mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 04:00:50 +02:00
Add inline documentation for missing macros and fix spelling errors
This commit is contained in:
@@ -270,7 +270,6 @@ HAVE_COLDFIRE_SEC
|
||||
HAVE_CRL_UPDATE_CB
|
||||
HAVE_CSHARP
|
||||
HAVE_CURL
|
||||
HAVE_CURVE22519
|
||||
HAVE_DANE
|
||||
HAVE_ECC239
|
||||
HAVE_ECC320
|
||||
@@ -278,7 +277,6 @@ HAVE_ECC512
|
||||
HAVE_ECC_CDH_CAST
|
||||
HAVE_ECC_SM2
|
||||
HAVE_ESP_CLK
|
||||
HAVE_FACON
|
||||
HAVE_FIPS_VERSION_PORT
|
||||
HAVE_FUZZER
|
||||
HAVE_INTEL_MULX
|
||||
@@ -690,7 +688,6 @@ WOLFSSL_ALT_NAMES_NO_REV
|
||||
WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP
|
||||
WOLFSSL_ARM_ARCH_NEON_64BIT
|
||||
WOLFSSL_ASCON_UNROLL
|
||||
WOLFSSL_ASNC_CRYPT
|
||||
WOLFSSL_ASN_EXTRA
|
||||
WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
|
||||
WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
|
||||
@@ -808,7 +805,6 @@ WOLFSSL_NONBLOCK_OCSP
|
||||
WOLFSSL_NOSHA3_384
|
||||
WOLFSSL_NOT_WINDOWS_API
|
||||
WOLFSSL_NO_BIO_ADDR_IN
|
||||
WOLFSSL_NO_CLIENT
|
||||
WOLFSSL_NO_CLIENT_CERT_ERROR
|
||||
WOLFSSL_NO_COPY_CERT
|
||||
WOLFSSL_NO_COPY_KEY
|
||||
@@ -889,13 +885,11 @@ WOLFSSL_SE050_NO_TRNG
|
||||
WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
|
||||
WOLFSSL_SERVER_EXAMPLE
|
||||
WOLFSSL_SETTINGS_FILE
|
||||
WOLFSSL_SH224
|
||||
WOLFSSL_SHA256_ALT_CH_MAJ
|
||||
WOLFSSL_SHA512_HASHTYPE
|
||||
WOLFSSL_SHUTDOWNONCE
|
||||
WOLFSSL_SILABS_TRNG
|
||||
WOLFSSL_SLHDSA_FULL_HASH
|
||||
WOLFSSL_SM4_EBC
|
||||
WOLFSSL_SNIFFER_NO_RECOVERY
|
||||
WOLFSSL_SP_ARM32_UDIV
|
||||
WOLFSSL_SP_FAST_NCT_EXPTMOD
|
||||
|
||||
+125
-64
@@ -22,72 +22,133 @@
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
/*
|
||||
* WOLFSSL_SMALL_CERT_VERIFY:
|
||||
* Verify the certificate signature without using DecodedCert. Doubles up
|
||||
* on some code but allows smaller peak heap memory usage.
|
||||
* Cannot be used with WOLFSSL_NONBLOCK_OCSP.
|
||||
* WOLFSSL_ALT_CERT_CHAINS:
|
||||
* Allows CA's to be presented by peer, but not part of a valid chain.
|
||||
* Default wolfSSL behavior is to require validation of all presented peer
|
||||
* certificates. This also allows loading intermediate CA's as trusted
|
||||
* and ignoring no signer failures for CA's up the chain to root.
|
||||
* WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT:
|
||||
* Enable resending the previous DTLS handshake flight only on a network
|
||||
* read timeout. By default we resend in two more cases, when we receive:
|
||||
* - an out of order last msg of the peer's flight
|
||||
* - a duplicate of the first msg from the peer's flight
|
||||
* internal.c Build Options:
|
||||
*
|
||||
* See also: tls.c for TLS extension/protocol options, tls13.c for TLS 1.3,
|
||||
* ssl.c for SSL API layer, wc_port.c for platform/memory.
|
||||
*
|
||||
* Connection & Buffers:
|
||||
* LARGE_STATIC_BUFFERS: Use large static I/O buffers default: on
|
||||
* WOLFSSL_DISABLE_EARLY_SANITY_CHECKS:
|
||||
* Disable early sanity checks on TLS messages default: off
|
||||
* WOLFSSL_NO_DTLS_SIZE_CHECK: Disable DTLS record size validation default: off
|
||||
*
|
||||
* Cipher Suite Selection:
|
||||
* NO_CHAPOL_AEAD: Disable ChaCha20-Poly1305 AEAD suites default: off
|
||||
* WOLFSSL_OLDTLS_AEAD_CIPHERSUITES:
|
||||
* Enable AEAD cipher suites for pre-TLS 1.2 default: off
|
||||
* WOLFSSL_OLDTLS_SHA2_CIPHERSUITES:
|
||||
* Enable SHA-2 cipher suites for pre-TLS 1.2 default: off
|
||||
* WOLFSSL_NO_STRICT_CIPHER_SUITE:
|
||||
* Relax strict cipher suite validation default: off
|
||||
* NO_RESUME_SUITE_CHECK: Skip cipher suite check on resume default: off
|
||||
* NO_FORCE_SCR_SAME_SUITE: Allow different suite in renegotiation default: off
|
||||
* CIPHER_NONCE: Per-record cipher nonce for AEAD default: off
|
||||
*
|
||||
* Certificate Validation:
|
||||
* WOLFSSL_SMALL_CERT_VERIFY: Verify cert sig without DecodedCert default: off
|
||||
* WOLFSSL_ALT_CERT_CHAINS: Allow non-validated intermediate CAs default: off
|
||||
* NO_CHECK_PRIVATE_KEY: Skip key/cert matching validation default: off
|
||||
* WOLFSSL_VERIFY_CB_ALL_CERTS:
|
||||
* Call verify callback for all chain certs default: off
|
||||
* WOLFSSL_ALWAYS_VERIFY_CB: Always invoke verify callback default: off
|
||||
* WOLFSSL_ALLOW_NO_CN_IN_SAN: Allow certs with SAN but no CN default: off
|
||||
* WOLFSSL_TRUST_PEER_CERT: Direct trust of specific peer certs default: off
|
||||
* WOLFSSL_LOCAL_X509_STORE: Per-context X509 store default: off
|
||||
* WOLFSSL_APPLE_NATIVE_CERT_VALIDATION:
|
||||
* Use Apple native cert validation on macOS/iOS default: off
|
||||
* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION:
|
||||
* Testing mode for Apple cert validation default: off
|
||||
* HAVE_DANE: DNS-based cert validation (DNSSEC) default: off
|
||||
* HAVE_FALLBACK_SCSV: TLS Fallback SCSV anti-downgrade default: off
|
||||
* WOLFSSL_ACERT: Attribute certificate support default: off
|
||||
* WOLFSSL_DEBUG_CERTS: Debug logging for cert processing default: off
|
||||
* WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY:
|
||||
* Verify hostname using SAN only (not CN) default: off
|
||||
*
|
||||
* Handshake Behavior:
|
||||
* OLD_HELLO_ALLOWED: Allow SSLv2-format ClientHello default: off
|
||||
* WOLFSSL_ALTERNATIVE_DOWNGRADE:
|
||||
* Alternative protocol downgrade detection default: off
|
||||
* WOLFSSL_OLD_TIMINGPADVERIFY:
|
||||
* Old timing-based CBC padding verification default: off
|
||||
* WOLFSSL_ECDSA_MATCH_HASH: Match ECDSA hash to curve preference default: off
|
||||
* WOLFSSL_STRONGEST_HASH_SIG: Prefer strongest hash in signatures default: off
|
||||
* USE_ECDSA_KEYSZ_HASH_ALGO: Select ECDSA hash by key size default: off
|
||||
* WOLFSSL_ALLOW_TLS_SHA1: Allow SHA-1 cipher suites/signatures default: off
|
||||
* WOLFSSL_EXTRA_ALERTS: Send additional TLS alert messages default: off
|
||||
* WOLFSSL_NO_ETM_ALERT: No alert on Encrypt-Then-MAC failure default: off
|
||||
*
|
||||
* Secure Renegotiation & PSK:
|
||||
* WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT:
|
||||
* Enable secure renegotiation by default default: off
|
||||
* WOLFSSL_PSK_IDENTITY_ALERT: Alert on PSK identity lookup failure default: off
|
||||
*
|
||||
* Session Tickets:
|
||||
* WOLFSSL_NO_DEF_TICKET_ENC_CB:
|
||||
* No default ticket encryption callback.
|
||||
* Server only.
|
||||
* Application must set its own callback to use session tickets.
|
||||
* WOLFSSL_TICKET_ENC_CHACHA20_POLY1305
|
||||
* Use ChaCha20-Poly1305 to encrypt/decrypt session tickets in default
|
||||
* callback. Default algorithm if none defined and algorithms compiled in.
|
||||
* Server only.
|
||||
* WOLFSSL_TICKET_ENC_AES128_GCM
|
||||
* Use AES128-GCM to encrypt/decrypt session tickets in default callback.
|
||||
* Server only. Default algorithm if ChaCha20/Poly1305 not compiled in.
|
||||
* WOLFSSL_TICKET_ENC_AES256_GCM
|
||||
* Use AES256-GCM to encrypt/decrypt session tickets in default callback.
|
||||
* Server only.
|
||||
* WOLFSSL_TICKET_DECRYPT_NO_CREATE
|
||||
* Default callback will not request creation of new ticket on successful
|
||||
* decryption.
|
||||
* Server only.
|
||||
* WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE
|
||||
* Once a normal TLS 1.3 handshake is complete, a session ticket message
|
||||
* may be received by a client. To support detecting this, peek will
|
||||
* return WOLFSSL_ERROR_WANT_READ.
|
||||
* This define turns off this behaviour.
|
||||
* WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
|
||||
* Verify hostname/ip address using alternate name (SAN) only and do not
|
||||
* use the common name. Forces use of the alternate name, so certificates
|
||||
* missing SAN will be rejected during the handshake
|
||||
* WOLFSSL_CHECK_SIG_FAULTS
|
||||
* Verifies the ECC signature after signing in case of faults in the
|
||||
* calculation of the signature. Useful when signature fault injection is a
|
||||
* possible attack.
|
||||
* WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
|
||||
* Ignore the AEAD limits for messages specified in the RFC. After
|
||||
* reaching the limit, we initiate a key update. We enforce the AEAD limits
|
||||
* by default.
|
||||
* https://www.rfc-editor.org/rfc/rfc8446#section-5.5
|
||||
* https://www.rfc-editor.org/rfc/rfc9147.html#name-aead-limits
|
||||
* WOLFSSL_HARDEN_TLS
|
||||
* Implement the recommendations specified in RFC9325. This macro needs to
|
||||
* be defined to the desired number of bits of security. The currently
|
||||
* implemented values are 112 and 128 bits. The following macros disable
|
||||
* certain checks.
