Return to wolfssl_options.h CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / projects

curl

    1: /***************************************************************************
    2:  *                                  _   _ ____  _
    3:  *  Project                     ___| | | |  _ \| |
    4:  *                             / __| | | | |_) | |
    5:  *                            | (__| |_| |  _ <| |___
    6:  *                             \___|\___/|_| \_\_____|
    7:  *
    8:  * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
    9:  *
   10:  * This software is licensed as described in the file COPYING, which
   11:  * you should have received as part of this distribution. The terms
   12:  * are also available at https://curl.haxx.se/docs/copyright.html.
   13:  *
   14:  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
   15:  * copies of the Software, and permit persons to whom the Software is
   16:  * furnished to do so, under the terms of the COPYING file.
   17:  *
   18:  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
   19:  * KIND, either express or implied.
   20:  *
   21:  ***************************************************************************/
   22: /*
   23: By default wolfSSL has a very conservative configuration that can result in
   24: connections to servers failing due to certificate or algorithm problems.
   25: To remedy this issue for libcurl I've generated this options file that
   26: build-wolfssl will copy to the wolfSSL include directories and will result in
   27: maximum compatibility.
   28: 
   29: These are the configure options that were used to build wolfSSL v3.11.0 in
   30: mingw and generate the options in this file:
   31: 
   32: C_EXTRA_FLAGS="\
   33:   -Wno-attributes \
   34:   -Wno-unused-but-set-variable \
   35:   -DFP_MAX_BITS=16384 \
   36:   -DTFM_TIMING_RESISTANT \
   37:   -DWOLFSSL_STATIC_DH \
   38:   -DWOLFSSL_STATIC_RSA \
   39:   " \
   40: ./configure --prefix=/usr/local \
   41:   --disable-jobserver \
   42:   --enable-aesgcm \
   43:   --enable-alpn \
   44:   --enable-certgen \
   45:   --enable-des3 \
   46:   --enable-dh \
   47:   --enable-dsa \
   48:   --enable-ecc \
   49:   --enable-eccshamir \
   50:   --enable-fastmath \
   51:   --enable-opensslextra \
   52:   --enable-ripemd \
   53:   --enable-sessioncerts \
   54:   --enable-sha512 \
   55:   --enable-sni \
   56:   --enable-sslv3 \
   57:   --enable-supportedcurves \
   58:   --enable-testcert \
   59:   > config.out 2>&1
   60: 
   61: Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
   62: are inapplicable for our Visual Studio build. Currently thread local storage is
   63: only used by the Fixed Point cache ECC which we're not enabling. However even
   64: if we later may decide to enable the cache it will fallback on mutexes when
   65: thread local storage is not available. wolfSSL is using __declspec(thread) to
   66: create the thread local storage and that could be a problem for LoadLibrary.
   67: 
   68: Regarding the options that were added via C_EXTRA_FLAGS:
   69: 
   70: FP_MAX_BITS=16384
   71: https://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
   72: "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
   73: buffer size.  You can do this using the define:
   74: FP_MAX_BITS and setting it to 8192."
   75: 
   76: TFM_TIMING_RESISTANT
   77: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
   78: From section 2.4.5 Increasing Performance, USE_FAST_MATH:
   79: "Because the stack memory usage can be larger when using fastmath, we recommend
   80: defining TFM_TIMING_RESISTANT as well when using this option."
   81: 
   82: WOLFSSL_STATIC_DH:    Allow TLS_ECDH_ ciphers
   83: WOLFSSL_STATIC_RSA:   Allow TLS_RSA_ ciphers
   84: https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
   85: Static key cipher suites are deprecated and disabled by default since v3.6.6.
   86: */
   87: 
   88: /* wolfssl options.h
   89:  * generated from configure options
   90:  *
   91:  * Copyright (C) 2006-2015 wolfSSL Inc.
   92:  *
   93:  * This file is part of wolfSSL. (formerly known as CyaSSL)
   94:  *
   95:  */
   96: 
   97: #ifndef WOLFSSL_OPTIONS_H
   98: #define WOLFSSL_OPTIONS_H
   99: 
  100: 
  101: #ifdef __cplusplus
  102: extern "C" {
  103: #endif
  104: 
  105: #undef  FP_MAX_BITS
  106: #define FP_MAX_BITS 16384
  107: 
  108: #undef  TFM_TIMING_RESISTANT
  109: #define TFM_TIMING_RESISTANT
  110: 
  111: #undef  WOLFSSL_STATIC_DH
  112: #define WOLFSSL_STATIC_DH
  113: 
  114: #undef  WOLFSSL_STATIC_RSA
  115: #define WOLFSSL_STATIC_RSA
  116: 
  117: #undef  OPENSSL_EXTRA
  118: #define OPENSSL_EXTRA
  119: 
  120: /*
  121: The commented out defines below are the equivalent of --enable-tls13.
