Strona główna Odkrywaj Pomoc
Zaloguj się
RISCI_ATOM
/
wolfssl
kopia lustrzana https://github.com/wolfSSL/wolfssl.git
1
0
Forkuj 0
Pliki Problemy 14 Wiki
Drzewo: 9dcc48c8f7
Gałęzie Tagi
wolfssl
/
examples
/
configs
/
user_settings_fipsv5.h

user_settings_fipsv5.h 4.1 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 
  1. /* user_settings_fipsv5.h
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2006-2023 wolfSSL Inc.
    4. 

  4.  *
    5. 

  5.  * This file is part of wolfSSL.
    6. 

  6.  *
    7. 

  7.  * wolfSSL is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * wolfSSL is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
    20. 

  20.  */
    21. 

  21. 

  22. /* should be renamed to user_settings.h for customer use
    23. 

  23.  * generated from configure options:
    24. 

  24.  * ./fips-check.sh linuxv5-dev keep
    25. 

  25.  * XXX-fips-test\wolfssl\options.h
    26. 

  26.  * ./configure --enable-fips=v5-dev
    27. 

  27.  *
    28. 

  28.  * Cleaned up by David Garske
    29. 

  29.  */
    30. 

  30. 

  31. 

  32. #ifndef WOLFSSL_USER_SETTINGS_H
    33. 

  33. #define WOLFSSL_USER_SETTINGS_H
    34. 

  34. 

  35. #ifdef __cplusplus
    36. 

  36. extern "C" {
    37. 

  37. #endif
    38. 

  38. 

  39. /* FIPS Version 5.3 */
    40. 

  40. #define HAVE_FIPS
    41. 

  41. #define HAVE_FIPS_VERSION 5
    42. 

  42. #define HAVE_FIPS_VERSION_MINOR 3
    43. 

  43. 

  44. #define HAVE_HASHDRBG /* NIST Certified DRBG - SHA256 based */
    45. 

  45. #define HAVE_THREAD_LS
    46. 

  46. 

  47. /* Math */
    48. 

  48. #define USE_FAST_MATH
    49. 

  49. #define FP_MAX_BITS 16384
    50. 

  50. #define SP_INT_BITS 8192
    51. 

  51. #define WOLFSSL_PUBLIC_MP /* expose the mp_ math API's */
    52. 

  52. 

  53. /* Timing Resistance */
    54. 

  54. #define TFM_TIMING_RESISTANT
    55. 

  55. #define ECC_TIMING_RESISTANT
    56. 

  56. #define WC_RSA_BLINDING
    57. 

  57. 

  58. /* FIPS Features */
    59. 

  59. #define WC_RNG_SEED_CB
    60. 

  60. #define WOLFSSL_VALIDATE_ECC_IMPORT
    61. 

  61. #define WOLFSSL_VALIDATE_ECC_KEYGEN
    62. 

  62. #define WOLFSSL_VALIDATE_FFC_IMPORT
    63. 

  63. 

  64. /* TLS Features */
    65. 

  65. #define WOLFSSL_TLS13
    66. 

  66. #define HAVE_TLS_EXTENSIONS
    67. 

  67. #define HAVE_ENCRYPT_THEN_MAC
    68. 

  68. #define HAVE_SUPPORTED_CURVES
    69. 

  69. #define HAVE_EXTENDED_MASTER
    70. 

  70. #define HAVE_ONE_TIME_AUTH /* TLS extension used with Poly1305 */
    71. 

  71. 

  72. /* TLS Resumption */
    73. 

  73. #define HAVE_SECURE_RENEGOTIATION
    74. 

  74. #define HAVE_SERVER_RENEGOTIATION_INFO
    75. 

  75. #define HAVE_SESSION_TICKET
    76. 

  76. 

  77. /* Other Features */
    78. 

  78. #define WOLFSSL_USE_ALIGN
    79. 

  79. #define WOLFSSL_BASE64_ENCODE
    80. 

  80. #if 0 /* optionally enable CRL (Certificate Revocation List) */
    81. 

  81.     #define HAVE_CRL
    82. 

  82. #endif
    83. 

  83. #define HAVE_EXT_CACHE
    84. 

  84. #define WOLFSSL_VERIFY_CB_ALL_CERTS
    85. 

  85. #define WOLFSSL_ALWAYS_VERIFY_CB
    86. 

  86. #define WOLFSSL_DH_EXTRA /* DHE ASN.1 key import/export support */
    87. 

  87. 