|
||||
* - WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
|
||||
* - WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
|
||||
* - WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
|
||||
* - WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
|
||||
* - WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
|
||||
* WOLFSSL_NO_INIT_CTX_KEY
|
||||
* Allows SSL objects to be created from a CTX without a loaded key/cert
|
||||
* pair
|
||||
* No default ticket encryption callback default: off
|
||||
* WOLFSSL_TICKET_ENC_CHACHA20_POLY1305:
|
||||
* ChaCha20-Poly1305 for ticket encryption default: auto
|
||||
* WOLFSSL_TICKET_ENC_AES128_GCM:
|
||||
* AES128-GCM for ticket encryption default: auto
|
||||
* WOLFSSL_TICKET_ENC_AES256_GCM:
|
||||
* AES256-GCM for ticket encryption default: off
|
||||
* WOLFSSL_TICKET_DECRYPT_NO_CREATE:
|
||||
* No new ticket on successful decryption default: off
|
||||
* WOLFSSL_TICKET_ENC_CBC_HMAC:
|
||||
* CBC+HMAC for ticket encryption (non-AEAD) default: off
|
||||
* WOLFSSL_NO_TICKET_EXPIRE: Disable ticket expiration checking default: off
|
||||
*
|
||||
* TLS 1.3 Internals:
|
||||
* WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC:
|
||||
* Ignore plaintext alerts when encrypted expected default: off
|
||||
* WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE:
|
||||
* Disable peek returning WANT_READ for tickets default: off
|
||||
* WOLFSSL_TLS13_IGNORE_AEAD_LIMITS:
|
||||
* Ignore AEAD message limits from RFC 8446 default: off
|
||||
* WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT:
|
||||
* Send more ACKs by default in DTLS 1.3 default: off
|
||||
*
|
||||
* DTLS:
|
||||
* WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT:
|
||||
* Resend previous flight only on timeout default: off
|
||||
* WOLFSSL_DTLS_DISALLOW_FUTURE:
|
||||
* Reject DTLS records with future epoch default: off
|
||||
* WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS:
|
||||
* When defined, allows DTLS records to span across multiple datagrams.
|
||||
* Allow DTLS records to span datagrams default: off
|
||||
* WOLFSSL_DEBUG_DTLS: Debug logging for DTLS operations default: off
|
||||
*
|
||||
* Session Export:
|
||||
* WOLFSSL_SESSION_EXPORT: Enable session export/import default: off
|
||||
* WOLFSSL_SESSION_EXPORT_DEBUG:
|
||||
* Debug logging for session export/import default: off
|
||||
* WOLFSSL_SESSION_EXPORT_NOPEER:
|
||||
* Export sessions without peer cert info default: off
|
||||
*
|
||||
* Compatibility Layers:
|
||||
* WOLFSSL_MYSQL_COMPATIBLE: MySQL protocol compatibility default: off
|
||||
* WOLFSSL_OPENVPN: OpenVPN compatibility behaviors default: off
|
||||
*
|
||||
* Async & Non-blocking:
|
||||
* WOLFSSL_ASYNC_CRYPT_SW: Software async crypto simulation default: off
|
||||
* WC_X25519_NONBLOCK: Non-blocking X25519 operations default: off
|
||||
* HAVE_WOLF_EVENT: Event-driven async processing default: off
|
||||
*
|
||||
* Hardware/Platform TLS:
|
||||
* WOLFSSL_MAXQ10XX_TLS: Maxim MAXQ10xx secure element default: off
|
||||
* WOLFSSL_IOTSAFE: IoTSAFE (GSMA) applet support default: off
|
||||
* WOLFSSL_QNX_CAAM: QNX CAAM crypto module support default: off
|
||||
* HAVE_DH_DEFAULT_PARAMS: Include default DH parameters default: off
|
||||
* HAVE_EXT_CACHE: External session cache callbacks default: off
|
||||
*
|
||||
* Hardening:
|
||||
* WOLFSSL_HARDEN_TLS: Implement RFC 9325 recommendations default: off
|
||||
* WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC: Allow truncated HMAC
|
||||
* WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS: Allow old TLS versions
|
||||
* WOLFSSL_HARDEN_TLS_NO_SCR_CHECK: No SCR check
|
||||
* WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK: No public key check
|
||||
* WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES: Allow all suites
|
||||
* WOLFSSL_NO_INIT_CTX_KEY: Allow SSL objects without loaded keys default: off
|
||||
*/
|
||||
|
||||
#ifndef WOLFCRYPT_ONLY
|
||||
|
||||
@@ -153,26 +153,121 @@
|
||||
#endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */
|
||||
|
||||
/*
|
||||
* ssl.c Build Options:
|
||||
*
|
||||
* See also: tls.c for TLS extension/protocol options, tls13.c for TLS 1.3,
|
||||
* internal.c for handshake internals, wc_port.c for platform/memory.
|
||||
*
|
||||
* OpenSSL Compatibility:
|
||||
* OPENSSL_EXTRA: Enable OpenSSL compatibility API default: off
|
||||
* OPENSSL_ALL: Enable all OpenSSL compat APIs default: off
|
||||
* OPENSSL_EXTRA_X509_SMALL: Minimal OpenSSL X509 compat APIs default: off
|
||||
* OPENSSL_EXTRA_NO_ASN1: OpenSSL extra without ASN1 objects default: off
|
||||
* OPENSSL_COMPATIBLE_DEFAULTS:
|
||||
* Enable default behaviour that is compatible with OpenSSL. For example
|
||||
* SSL_CTX by default doesn't verify the loaded certs. Enabling this
|
||||
* should make porting to new projects easier.
|
||||
* WOLFSSL_CHECK_ALERT_ON_ERR:
|
||||
* Check for alerts during the handshake in the event of an error.
|
||||
* NO_SESSION_CACHE_REF:
|
||||
* wolfSSL_get_session on a client will return a reference to the internal
|
||||
* ClientCache by default for backwards compatibility. This define will
|
||||
* make wolfSSL_get_session return a reference to ssl->session. The returned
|
||||
* pointer will be freed with the related WOLFSSL object.
|
||||
* SESSION_CACHE_DYNAMIC_MEM:
|
||||
* Dynamically allocate sessions for the session cache from the heap, as
|
||||
* opposed to the default which allocates from the stack. Allocates
|
||||
* memory only when a session is added to the cache, frees memory after the
|
||||
* session is no longer being used. Recommended for memory-constrained
|
||||
* systems.
|
||||
* WOLFSSL_SYS_CA_CERTS
|
||||
* Enables ability to load system CA certs from the OS via
|
||||
* wolfSSL_CTX_load_system_CA_certs.
|
||||
* Default behavior compatible with OpenSSL default: off
|
||||
* NO_WOLFSSL_STUB: Disable stubs for unimplemented funcs default: off
|
||||
* WOLFSSL_DEBUG_OPENSSL: Debug logging for OpenSSL compat layer default: off
|
||||
* WOLFSSL_HAVE_ERROR_QUEUE: OpenSSL-compatible error queue default: off
|
||||
* WOLFSSL_ERROR_CODE_OPENSSL: Use OpenSSL-compatible error codes default: off
|
||||
* WOLFSSL_CIPHER_INTERNALNAME:
|
||||
* Use wolfSSL internal cipher suite names default: off
|
||||
* NO_CIPHER_SUITE_ALIASES: Disable cipher suite name aliases default: off
|
||||
* WOLFSSL_SET_CIPHER_BYTES: Set cipher suites by raw byte values default: off
|
||||
* WOLFSSL_OLD_SET_CURVES_LIST:
|
||||
* Old-style curve list parsing for compat default: off
|
||||
* WOLFSSL_NO_OPENSSL_RAND_CB: Disable OpenSSL RAND callback compat default: off
|
||||
* NO_ERROR_STRINGS: Disable human-readable error strings default: off
|
||||
* WOLFSSL_PUBLIC_ASN: Make ASN parsing functions public default: off
|
||||
*
|
||||
* Extra Data / BIO:
|
||||
* HAVE_EX_DATA: Enable ex_data on SSL/CTX/X509 objects default: off
|
||||
* HAVE_EX_DATA_CLEANUP_HOOKS: Cleanup callbacks for ex_data default: off
|
||||
* HAVE_EX_DATA_CRYPTO: ex_data support for wolfCrypt objects default: off
|
||||
* MAX_EX_DATA: Max ex_data entries per object default: 5
|
||||
* NO_BIO: Disable BIO abstraction layer default: off
|
||||
*
|
||||
* Session & Cache:
|
||||
* NO_SESSION_CACHE: Disable server session cache default: off
|
||||
* NO_SESSION_CACHE_REF: wolfSSL_get_session returns ssl->session
|
||||
* reference instead of ClientCache ref default: off
|
||||
* SESSION_CACHE_DYNAMIC_MEM: Dynamically allocate session cache default: off
|
||||
* NO_CLIENT_CACHE: Disable client-side session cache default: off
|
||||
* SESSION_CERTS: Store full cert chain in session default: off
|
||||
* WOLFSSL_SESSION_ID_CTX: Session ID context for cache sharing default: off
|
||||
*
|
||||
* I/O & Transport:
|
||||
* USE_WOLFSSL_IO: Use built-in I/O callbacks default: on
|
||||
* WOLFSSL_USER_IO: Application provides custom I/O default: off
|
||||
* WOLFSSL_NO_SOCK: Build without socket support default: off
|
||||
* NO_WRITEV: Disable writev() scatter/gather I/O default: off
|
||||
* WOLFSSL_DTLS_MTU: Enable DTLS MTU management APIs default: off
|
||||
* WOLFSSL_DTLS_DROP_STATS: Track DTLS packet drop statistics default: off
|
||||
* WOLFSSL_MULTICAST: Enable DTLS multicast support default: off
|
||||
*
|
||||
* Callbacks & Features:
|
||||
* WOLFSSL_CHECK_ALERT_ON_ERR: Check alerts on handshake error default: off
|
||||
* ATOMIC_USER: User-defined record layer callbacks default: off
|
||||
* HAVE_WRITE_DUP: Separate threads for SSL read/write default: off
|
||||
* WOLFSSL_CALLBACKS: Handshake monitoring callbacks default: off
|
||||
* NO_HANDSHAKE_DONE_CB: Disable handshake completion callback default: off
|
||||
* WOLFSSL_SHUTDOWNONCE: Send close_notify only once default: off
|
||||
* WOLFSSL_COPY_CERT: Copy certificate buffer (own copy) default: off
|
||||
* WOLFSSL_COPY_KEY: Copy private key buffer (own copy) default: off
|
||||
* WOLF_PRIVATE_KEY_ID: Reference private keys by ID default: off
|
||||
* WOLFSSL_REFCNT_ERROR_RETURN:
|
||||
* Return errors on ref counting failures default: off
|
||||
* WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST:
|
||||
* Allow runtime max fragment size adjustment default: off
|
||||
* WOLFSSL_ALLOW_NO_SUITES: Allow SSL objects with no cipher suites default: off
|
||||
*
|
||||
* Certificates & Keys:
|
||||
* KEEP_PEER_CERT: Keep peer cert after handshake default: off
|
||||
* KEEP_OUR_CERT: Keep our cert after handshake default: off
|
||||
* WOLFSSL_STATIC_RSA: Enable static RSA key exchange default: off
|
||||
* WOLFSSL_HAVE_CERT_SERVICE: Certificate service callbacks default: off
|
||||
* WOLFSSL_SYS_CA_CERTS: Load system CA certs from OS default: off
|
||||
*
|
||||
* Application Compatibility:
|
||||
* HAVE_CURL: APIs for libcurl compatibility default: off
|
||||
* HAVE_LIGHTY: APIs for lighttpd compatibility default: off
|
||||
* HAVE_MEMCACHED: APIs for memcached compatibility default: off
|
||||
