2
0

user_settings_fipsv2.h 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
  1. /* user_settings_fipsv2.h
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* should be renamed to user_settings.h for customer use
  22. * generated from configure options:
  23. * ./fips-check.sh linuxv2 keep
  24. * XXX-fips-test\wolfssl\options.h
  25. *
  26. * Cleaned up by David Garske
  27. */
  28. #ifndef WOLFSSL_USER_SETTINGS_H
  29. #define WOLFSSL_USER_SETTINGS_H
  30. #ifdef __cplusplus
  31. extern "C" {
  32. #endif
  33. /* FIPS Version 3 (3389 Certificate) */
  34. #define HAVE_FIPS
  35. #define HAVE_FIPS_VERSION 2
  36. #define HAVE_HASHDRBG /* NIST Certified DRBG - SHA256 based */
  37. #define HAVE_THREAD_LS
  38. /* Math */
  39. #define USE_FAST_MATH
  40. /* Timing Resistance */
  41. #define TFM_TIMING_RESISTANT
  42. #define ECC_TIMING_RESISTANT
  43. #define WC_RSA_BLINDING
  44. /* TLS Features */
  45. #define WOLFSSL_TLS13
  46. #define HAVE_TLS_EXTENSIONS
  47. #define HAVE_SUPPORTED_CURVES
  48. #define HAVE_EXTENDED_MASTER
  49. #define HAVE_ENCRYPT_THEN_MAC
  50. /* DH */
  51. #undef NO_DH
  52. #define HAVE_FFDHE_2048
  53. #define HAVE_FFDHE_Q
  54. #define WOLFSSL_VALIDATE_ECC_IMPORT
  55. #define WOLFSSL_VALIDATE_FFC_IMPORT
  56. #define HAVE_DH_DEFAULT_PARAMS
  57. /* ECC */
  58. #define HAVE_ECC
  59. #define TFM_ECC256
  60. #define ECC_SHAMIR
  61. #define HAVE_ECC_CDH
  62. /* RSA */
  63. #undef NO_RSA
  64. #define WC_RSA_PSS
  65. #define WOLFSSL_KEY_GEN
  66. #define WC_RSA_NO_PADDING
  67. /* AES */
  68. #define WOLFSSL_AES_DIRECT
  69. #define HAVE_AES_ECB
  70. #define HAVE_AESGCM
  71. #define GCM_TABLE_4BIT
  72. #define HAVE_AESCCM
  73. #define WOLFSSL_AES_COUNTER
  74. /* Hashing */
  75. #undef NO_SHA
  76. #undef NO_SHA256
  77. #define WOLFSSL_SHA224
  78. #define WOLFSSL_SHA384
  79. #define WOLFSSL_SHA512
  80. #define WOLFSSL_SHA3
  81. #define HAVE_HKDF
  82. /* Other */
  83. #define WOLFSSL_CMAC
  84. #define WOLFSSL_BASE64_ENCODE
  85. /* Disabled Algorithms */
  86. #define NO_DSA
  87. #define NO_MD4
  88. #define NO_PSK
  89. #define NO_PWDBASED
  90. #define NO_RC4
  91. #define WOLFSSL_NO_SHAKE256
  92. #define NO_RABBIT
  93. #define NO_HC128
  94. #ifdef __cplusplus
  95. }
  96. #endif
  97. #endif /* WOLFSSL_OPTIONS_H */