2023-07-12 10:46:09 -07:00
/* user_settings.h
*
2025-01-21 09:55:03 -07:00
* Copyright ( C ) 2006 - 2025 wolfSSL Inc .
2023-07-12 10:46:09 -07:00
*
* This file is part of wolfSSL .
*
* wolfSSL is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2025-07-10 16:01:52 -06:00
* the Free Software Foundation ; either version 3 of the License , or
2023-07-12 10:46:09 -07:00
* ( at your option ) any later version .
*
* wolfSSL is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1335 , USA
*/
/* should be renamed to user_settings.h for customer use
* generated from configure options . / configure - - enable - all
*
* Cleaned up by David Garske
*/
# ifndef WOLFSSL_USER_SETTINGS_H
# define WOLFSSL_USER_SETTINGS_H
# ifdef __cplusplus
extern " C " {
# endif
2024-09-04 09:42:24 +02:00
# include <stdint.h>
2023-07-12 10:46:09 -07:00
/* Usually comes from configure -> config.h */
# define HAVE_SYS_TIME_H
2024-04-05 23:27:24 +02:00
/* Explicitly define NETDB support */
# define HAVE_NETDB_H
2023-07-12 10:46:09 -07:00
/* Features */
# define SINGLE_THREADED
# define WOLFSSL_IGNORE_FILE_WARN /* Ignore *.c include warnings */
# define WOLFSSL_PUBLIC_MP /* Make math API's public */
# define WOLFSSL_ENCRYPTED_KEYS /* Support for encrypted keys PKCS8 */
2023-07-31 17:31:23 +02:00
//#define WOLFSSL_SYS_CA_CERTS /* Enable ability to load CA certs from OS */
2023-07-12 10:46:09 -07:00
#if 0 /* Not needed */
# define KEEP_PEER_CERT /* Retain peer's certificate */
# define KEEP_OUR_CERT /* Keep our certificate */
# define WOLFSSL_ALWAYS_VERIFY_CB /* Always call verify callback (configured via wolfSSL_CTX_set_verify API) */
# define WOLFSSL_VERIFY_CB_ALL_CERTS /* Call verify callback for all intermediate certs */
# define WOLFSSL_ALWAYS_KEEP_SNI
# define WOLFSSL_EXTRA_ALERTS /* Allow sending other TLS alerts */
# define HAVE_EX_DATA /* Enable "extra" EX data API's for user information in CTX/WOLFSSL */
# define HAVE_EXT_CACHE
# define ATOMIC_USER /* Enable Atomic Record Layer callbacks */
# define HAVE_PK_CALLBACKS /* Enable public key callbacks */
# define WOLFSSL_ALT_NAMES /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */
# define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */
# define WOLFSSL_HAVE_CERT_SERVICE
# define WOLFSSL_JNI
# define WOLFSSL_SEP /* certificate policy set extension */
# define WOLFCRYPT_HAVE_SRP
# define WOLFSSL_HAVE_WOLFSCEP
# define HAVE_PKCS7
# define WOLFSSL_SIGNER_DER_CERT
# define WOLFSSL_TRUST_PEER_CERT
# define WOLFSSL_WOLFSSH
# define WC_NO_ASYNC_THREADING
# endif
/* TLS Features */
# define WOLFSSL_TLS13
# define WOLFSSL_EITHER_SIDE /* allow generic server/client method for WOLFSSL_CTX new */
# define WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE
/* DTLS */
2024-04-04 15:52:14 -04:00
# define WOLFSSL_DTLS
// #define WOLFSSL_MULTICAST
# define WOLFSSL_DTLS13
2023-07-12 10:46:09 -07:00
/* DG Disabled SSLv3 and TLSv1.0 - should avoid using */
//#define WOLFSSL_ALLOW_SSLV3
//#define WOLFSSL_ALLOW_TLSV10
/* TLS Extensions */
# define HAVE_TLS_EXTENSIONS
# define HAVE_SUPPORTED_CURVES
# define HAVE_ONE_TIME_AUTH
# define HAVE_SNI
# define HAVE_ALPN
# define HAVE_MAX_FRAGMENT
# define HAVE_TRUNCATED_HMAC
# define HAVE_SESSION_TICKET
# define WOLFSSL_TICKET_HAVE_ID
# define WOLFSSL_FORCE_CACHE_ON_TICKET
# define HAVE_EXTENDED_MASTER
# define HAVE_TRUSTED_CA
# define HAVE_ENCRYPT_THEN_MAC
# define WOLFSSL_POST_HANDSHAKE_AUTH
# define WOLFSSL_SEND_HRR_COOKIE /* Used by DTLS v1.3 */
# define HAVE_ANON /* anon cipher suites */
# define HAVE_FALLBACK_SCSV /* TLS_FALLBACK_SCSV */
# define WOLFSSL_EARLY_DATA
# define HAVE_SERVER_RENEGOTIATION_INFO
/* TLS Session Cache */