* WOLFSSL_APACHE_HTTPD: APIs for Apache httpd compatibility default: off
|
||||
* WOLFSSL_NGINX: APIs for nginx compatibility default: off
|
||||
* WOLFSSL_HAPROXY: APIs for HAProxy compatibility default: off
|
||||
* WOLFSSL_ASIO: APIs for Boost.Asio compatibility default: off
|
||||
* WOLFSSL_PYTHON: APIs for Python module compatibility default: off
|
||||
* WOLFSSL_QT: APIs for Qt framework compatibility default: off
|
||||
* WOLFSSL_JNI: APIs for Java JNI/JSSE compatibility default: off
|
||||
*
|
||||
* Protocol Features:
|
||||
* WOLFSSL_HAVE_WOLFSCEP: Enable wolfSCEP protocol support default: off
|
||||
* WOLFCRYPT_HAVE_SRP: Enable SRP protocol support default: off
|
||||
* HAVE_LIBZ: Enable zlib TLS compression default: off
|
||||
* WOLFSSL_EXTRA: Extra SSL session info APIs default: off
|
||||
* WOLFSSL_WPAS_SMALL: Minimal wpa_supplicant/hostapd APIs default: off
|
||||
* HAVE_FUZZER: Fuzzing callback support default: off
|
||||
*
|
||||
* Memory & Threading:
|
||||
* WOLFSSL_STATIC_MEMORY_LEAN: Lean static memory allocation default: off
|
||||
* WOLFSSL_THREADED_CRYPT: Multi-threaded crypto operations default: off
|
||||
* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS:
|
||||
* Thread-safe cleanup via atomics default: off
|
||||
* WOLFSSL_ATOMIC_INITIALIZER: Static init for atomic variables default: off
|
||||
* WOLFSSL_DEBUG_MEMORY: Log malloc/free with file/line info default: off
|
||||
* WOLFSSL_NO_REALLOC: Disable realloc, use malloc+copy+free default: off
|
||||
* WOLFSSL_HEAP_TEST: Heap-related testing utilities default: off
|
||||
*
|
||||
* Debugging & Build:
|
||||
* SHOW_SIZES: Display struct sizes at init default: off
|
||||
* WOLFSSL_DEBUG_TRACE_ERROR_CODES:
|
||||
* Trace error code origins for debugging default: off
|
||||
* HAVE_ATEXIT: Register wolfSSL_Cleanup via atexit default: off
|
||||
* WOLFSSL_SYS_CRYPTO_POLICY: Honor system crypto policy settings default: off
|
||||
*
|
||||
* Hardware TLS:
|
||||
* WOLFSSL_RENESAS_TSIP_TLS: Renesas TSIP hardware crypto for TLS default: off
|
||||
* WOLFSSL_RENESAS_FSPSM_TLS: Renesas FSP Security Module for TLS default: off
|
||||
* WOLFSSL_EGD_NBLOCK: Non-blocking EGD entropy support default: off
|
||||
*/
|
||||
|
||||
#define WOLFSSL_SSL_MISC_INCLUDED
|
||||
@@ -8526,12 +8621,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
if (ssl == NULL)
|
||||
return 0;
|
||||
|
||||
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT)
|
||||
#if defined(WOLFSSL_DTLS13) && !defined(NO_WOLFSSL_CLIENT)
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls
|
||||
&& IsAtLeastTLSv1_3(ssl->version)) {
|
||||
return ssl->options.serverState == SERVER_FINISHED_ACKED;
|
||||
}
|
||||
#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT */
|
||||
#endif /* WOLFSSL_DTLS13 && !NO_WOLFSSL_CLIENT */
|
||||
|
||||
/* Can't use ssl->options.connectState and ssl->options.acceptState
|
||||
* because they differ in meaning for TLS <=1.2 and 1.3 */
|
||||
|
||||
@@ -19,6 +19,103 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* TLS Build Options:
|
||||
* (See tls13.c for TLS 1.3-specific options)
|
||||
*
|
||||
* Protocol Control:
|
||||
* NO_OLD_TLS: Disable TLS 1.0 and 1.1 default: off
|
||||
* WOLFSSL_ALLOW_TLSV10: Allow TLS 1.0 connections default: off
|
||||
* WOLFSSL_NO_TLS12: Disable TLS 1.2 default: off
|
||||
* NO_TLS: Disable TLS entirely (SSL only) default: off
|
||||
* WOLFSSL_DTLS: Enable DTLS support default: off
|
||||
* WOLFSSL_DTLS13: Enable DTLS 1.3 support default: off
|
||||
* WOLFSSL_DTLS_CID: Enable DTLS Connection ID default: off
|
||||
* WOLFSSL_AEAD_ONLY: Only allow AEAD cipher suites default: off
|
||||
* NO_WOLFSSL_CLIENT: Disable TLS client functionality default: off
|
||||
* NO_WOLFSSL_SERVER: Disable TLS server functionality default: off
|
||||
* WOLFSSL_EITHER_SIDE: Allow same context for client/server default: off
|
||||
* HAVE_TLS_EXTENSIONS: Enable TLS extension support default: on
|
||||
* HAVE_SNI: Server Name Indication extension default: off
|
||||
* WOLFSSL_ALWAYS_KEEP_SNI: Keep SNI after handshake default: off
|
||||
* HAVE_MAX_FRAGMENT: Max Fragment Length extension default: off
|
||||
* HAVE_TRUNCATED_HMAC: Truncated HMAC extension default: off
|
||||
* HAVE_SUPPORTED_CURVES: Supported Curves extension default: on
|
||||
* HAVE_EXTENDED_MASTER: Extended Master Secret (RFC 7627) default: on
|
||||
* HAVE_ENCRYPT_THEN_MAC: Encrypt-Then-MAC extension default: on
|
||||
* HAVE_ALPN: Application-Layer Protocol Negotiation default: off
|
||||
* HAVE_CERTIFICATE_STATUS_REQUEST: OCSP stapling default: off
|
||||
* HAVE_CERTIFICATE_STATUS_REQUEST_V2: OCSP stapling v2 default: off
|
||||
* HAVE_SECURE_RENEGOTIATION: Secure renegotiation support default: off
|
||||
* HAVE_SERVER_RENEGOTIATION_INFO: Server renegotiation info default: off
|
||||
* HAVE_SESSION_TICKET: Session ticket support default: off
|
||||
* HAVE_TRUSTED_CA: Trusted CA Indication extension default: off
|
||||
* HAVE_RPK: Raw Public Key support (RFC 7250) default: off
|
||||
* HAVE_ECH: Encrypted Client Hello support default: off
|
||||
* WOLFSSL_NO_SIGALG: Disable signature algorithms ext default: off
|
||||
* WOLFSSL_NO_CA_NAMES: Disable CA Names in CertificateReq default: off
|
||||
* WOLFSSL_NO_SERVER_GROUPS_EXT: Don't send server groups ext default: off
|
||||
* NO_TLSX_PSKKEM_PLAIN_ANNOUNCE: Disable plain PSK announce default: off
|
||||
* WOLFSSL_OLD_UNSUPPORTED_EXTENSION: Old unsupported ext handling default: off
|
||||
* WOLFSSL_ALLOW_SERVER_SC_EXT: Allow server supported curves ext default: off
|
||||
*
|
||||
* Pre-Shared Keys:
|
||||
* NO_PSK: Disable PSK cipher suites default: off
|
||||
*
|
||||
* Key Exchange:
|
||||
* HAVE_FFDHE: Enable Finite Field DH ephemeral default: off
|
||||
* HAVE_FFDHE_2048: Enable FFDHE 2048-bit group default: off
|
||||
* HAVE_FFDHE_3072: Enable FFDHE 3072-bit group default: off
|
||||
* HAVE_FFDHE_4096: Enable FFDHE 4096-bit group default: off
|
||||
* HAVE_FFDHE_6144: Enable FFDHE 6144-bit group default: off
|
||||
* HAVE_FFDHE_8192: Enable FFDHE 8192-bit group default: off
|
||||
* HAVE_PUBLIC_FFDHE: Use public FFDHE parameters only default: off
|
||||
* WOLFSSL_OLD_PRIME_CHECK: Use old DH prime checking method default: off
|
||||
* WOLFSSL_STATIC_DH: Enable static DH cipher suites default: off
|
||||
* WOLFSSL_STATIC_EPHEMERAL: Enable static ephemeral key loading default: off
|
||||
*
|
||||
* Post-Quantum:
|
||||
* WOLFSSL_HAVE_MLKEM: Enable ML-KEM (Kyber) support default: off
|
||||
* WOLFSSL_WC_MLKEM: Use wolfCrypt ML-KEM implementation default: off
|
||||
* WOLFSSL_MLKEM_KYBER: Use Kyber round 3 parameters default: off
|
||||
* WOLFSSL_KYBER512: Enable Kyber/ML-KEM-512 default: off
|
||||
* WOLFSSL_KYBER768: Enable Kyber/ML-KEM-768 default: off
|
||||
* WOLFSSL_KYBER1024: Enable Kyber/ML-KEM-1024 default: off
|
||||
* WOLFSSL_NO_ML_KEM: Disable all ML-KEM support default: off
|
||||
* WOLFSSL_NO_ML_KEM_512: Disable ML-KEM-512 default: off
|
||||
* WOLFSSL_NO_ML_KEM_768: Disable ML-KEM-768 default: off
|
||||
* WOLFSSL_NO_ML_KEM_1024: Disable ML-KEM-1024 default: off
|
||||
* WOLFSSL_ML_KEM_USE_OLD_IDS: Use old IANA IDs for ML-KEM default: off
|
||||
* WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ: Store ML-KEM object in ext default: off
|
||||
* WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY: Store ML-KEM priv key default: off
|
||||
* WOLFSSL_MLKEM_CACHE_A: Cache ML-KEM A matrix default: off
|
||||
* WOLFSSL_MLKEM_NO_MAKE_KEY: Disable ML-KEM key generation default: off
|
||||
* WOLFSSL_MLKEM_NO_ENCAPSULATE: Disable ML-KEM encapsulation default: off
|
||||
* WOLFSSL_MLKEM_NO_DECAPSULATE: Disable ML-KEM decapsulation default: off
|
||||
* HAVE_LIBOQS: Use liboqs for PQ algorithms default: off
|
||||
*
|
||||
* Curves:
|
||||
* HAVE_SECRET_CALLBACK: Enable TLS secret callback default: off
|
||||
* HAVE_PK_CALLBACKS: Enable public key callbacks default: off
|
||||
* HAVE_FUZZER: Enable fuzzing callback support default: off
|
||||
*
|
||||
* Features:
|
||||
* WOLFSSL_SNIFFER: Enable TLS packet sniffing support default: off
|
||||
* WOLFSSL_SNIFFER_KEYLOGFILE: Sniffer keylog file support default: off
|
||||
* WOLFSSL_SSLKEYLOGFILE: Enable SSL key log file output default: off
|
||||
* WOLFSSL_SRTP: Enable SRTP extension support default: off
|
||||
* WOLFSSL_DUAL_ALG_CERTS: Enable dual algorithm certificates default: off
|
||||
* WOLFSSL_HAVE_PRF: Enable TLS PRF function access default: off
|
||||
* WOLFSSL_DEBUG_TLS: Debug TLS protocol messages default: off
|
||||
* WOLFSSL_32BIT_MILLI_TIME: 32-bit millisecond time function default: off
|
||||
* WOLFSSL_REQUIRE_TCA: Require Trusted CA extension default: off
|
||||
* WOLFSSL_DH_EXTRA: Extra DH key info in SSL object default: off
|
||||
* WOLFSSL_CURVE25519_BLINDING: Curve25519 blinding in TLS default: off
|
||||
* HAVE_NULL_CIPHER: Allow NULL cipher suites default: off
|
||||
* HAVE_WEBSERVER: Enable web server features default: off
|
||||
* NO_CERTS: Disable certificate processing default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#ifndef WOLFCRYPT_ONLY
|
||||
|
||||
+57
-67
@@ -22,71 +22,61 @@
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
/*
|
||||
* BUILD_GCM
|
||||
* Enables AES-GCM ciphersuites.
|
||||
* HAVE_AESCCM
|
||||
* Enables AES-CCM ciphersuites.
|
||||
* HAVE_SESSION_TICKET
|
||||
* Enables session tickets - required for TLS 1.3 resumption.
|
||||
* NO_PSK
|
||||
* Do not enable Pre-Shared Keys.
|
||||
* HAVE_KEYING_MATERIAL
|
||||
* Enables exporting keying material based on section 7.5 of RFC 8446.
|
||||
* WOLFSSL_ASYNC_CRYPT
|
||||
* Enables the use of asynchronous cryptographic operations.
|
||||
* This is available for ciphers and certificates.
|
||||
* HAVE_CHACHA && HAVE_POLY1305
|
||||
* Enables use of CHACHA20-POLY1305 ciphersuites.
|
||||
* WOLFSSL_DEBUG_TLS
|
||||
* Writes out details of TLS 1.3 protocol including handshake message buffers
|
||||
* and key generation input and output.
