user_settings.h 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177
  1. #ifndef _WIN_USER_SETTINGS_H_
  2. #define _WIN_USER_SETTINGS_H_
  3. /* For FIPS 140-2 3389 build set to "#if 1" */
  4. #if 0
  5. #undef HAVE_FIPS
  6. #define HAVE_FIPS
  7. #undef HAVE_FIPS_VERSION
  8. #define HAVE_FIPS_VERSION 2
  9. #undef HAVE_FIPS_VERSION_MINOR
  10. #define HAVE_FIPS_VERSION_MINOR 0
  11. #endif
  12. /* Set the following to 1 for WCv5.0-RC12 build. */
  13. #if 1
  14. #undef HAVE_FIPS
  15. #define HAVE_FIPS
  16. #undef HAVE_FIPS_VERSION
  17. #define HAVE_FIPS_VERSION 6
  18. #undef HAVE_FIPS_VERSION_MAJOR
  19. #define HAVE_FIPS_VERSION_MAJOR 6
  20. #undef HAVE_FIPS_VERSION_MINOR
  21. #define HAVE_FIPS_VERSION_MINOR 0
  22. #undef HAVE_FIPS_VERSION_PATCH
  23. #define HAVE_FIPS_VERSION_PATCH 0
  24. #endif
  25. /* For FIPS Ready, uncomment the following: */
  26. /* #define WOLFSSL_FIPS_READY */
  27. #ifdef WOLFSSL_FIPS_READY
  28. #undef HAVE_FIPS
  29. #define HAVE_FIPS
  30. #undef HAVE_FIPS_VERSION
  31. #define HAVE_FIPS_VERSION 5
  32. #undef HAVE_FIPS_VERSION_MINOR
  33. #define HAVE_FIPS_VERSION_MINOR 3
  34. #endif
  35. /* Verify this is Windows */
  36. #ifndef _WIN32
  37. #error This user_settings.h header is only designed for Windows
  38. #endif
  39. /* Configurations */
  40. #if defined(HAVE_FIPS)
  41. /* FIPS */
  42. #define OPENSSL_EXTRA
  43. #define HAVE_THREAD_LS
  44. #define WOLFSSL_KEY_GEN
  45. #define HAVE_AESGCM
  46. #define HAVE_HASHDRBG
  47. #define WOLFSSL_SHA384
  48. #define WOLFSSL_SHA512
  49. #define NO_PSK
  50. #define NO_RC4
  51. #define NO_DSA
  52. #define NO_MD4
  53. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
  54. #define WOLFSSL_SHA224
  55. #define WOLFSSL_SHA3
  56. #define WC_RSA_PSS
  57. #define WC_RSA_NO_PADDING
  58. #define HAVE_ECC
  59. #define HAVE_ECC384
  60. #define HAVE_ECC521
  61. #define HAVE_SUPPORTED_CURVES
  62. #define HAVE_TLS_EXTENSIONS
  63. #define ECC_SHAMIR
  64. #define HAVE_ECC_CDH
  65. #define ECC_TIMING_RESISTANT
  66. #define TFM_TIMING_RESISTANT
  67. #define WOLFSSL_AES_COUNTER
  68. #define WOLFSSL_AES_DIRECT
  69. #define HAVE_AES_ECB
  70. #define HAVE_AESCCM
  71. #define WOLFSSL_CMAC
  72. #define HAVE_HKDF
  73. #define WOLFSSL_VALIDATE_ECC_IMPORT
  74. #define WOLFSSL_VALIDATE_FFC_IMPORT
  75. #define HAVE_FFDHE_Q
  76. #define HAVE_PUBLIC_FFDHE
  77. #ifdef _WIN64
  78. #define WOLFSSL_AESNI
  79. #define HAVE_INTEL_RDSEED
  80. #endif
  81. #define FORCE_FAILURE_RDSEED
  82. #endif /* FIPS v2 */
  83. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
  84. #undef WOLFSSL_AESNI /* Comment out if using PAA */
  85. #undef HAVE_INTEL_RDSEED
  86. #undef FORCE_FAILURE_RDSEED
  87. #undef HAVE_PUBLIC_FFDHE
  88. #define NO_DES
  89. #define NO_DES3
  90. #define NO_MD5
  91. #define NO_OLD_TLS
  92. #define WOLFSSL_TLS13
  93. #define HAVE_TLS_EXTENSIONS
  94. #define HAVE_SUPPORTED_CURVES
  95. #define GCM_TABLE_4BIT
  96. #define WOLFSSL_NO_SHAKE256
  97. #define WOLFSSL_VALIDATE_ECC_KEYGEN
  98. #define WOLFSSL_ECDSA_SET_K
  99. #define WOLFSSL_WOLFSSH
  100. #define WOLFSSL_PUBLIC_MP
  101. #define WC_RNG_SEED_CB
  102. #define TFM_ECC256
  103. #define ECC_USER_CURVES
  104. #define HAVE_ECC192
  105. #define HAVE_ECC224
  106. #define HAVE_ECC256
  107. #define HAVE_ECC384
  108. #define HAVE_ECC521
  109. #define HAVE_FFDHE_2048
  110. #define HAVE_FFDHE_3072
  111. #define HAVE_FFDHE_4096
  112. #define HAVE_FFDHE_6144
  113. #define HAVE_FFDHE_8192
  114. #define WOLFSSL_AES_OFB
  115. #define FP_MAX_BITS 16384
  116. #endif /* FIPS v5 */
  117. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 6)
  118. #define HAVE_ED25519
  119. #define HAVE_ED448
  120. #define WOLFSSL_SHAKE256
  121. #define WOLFSSL_SHAKE128
  122. #define WOLFSSL_AES_CFB
  123. #define WOLFSSL_AES_XTS
  124. #define HAVE_AES_KEYWRAP
  125. #define WC_SRTP_KDF
  126. #define HAVE_PBKDF2
  127. #define WOLFCRYPT_FIPS_CORE_HASH_VALUE \
  128. AA9F70F147FAB898A76F587873AC4E9C7050D6E1F5828046BE871C54EDF2BF1C
  129. #define WOLFSSL_NOSHA512_224
  130. #define WOLFSSL_NOSHA512_256
  131. /* uncomment for FIPS debugging */
  132. /* #define DEBUG_FIPS_VERBOSE */
  133. /* uncomment for whole library debugging */
  134. /* #define DEBUG_WOLFSSL */
  135. #endif /* FIPS v6 */
  136. #else
  137. /* Enables blinding mode, to prevent timing attacks */
  138. #define WC_RSA_BLINDING
  139. #if defined(WOLFSSL_LIB)
  140. /* The lib */
  141. #define OPENSSL_EXTRA
  142. #define WOLFSSL_RIPEMD
  143. #define NO_PSK
  144. #define HAVE_EXTENDED_MASTER
  145. #define WOLFSSL_SNIFFER
  146. #define HAVE_SECURE_RENEGOTIATION
  147. #define HAVE_AESGCM
  148. #define WOLFSSL_SHA384
  149. #define WOLFSSL_SHA512
  150. #define HAVE_SUPPORTED_CURVES
  151. #define HAVE_TLS_EXTENSIONS
  152. #define HAVE_ECC
  153. #define ECC_SHAMIR
  154. #define ECC_TIMING_RESISTANT
  155. #else
  156. /* The servers and clients */
  157. #define OPENSSL_EXTRA
  158. #define NO_PSK
  159. #endif
  160. #endif /* HAVE_FIPS */
  161. #endif /* _WIN_USER_SETTINGS_H_ */