssl compatibility */
  230. #if 0 /* DG Disabled */
  231. /* Openssl compatibility API's */
  232. #define OPENSSL_EXTRA
  233. #define OPENSSL_ALL
  234. #define HAVE_OPENSSL_CMD
  235. #define SSL_TXT_TLSV1_2
  236. #define SSL_TXT_TLSV1_1
  237. #define OPENSSL_NO_SSL2
  238. #define OPENSSL_NO_SSL3
  239. #define NO_OLD_RNGNAME
  240. #define NO_OLD_WC_NAMES
  241. #define NO_OLD_SSL_NAMES
  242. #define NO_OLD_SHA_NAMES
  243. #define NO_OLD_MD5_NAME
  244. #define OPENSSL_NO_EC /* macro to enable ECC in openssl */
  245. #define WOLFSSL_VERBOSE_ERRORS
  246. #define ERROR_QUEUE_PER_THREAD
  247. #define WOLFSSL_ERROR_CODE_OPENSSL
  248. #define HAVE_WOLFSSL_SSL_H 1
  249. #define OPENSSL_COMPATIBLE_DEFAULTS
  250. /* Openssl compatibility application specific */
  251. #define WOLFSSL_LIBWEBSOCKETS
  252. #define WOLFSSL_OPENSSH
  253. #define WOLFSSL_QT
  254. #define FORTRESS
  255. #define HAVE_WEBSERVER
  256. #define HAVE_LIGHTY
  257. #define WOLFSSL_NGINX
  258. #define WOLFSSL_HAPROXY
  259. #define HAVE_STUNNEL
  260. #define WOLFSSL_ASIO
  261. #define ASIO_USE_WOLFSSL
  262. #define BOOST_ASIO_USE_WOLFSSL
  263. #define WOLFSSL_OPENVPN
  264. #define NO_WOLFSSL_STUB
  265. #endif
  266. /* TLS static cipher support - off by default */
  267. #if 0
  268. #define WOLFSSL_STATIC_RSA
  269. #define WOLFSSL_STATIC_DH
  270. #define WOLFSSL_STATIC_PSK
  271. #endif
  272. /* TLS sniffer support - off by default */
  273. #if 0
  274. #define WOLFSSL_STATIC_EPHEMERAL
  275. #define WOLFSSL_SNIFFER
  276. #endif
  277. /* Deprecated */
  278. #define NO_DSA
  279. #define NO_MD4
  280. #define NO_MD5
  281. #define NO_OLD_TLS
  282. /* Used to manually test disable edge cases */
  283. #ifdef TEST_DISABLES
  284. #define NO_SESSION_CACHE
  285. //#define NO_ECC256
  286. //#define NO_ECC_KEY_EXPORT
  287. //#define NO_ECC_DHE
  288. //#define NO_ECC_SIGN
  289. //#define NO_ECC_VERIFY
  290. //#define NO_RSA
  291. #define NO_DH
  292. #define NO_SHA
  293. #define NO_SHA256
  294. #ifdef NO_SHA256
  295. #undef WOLFSSL_SHA224
  296. #endif
  297. #define NO_SHA512
  298. #ifdef NO_SHA512
  299. #undef WOLFSSL_SHA384
  300. #undef WOLFSSL_SHA512
  301. #undef HAVE_ED25519
  302. #endif
  303. //#define NO_KDF
  304. //#define NO_HMAC
  305. #define NO_RC4
  306. #define NO_DES3
  307. //#define NO_AES
  308. #define NO_AES_CBC
  309. #define WOLFSSL_NO_SHAKE128
  310. #define NO_PSK
  311. #define NO_PWDBASED
  312. //#define WOLFSSL_NO_TLS12
  313. //#define NO_64BIT
  314. #define WOLFSSL_SP_NO_MALLOC
  315. #define NO_FILESYSTEM
  316. #define NO_WRITEV
  317. #define NO_ERROR_STRINGS
  318. //#define NO_WOLFSSL_CLIENT
  319. //#define NO_WOLFSSL_SERVER
  320. #define NO_MULTIBYTE_PRINT
  321. //#define NO_ASN_TIME
  322. //#define NO_ASN_CRYPT
  323. //#define NO_CODING
  324. #define NO_SIG_WRAPPER
  325. //#define NO_HASH_WRAPPER
  326. //#define WC_NO_HARDEN
  327. //#define NO_CERTS
  328. //#define NO_ASN
  329. #endif
  330. #ifdef __cplusplus
  331. }
  332. #endif
  333. #endif /* WOLFSSL_USER_SETTINGS_H */