|
||||
* WOLFSSL_EARLY_DATA
|
||||
* Allow 0-RTT Handshake using Early Data extensions and handshake message
|
||||
* WOLFSSL_EARLY_DATA_GROUP
|
||||
* Group EarlyData message with ClientHello when sending
|
||||
* WOLFSSL_NO_SERVER_GROUPS_EXT
|
||||
* Do not send the server's groups in an extension when the server's top
|
||||
* preference is not in client's list.
|
||||
* WOLFSSL_POST_HANDSHAKE_AUTH
|
||||
* Allow TLS v1.3 code to perform post-handshake authentication of the
|
||||
* client.
|
||||
* WOLFSSL_SEND_HRR_COOKIE
|
||||
* Send a cookie in hello_retry_request message to enable stateless tracking
|
||||
* of ClientHello replies.
|
||||
* WOLFSSL_TLS13
|
||||
* Enable TLS 1.3 protocol implementation.
|
||||
* WOLFSSL_TLS13_MIDDLEBOX_COMPAT
|
||||
* Enable middlebox compatibility in the TLS 1.3 handshake.
|
||||
* This includes sending ChangeCipherSpec before encrypted messages and
|
||||
* including a session id.
|
||||
* WOLFSSL_TLS13_SHA512
|
||||
* Allow generation of SHA-512 digests in handshake - no ciphersuite
|
||||
* requires SHA-512 at this time.
|
||||
* WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
|
||||
* Allow a NewSessionTicket message to be sent by server before Client's
|
||||
* Finished message.
|
||||
* See TLS v1.3 specification, Section 4.6.1, Paragraph 4 (Note).
|
||||
* WOLFSSL_PSK_ONE_ID
|
||||
* When only one PSK ID is used and only one call to the PSK callback can
|
||||
* be made per connect.
|
||||
* You cannot use wc_psk_client_cs_callback type callback on client.
|
||||
* WOLFSSL_PRIORITIZE_PSK
|
||||
* During a handshake, prioritize PSK order instead of ciphersuite order.
|
||||
* WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
* Check for alerts during the handshake in the event of an error.
|
||||
* WOLFSSL_NO_CLIENT_CERT_ERROR
|
||||
* Requires client to set a client certificate
|
||||
* WOLFSSL_PSK_MULTI_ID_PER_CS
|
||||
* When multiple PSK identities are available for the same cipher suite.
|
||||
* Sets the first byte of the client identity to the count of identities
|
||||
* that have been seen so far for the cipher suite.
|
||||
* WOLFSSL_CHECK_SIG_FAULTS
|
||||
* Verifies the ECC signature after signing in case of faults in the
|
||||
* calculation of the signature. Useful when signature fault injection is a
|
||||
* possible attack.
|
||||
* WOLFSSL_32BIT_MILLI_TIME
|
||||
* Function TimeNowInMilliseconds() returns an unsigned 32-bit value.
|
||||
* Default behavior is to return a signed 64-bit value.
|
||||
* TLS 1.3-Specific Build Options:
|
||||
* (See tls.c for generic TLS options: extensions, curves, callbacks, etc.)
|
||||
*
|
||||
* Protocol:
|
||||
* WOLFSSL_TLS13: Enable TLS 1.3 protocol default: on
|
||||
* WOLFSSL_TLS13_DRAFT: Enable TLS 1.3 draft version support default: off
|
||||
* WOLFSSL_QUIC: Enable QUIC protocol support (TLS 1.3) default: off
|
||||
* WOLFSSL_DTLS13_NO_HRR_ON_RESUME: Skip HRR on DTLS 1.3 resume default: off
|
||||
* WOLFSSL_DTLS_CH_FRAG: Enable DTLS 1.3 ClientHello frag default: off
|
||||
*
|
||||
* Handshake:
|
||||
* WOLFSSL_TLS13_MIDDLEBOX_COMPAT: Enable middlebox compatibility default: on
|
||||
* Sends ChangeCipherSpec and includes session id
|
||||
* WOLFSSL_SEND_HRR_COOKIE: Send cookie in HelloRetryRequest default: off
|
||||
* for stateless ClientHello tracking
|
||||
* WOLFSSL_EARLY_DATA: Allow 0-RTT early data default: off
|
||||
* WOLFSSL_EARLY_DATA_GROUP: Group early data with ClientHello default: off
|
||||
* WOLFSSL_POST_HANDSHAKE_AUTH: Post-handshake client auth default: off
|
||||
* WOLFSSL_TLS13_TICKET_BEFORE_FINISHED: Send NewSessionTicket default: off
|
||||
* before client Finished message
|
||||
* WOLFSSL_NO_CLIENT_AUTH: Disable TLS 1.3 client authentication default: off
|
||||
* WOLFSSL_NO_CLIENT_CERT_ERROR: Require client certificate default: off
|
||||
* WOLFSSL_CERT_SETUP_CB: Certificate setup callback default: off
|
||||
* WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION: Allow bad legacy version default: off
|
||||
*
|
||||
* Security:
|
||||
* WOLFSSL_BLIND_PRIVATE_KEY: Blind private key during signing default: off
|
||||
* WOLFSSL_CHECK_SIG_FAULTS: Verify signature after ECC signing default: off
|
||||
* to detect fault injection attacks
|
||||
* WOLFSSL_CIPHER_TEXT_CHECK: Verify ciphertext integrity default: off
|
||||
*
|
||||
* TLS 1.3 PSK:
|
||||
* WOLFSSL_PSK_ONE_ID: Single PSK identity per connect default: off
|
||||
* WOLFSSL_PSK_MULTI_ID_PER_CS: Multiple PSK IDs per cipher suite default: off
|
||||
* WOLFSSL_PRIORITIZE_PSK: Prioritize PSK over ciphersuite order default: off
|
||||
* WOLFSSL_PSK_ID_PROTECTION: Enable PSK identity protection default: off
|
||||
*
|
||||
* TLS 1.3 Session Tickets:
|
||||
* WOLFSSL_TICKET_HAVE_ID: Session tickets include ID default: off
|
||||
* WOLFSSL_TICKET_NONCE_MALLOC: Dynamically allocate ticket nonce default: off
|
||||
*
|
||||
* TLS 1.3 Key Exchange:
|
||||
* HAVE_KEYING_MATERIAL: Export keying material (RFC 8446 7.5) default: off
|
||||
* WOLFSSL_HAVE_TLS_UNIQUE: Enable tls-unique channel binding default: off
|
||||
*
|
||||
* TLS 1.3 Hash/Signature:
|
||||
* WOLFSSL_TLS13_SHA512: Allow SHA-512 in TLS 1.3 handshake default: off
|
||||
* (no ciphersuite requires it currently)
|
||||
* WOLFSSL_ERROR_CODE_OPENSSL: Use OpenSSL-compatible error codes default: off
|
||||
* WOLFSSL_SSLKEYLOGFILE_OUTPUT: Set key log output file path default: off
|
||||
* WOLFSSL_RW_THREADED: Enable read/write threading support default: off
|
||||
* WOLFSSL_ASYNC_IO: Enable async I/O operations default: off
|
||||
* WOLFSSL_NONBLOCK_OCSP: Non-blocking OCSP processing default: off
|
||||
* WOLFSSL_TLS_OCSP_MULTI: Multiple OCSP responses default: off
|
||||
* WOLFSSL_WOLFSENTRY_HOOKS: wolfSentry integration hooks default: off
|
||||
*/
|
||||
|
||||
#if !defined(NO_TLS) && defined(WOLFSSL_TLS13)
|
||||
@@ -5037,7 +5027,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT)
|
||||
#if defined(WOLFSSL_DTLS13) && !defined(NO_WOLFSSL_CLIENT)
|
||||
static int Dtls13ClientDoDowngrade(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
@@ -5061,7 +5051,7 @@ static int Dtls13ClientDoDowngrade(WOLFSSL* ssl)
|
||||
w64GetLow32(ssl->dtls13EncryptEpoch->nextSeqNumber);
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT*/
|
||||
#endif /* WOLFSSL_DTLS13 && !NO_WOLFSSL_CLIENT*/
|
||||
|
||||
#if defined(HAVE_ECH)
|
||||
/* Calculate ECH acceptance and verify the server accepted ECH.
|
||||
|
||||
@@ -466,7 +466,7 @@ static void show_appinfo(void)
|
||||
#ifdef HAVE_CURVE448
|
||||
"x448 "
|
||||
#endif
|
||||
#ifdef HAVE_CURVE22519
|
||||
#ifdef HAVE_CURVE25519
|
||||
"x22519 "
|
||||
#endif
|
||||
#ifdef WOLFSSL_STATIC_RSA
|
||||
|
||||
+1
-1
@@ -37,7 +37,7 @@
|
||||
#if defined(WOLFSSL_STATIC_MEMORY)
|
||||
#include <wolfssl/wolfcrypt/memory.h>
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASNC_CRYPT
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
|
||||
@@ -29,6 +29,87 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
|
||||
|
||||
*/
|
||||
|
||||
/*
|
||||
* AES Build Options:
|
||||
*
|
||||
* Core:
|
||||
* NO_AES: Disable AES support entirely default: off
|
||||
* WOLFSSL_AES_128: Enable AES-128 key size default: on
|
||||
* WOLFSSL_AES_192: Enable AES-192 key size default: on
|
||||
* WOLFSSL_AES_256: Enable AES-256 key size default: on
|
||||
* AES_MAX_KEY_SIZE: Maximum AES key size in bits default: 256
|
||||
*
|
||||
* Cipher Modes:
|
||||
* HAVE_AES_CBC: Enable AES-CBC mode default: on
|
||||
* HAVE_AES_ECB: Enable AES-ECB mode default: off
|
||||
* HAVE_AES_DECRYPT: Enable AES decryption default: on
|
||||
* WOLFSSL_AES_COUNTER: Enable AES-CTR mode default: off
|
||||
* WOLFSSL_AES_CFB: Enable AES-CFB mode default: off
|
||||
* WOLFSSL_NO_AES_CFB_1_8: Disable AES-CFB-1 and AES-CFB-8 default: off
|
||||
* WOLFSSL_AES_OFB: Enable AES-OFB mode default: off
|
||||
* WOLFSSL_AES_DIRECT: Enable direct AES encrypt/decrypt API default: off
|
||||
* WOLFSSL_AES_XTS: Enable AES-XTS mode default: off
|
||||
* WOLFSSL_AES_CTS: Enable AES-CTS (ciphertext stealing) default: off
|
||||
* WOLFSSL_AES_SIV: Enable AES-SIV (synthetic IV) mode default: off
|
||||
* WOLFSSL_AES_EAX: Enable AES-EAX AEAD mode default: off
|
||||
* WOLFSSL_CMAC: Enable AES-CMAC (RFC 4493) default: off
|
||||
* HAVE_AESCCM: Enable AES-CCM mode default: off
|
||||
* HAVE_AES_KEYWRAP: Enable AES key wrap (RFC 3394) default: off
|
||||
* WOLFSSL_AES_CBC_LENGTH_CHECKS: Validate CBC input length default: off
|
||||
*
|
||||
* AES-GCM:
|
||||
* HAVE_AESGCM: Enable AES-GCM mode default: off
|
||||
* HAVE_AESGCM_DECRYPT: Enable AES-GCM decryption default: on
|
||||
* (when HAVE_AESGCM is enabled)
|
||||
* WOLFSSL_AESGCM_STREAM: Enable streaming AES-GCM API default: off
|
||||
* WC_AES_GCM_DEC_AUTH_EARLY: Authenticate tag before decryption default: off
|
||||
* GCM_SMALL: Small GCM table, saves memory default: off
|
||||
* GCM_TABLE: Full 4-bit GCM lookup table, faster default: off
|
||||
* GCM_TABLE_4BIT: Explicit 4-bit GCM table mode default: off
|
||||
* GCM_WORD32: Use 32-bit word GCM implementation default: off
|
||||
* GCM_GMULT_LEN: GCM GMULT length optimization default: off
|
||||
*
|
||||
* AES-XTS Stream:
|
||||
* WOLFSSL_AESXTS_STREAM: Enable streaming AES-XTS API default: off
|
||||
* WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING:
|
||||
* Disable XTS stream request accounting default: off
|
||||
* WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS:
|
||||
* Support both encrypt and decrypt keys default: off
|
||||
* simultaneously in XTS context
|
||||
*
|
||||
* Performance / Side-Channel:
|
||||
* WOLFSSL_AESNI: Enable Intel AES-NI instructions default: off
|
||||
* WOLFSSL_AESNI_BY4: AES-NI 4-block parallel processing default: off
|
||||
* WOLFSSL_AESNI_BY6: AES-NI 6-block parallel processing default: off
|
||||
* USE_INTEL_SPEEDUP: Intel AVX/AVX2 for AES acceleration default: off
|
||||
* WOLFSSL_AES_SMALL_TABLES: Use smaller AES S-box tables default: off
|
||||
* WOLFSSL_AES_NO_UNROLL: Disable AES round loop unrolling default: off
|
||||
* WOLFSSL_AES_TOUCH_LINES: Touch all cache lines for default: off
|
||||
* side-channel resistance
|
||||
* WC_AES_BITSLICED: Use bitsliced AES implementation default: off
|
||||
* AES_GCM_GMULT_NCT: GCM GMULT non-constant-time default: off
|
||||
* NO_WOLFSSL_ALLOC_ALIGN: Disable aligned memory allocation default: off
|
||||
*
|
||||
* Hardware Acceleration (AES-specific):
|
||||
* WC_ASYNC_ENABLE_AES: Enable async AES operations default: off
|
||||
* WOLFSSL_CRYPTOCELL_AES: CryptoCell AES acceleration default: off
|
||||
* WOLFSSL_DEVCRYPTO_AES: /dev/crypto AES acceleration default: off
|
||||
* WOLFSSL_DEVCRYPTO_CBC: /dev/crypto AES-CBC acceleration default: off
|
||||
* WOLFSSL_KCAPI_AES: Linux kernel crypto API for AES default: off
|
||||
* WOLFSSL_NO_KCAPI_AES_CBC: Disable KCAPI AES-CBC default: off
|
||||
* WOLFSSL_NRF51_AES: nRF51 hardware AES default: off
|
||||
* WOLFSSL_PSA_NO_AES: Disable PSA AES default: off
|
||||
* WOLFSSL_SCE_NO_AES: Disable Renesas SCE AES default: off
|
||||
* NO_IMX6_CAAM_AES: Disable i.MX6 CAAM AES default: off
|
||||
* WOLFSSL_AFALG_XILINX_AES: AF_ALG Xilinx AES acceleration default: off
|
||||
* NO_WOLFSSL_ESP32_CRYPT_AES: Disable ESP32 AES acceleration default: off
|
||||
* STM32_CRYPTO_AES_ONLY: STM32 AES-only crypto mode default: off
|
||||
*
|
||||
* Debug:
|
||||
* WC_DEBUG_CIPHER_LIFECYCLE: Debug cipher init/free lifecycle default: off
|
||||
* WOLFSSL_HW_METRICS: Track hardware acceleration usage default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#if !defined(NO_AES)
|
||||
|
||||
+102
-2
@@ -107,6 +107,106 @@ ASN Options:
|
||||
* WOLFSSL_ALLOW_AKID_SKID_MATCH: By default cert issuer is found using hash
|
||||
* of cert subject hash with signers subject hash. This option allows fallback
|
||||
* to using AKID and SKID matching.