  122: Uncomment them to build wolfSSL with TLS 1.3 support as of v3.11.1-tls13-beta.
  123: This is for experimenting only, afaict TLS 1.3 support doesn't appear to be
  124: functioning correctly yet. https://github.com/wolfSSL/wolfssl/pull/943
  125: 
  126: #undef  WC_RSA_PSS
  127: #define WC_RSA_PSS
  128: 
  129: #undef  WOLFSSL_TLS13
  130: #define WOLFSSL_TLS13
  131: 
  132: #undef  HAVE_TLS_EXTENSIONS
  133: #define HAVE_TLS_EXTENSIONS
  134: 
  135: #undef  HAVE_FFDHE_2048
  136: #define HAVE_FFDHE_2048
  137: 
  138: #undef  HAVE_HKDF
  139: #define HAVE_HKDF
  140: */
  141: 
  142: #undef  TFM_TIMING_RESISTANT
  143: #define TFM_TIMING_RESISTANT
  144: 
  145: #undef  ECC_TIMING_RESISTANT
  146: #define ECC_TIMING_RESISTANT
  147: 
  148: #undef  WC_RSA_BLINDING
  149: #define WC_RSA_BLINDING
  150: 
  151: #undef  HAVE_AESGCM
  152: #define HAVE_AESGCM
  153: 
  154: #undef  WOLFSSL_RIPEMD
  155: #define WOLFSSL_RIPEMD
  156: 
  157: #undef  WOLFSSL_SHA512
  158: #define WOLFSSL_SHA512
  159: 
  160: #undef  WOLFSSL_SHA384
  161: #define WOLFSSL_SHA384
  162: 
  163: #undef  SESSION_CERTS
  164: #define SESSION_CERTS
  165: 
  166: #undef  WOLFSSL_CERT_GEN
  167: #define WOLFSSL_CERT_GEN
  168: 
  169: #undef  HAVE_ECC
  170: #define HAVE_ECC
  171: 
  172: #undef  TFM_ECC256
  173: #define TFM_ECC256
  174: 
  175: #undef  ECC_SHAMIR
  176: #define ECC_SHAMIR
  177: 
  178: #undef  WOLFSSL_ALLOW_SSLV3
  179: #define WOLFSSL_ALLOW_SSLV3
  180: 
  181: #undef  NO_RC4
  182: #define NO_RC4
  183: 
  184: #undef  NO_HC128
  185: #define NO_HC128
  186: 
  187: #undef  NO_RABBIT
  188: #define NO_RABBIT
  189: 
  190: #undef  HAVE_POLY1305
  191: #define HAVE_POLY1305
  192: 
  193: #undef  HAVE_ONE_TIME_AUTH
  194: #define HAVE_ONE_TIME_AUTH
  195: 
  196: #undef  HAVE_CHACHA
  197: #define HAVE_CHACHA
  198: 
  199: #undef  HAVE_HASHDRBG
  200: #define HAVE_HASHDRBG
  201: 
  202: #undef  HAVE_TLS_EXTENSIONS
  203: #define HAVE_TLS_EXTENSIONS
  204: 
  205: #undef  HAVE_SNI
  206: #define HAVE_SNI
  207: 
  208: #undef  HAVE_TLS_EXTENSIONS
  209: #define HAVE_TLS_EXTENSIONS
  210: 
  211: #undef  HAVE_ALPN
  212: #define HAVE_ALPN
  213: 
  214: #undef  HAVE_TLS_EXTENSIONS
  215: #define HAVE_TLS_EXTENSIONS
  216: 
  217: #undef  HAVE_SUPPORTED_CURVES
  218: #define HAVE_SUPPORTED_CURVES
  219: 
  220: #undef  HAVE_EXTENDED_MASTER
  221: #define HAVE_EXTENDED_MASTER
  222: 
  223: #undef  WOLFSSL_TEST_CERT
  224: #define WOLFSSL_TEST_CERT
  225: 
  226: #undef  NO_PSK
  227: #define NO_PSK
  228: 
  229: #undef  NO_MD4
  230: #define NO_MD4
  231: 
  232: #undef  USE_FAST_MATH
  233: #define USE_FAST_MATH
  234: 
  235: #undef  WC_NO_ASYNC_THREADING
  236: #define WC_NO_ASYNC_THREADING
  237: 
  238: 
  239: #ifdef __cplusplus
  240: }
  241: #endif
  242: 
  243: 
  244: #endif /* WOLFSSL_OPTIONS_H */