1 /* user_settings_all.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 23 /* should be renamed to user_settings.h for customer use 24 * generated from configure options ./configure --enable-all 25 * 26 * Cleaned up by David Garske 27 */ 28 29 #ifndef WOLFSSL_USER_SETTINGS_H 30 #define WOLFSSL_USER_SETTINGS_H 31 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 /* Features */ 38 #define WOLFSSL_PUBLIC_MP /* Make math API's public */ 39 #define KEEP_PEER_CERT /* Retain peer's certificate */ 40 #define KEEP_OUR_CERT /* Keep our certificate */ 41 #define WOLFSSL_ALWAYS_VERIFY_CB /* Always call verify callback (configured via wolfSSL_CTX_set_verify API) */ 42 #define WOLFSSL_VERIFY_CB_ALL_CERTS /* Call verify callback for all intermediate certs */ 43 #define WOLFSSL_ALWAYS_KEEP_SNI 44 #define WOLFSSL_EXTRA_ALERTS /* Allow sending other TLS alerts */ 45 #define HAVE_EX_DATA /* Enable "extra" EX data API's for user information in CTX/WOLFSSL */ 46 #define HAVE_EXT_CACHE 47 #define ATOMIC_USER /* Enable Atomic Record Layer callbacks */ 48 #define HAVE_PK_CALLBACKS /* Enable public key callbacks */ 49 #define WOLFSSL_ALT_NAMES /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */ 50 #define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */ 51 #define WOLFSSL_HAVE_CERT_SERVICE 52 #define WOLFSSL_JNI 53 #define WOLFSSL_SEP 54 #define WOLFCRYPT_HAVE_SRP 55 #define WOLFSSL_HAVE_WOLFSCEP 56 #define WOLFSSL_ENCRYPTED_KEYS /* Support for encrypted keys PKCS8 */ 57 #define HAVE_PKCS7 58 #define WOLFSSL_MULTI_ATTRIB 59 #define WOLFSSL_DER_LOAD 60 #define ASN_BER_TO_DER /* BER to DER support */ 61 #define WOLFSSL_SIGNER_DER_CERT 62 //#define HAVE_THREAD_LS /* DG Commented: Thread local storage - may not be portable */ 63 //#define WOLFSSL_AEAD_ONLY /* automatically set if TLS v1.3 only, but can be enabled for TLS v1.2 manually */ 64 65 /* TLS Features */ 66 #define WOLFSSL_DTLS 67 #define WOLFSSL_TLS13 68 #define WOLFSSL_EITHER_SIDE /* allow generic server/client method for WOLFSSL_CTX new */ 69 70 /* DG Disabled SSLv3 and TLSv1.0 - should avoid using */ 71 //#define WOLFSSL_ALLOW_SSLV3 72 //#define WOLFSSL_ALLOW_TLSV10 73 74 /* TLS Extensions */ 75 #define HAVE_TLS_EXTENSIONS 76 #define HAVE_SUPPORTED_CURVES 77 #define HAVE_ONE_TIME_AUTH 78 #define HAVE_SNI 79 #define HAVE_ALPN 80 #define HAVE_MAX_FRAGMENT 81 #define HAVE_TRUNCATED_HMAC 82 #define HAVE_SESSION_TICKET 83 #define HAVE_EXTENDED_MASTER 84 #define HAVE_TRUSTED_CA 85 #define HAVE_ENCRYPT_THEN_MAC 86 87 /* TLS Session Cache */ 88 #define SESSION_CERTS 89 #define PERSIST_SESSION_CACHE 90 #define PERSIST_CERT_CACHE 91 92 /* Key and Certificate Generation */ 93 #define WOLFSSL_KEY_GEN 94 #define WOLFSSL_CERT_GEN 95 #define WOLFSSL_CERT_REQ 96 #define WOLFSSL_CERT_EXT 97 98 /* Certificate Revocation */ 99 #define HAVE_OCSP 100 #define HAVE_CERTIFICATE_STATUS_REQUEST 101 #define HAVE_CERTIFICATE_STATUS_REQUEST_V2 102 #define HAVE_CRL 103 #define HAVE_CRL_IO 104 #define HAVE_IO_TIMEOUT 105 //#define HAVE_CRL_MONITOR /* DG Disabled (Monitors CRL files on filesystem) - not portable feature */ 106 107 108 /* Fast math key size 4096-bit max */ 109 #define USE_FAST_MATH 