|
||||
*
|
||||
* Certificate Generation/Parsing:
|
||||
* WOLFSSL_CERT_REQ: Enable certificate request (CSR) support
|
||||
* WOLFSSL_CERT_EXT: Enable certificate extension support
|
||||
* WOLFSSL_CERT_PIV: Enable PIV certificate support
|
||||
* WOLFSSL_CERT_GEN_CACHE: Cache DER for cert generation
|
||||
* WOLFSSL_CERT_SIGN_CB: Enable certificate signing callback
|
||||
* WOLFSSL_CERT_NAME_ALL: Store all certificate name components
|
||||
* WOLFSSL_MULTI_ATTRIB: Enable multi-valued RDN attributes
|
||||
* WOLFSSL_DER_TO_PEM: Enable DER to PEM conversion
|
||||
* WOLFSSL_PEM_TO_DER: Enable PEM to DER conversion
|
||||
* WOLFSSL_PUB_PEM_TO_DER: Enable public key PEM to DER conversion
|
||||
* WOLFSSL_KEY_TO_DER: Enable key to DER encoding
|
||||
* WOLFSSL_ENCRYPTED_KEYS: Enable encrypted private key support (PKCS#8)
|
||||
* ASN_BER_TO_DER: Enable BER to DER conversion
|
||||
* WOLFSSL_DUP_CERTPOL: Allow duplicate certificate policies
|
||||
* WOLFSSL_NAMES_STATIC: Use static allocation for name strings
|
||||
* WOLFSSL_SIGNER_DER_CERT: Store signer DER cert in cert manager
|
||||
*
|
||||
* Certificate Validation:
|
||||
* NO_VERIFY_OID: Skip OID verification
|
||||
* NO_CHECK_PRIVATE_KEY: Skip private key pair check
|
||||
* NO_SKID: Disable Subject Key Identifier
|
||||
* NO_STRICT_ECDSA_LEN: Allow non-strict ECDSA signature length
|
||||
* NO_WOLFSSL_CM_VERIFY: Disable cert manager verify callback
|
||||
* NO_WOLFSSL_SKIP_TRAILING_PAD: Don't skip trailing padding
|
||||
* ALLOW_SELFSIGNED_INVALID_CERTSIGN: Allow self-signed certs
|
||||
* without keyCertSign in keyUsage
|
||||
* ALLOW_V1_EXTENSIONS: Allow extensions in v1 certificates
|
||||
* USE_WOLF_VALIDDATE: Use wolfSSL date validation
|
||||
* WC_ASN_RUNTIME_DATE_CHECK_CONTROL: Runtime control of date checking
|
||||
* WOLFSSL_AFTER_DATE_CLOCK_SKEW: Clock skew tolerance for after-date
|
||||
* WOLFSSL_BEFORE_DATE_CLOCK_SKEW: Clock skew tolerance for before-date
|
||||
* WOLFSSL_TRUST_PEER_CERT: Enable trusted peer certificate support
|
||||
*
|
||||
* Extensions:
|
||||
* WOLFSSL_ALT_NAMES: Enable Subject Alternative Names
|
||||
* WOLFSSL_ALT_NAMES_NO_REV: Alt names without reverse order
|
||||
* WOLFSSL_IP_ALT_NAME: Enable IP address in SAN
|
||||
* WOLFSSL_RID_ALT_NAME: Enable Registered ID in SAN
|
||||
* WOLFSSL_SEP: Enable SubjectEntryPoint extension
|
||||
* WOLFSSL_EKU_OID: Enable Extended Key Usage OID support
|
||||
* WOLFSSL_ACERT: Enable attribute certificate support
|
||||
* IGNORE_KEY_EXTENSIONS: Ignore key usage extensions
|
||||
* IGNORE_NETSCAPE_CERT_TYPE: Ignore Netscape cert type extension
|
||||
* WOLFSSL_ALLOW_CRIT_AIA: Allow critical Authority Info Access
|
||||
* WOLFSSL_ALLOW_CRIT_AKID: Allow critical Auth Key Identifier
|
||||
* WOLFSSL_ALLOW_CRIT_SKID: Allow critical Subject Key Identifier
|
||||
* WC_ASN_UNKNOWN_EXT_CB: Callback for unknown extensions
|
||||
*
|
||||
* ASN.1 Parsing:
|
||||
* WOLFSSL_ASN_ALL: Enable all ASN.1 features
|
||||
* WOLFSSL_ASN_CA_ISSUER: Enable CA Issuer in AIA parsing
|
||||
* WOLFSSL_ASN_PRINT: Enable ASN.1 structure printing
|
||||
* WOLFSSL_ASN_INT_LEAD_0_ANY: Allow any leading zero in ASN integers
|
||||
* WOLFSSL_ASN_PARSE_KEYUSAGE: Parse key usage extension
|
||||
* WOLFSSL_ASN_TIME_STRING: Enable ASN time to string conversion
|
||||
* ASN_TEMPLATE_SKIP_ISCA_CHECK: Skip isCA check in ASN template
|
||||
*
|
||||
* OID:
|
||||
* HAVE_OID_ENCODING: Enable OID encoding support
|
||||
* HAVE_OID_DECODING: Enable OID decoding support
|
||||
* WOLFSSL_OLD_OID_SUM: Use old OID sum calculation
|
||||
*
|
||||
* CRL:
|
||||
* HAVE_CRL: Enable Certificate Revocation Lists
|
||||
* CRL_STATIC_REVOKED_LIST: Use static list for revoked certs
|
||||
*
|
||||
* OCSP:
|
||||
* HAVE_OCSP: Enable OCSP support
|
||||
* HAVE_OCSP_RESPONDER: Enable OCSP responder support
|
||||
* WOLFSSL_OCSP_PARSE_STATUS: Parse OCSP response status
|
||||
*
|
||||
* PKCS:
|
||||
* HAVE_PKCS8: Enable PKCS#8 support
|
||||
* HAVE_PKCS12: Enable PKCS#12 support
|
||||
*
|
||||
* Algorithms (ASN encoding/decoding):
|
||||
* HAVE_DILITHIUM: Enable Dilithium ASN support
|
||||
* WOLFSSL_DILITHIUM_NO_ASN1: Disable Dilithium ASN.1 encoding
|
||||
* WOLFSSL_DILITHIUM_FIPS204_DRAFT: FIPS 204 draft Dilithium
|
||||
* WOLFSSL_DILITHIUM_NO_SIGN: Disable Dilithium signing
|
||||
* WOLFSSL_DILITHIUM_NO_VERIFY: Disable Dilithium verify
|
||||
* HAVE_FALCON: Enable Falcon ASN support
|
||||
* HAVE_SPHINCS: Enable SPHINCS+ ASN support
|
||||
*
|
||||
* Key Import/Export:
|
||||
* WC_ENABLE_ASYM_KEY_IMPORT: Enable asymmetric key import
|
||||
* WC_ENABLE_ASYM_KEY_EXPORT: Enable asymmetric key export
|
||||
*
|
||||
* Compatibility:
|
||||
* WOLFSSL_APACHE_HTTPD: Apache HTTPD compatibility
|
||||
* WOLFSSL_X509_NAME_AVAILABLE: Enable X509_NAME API
|
||||
* WOLFSSL_HAVE_ISSUER_NAMES: Store issuer name components
|
||||
* WOLFSSL_ASN_KEY_SIZE_ENUM: Use enum for AES key size in ASN
|
||||
* WOLFSSL_SM3: Enable SM3 hash ASN support
|
||||
* HAVE_SMIME: Enable S/MIME support
|
||||
* HAVE_LIBZ: Enable zlib compression for certs
|
||||
* WC_RC2: Enable RC2 for PKCS#12
|
||||
* WOLFSSL_MD2: Enable MD2 hash (legacy)
|
||||
*/
|
||||
|
||||
#ifndef NO_RSA
|
||||
@@ -4389,7 +4489,7 @@ static word32 SetBitString16Bit(word16 val, byte* output)
|
||||
|
||||
/* Falcon Level 5: 1 3 9999 3 9 */
|
||||
static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
|
||||
#endif /* HAVE_FACON */
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
/* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
|
||||
@@ -17954,7 +18054,7 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
|
||||
#ifdef HAVE_CURVE448
|
||||
|| (algoOID == X448k)
|
||||
#endif
|
||||
#ifdef HAVE_FACON
|
||||
#ifdef HAVE_FALCON
|
||||
|| (algoOID == FALCON_LEVEL1k)
|
||||
|| (algoOID == FALCON_LEVEL5k)
|
||||
#endif
|
||||
|
||||
+28
-10
@@ -22,18 +22,36 @@
|
||||
/* This framework provides a central place for crypto hardware integration
|
||||
using the devId scheme. If not supported return `CRYPTOCB_UNAVAILABLE`. */
|
||||
|
||||
/* Some common, optional build settings:
|
||||
* these can also be set in wolfssl/options.h or user_settings.h
|
||||
* -------------------------------------------------------------
|
||||
* enable the find device callback functions
|
||||
* WOLF_CRYPTO_CB_FIND
|
||||
/*
|
||||
Crypto Callback Build Options:
|
||||
* WOLF_CRYPTO_CB: Master enable for crypto callback default: off
|
||||
* framework. Required for all options below.
