user_settings.h 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. #ifndef _WIN_USER_SETTINGS_H_
  2. #define _WIN_USER_SETTINGS_H_
  3. /* For FIPS 140-2 3389 build set to "#if 1" */
  4. #if 0
  5. #undef HAVE_FIPS
  6. #define HAVE_FIPS
  7. #undef HAVE_FIPS_VERSION
  8. #define HAVE_FIPS_VERSION 2
  9. #undef HAVE_FIPS_VERSION_MINOR
  10. #define HAVE_FIPS_VERSION_MINOR 0
  11. #endif
  12. /* Set the following to 1 for WCv5.0-RC12 build. */
  13. #if 0
  14. #undef HAVE_FIPS
  15. #define HAVE_FIPS
  16. #undef HAVE_FIPS_VERSION
  17. #define HAVE_FIPS_VERSION 5
  18. #undef HAVE_FIPS_VERSION_MINOR
  19. #define HAVE_FIPS_VERSION_MINOR 2
  20. #endif
  21. /* For FIPS Ready, uncomment the following: */
  22. /* #define WOLFSSL_FIPS_READY */
  23. #ifdef WOLFSSL_FIPS_READY
  24. #undef HAVE_FIPS
  25. #define HAVE_FIPS
  26. #undef HAVE_FIPS_VERSION
  27. #define HAVE_FIPS_VERSION 5
  28. #undef HAVE_FIPS_VERSION_MINOR
  29. #define HAVE_FIPS_VERSION_MINOR 3
  30. #endif
  31. /* Verify this is Windows */
  32. #ifndef _WIN32
  33. #error This user_settings.h header is only designed for Windows
  34. #endif
  35. /* Configurations */
  36. #if defined(HAVE_FIPS)
  37. /* FIPS */
  38. #define OPENSSL_EXTRA
  39. #define HAVE_THREAD_LS
  40. #define WOLFSSL_KEY_GEN
  41. #define HAVE_AESGCM
  42. #define HAVE_HASHDRBG
  43. #define WOLFSSL_SHA384
  44. #define WOLFSSL_SHA512
  45. #define NO_PSK
  46. #define NO_RC4
  47. #define NO_DSA
  48. #define NO_MD4
  49. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
  50. #define WOLFSSL_SHA224
  51. #define WOLFSSL_SHA3
  52. #define WC_RSA_PSS
  53. #define WC_RSA_NO_PADDING
  54. #define HAVE_ECC
  55. #define HAVE_ECC384
  56. #define HAVE_ECC521
  57. #define HAVE_SUPPORTED_CURVES
  58. #define HAVE_TLS_EXTENSIONS
  59. #define ECC_SHAMIR
  60. #define HAVE_ECC_CDH
  61. #define ECC_TIMING_RESISTANT
  62. #define TFM_TIMING_RESISTANT
  63. #define WOLFSSL_AES_COUNTER
  64. #define WOLFSSL_AES_DIRECT
  65. #define HAVE_AES_ECB
  66. #define HAVE_AESCCM
  67. #define WOLFSSL_CMAC
  68. #define HAVE_HKDF
  69. #define WOLFSSL_VALIDATE_ECC_IMPORT
  70. #define WOLFSSL_VALIDATE_FFC_IMPORT
  71. #define HAVE_FFDHE_Q
  72. #define HAVE_PUBLIC_FFDHE
  73. #ifdef _WIN64
  74. #define WOLFSSL_AESNI
  75. #define HAVE_INTEL_RDSEED
  76. #endif
  77. #define FORCE_FAILURE_RDSEED
  78. #endif /* FIPS v2 */
  79. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
  80. #undef WOLFSSL_AESNI /* Comment out if using PAA */
  81. #undef HAVE_INTEL_RDSEED
  82. #undef FORCE_FAILURE_RDSEED
  83. #undef HAVE_PUBLIC_FFDHE
  84. #define NO_DES
  85. #define NO_DES3
  86. #define NO_MD5
  87. #define NO_OLD_TLS
  88. #define WOLFSSL_TLS13
  89. #define HAVE_TLS_EXTENSIONS
  90. #define HAVE_SUPPORTED_CURVES
  91. #define GCM_TABLE_4BIT
  92. #define WOLFSSL_NO_SHAKE256
  93. #define WOLFSSL_VALIDATE_ECC_KEYGEN
  94. #define WOLFSSL_ECDSA_SET_K
  95. #define WOLFSSL_WOLFSSH
  96. #define WOLFSSL_PUBLIC_MP
  97. #define WC_RNG_SEED_CB
  98. #define TFM_ECC256
  99. #define ECC_USER_CURVES
  100. #define HAVE_ECC192
  101. #define HAVE_ECC224
  102. #define HAVE_ECC256
  103. #define HAVE_ECC384
  104. #define HAVE_ECC521
  105. #define HAVE_FFDHE_2048
  106. #define HAVE_FFDHE_3072
  107. #define HAVE_FFDHE_4096
  108. #define HAVE_FFDHE_6144
  109. #define HAVE_FFDHE_8192
  110. #define WOLFSSL_AES_OFB
  111. #define FP_MAX_BITS 16384
  112. #endif /* FIPS v5 */
  113. #else
  114. /* Enables blinding mode, to prevent timing attacks */
  115. #define WC_RSA_BLINDING
  116. #if defined(WOLFSSL_LIB)
  117. /* The lib */
  118. #define OPENSSL_EXTRA
  119. #define WOLFSSL_RIPEMD
  120. #define NO_PSK
  121. #define HAVE_EXTENDED_MASTER
  122. #define WOLFSSL_SNIFFER
  123. #define HAVE_SECURE_RENEGOTIATION
  124. #define HAVE_AESGCM
  125. #define WOLFSSL_SHA384
  126. #define WOLFSSL_SHA512
  127. #define HAVE_SUPPORTED_CURVES
  128. #define HAVE_TLS_EXTENSIONS
  129. #define HAVE_ECC
  130. #define ECC_SHAMIR
  131. #define ECC_TIMING_RESISTANT
  132. #else
  133. /* The servers and clients */
  134. #define OPENSSL_EXTRA
  135. #define NO_PSK
  136. #endif
  137. #endif /* HAVE_FIPS */
  138. #endif /* _WIN_USER_SETTINGS_H_ */