110 #define FP_MAX_BITS 8192 111 //#define HAVE___UINT128_T 1 /* DG commented: May not be portable */ 112 113 /* Timing Resistance */ 114 #define TFM_TIMING_RESISTANT 115 #define ECC_TIMING_RESISTANT 116 #define WC_RSA_BLINDING 117 118 /* DH Key Sizes */ 119 #define HAVE_FFDHE_2048 120 #define HAVE_FFDHE_3072 121 122 /* ECC Features */ 123 #define HAVE_ECC 124 #define TFM_ECC256 125 #define ECC_SHAMIR 126 #define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */ 127 #define HAVE_ECC_SECPR2 128 #define HAVE_ECC_SECPR3 129 #define HAVE_ECC_BRAINPOOL 130 #define HAVE_ECC_KOBLITZ 131 #define HAVE_ECC_CDH /* Co-factor */ 132 #define HAVE_COMP_KEY /* Compressed key support */ 133 #define FP_ECC /* Fixed point caching - speed repeated operations against same key */ 134 #define HAVE_ECC_ENCRYPT 135 136 /* RSA */ 137 #define WC_RSA_PSS 138 139 /* AES */ 140 #define HAVE_AES_DECRYPT 141 #define HAVE_AES_ECB 142 #define WOLFSSL_AES_DIRECT 143 #define WOLFSSL_AES_COUNTER 144 #define HAVE_AESGCM 145 #define HAVE_AESCCM 146 #define WOLFSSL_AES_OFB 147 #define WOLFSSL_AES_CFB 148 #define WOLFSSL_AES_XTS 149 #define HAVE_AES_KEYWRAP 150 151 /* Hashing */ 152 #define WOLFSSL_SHA224 153 #define WOLFSSL_SHA512 154 #define WOLFSSL_SHA384 155 #define WOLFSSL_SHAKE256 156 #define WOLFSSL_SHA3 157 #define WOLFSSL_HASH_FLAGS /* enable hash flag API's */ 158 159 /* Additional Algorithms */ 160 #define HAVE_HASHDRBG 161 #define HAVE_CURVE25519 162 #define HAVE_ED25519 163 #define CURVED25519_SMALL 164 #define HAVE_CURVE448 165 #define HAVE_POLY1305 166 #define HAVE_CHACHA 167 #define HAVE_HKDF 168 #define HAVE_X963_KDF 169 #define WOLFSSL_CMAC 170 #define WOLFSSL_DES_ECB 171 172 /* Non-Standard Algorithms (DG disabled) */ 173 //#define HAVE_HC128 174 //#define HAVE_RABBIT 175 //#define HAVE_IDEA 176 //#define HAVE_CAMELLIA 177 //#define WOLFSSL_RIPEMD 178 //#define HAVE_SCRYPT 179 180 /* Encoding */ 181 #define WOLFSSL_BASE16 182 #define WOLFSSL_BASE64_ENCODE 183 184 /* Openssl compatibility */ 185 #if 0 /* DG Disabled */ 186 /* Openssl compatibility API's */ 187 #define OPENSSL_EXTRA 188 #define OPENSSL_ALL 189 #define HAVE_OPENSSL_CMD 190 #define SSL_TXT_TLSV1_2 191 #define SSL_TXT_TLSV1_1 192 #define OPENSSL_NO_SSL2 193 #define OPENSSL_NO_SSL3 194 #define NO_OLD_RNGNAME 195 #define NO_OLD_WC_NAMES 196 #define NO_OLD_SSL_NAMES 197 #define NO_OLD_SHA_NAMES 198 199 /* Openssl compatibility application specific */ 200 #define WOLFSSL_LIBWEBSOCKETS 201 #define WOLFSSL_OPENSSH 202 #define WOLFSSL_QT 203 #define FORTRESS 204 #define HAVE_WEBSERVER 205 #define HAVE_LIGHTY 206 #define WOLFSSL_NGINX 207 #define WOLFSSL_HAPROXY 208 #define HAVE_STUNNEL 209 #define WOLFSSL_ASIO 210 #define ASIO_USE_WOLFSSL 211 #define BOOST_ASIO_USE_WOLFSSL 212 #endif 213 214 /* TLS static cipher support - off by default */ 215 #if 0 216 #define WOLFSSL_STATIC_RSA 217 #define WOLFSSL_STATIC_DH 218 #define WOLFSSL_STATIC_PSK 219 #endif 220 221 /* TLS sniffer support - off by default */ 222 #if 0 223 #define WOLFSSL_STATIC_EPHEMERAL 224 #define WOLFSSL_SNIFFER 225 #endif 226 227 228 #ifdef __cplusplus 229 } 230 #endif 231 232 233 #endif /* WOLFSSL_USER_SETTINGS_H */ 234