|
||||
* WOLF_CRYPTO_CB_FIND: Enable find device callback functions default: off
|
||||
* Allows lookup of registered crypto devices.
|
||||
* WOLF_CRYPTO_CB_CMD: Enable command callbacks invoked during default: off
|
||||
* register and unregister of crypto devices.
|
||||
* WOLF_CRYPTO_CB_COPY: Enable copy callback for algorithm default: off
|
||||
* structures (hash, cipher state copying).
|
||||
* WOLF_CRYPTO_CB_FREE: Enable free callback for algorithm default: off
|
||||
* structures (cleanup of crypto objects).
|
||||
* WOLF_CRYPTO_CB_AES_SETKEY: Enable callback for AES key setup default: off
|
||||
* WOLF_CRYPTO_CB_RSA_PAD: Enable callback for RSA padding default: off
|
||||
* operations (custom padding handling).
|
||||
* DEBUG_CRYPTOCB: Enable debug InfoString functions default: off
|
||||
*
|
||||
* enable the command callback functions to invoke the callback during
|
||||
* register and unregister
|
||||
* WOLF_CRYPTO_CB_CMD
|
||||
* Device ID options:
|
||||
* WC_USE_DEVID: Specify a default device ID to use default: off
|
||||
* when no hardware device is detected.
|
||||
* WC_NO_DEFAULT_DEVID: Disable automatic default device ID default: off
|
||||
* selection. Requires explicit devId passing.
|
||||
* WOLFSSL_CAAM_DEVID: Device ID constant (value 7) for NXP default: off
|
||||
* CAAM hardware crypto.
|
||||
*
|
||||
* enable debug InfoString functions
|
||||
* DEBUG_CRYPTOCB
|
||||
* Algorithm-specific callback options:
|
||||
* NO_SHA2_CRYPTO_CB: Disable crypto callbacks for SHA-384 default: off
|
||||
* and SHA-512 operations.
|
||||
* WOLF_CRYPTO_CB_ONLY_ECC: Use only callbacks for ECC default: off
|
||||
* WOLF_CRYPTO_CB_ONLY_RSA: Use only callbacks for RSA default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
@@ -25,6 +25,17 @@
|
||||
* Reworked for curve448 by Sean Parkinson.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Curve448 Build Options:
|
||||
*
|
||||
* HAVE_CURVE448: Enable Curve448 support default: off
|
||||
* HAVE_CURVE448_SHARED_SECRET: Enable Curve448 shared secret default: on
|
||||
* (when HAVE_CURVE448 is enabled)
|
||||
* HAVE_CURVE448_KEY_EXPORT: Enable Curve448 key export default: on
|
||||
* HAVE_CURVE448_KEY_IMPORT: Enable Curve448 key import default: on
|
||||
* WOLFSSL_ECDHX_SHARED_NOT_ZERO: Check ECDH shared secret != 0 default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#ifdef HAVE_CURVE448
|
||||
|
||||
@@ -19,6 +19,17 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* DES3 Build Options:
|
||||
*
|
||||
* NO_DES3: Disable 3DES support entirely default: off
|
||||
* WOLFSSL_DES_ECB: Enable DES-ECB mode default: off
|
||||
*
|
||||
* Hardware Acceleration (DES3-specific):
|
||||
* WC_ASYNC_ENABLE_3DES: Enable async 3DES operations default: off
|
||||
* FREESCALE_LTC_DES: Freescale LTC DES acceleration default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#ifndef NO_DES3
|
||||
|
||||
@@ -100,6 +100,65 @@ Possible ECC enable options:
|
||||
* WOLFSSL_CHECK_VER_FAULTS
|
||||
* Sanity check on verification steps in case of faults.
|
||||
* default: off
|
||||
* ECC_TIMING_RESISTANT: Enables constant-time ECC operations default: on
|
||||
* to prevent timing side-channel attacks.
|
||||
* Auto-enabled for FIPS and some embedded builds.
|
||||
* WC_NO_CACHE_RESISTANT: Disables cache-resistant operations default: off
|
||||
* (conditional swaps) in ECC scalar multiply to
|
||||
* reduce overhead. Not recommended for secure use.
|
||||
* ALT_ECC_SIZE: Uses alternate smaller fixed-size arrays default: off
|
||||
* for ECC points instead of full mp_int arrays,
|
||||
* reducing memory. Requires USE_FAST_MATH.
|
||||
* WOLFSSL_ECC_NO_SMALL_STACK: Disables WOLFSSL_SMALL_STACK default: off
|
||||
* optimizations for ECC, using stack instead of heap.
|
||||
* HAVE_ECC_CHECK_PUBKEY_ORDER: Validates ECC public key order default: on
|
||||
* during import. Auto-enabled unless
|
||||
* NO_ECC_CHECK_PUBKEY_ORDER is defined.
|
||||
* NO_ECC_CHECK_PUBKEY_ORDER: Disables public key order check default: off
|
||||
* during ECC key import. Not recommended.
|
||||
* HAVE_ECC_MAKE_PUB: Enables computing public key from default: on
|
||||
* private key via wc_ecc_make_pub.
|
||||
* HAVE_ECC_VERIFY_HELPER: Enables ECC verify helper functions default: on
|
||||
* Auto-enabled unless using hardware accelerators.
|
||||
* WOLFSSL_PUBLIC_ECC_ADD_DBL: Makes ecc_projective_add_point default: off
|
||||
* and ecc_projective_dbl_point public APIs.
|
||||
* SQRTMOD_USE_MOD_EXP: Computes square root mod prime using default: off
|
||||
* modular exponentiation instead of Jacobi method
|
||||
* for compressed key decompression.
|
||||
*
|
||||
* ECIES options:
|
||||
* WOLFSSL_ECIES_OLD: Uses original wolfSSL ECIES format default: off
|
||||
* (public key not in shared secret material).
|
||||
* WOLFSSL_ECIES_ISO18033: Uses ISO 18033 ECIES standard default: off
|
||||
* (includes public key in shared secret).
|
||||
* WOLFSSL_ECIES_GEN_IV: Generates random IV for ECIES default: off
|
||||
* encryption instead of deriving from KDF.
|
||||
*
|
||||
* Fixed Point Cache options (requires FP_ECC):
|
||||
* FP_ENTRIES: Number of FP cache entries default: 15
|
||||
* FP_LUT: FP lookup table bit size (2-12). Larger default: 8
|
||||
* values use more memory but faster verify.
|
||||
* FP_ECC_CONTROL: Auto-selects cached FP ECC verify with default: on
|
||||
* SP when WOLFSSL_HAVE_SP_ECC is available.
|
||||
*
|
||||
* SP Math ECC options:
|
||||
* WOLFSSL_HAVE_SP_ECC: Enables SP math optimizations for ECC default: on
|
||||
* Provides significant performance improvement.
|
||||
* WOLFSSL_SP_NO_256: Disables SP P-256 support default: off
|
||||
* WOLFSSL_SP_384: Enables SP P-384 support default: off
|
||||
* WOLFSSL_SP_521: Enables SP P-521 support default: off
|
||||
* WOLFSSL_SP_1024: Enables SP 1024-bit support for SAKKE default: off
|
||||
* WOLFSSL_SP_SM2: Enables SP SM2 curve support default: off
|
||||
* Auto-enabled with WOLFSSL_SM2.
|
||||
*
|
||||
* Hardware/Offload options:
|
||||
* WOLFSSL_KCAPI_ECC: Offload ECC to Linux Kernel Crypto API default: off
|
||||
* WC_ASYNC_ENABLE_ECC: Enables async ECC with crypto callbacks default: off
|
||||
* Requires WOLFSSL_ASYNC_CRYPT.
|
||||
* WC_ASYNC_ENABLE_ECC_KEYGEN: Enables async ECC key gen default: off
|
||||
* PLUTON_CRYPTO_ECC: Uses ARM Pluton TEE for ECC operations default: off
|
||||
* WOLFSSL_CAAM_BLACK_KEY_SM: Uses NXP CAAM secure memory for default: off
|
||||
* encrypted black key storage.
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
+1
-1
@@ -5483,7 +5483,7 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name)
|
||||
{EVP_ARIA_256_GCM, "aria-256-gcm"},
|
||||
{EVP_ARIA_256_GCM, "id-aria256-GCM"},
|
||||
#endif
|
||||
#ifdef WOLFSSL_SM4_EBC
|
||||
#ifdef WOLFSSL_SM4_ECB
|
||||
{EVP_SM4_ECB, "sm4-ecb"},
|
||||
#endif
|
||||
#ifdef WOLFSSL_SM4_CBC
|
||||
|
||||
@@ -20,6 +20,21 @@
|
||||
*/
|
||||
|
||||
|
||||
/*
|
||||
* HMAC Build Options:
|
||||
*
|
||||
* NO_HMAC: Disable HMAC support entirely default: off
|
||||
* HAVE_HKDF: Enable HKDF (RFC 5869) key derivation default: off
|
||||
* WOLFSSL_HMAC_COPY_HASH: Copy hash state instead of re-init default: off
|
||||
* for HMAC operations (performance)
|
||||
* STM32_HMAC: STM32 hardware HMAC acceleration default: off
|
||||
*
|
||||
* Hardware Acceleration (HMAC-specific):
|
||||
* WC_ASYNC_ENABLE_HMAC: Enable async HMAC operations default: off
|
||||
* WOLFSSL_DEVCRYPTO_HMAC: /dev/crypto HMAC acceleration default: off
|
||||
* WOLFSSL_KCAPI_HMAC: Linux kernel crypto API for HMAC default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#ifndef NO_HMAC
|
||||
|
||||
@@ -19,6 +19,17 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* MD5 Build Options:
|
||||
*
|
||||
* NO_MD5: Disable MD5 support entirely default: off
|
||||
* HAVE_MD5_CUST_API: Enable custom MD5 API default: off
|
||||
* STM32_NOMD5: Disable STM32 hardware MD5 default: off
|
||||
*
|
||||
* Hardware Acceleration (MD5-specific):
|
||||
* WC_ASYNC_ENABLE_MD5: Enable async MD5 operations default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#if !defined(NO_MD5)
|
||||
|
||||
@@ -19,6 +19,25 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* PKCS#7 Build Options:
|
||||
*
|
||||
* Core:
|
||||
* HAVE_PKCS7: Enable PKCS#7 support default: off
|
||||
* NO_PKCS7_STREAM: Disable PKCS#7 streaming mode default: off
|
||||
* NO_PKCS7_ENCRYPTED_DATA: Disable PKCS#7 EncryptedData type default: off
|
||||
* NO_PKCS7_COMPRESSED_DATA: Disable PKCS#7 CompressedData type default: off
|
||||
* WC_PKCS7_STREAM_DEBUG: Enable PKCS#7 stream debug output default: off
|
||||
* WOLFSSL_PKCS7_MAX_DECOMPRESSION: Max decompression size default: off
|
||||
*
|
||||
* Callbacks:
|
||||
* HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK: Custom RSA raw sign callback default: off
|
||||
* HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK: Custom ECC raw sign callback default: off
|
||||
*
|
||||
* Key Derivation:
|
||||
* HAVE_X963_KDF: Enable ANSI X9.63 KDF default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#ifdef HAVE_PKCS7
|
||||
|
||||
@@ -38,6 +38,14 @@ and Daniel J. Bernstein
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
/*
|
||||
* Poly1305 Build Options:
|
||||
*
|
||||
* HAVE_POLY1305: Enable Poly1305 authenticator default: off
|
||||
* POLY130564: Use 64-bit Poly1305 implementation default: auto
|
||||
* USE_INTEL_POLY1305_SPEEDUP: Intel AVX/AVX2 Poly1305 accel default: off
|
||||
*/
|
||||
|
||||
#ifdef HAVE_POLY1305
|
||||
#include <wolfssl/wolfcrypt/poly1305.h>
|
||||
#include <wolfssl/wolfcrypt/cpuid.h>
|
||||
|
||||
+74
-16
@@ -26,22 +26,80 @@ This library contains implementation for the random number generator.
