user_settings_all.h 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219
  1. /* user_settings_all.h
  2. *
  3. * Copyright (C) 2006-2020 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* should be renamed to user_settings.h for customer use
  22. * generated from configure options ./configure --enable-all
  23. *
  24. * Cleaned up by David Garske
  25. */
  26. #ifndef WOLFSSL_USER_SETTINGS_H
  27. #define WOLFSSL_USER_SETTINGS_H
  28. #ifdef __cplusplus
  29. extern "C" {
  30. #endif
  31. /* Features */
  32. #define WOLFSSL_PUBLIC_MP /* Make math API's pbulic */
  33. #define KEEP_PEER_CERT /* Retain peer's certificate */
  34. #define KEEP_OUR_CERT /* Keep our certificate */
  35. #define WOLFSSL_ALWAYS_VERIFY_CB /* Always call verify callback (configured via wolfSSL_CTX_set_verify API) */
  36. #define WOLFSSL_VERIFY_CB_ALL_CERTS /* Call verify callback for all intermediate certs */
  37. #define WOLFSSL_ALWAYS_KEEP_SNI
  38. #define WOLFSSL_EXTRA_ALERTS /* Allow sending other TLS alerts */
  39. #define HAVE_EX_DATA /* Enable "extra" EX data API's for user information in CTX/WOLFSSL */
  40. #define HAVE_EXT_CACHE
  41. #define ATOMIC_USER /* Enable Atomic Record Layer callbacks */
  42. #define HAVE_PK_CALLBACKS /* Enable public key callbacks */
  43. #define WOLFSSL_ALT_NAMES /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */
  44. #define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */
  45. #define WOLFSSL_HAVE_CERT_SERVICE
  46. #define WOLFSSL_JNI
  47. #define WOLFSSL_SEP
  48. #define WOLFCRYPT_HAVE_SRP
  49. #define WOLFSSL_HAVE_WOLFSCEP
  50. #define WOLFSSL_ENCRYPTED_KEYS /* Support for encrypted keys PKCS8 */
  51. #define HAVE_PKCS7
  52. #define WOLFSSL_MULTI_ATTRIB
  53. #define WOLFSSL_DER_LOAD
  54. #define ASN_BER_TO_DER /* BER to DER support */
  55. #define WOLFSSL_SIGNER_DER_CERT
  56. //#define HAVE_THREAD_LS /* DG Commented: Thread local storage - may not be portable */
  57. /* TLS Features */
  58. #define WOLFSSL_DTLS
  59. #define WOLFSSL_TLS13
  60. #define WOLFSSL_EITHER_SIDE /* allow generic server/client method for WOLFSSL_CTX new */
  61. /* DG Disabled SSLv3 and TLSv1.0 - should avoid using */
  62. //#define WOLFSSL_ALLOW_SSLV3
  63. //#define WOLFSSL_ALLOW_TLSV10
  64. /* TLS Extensions */
  65. #define HAVE_TLS_EXTENSIONS
  66. #define HAVE_SUPPORTED_CURVES
  67. #define HAVE_ONE_TIME_AUTH
  68. #define HAVE_SNI
  69. #define HAVE_ALPN
  70. #define HAVE_MAX_FRAGMENT
  71. #define HAVE_TRUNCATED_HMAC
  72. #define HAVE_SESSION_TICKET
  73. #define HAVE_EXTENDED_MASTER
  74. #define HAVE_TRUSTED_CA
  75. #define HAVE_ENCRYPT_THEN_MAC
  76. /* TLS Session Cache */
  77. #define SESSION_CERTS
  78. #define PERSIST_SESSION_CACHE
  79. #define PERSIST_CERT_CACHE
  80. /* Key and Certificate Generation */
  81. #define WOLFSSL_KEY_GEN
  82. #define WOLFSSL_CERT_GEN
  83. #define WOLFSSL_CERT_REQ
  84. #define WOLFSSL_CERT_EXT
  85. /* Certificate Revocation */
  86. #define HAVE_OCSP
  87. #define HAVE_CERTIFICATE_STATUS_REQUEST
  88. #define HAVE_CERTIFICATE_STATUS_REQUEST_V2
  89. #define HAVE_CRL
  90. #define HAVE_CRL_IO
  91. #define HAVE_IO_TIMEOUT
