Gitiles
Code Review Sign In
192.168.1.100 / R306 / 1287788b29ff3df8561e18d63a3dc03b0ec2b272 / . / ap / lib / libwolfssl / install / include / wolfssl / wolfcrypt / settings.h
blob: 3a3dfae660fa8814166b8e8392c82c3317f2acbb [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame]1/* settings.h
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23/* Place OS specific preprocessor flags, defines, includes here, will be
24 included into every file because types.h includes it */
25
26
27#ifndef WOLF_CRYPT_SETTINGS_H
28#define WOLF_CRYPT_SETTINGS_H
29
30#ifdef __cplusplus
31 extern "C" {
32#endif
33
34/* This flag allows wolfSSL to include options.h instead of having client
35 * projects do it themselves. This should *NEVER* be defined when building
36 * wolfSSL as it can cause hard to debug problems. */
37#ifdef EXTERNAL_OPTS_OPENVPN
38#include <wolfssl/options.h>
39#endif
40
41/* Uncomment next line if using IPHONE */
42/* #define IPHONE */
43
44/* Uncomment next line if using ThreadX */
45/* #define THREADX */
46
47/* Uncomment next line if using Micrium uC/OS-III */
48/* #define MICRIUM */
49
50/* Uncomment next line if using Deos RTOS*/
51/* #define WOLFSSL_DEOS*/
52
53/* Uncomment next line if using Mbed */
54/* #define MBED */
55
56/* Uncomment next line if using Microchip PIC32 ethernet starter kit */
57/* #define MICROCHIP_PIC32 */
58
59/* Uncomment next line if using Microchip TCP/IP stack, version 5 */
60/* #define MICROCHIP_TCPIP_V5 */
61
62/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
63/* #define MICROCHIP_TCPIP */
64
65/* Uncomment next line if using above Microchip TCP/IP defines with BSD API */
66/* #define MICROCHIP_TCPIP_BSD_API */
67
68/* Uncomment next line if using PIC32MZ Crypto Engine */
69/* #define WOLFSSL_MICROCHIP_PIC32MZ */
70
71/* Uncomment next line if using FreeRTOS */
72/* #define FREERTOS */
73
74/* Uncomment next line if using FreeRTOS+ TCP */
75/* #define FREERTOS_TCP */
76
77/* Uncomment next line if using FreeRTOS Windows Simulator */
78/* #define FREERTOS_WINSIM */
79
80/* Uncomment next line if using RTIP */
81/* #define EBSNET */
82
83/* Uncomment next line if using lwip */
84/* #define WOLFSSL_LWIP */
85
86/* Uncomment next line if building wolfSSL for a game console */
87/* #define WOLFSSL_GAME_BUILD */
88
89/* Uncomment next line if building wolfSSL for LSR */
90/* #define WOLFSSL_LSR */
91
92/* Uncomment next line if building for Freescale Classic MQX version 5.0 */
93/* #define FREESCALE_MQX_5_0 */
94
95/* Uncomment next line if building for Freescale Classic MQX version 4.0 */
96/* #define FREESCALE_MQX_4_0 */
97
98/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */
99/* #define FREESCALE_MQX */
100
101/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */
102/* #define FREESCALE_KSDK_MQX */
103
104/* Uncomment next line if building for Freescale KSDK Bare Metal */
105/* #define FREESCALE_KSDK_BM */
106
107/* Uncomment next line if building for Freescale KSDK FreeRTOS, */
108/* (old name FREESCALE_FREE_RTOS) */
109/* #define FREESCALE_KSDK_FREERTOS */
110
111/* Uncomment next line if using STM32F2 */
112/* #define WOLFSSL_STM32F2 */
113
114/* Uncomment next line if using STM32F4 */
115/* #define WOLFSSL_STM32F4 */
116
117/* Uncomment next line if using STM32FL */
118/* #define WOLFSSL_STM32FL */
119
120/* Uncomment next line if using STM32F7 */
121/* #define WOLFSSL_STM32F7 */
122
123/* Uncomment next line if using QL SEP settings */
124/* #define WOLFSSL_QL */
125
126/* Uncomment next line if building for EROAD */
127/* #define WOLFSSL_EROAD */
128
129/* Uncomment next line if building for IAR EWARM */