|
||||
|
||||
*/
|
||||
|
||||
/* Possible defines:
|
||||
* ENTROPY_NUM_UPDATE default: 18
|
||||
* Number of updates to perform. A hash is created and memory accessed
|
||||
* based on the hash values in each update of a sample.
|
||||
* More updates will result in better entropy quality but longer sample
|
||||
* times.
|
||||
* ENTROPY_NUM_UPDATES_BITS default: 5
|
||||
* Number of bits needed to represent ENTROPY_NUM_UPDATE.
|
||||
* = upper(log2(ENTROPY_NUM_UPDATE))
|
||||
* ENTROPY_NUM_WORDS_BITS default: 14
|
||||
* State has 2^ENTROPY_NUMN_WORDS_BITS entries. Range: 8-30
|
||||
* The value should be based on the cache sizes.
|
||||
* Use a value that is at least as large as the L1 cache if possible.
|
||||
* The higher the value, the more likely there will be cache misses and
|
||||
* better the entropy quality.
|
||||
* A larger value will use more static memory.
|
||||
/*
|
||||
* Random Number Generator Build Options:
|
||||
*
|
||||
* Core RNG:
|
||||
* WC_NO_RNG: Disable RNG support entirely default: off
|
||||
* HAVE_HASHDRBG: Enable Hash-based DRBG (SP 800-90A) default: on
|
||||
* WC_RNG_BLOCKING: Make RNG operations blocking default: off
|
||||
* WC_VERBOSE_RNG: Enable verbose RNG debug output default: off
|
||||
* WC_RNG_SEED_CB: Use custom seed callback function default: off
|
||||
* WC_RNG_BANK_SUPPORT: Enable RNG bank (pre-generated) default: off
|
||||
* random data support
|
||||
* WOLFSSL_RNG_USE_FULL_SEED: Use full-length seed for DRBG default: off
|
||||
* WOLFSSL_GENSEED_FORTEST: Use deterministic seed for testing default: off
|
||||
* WARNING: not for production use
|
||||
* WOLFSSL_KEEP_RNG_SEED_FD_OPEN: Keep /dev/random fd open default: off
|
||||
* between seed operations
|
||||
*
|
||||
* Custom RNG Sources:
|
||||
* CUSTOM_RAND_GENERATE: Custom random word generator func default: off
|
||||
* CUSTOM_RAND_GENERATE_BLOCK: Custom block random generator default: off
|
||||
* CUSTOM_RAND_GENERATE_SEED: Custom seed generator function default: off
|
||||
* CUSTOM_RAND_GENERATE_SEED_OS: Custom OS-level seed generator default: off
|
||||
*
|
||||
* Entropy Sources:
|
||||
* HAVE_ENTROPY_MEMUSE: Enable memory-use based entropy default: off
|
||||
* source for DRBG seeding
|
||||
* ENTROPY_MEMUSE_FORCE_FAILURE: Force entropy failure (testing) default: off
|
||||
* HAVE_GETRANDOM: Use Linux getrandom() syscall default: auto
|
||||
* WOLFSSL_GETRANDOM: Use getrandom() for seed source default: auto
|
||||
* FORCE_FAILURE_GETRANDOM: Force getrandom failure (testing) default: off
|
||||
* NO_DEV_RANDOM: Don't use /dev/random for seeding default: off
|
||||
* NO_DEV_URANDOM: Don't use /dev/urandom for seeding default: off
|
||||
* HAVE_INTEL_RDRAND: Use Intel RDRAND instruction default: off
|
||||
* HAVE_INTEL_RDSEED: Use Intel RDSEED instruction default: off
|
||||
* HAVE_AMD_RDSEED: Use AMD RDSEED instruction default: off
|
||||
* IDIRECT_DEV_RANDOM: iDirect custom /dev/random path default: off
|
||||
* WIN_REUSE_CRYPT_HANDLE: Reuse Windows CryptContext handle default: off
|
||||
*
|
||||
* Entropy Tuning (for HAVE_ENTROPY_MEMUSE):
|
||||
* ENTROPY_NUM_UPDATE: Number of updates per sample default: 18
|
||||
* More updates = better entropy but slower
|
||||
* ENTROPY_NUM_UPDATES_BITS: Bits to represent ENTROPY_NUM_UPDATE default: 5
|
||||
* = upper(log2(ENTROPY_NUM_UPDATE))
|
||||
* ENTROPY_NUM_WORDS_BITS: State size as 2^N entries default: 14
|
||||
* Range: 8-30. Base on cache sizes.
|
||||
* Larger = more cache misses = better entropy
|
||||
* but more static memory usage.
|
||||
*
|
||||
* DRBG Health Tests:
|
||||
* WC_RNG_SEED_APT_CUTOFF: Adaptive proportion test cutoff default: auto
|
||||
* WC_RNG_SEED_APT_WINDOW: Adaptive proportion test window size default: auto
|
||||
* WC_RNG_SEED_RCT_CUTOFF: Repetition count test cutoff default: auto
|
||||
*
|
||||
* Hardware RNG:
|
||||
* STM32_RNG: STM32 hardware RNG default: off
|
||||
* STM32_NUTTX_RNG: STM32 RNG via NuttX default: off
|
||||
* WOLFSSL_STM32F427_RNG: STM32F427 hardware RNG default: off
|
||||
* WOLFSSL_STM32_RNG_NOLIB: STM32 RNG without HAL library default: off
|
||||
* WOLFSSL_PIC32MZ_RNG: PIC32MZ hardware RNG default: off
|
||||
* FREESCALE_RNGA: Freescale RNGA default: off
|
||||
* FREESCALE_K70_RNGA: Freescale K70 RNGA default: off
|
||||
* FREESCALE_RNGB: Freescale RNGB default: off
|
||||
* FREESCALE_KSDK_2_0_RNGA: Freescale KSDK 2.0 RNGA default: off
|
||||
* FREESCALE_KSDK_2_0_TRNG: Freescale KSDK 2.0 TRNG default: off
|
||||
* MAX3266X_RNG: MAX3266X hardware RNG default: off
|
||||
* QAT_ENABLE_RNG: Intel QAT hardware RNG default: off
|
||||
* WOLFSSL_ATECC_RNG: ATECC508/608 hardware RNG default: off
|
||||
* WOLFSSL_SILABS_TRNG: Silicon Labs TRNG default: off
|
||||
* WOLFSSL_SCE_NO_TRNG: Disable Renesas SCE TRNG default: off
|
||||
* WOLFSSL_SCE_TRNG_HANDLE: Renesas SCE TRNG handle default: off
|
||||
* WOLFSSL_SE050_NO_TRNG: Disable SE050 TRNG default: off
|
||||
* WOLFSSL_PSA_NO_RNG: Disable PSA RNG default: off
|
||||
* HAVE_IOTSAFE_HWRNG: IoT-Safe hardware RNG default: off
|
||||
* WOLFSSL_XILINX_CRYPT_VERSAL: Xilinx Versal crypto RNG default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
+56
-23
@@ -66,29 +66,62 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
|
||||
#endif
|
||||
|
||||
/*
|
||||
Possible RSA enable options:
|
||||
* NO_RSA: Overall control of RSA default: on
|
||||
* (not defined)
|
||||
* WC_RSA_BLINDING: Uses Blinding w/ Private Ops default: on
|
||||
Note: slower by ~20%
|
||||
* WOLFSSL_KEY_GEN: Allows Private Key Generation default: off
|
||||
* RSA_LOW_MEM: NON CRT Private Operations, less memory default: off
|
||||
* WC_NO_RSA_OAEP: Disables RSA OAEP padding default: on
|
||||
* (not defined)
|
||||
* WC_RSA_NONBLOCK: Enables support for RSA non-blocking default: off
|
||||
* WC_RSA_NONBLOCK_TIME: Enables support for time based blocking default: off
|
||||
* time calculation.
|
||||
* WC_RSA_NO_FERMAT_CHECK:Don't check for small difference in default: off
|
||||
* p and q (Fermat's factorization is (not defined)
|
||||
* possible when small difference).
|
||||
*/
|
||||
|
||||
/*
|
||||
RSA Key Size Configuration:
|
||||
* FP_MAX_BITS: With USE_FAST_MATH only default: 4096
|
||||
If USE_FAST_MATH then use this to override default.