  92. //#define HAVE_CRL_MONITOR /* DG Disabled (Monitors CRL files on filesystem) - not portable feature */
  93. /* Fast math key size 4096-bit max */
  94. #define USE_FAST_MATH
  95. #define FP_MAX_BITS 8192
  96. //#define HAVE___UINT128_T 1 /* DG commented: May not be portable */
  97. /* Timing Resistence */
  98. #define TFM_TIMING_RESISTANT
  99. #define ECC_TIMING_RESISTANT
  100. #define WC_RSA_BLINDING
  101. /* DH Key Sizes */
  102. #define HAVE_FFDHE_2048
  103. #define HAVE_FFDHE_3072
  104. /* ECC Features */
  105. #define HAVE_ECC
  106. #define TFM_ECC256
  107. #define ECC_SHAMIR
  108. #define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */
  109. #define HAVE_ECC_SECPR2
  110. #define HAVE_ECC_SECPR3
  111. #define HAVE_ECC_BRAINPOOL
  112. #define HAVE_ECC_KOBLITZ
  113. #define HAVE_ECC_CDH /* Cofactor */
  114. #define HAVE_COMP_KEY /* Compressed key support */
  115. #define FP_ECC /* Fixed point caching - speed repeated operations against same key */
  116. #define HAVE_ECC_ENCRYPT
  117. /* RSA */
  118. #define WC_RSA_PSS
  119. /* AES */
  120. #define HAVE_AES_DECRYPT
  121. #define HAVE_AES_ECB
  122. #define WOLFSSL_AES_DIRECT
  123. #define WOLFSSL_AES_COUNTER
  124. #define HAVE_AESGCM
  125. #define HAVE_AESCCM
  126. #define WOLFSSL_AES_OFB
  127. #define WOLFSSL_AES_CFB
  128. #define WOLFSSL_AES_XTS
  129. #define HAVE_AES_KEYWRAP
  130. /* Hashing */
  131. #define WOLFSSL_SHA224
  132. #define WOLFSSL_SHA512
  133. #define WOLFSSL_SHA384
  134. #define WOLFSSL_SHAKE256
  135. #define WOLFSSL_SHA3
  136. #define WOLFSSL_HASH_FLAGS /* enable hash flag API's */
  137. /* Additional Algorithms */
  138. #define HAVE_HASHDRBG
  139. #define HAVE_CURVE25519
  140. #define HAVE_ED25519
  141. #define CURVED25519_SMALL
  142. #define HAVE_CURVE448
  143. #define HAVE_POLY1305
  144. #define HAVE_CHACHA
  145. #define HAVE_HKDF
  146. #define HAVE_X963_KDF
  147. #define WOLFSSL_CMAC
  148. #define WOLFSSL_DES_ECB
  149. /* Non-Standard Algorithms (DG disabled) */
  150. //#define HAVE_HC128
  151. //#define HAVE_RABBIT
  152. //#define HAVE_IDEA
  153. //#define HAVE_CAMELLIA
  154. //#define WOLFSSL_RIPEMD
  155. //#define HAVE_SCRYPT
  156. /* Encoding */
  157. #define WOLFSSL_BASE16
  158. #define WOLFSSL_BASE64_ENCODE
  159. /* Openssl compatibility */
  160. #if 0 /* DG Disabled */
  161. /* Openssl compatibility API's */
  162. #define OPENSSL_EXTRA
  163. #define OPENSSL_ALL
  164. #define HAVE_OPENSSL_CMD
  165. #define SSL_TXT_TLSV1_2
  166. #define SSL_TXT_TLSV1_1
  167. #define OPENSSL_NO_SSL2
  168. #define OPENSSL_NO_SSL3
  169. #define NO_OLD_RNGNAME
  170. #define NO_OLD_WC_NAMES
  171. #define NO_OLD_SSL_NAMES
  172. #define NO_OLD_SHA_NAMES
  173. /* Openssl compatibility application specific */
  174. #define WOLFSSL_LIBWEBSOCKETS
  175. #define WOLFSSL_OPENSSH
  176. #define WOLFSSL_QT
  177. #define FORTRESS
  178. #define HAVE_WEBSERVER
  179. #define HAVE_LIGHTY
  180. #define WOLFSSL_NGINX
  181. #define WOLFSSL_HAPROXY
  182. #define HAVE_STUNNEL
  183. #define WOLFSSL_ASIO
  184. #define ASIO_USE_WOLFSSL
  185. #define BOOST_ASIO_USE_WOLFSSL
  186. #endif
  187. #ifdef __cplusplus
  188. }
  189. #endif
  190. #endif /* WOLFSSL_USER_SETTINGS_H */