  88. #ifndef WOLFSSL_WOLFSSH /* ifndef check required due to configure already generating flag */
    89. 

  89. #define WOLFSSL_WOLFSSH
    90. 

  90. #endif
    91. 

  91. 

  92. /* Compatibility Layer */
    93. 

  93. #define OPENSSL_EXTRA
    94. 

  94. #if 0 /* if full suite of compatibility API's are needed */
    95. 

  95.     #define OPENSSL_ALL
    96. 

  96. #endif
    97. 

  97. 

  98. /* DH */
    99. 

  99. #undef  NO_DH
    100. 

  100. #define HAVE_FFDHE_Q
    101. 

  101. #define HAVE_FFDHE_2048
    102. 

  102. #define HAVE_FFDHE_3072
    103. 

  103. #define HAVE_FFDHE_4096
    104. 

  104. #define HAVE_FFDHE_6144
    105. 

  105. #define HAVE_FFDHE_8192
    106. 

  106. #define HAVE_DH_DEFAULT_PARAMS
    107. 

  107. #define HAVE_PUBLIC_FFDHE
    108. 

  108. 

  109. /* ECC */
    110. 

  110. #define HAVE_ECC
    111. 

  111. #define TFM_ECC256
    112. 

  112. #define ECC_SHAMIR
    113. 

  113. #define HAVE_ECC_CDH
    114. 

  114. #define ECC_USER_CURVES
    115. 

  115. #define HAVE_ECC192
    116. 

  116. #define HAVE_ECC224
    117. 

  117. #define HAVE_ECC256
    118. 

  118. #define HAVE_ECC384
    119. 

  119. #define HAVE_ECC521
    120. 

  120. #define WOLFSSL_ECDSA_SET_K
    121. 

  121. 

  122. /* RSA */
    123. 

  123. #undef  NO_RSA
    124. 

  124. #define WC_RSA_PSS
    125. 

  125. #define WOLFSSL_KEY_GEN
    126. 

  126. #define WC_RSA_NO_PADDING
    127. 

  127. 

  128. /* AES */
    129. 

  129. #undef  NO_AES
    130. 

  130. #define WOLFSSL_AES_COUNTER
    131. 

  131. #define HAVE_AESCCM
    132. 

  132. #define HAVE_AES_ECB
    133. 

  133. #define WOLFSSL_AES_COUNTER
    134. 

  134. #define WOLFSSL_AES_DIRECT
    135. 

  135. #define WOLFSSL_AES_OFB
    136. 

  136. #define HAVE_AESGCM
    137. 

  137. #define GCM_TABLE_4BIT
    138. 

  138. #define WOLFSSL_CMAC
    139. 

  139. 

  140. /* ChaCha/Poly */
    141. 

  141. #define HAVE_CHACHA
    142. 

  142. #define HAVE_POLY1305
    143. 

  143. 

  144. /* Hashing */
    145. 

  145. #undef  NO_SHA
    146. 

  146. #undef  NO_SHA256
    147. 

  147. #define WOLFSSL_SHA224
    148. 

  148. #define WOLFSSL_SHA512
    149. 

  149. #define WOLFSSL_SHA384
    150. 

  150. #define WOLFSSL_NO_SHAKE256
    151. 

  151. #define WOLFSSL_NOSHA512_224
    152. 

  152. #define WOLFSSL_NOSHA512_256
    153. 

  153. #define WOLFSSL_SHA3
    154. 

  154. #define HAVE_HKDF
    155. 

  155. 

  156. /* Disabled Features */
    157. 

  157. #define NO_OLD_TLS
    158. 

  158. #define NO_PSK
    159. 

  159. 

  160. /* Disabled Algorithms */
    161. 

  161. #define NO_RC4
    162. 

  162. #define NO_MD4
    163. 

  163. #define NO_MD5
    164. 

  164. #define NO_DES3
    165. 

  165. #define NO_DSA
    166. 

  166. #define NO_RABBIT
    167. 

  167. #define NO_HC128
    168. 

  168. #define WOLFSSL_NO_SHAKE256
    169. 

  169. 

  170. /* Debugging */
    171. 

  171. #if 0
    172. 

  172.     #define DEBUG_WOLFSSL
    173. 

  173. #else
    174. 

  174.     /* #define NO_ERROR_STRINGS */
    175. 

  175. #endif
    176. 

  176. 

  177. #ifdef __cplusplus
    178. 

  178. }
    179. 

  179. #endif
    180. 

  180. 

  181. #endif /* WOLFSSL_USER_SETTINGS_H */
    182.