# define SESSION_CERTS
# define PERSIST_SESSION_CACHE
# define PERSIST_CERT_CACHE
/* Key and Certificate Generation */
# define WOLFSSL_KEY_GEN
# define WOLFSSL_CERT_GEN
# define WOLFSSL_CERT_REQ
# define WOLFSSL_CERT_EXT
# define WOLFSSL_MULTI_ATTRIB
# define HAVE_SMIME
# define WOLFSSL_DER_LOAD
# define ASN_BER_TO_DER /* BER to DER support */
# define WOLFSSL_HAVE_ISSUER_NAMES /* Store pointers to issuer name components and their lengths and encodings */
# define WOLFSSL_SUBJ_DIR_ATTR /* Enable support for SubjectDirectoryAttributes extension */
# define WOLFSSL_SUBJ_INFO_ACC /* Enable support for SubjectInfoAccess extension */
# define WOLFSSL_CERT_NAME_ALL /* Adds more certificate name capability at the cost of taking up more memory. Adds initials, givenname, dnQualifer for example */
# define WOLFSSL_FPKI /* Enable support for FPKI (Federal PKI) extensions */
# define WOLFSSL_AKID_NAME /* Enable support for full AuthorityKeyIdentifier extension. Only supports copying full AKID from an existing certificate */
# define HAVE_CTS /* Ciphertext stealing interface */
# define WOLFSSL_PEM_TO_DER
# define WOLFSSL_DER_TO_PEM
# define WOLFSSL_CUSTOM_OID
# define HAVE_OID_ENCODING
# define WOLFSSL_ASN_TEMPLATE
/* Certificate Revocation */
# define HAVE_OCSP
# define HAVE_CERTIFICATE_STATUS_REQUEST
# define HAVE_CERTIFICATE_STATUS_REQUEST_V2
# define HAVE_CRL
# define HAVE_CRL_IO
# define HAVE_IO_TIMEOUT
//#define HAVE_CRL_MONITOR /* DG Disabled (Monitors CRL files on filesystem) - not portable feature */
# if 1
/* sp_int.c */
# define WOLFSSL_SP_MATH_ALL
# else
/* Fast math key size 4096-bit max */
# define USE_FAST_MATH
# endif
//#define HAVE___UINT128_T 1 /* DG commented: May not be portable */
/* Max Sizes */
# define RSA_MAX_SIZE 4096
# define FP_MAX_BITS 8192
# define SP_INT_BITS 4096
/* Timing Resistance */
# define TFM_TIMING_RESISTANT
# define ECC_TIMING_RESISTANT
# define WC_RSA_BLINDING
/* DH Key Sizes */
# define HAVE_FFDHE_2048
# define HAVE_FFDHE_3072
# define WOLFSSL_DH_EXTRA /* Enable additional DH key import/export */
# define HAVE_DH_DEFAULT_PARAMS
/* ECC Features */
# define HAVE_ECC
# define TFM_ECC256
# define ECC_SHAMIR
# define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */
# define HAVE_ECC_SECPR2
# define HAVE_ECC_SECPR3
# define HAVE_ECC_BRAINPOOL
# define HAVE_ECC_KOBLITZ
# define HAVE_ECC_CDH /* Co-factor */
# define HAVE_COMP_KEY /* Compressed key support */
# define FP_ECC /* Fixed point caching - speed repeated operations against same key */
# define HAVE_ECC_ENCRYPT
# define WOLFCRYPT_HAVE_ECCSI
# define WOLFCRYPT_HAVE_SAKKE
# define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
/* RSA */
# define WC_RSA_PSS
# define WOLFSSL_PSS_LONG_SALT
# define WC_RSA_NO_PADDING
/* AES */
# define HAVE_AES_DECRYPT
# define HAVE_AES_ECB
# define WOLFSSL_AES_DIRECT
# define WOLFSSL_AES_COUNTER
# define HAVE_AESGCM
# define GCM_TABLE_4BIT
# define WOLFSSL_AESGCM_STREAM
# define HAVE_AESCCM
# define WOLFSSL_AES_OFB
# define WOLFSSL_AES_CFB
# define WOLFSSL_AES_XTS
# define HAVE_AES_KEYWRAP
# define WOLFSSL_AES_CBC_LENGTH_CHECKS
# define WOLFSSL_USE_ALIGN
# define WOLFSSL_AES_SIV
/* Hashing */