130/* #define WOLFSSL_IAR_ARM */
131
132/* Uncomment next line if building for Rowley CrossWorks ARM */
133/* #define WOLFSSL_ROWLEY_ARM */
134
135/* Uncomment next line if using TI-RTOS settings */
136/* #define WOLFSSL_TIRTOS */
137
138/* Uncomment next line if building with PicoTCP */
139/* #define WOLFSSL_PICOTCP */
140
141/* Uncomment next line if building for PicoTCP demo bundle */
142/* #define WOLFSSL_PICOTCP_DEMO */
143
144/* Uncomment next line if building for uITRON4 */
145/* #define WOLFSSL_uITRON4 */
146
147/* Uncomment next line if building for uT-Kernel */
148/* #define WOLFSSL_uTKERNEL2 */
149
150/* Uncomment next line if using Max Strength build */
151/* #define WOLFSSL_MAX_STRENGTH */
152
153/* Uncomment next line if building for VxWorks */
154/* #define WOLFSSL_VXWORKS */
155
156/* Uncomment next line if building for Nordic nRF5x platform */
157/* #define WOLFSSL_NRF5x */
158
159/* Uncomment next line to enable deprecated less secure static DH suites */
160/* #define WOLFSSL_STATIC_DH */
161
162/* Uncomment next line to enable deprecated less secure static RSA suites */
163/* #define WOLFSSL_STATIC_RSA */
164
165/* Uncomment next line if building for ARDUINO */
166/* Uncomment both lines if building for ARDUINO on INTEL_GALILEO */
167/* #define WOLFSSL_ARDUINO */
168/* #define INTEL_GALILEO */
169
170/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */
171/* #define WOLFSSL_ASYNC_CRYPT */
172
173/* Uncomment next line if building for uTasker */
174/* #define WOLFSSL_UTASKER */
175
176/* Uncomment next line if building for embOS */
177/* #define WOLFSSL_EMBOS */
178
179/* Uncomment next line if building for RIOT-OS */
180/* #define WOLFSSL_RIOT_OS */
181
182/* Uncomment next line if building for using XILINX hardened crypto */
183/* #define WOLFSSL_XILINX_CRYPT */
184
185/* Uncomment next line if building for using XILINX */
186/* #define WOLFSSL_XILINX */
187
188/* Uncomment next line if building for WICED Studio. */
189/* #define WOLFSSL_WICED */
190
191/* Uncomment next line if building for Nucleus 1.2 */
192/* #define WOLFSSL_NUCLEUS_1_2 */
193
194/* Uncomment next line if building for using Apache mynewt */
195/* #define WOLFSSL_APACHE_MYNEWT */
196
197/* Uncomment next line if building for using ESP-IDF */
198/* #define WOLFSSL_ESPIDF */
199
200/* Uncomment next line if using Espressif ESP32-WROOM-32 */
201/* #define WOLFSSL_ESPWROOM32 */
202
203/* Uncomment next line if using Espressif ESP32-WROOM-32SE */
204/* #define WOLFSSL_ESPWROOM32SE */
205
206/* Uncomment next line if using ARM CRYPTOCELL*/
207/* #define WOLFSSL_CRYPTOCELL */
208
209/* Uncomment next line if using RENESAS TSIP */
210/* #define WOLFSSL_RENESAS_TSIP */
211
212/* Uncomment next line if using RENESAS RX64N */
213/* #define WOLFSSL_RENESAS_RX65N */
214
215/* Uncomment next line if using Solaris OS*/
216/* #define WOLFSSL_SOLARIS */
217
218/* Uncomment next line if building for Linux Kernel Module */
219/* #define WOLFSSL_LINUXKM */
220
221/* Uncomment next line if building for devkitPro */
222/* #define DEVKITPRO */
223
224/* Uncomment next line if building for Dolphin Emulator */
225/* #define DOLPHIN_EMULATOR */
226
227#include <wolfssl/wolfcrypt/visibility.h>
228
229#ifdef WOLFSSL_USER_SETTINGS
230 #include "user_settings.h"
231#elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
232 /* STM Configuration File (generated by CubeMX) */
233 #include "wolfSSL.I-CUBE-wolfSSL_conf.h"
234#endif
235
236/* make sure old RNG name is used with CTaoCrypt FIPS */
237#ifdef HAVE_FIPS
238 #if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)
239 #define WC_RNG RNG