|
||||
Value is key size * 2. Example: RSA 3072 = 6144
|
||||
*/
|
||||
* RSA Build Options:
|
||||
*
|
||||
* Core:
|
||||
* NO_RSA: Disable RSA support entirely default: off
|
||||
* WOLFSSL_RSA_PUBLIC_ONLY: Only include RSA public key operations default: off
|
||||
* WOLFSSL_RSA_VERIFY_ONLY: Only include RSA verify operation default: off
|
||||
* WOLFSSL_RSA_VERIFY_INLINE: RSA verify inline (no output copy) default: off
|
||||
* WC_RSA_DIRECT: Enable direct RSA encrypt/decrypt API default: off
|
||||
* WC_RSA_NO_PADDING: Enable no-padding RSA mode default: off
|
||||
* WOLFSSL_RSA_KEY_CHECK: Enable RSA key pair consistency check default: off
|
||||
* WOLFSSL_RSA_CHECK_D_ON_DECRYPT: Validate private exponent d default: off
|
||||
* before each decrypt operation
|
||||
* WOLFSSL_RSA_DECRYPT_TO_0_LEN: Allow RSA decrypt result of 0 default: off
|
||||
* length (empty plaintext)
|
||||
* NO_RSA_BOUNDS_CHECK: Disable RSA bounds checking on input default: off
|
||||
* SHOW_GEN: Show key generation progress dots default: off
|
||||
*
|
||||
* Padding:
|
||||
* WC_RSA_PSS: Enable RSA-PSS signature support default: off
|
||||
* WC_NO_RSA_OAEP: Disable RSA OAEP padding default: off
|
||||
* WOLFSSL_PSS_LONG_SALT: Allow PSS salt longer than hash length default: off
|
||||
* WOLFSSL_PSS_SALT_LEN_DISCOVER: Auto-discover PSS salt length default: off
|
||||
* during verification
|
||||
*
|
||||
* Performance:
|
||||
* WC_RSA_BLINDING: Use blinding with private key ops default: on
|
||||
* Note: ~20% slower, protects against
|
||||
* timing side-channels
|
||||
* RSA_LOW_MEM: Non-CRT private ops, less memory default: off
|
||||
* WC_RSA_NONBLOCK: Non-blocking RSA operations default: off
|
||||
* WC_RSA_NONBLOCK_TIME: Time-based non-blocking RSA default: off
|
||||
* WOLFSSL_MP_INVMOD_CONSTANT_TIME: Constant-time modular inverse default: off
|
||||
* WC_RSA_NO_FERMAT_CHECK: Skip Fermat factorization check on default: off
|
||||
* key generation (p and q closeness)
|
||||
*
|
||||
* Key Generation:
|
||||
* WOLFSSL_KEY_GEN: Enable RSA private key generation default: off
|
||||
* FP_MAX_BITS: Max key bits with USE_FAST_MATH default: 4096
|
||||
* Value is key size * 2 (e.g. RSA 3072 = 6144)
|
||||
*
|
||||
* SP Math:
|
||||
* WOLFSSL_HAVE_SP_RSA: Use SP math for RSA operations default: off
|
||||
* WOLFSSL_SP_MATH: Use SP math only (no multi-precision) default: off
|
||||
* WOLFSSL_SP_MATH_ALL: SP math for all key sizes default: off
|
||||
* WOLFSSL_SP_NO_2048: Disable SP RSA 2048-bit support default: off
|
||||
* WOLFSSL_SP_NO_3072: Disable SP RSA 3072-bit support default: off
|
||||
* WOLFSSL_SP_4096: Enable SP RSA 4096-bit support default: off
|
||||
* WOLFSSL_SP_ASM: Use SP assembly optimizations default: off
|
||||
*
|
||||
* Hardware Acceleration (RSA-specific):
|
||||
* WC_ASYNC_ENABLE_RSA: Enable async RSA operations default: off
|
||||
* WOLFSSL_KCAPI_RSA: Linux kernel crypto API for RSA default: off
|
||||
* WOLFSSL_AFALG_XILINX_RSA: AF_ALG Xilinx RSA acceleration default: off
|
||||
* WOLFSSL_SE050_NO_RSA: Disable SE050 RSA default: off
|
||||
* WOLFSSL_XILINX_CRYPT: Xilinx crypto RSA acceleration default: off
|
||||
*/
|
||||
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
@@ -19,6 +19,26 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* SHA-1 Build Options:
|
||||
*
|
||||
* Core:
|
||||
* NO_SHA: Disable SHA-1 support entirely default: off
|
||||
* USE_SLOW_SHA: Disable SHA-1 loop unrolling default: off
|
||||
* WC_HASH_DATA_ALIGNMENT: Required data alignment for hashing default: off
|
||||
*
|
||||
* Hardware Acceleration (SHA-1-specific):
|
||||
* WC_ASYNC_ENABLE_SHA: Enable async SHA-1 operations default: off
|
||||
* WOLFSSL_PIC32MZ_HASH: PIC32MZ hardware SHA default: off
|
||||
* WOLFSSL_PSA_NO_HASH: Disable PSA hash default: off
|
||||
* WOLFSSL_TI_HASH: TI hardware hash default: off
|
||||
* WOLFSSL_RENESAS_RX64_HASH: Renesas RX64 hardware hash default: off
|
||||
* FREESCALE_LTC_SHA: Freescale LTC SHA acceleration default: off
|
||||
* FREESCALE_MMCAU_SHA: Freescale MMCAU SHA acceleration default: off
|
||||
* STM32_HASH: STM32 hardware hash default: off
|
||||
* PSOC6_HASH_SHA1: PSoC6 hardware SHA-1 default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#ifdef DEBUG_WOLFSSL_VERBOSE
|
||||
|
||||
@@ -19,6 +19,25 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* SHA-3 Build Options:
|
||||
*
|
||||
* Core:
|
||||
* WOLFSSL_SHA3: Enable SHA-3 support default: off
|
||||
* WOLFSSL_SHA3_SMALL: Use smaller SHA-3 implementation default: off
|
||||
* WOLFSSL_SHAKE128: Enable SHAKE128 XOF default: off
|
||||
* WOLFSSL_SHAKE256: Enable SHAKE256 XOF default: off
|
||||
* SHA3_BY_SPEC: Use specification Keccak-f order default: off
|
||||
* WC_SHA3_NO_ASM: Disable SHA-3 assembly optimizations default: off
|
||||
* WC_SHA3_FAULT_HARDEN: Harden SHA-3 against fault attacks default: off
|
||||
*
|
||||
* Hardware Acceleration (SHA-3-specific):
|
||||
* WC_ASYNC_ENABLE_SHA3: Enable async SHA-3 operations default: off
|
||||
* WOLFSSL_ARMASM_CRYPTO_SHA3: ARM crypto SHA-3 instructions default: off
|
||||
* STM32_HASH_SHA3: STM32 hardware SHA-3 default: off
|
||||
* PSOC6_HASH_SHA3: PSoC6 hardware SHA-3 default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#ifdef WC_SHA3_NO_ASM
|
||||
|
||||
@@ -19,6 +19,41 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
* SHA-512/384 Build Options:
|
||||
*
|
||||
* Core:
|
||||
* WOLFSSL_SHA512: Enable SHA-512 support default: off
|
||||
* WOLFSSL_SHA384: Enable SHA-384 support default: off
|
||||
* WOLFSSL_NOSHA512_224: Disable SHA-512/224 variant default: off
|
||||
* WOLFSSL_NOSHA512_256: Disable SHA-512/256 variant default: off
|
||||
*
|
||||
* Performance:
|
||||
* USE_SLOW_SHA512: Disable SHA-512 loop unrolling default: off
|
||||
* USE_SLOW_SHA2: Disable SHA-2 loop unrolling default: off
|
||||
* WOLFSSL_HASH_FLAGS: Enable hash flags for state tracking default: off
|
||||
* WOLFSSL_HASH_KEEP: Keep hash input data for reuse default: off
|
||||
* WOLFSSL_SMALL_STACK_CACHE: Cache hash state on small stack default: off
|
||||
* WC_NO_INTERNAL_FUNCTION_POINTERS: Disable internal func ptrs default: off
|
||||
*
|
||||
* Hardware Acceleration (SHA-512-specific):
|
||||
* WC_ASYNC_ENABLE_SHA512: Enable async SHA-512 operations default: off
|
||||
* WC_ASYNC_ENABLE_SHA384: Enable async SHA-384 operations default: off
|
||||
* WOLFSSL_KCAPI_HASH: Linux kernel crypto API for hashing default: off
|
||||
* WOLFSSL_SE050_HASH: SE050 hardware hashing default: off
|
||||
* WOLFSSL_SILABS_SHA384: Silicon Labs SHA-384 acceleration default: off
|
||||
* WOLFSSL_SILABS_SHA512: Silicon Labs SHA-512 acceleration default: off
|
||||
* NO_IMX6_CAAM_HASH: Disable i.MX6 CAAM hash default: off
|
||||
* NO_WOLFSSL_ESP32_CRYPT_HASH: Disable ESP32 hash acceleration default: off
|
||||
* WOLFSSL_ARMASM_CRYPTO_SHA512: ARM crypto SHA-512 instructions default: off
|
||||
* STM32_HASH_SHA384: STM32 hardware SHA-384 default: off
|
||||
* STM32_HASH_SHA512: STM32 hardware SHA-512 default: off
|
||||
* WOLFSSL_SHA512_HASHTYPE: SHA-512 hash type for hw dispatch default: off
|
||||
* MAX3266X_SHA: MAX3266X hardware SHA default: off
|
||||
* PSOC6_HASH_SHA2: PSoC6 hardware SHA-2 default: off
|
||||
* WOLFSSL_RENESAS_RSIP: Renesas RSIP SHA acceleration default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \
|
||||
|
||||
@@ -19,6 +19,77 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
wolfCrypt Porting Build Options:
|
||||
|
||||
Threading/Mutex options:
|
||||
* SINGLE_THREADED: No-op mutex/threading implementations default: off
|
||||
* WOLFSSL_PTHREADS: Use pthread-based mutex/threading default: off
|
||||
* (auto-detected on most POSIX systems)
|
||||
* WOLFSSL_MUTEX_INITIALIZER: Use static mutex initialization default: off
|
||||
* WC_MUTEX_OPS_INLINE: Use inlined mutex operations default: off
|
||||
* WOLFSSL_USER_MUTEX: User-provided mutex implementation default: off
|
||||
* WOLFSSL_COND: Enable condition variable support default: off
|
||||
* WOLFSSL_USE_RWLOCK: Enable reader-writer lock support default: off
|
||||
* WOLFSSL_THREAD_NO_JOIN: Create threads without join default: off
|
||||
* WOLFSSL_ALGO_HW_MUTEX: Per-algorithm hardware mutex locks default: off
|
||||
* Controls AES, hash, PK, and RNG mutexes.
|
||||
* WOLFSSL_CRYPT_HW_MUTEX: Cryptography hardware mutex default: off
|
||||
* Master control for all HW mutex init.
|
||||
* NO_AES_MUTEX: Disable AES hardware mutex default: off
|
||||
* NO_HASH_MUTEX: Disable hash hardware mutex default: off
|
||||
* NO_PK_MUTEX: Disable public-key hardware mutex default: off
|
||||
* NO_RNG_MUTEX: Disable RNG hardware mutex default: off
|
||||
*
|
||||
* Memory options:
|
||||
* USE_WOLFSSL_MEMORY: Enable custom memory allocation hooks default: on
|
||||
* WOLFSSL_STATIC_MEMORY: Use static memory pools instead of default: off
|
||||
* dynamic allocation.
|
||||
* WOLFSSL_TRACK_MEMORY: Enable memory allocation tracking default: off
|
||||
* WOLFSSL_TRACK_MEMORY_VERBOSE: Verbose memory tracking output default: off
|
||||
* WOLFSSL_FORCE_MALLOC_FAIL_TEST: Force malloc failures for default: off
|
||||
* testing error handling paths.
|
||||
* WOLFSSL_MEM_FAIL_COUNT: Count malloc failures for testing default: off
|
||||
* WOLFSSL_CHECK_MEM_ZERO: Verify sensitive memory is zeroed default: off
|
||||
* on free. Debug tool for key material.
|
||||
*
|
||||
* Filesystem options:
|
||||
* NO_FILESYSTEM: Disable all filesystem operations default: off
|
||||
* NO_WOLFSSL_DIR: Disable directory listing/iteration default: off
|
||||
*
|
||||
* Time options:
|
||||
* WOLFSSL_GMTIME: Provide custom gmtime implementation default: off
|
||||
* HAVE_TIME_T_TYPE: Platform provides time_t default: auto
|
||||
* TIME_OVERRIDES: Application provides custom time funcs default: off
|
||||
* USER_TICKS: Application provides tick counter default: off
|
||||
* USE_WOLF_TM: Use wolfSSL struct tm definition default: off
|
||||
*
|
||||
* String function options:
|
||||
* STRING_USER: User provides all string functions default: off
|
||||
* USE_WOLF_STRTOK: Use wolfSSL strtok implementation default: off
|
||||
* USE_WOLF_STRSEP: Use wolfSSL strsep implementation default: off
|
||||
* USE_WOLF_STRLCPY: Use wolfSSL strlcpy implementation default: off
|
||||
* USE_WOLF_STRLCAT: Use wolfSSL strlcat implementation default: off
|
||||
* USE_WOLF_STRCASECMP: Use wolfSSL strcasecmp implementation default: off
|
||||
* USE_WOLF_STRNCASECMP:Use wolfSSL strncasecmp implementation default: off
|
||||
* USE_WOLF_STRDUP: Use wolfSSL strdup implementation default: off
|
||||
*
|
||||
* Atomic operation options:
|
||||
* WOLFSSL_ATOMIC_OPS: Enable atomic operations for thread default: off
|
||||
* safety without full mutexes.
|
||||
* WOLFSSL_USER_DEFINED_ATOMICS: User-provided atomic impl default: off
|
||||
* WOLFSSL_HAVE_ATOMIC_H: Has C11 atomic.h header default: off
|
||||
*
|
||||
* General options:
|
||||
* WOLFCRYPT_ONLY: Exclude TLS/SSL, wolfCrypt only build default: off
|
||||
* WOLFSSL_LEANPSK: Lean PSK build, minimal features default: off
|
||||
* WOLF_C89: C89 compatibility mode default: off
|
||||
* WOLFSSL_SMALL_STACK: Reduce stack usage by allocating from default: off
|
||||
* heap instead. Slower but needed for
|
||||
* constrained environments.
|
||||
* DEBUG_WOLFSSL_VERBOSE: Enable verbose debug logging default: off
|
||||
*/
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#ifdef __APPLE__
|
||||
|
||||
@@ -91,7 +91,7 @@ typedef struct FSPSM_RSA_CTX {
|
||||
} FSPSM_RSA_CTX;
|
||||
|
||||
|
||||
#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \
|
||||
#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA224) || \
|
||||
defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
|
||||
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user