# define WOLFSSL_SHA224
# define WOLFSSL_SHA512
# define WOLFSSL_SHA384
# define WOLFSSL_SHAKE256
# define WOLFSSL_SHA3
# define WOLFSSL_HASH_FLAGS /* enable hash flag API's */
# define WOLFSSL_SHAKE256
/* Additional Algorithms */
# define HAVE_HASHDRBG
# define HAVE_CURVE25519
# define HAVE_ED25519
# define WOLFSSL_ED25519_STREAMING_VERIFY
# define CURVED25519_SMALL
# define HAVE_ED448
# define WOLFSSL_ED448_STREAMING_VERIFY
# define HAVE_CURVE448
# define HAVE_POLY1305
# define HAVE_CHACHA
# define HAVE_XCHACHA
# define HAVE_HKDF
# define HAVE_X963_KDF
# define WOLFSSL_CMAC
# define WOLFSSL_DES_ECB
# define HAVE_BLAKE2
# define HAVE_BLAKE2B
# define HAVE_BLAKE2S
# define WOLFSSL_SIPHASH
# define HAVE_KEYING_MATERIAL
# define WOLFSSL_HAVE_PRF
/* Encrypted Client Hello */
# define HAVE_HPKE
# define HAVE_ECH
/* Non-Standard Algorithms (DG disabled) */
//#define HAVE_CAMELLIA
//#define WOLFSSL_RIPEMD
//#define HAVE_SCRYPT
//#define WOLFSSL_MD2
//#define WOLFSSL_ALLOW_RC4
/* Encoding */
# define WOLFSSL_BASE16
# define WOLFSSL_BASE64_ENCODE
/* Openssl compatibility */
2024-12-05 14:36:35 +00:00
# define OPENSSL_EXTRA
2023-07-12 10:46:09 -07:00
#if 0 /* DG Disabled */
/* Openssl compatibility API's */
# define OPENSSL_ALL
# define HAVE_OPENSSL_CMD
# define SSL_TXT_TLSV1_2
# define SSL_TXT_TLSV1_1
# define OPENSSL_NO_SSL2
# define OPENSSL_NO_SSL3
# define NO_OLD_RNGNAME
# define NO_OLD_WC_NAMES
# define NO_OLD_SSL_NAMES
# define NO_OLD_SHA_NAMES
# define NO_OLD_MD5_NAME
# define OPENSSL_NO_EC /* macro to enable ECC in openssl */
# define WOLFSSL_VERBOSE_ERRORS
# define ERROR_QUEUE_PER_THREAD
# define WOLFSSL_ERROR_CODE_OPENSSL
# define HAVE_WOLFSSL_SSL_H 1
# define OPENSSL_COMPATIBLE_DEFAULTS
/* Openssl compatibility application specific */
# define WOLFSSL_LIBWEBSOCKETS
# define WOLFSSL_OPENSSH
# define WOLFSSL_QT
# define FORTRESS
# define HAVE_WEBSERVER
# define HAVE_LIGHTY
# define WOLFSSL_NGINX
# define WOLFSSL_HAPROXY
# define HAVE_STUNNEL
# define WOLFSSL_ASIO
# define ASIO_USE_WOLFSSL
# define BOOST_ASIO_USE_WOLFSSL
# define WOLFSSL_OPENVPN
# define NO_WOLFSSL_STUB
# endif
/* TLS static cipher support - off by default */
#if 0
# define WOLFSSL_STATIC_RSA
# define WOLFSSL_STATIC_DH
# define WOLFSSL_STATIC_PSK
# endif
/* TLS sniffer support - off by default */
#if 0
# define WOLFSSL_STATIC_EPHEMERAL
# define WOLFSSL_SNIFFER
# endif
/* Deprecated */
# define NO_DSA
# define NO_MD4
# define NO_MD5
# define NO_OLD_TLS
/* Used to manually test disable edge cases */
# ifdef TEST_DISABLES
# define NO_SESSION_CACHE
//#define NO_ECC256
//#define NO_ECC_KEY_EXPORT
//#define NO_ECC_DHE
//#define NO_ECC_SIGN
//#define NO_ECC_VERIFY
//#define NO_RSA
# define NO_DH
# define NO_SHA
# define NO_SHA256
# ifdef NO_SHA256
# undef WOLFSSL_SHA224
# endif
# define NO_SHA512
# ifdef NO_SHA512
# undef WOLFSSL_SHA384
# undef WOLFSSL_SHA512
# undef HAVE_ED25519
# endif
//#define NO_KDF
//#define NO_HMAC
# define NO_RC4
# define NO_DES3
//#define NO_AES
# define NO_AES_CBC
# define WOLFSSL_NO_SHAKE128
# define NO_PSK
# define NO_PWDBASED
//#define WOLFSSL_NO_TLS12
//#define NO_64BIT
# define WOLFSSL_SP_NO_MALLOC
# define NO_FILESYSTEM
# define NO_WRITEV
# define NO_ERROR_STRINGS
//#define NO_WOLFSSL_CLIENT
//#define NO_WOLFSSL_SERVER
# define NO_MULTIBYTE_PRINT
//#define NO_ASN_TIME
//#define NO_ASN_CRYPT
//#define NO_CODING
# define NO_SIG_WRAPPER
//#define NO_HASH_WRAPPER
//#define WC_NO_HARDEN
//#define NO_CERTS
//#define NO_ASN
# endif
# ifdef __cplusplus
}
# endif
# endif /* WOLFSSL_USER_SETTINGS_H */