240 #else
241 #ifndef WOLFSSL_STM32L4
242 #define RNG WC_RNG
243 #endif
244 #endif
245 /* blinding adds API not available yet in FIPS mode */
246 #undef WC_RSA_BLINDING
247#endif
248
249
250#if defined(_WIN32) && !defined(_M_X64) && \
251 defined(HAVE_AESGCM) && defined(WOLFSSL_AESNI)
252
253/* The _M_X64 macro is what's used in the headers for MSC to tell if it
254 * has the 64-bit versions of the 128-bit integers available. If one is
255 * building on 32-bit Windows with AES-NI, turn off the AES-GCMloop
256 * unrolling. */
257
258 #define AES_GCM_AESNI_NO_UNROLL
259#endif
260
261#ifdef IPHONE
262 #define SIZEOF_LONG_LONG 8
263#endif
264
265#ifdef THREADX
266 #define SIZEOF_LONG_LONG 8
267#endif
268
269#ifdef HAVE_NETX
270 #ifdef NEED_THREADX_TYPES
271 #include <types.h>
272 #endif
273 #include <nx_api.h>
274#endif
275
276#if defined(WOLFSSL_ESPIDF)
277 #define FREERTOS
278 #define WOLFSSL_LWIP
279 #define NO_WRITEV
280 #define SIZEOF_LONG_LONG 8
281 #define NO_WOLFSSL_DIR
282 #define WOLFSSL_NO_CURRDIR
283
284 #define TFM_TIMING_RESISTANT
285 #define ECC_TIMING_RESISTANT
286 #define WC_RSA_BLINDING
287
288#if defined(WOLFSSL_ESPWROOM32) || defined(WOLFSSL_ESPWROOM32SE)
289 #ifndef NO_ESP32WROOM32_CRYPT
290 #define WOLFSSL_ESP32WROOM32_CRYPT
291 #if defined(ESP32_USE_RSA_PRIMITIVE) && \
292 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI)
293 #define WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI
294 #define USE_FAST_MATH
295 #define WOLFSSL_SMALL_STACK
296 #endif
297 #endif
298#endif
299#endif /* WOLFSSL_ESPIDF */
300
301#if defined(WOLFSSL_RENESAS_TSIP)
302 #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
303 #define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */
304 #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */
305 #if !defined(NO_RENESAS_TSIP_CRYPT) && defined(WOLFSSL_RENESAS_RX65N)
306 #define WOLFSSL_RENESAS_TSIP_CRYPT
307 #define WOLFSSL_RENESAS_TSIP_TLS
308 #define WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT
309 #endif
310#endif
311
312#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3)
313 /* settings in user_settings.h */
314#endif
315
316#if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */
317 #define WOLFSSL_LWIP
318 #define NO_WRITEV
319 #define SINGLE_THREADED
320 #define WOLFSSL_USER_IO
321 #define NO_FILESYSTEM
322#endif
323
324#if defined(WOLFSSL_CONTIKI)
325 #include <contiki.h>
326 #define WOLFSSL_UIP
327 #define NO_WOLFSSL_MEMORY
328 #define NO_WRITEV
329 #define SINGLE_THREADED
330 #define WOLFSSL_USER_IO
331 #define NO_FILESYSTEM
332 #define CUSTOM_RAND_TYPE uint16_t
333 #define CUSTOM_RAND_GENERATE random_rand
334 static inline word32 LowResTimer(void)
335 {
336 return clock_seconds();
337 }
338#endif
339
340#if defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_ROWLEY_ARM)
341 #define NO_MAIN_DRIVER
342 #define SINGLE_THREADED
343 #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096)
344 #define USE_CERT_BUFFERS_1024
345 #endif
346 #define BENCH_EMBEDDED
347 #define NO_FILESYSTEM
348 #define NO_WRITEV
349 #define WOLFSSL_USER_IO
350 #define BENCH_EMBEDDED
351#endif
352
353#ifdef MICROCHIP_PIC32
354 /* #define WOLFSSL_MICROCHIP_PIC32MZ */
355 #define SIZEOF_LONG_LONG 8
356 #define SINGLE_THREADED
357 #ifndef MICROCHIP_TCPIP_BSD_API
358 #define WOLFSSL_USER_IO
359 #endif
360 #define NO_WRITEV
361 #define NO_DEV_RANDOM
362 #define NO_FILESYSTEM
363 #define USE_FAST_MATH
364 #define TFM_TIMING_RESISTANT
365 #define NO_BIG_INT
366#endif
367
368#ifdef WOLFSSL_MICROCHIP_PIC32MZ
369 #define WOLFSSL_HAVE_MIN
370 #define WOLFSSL_HAVE_MAX
371
372 #ifndef NO_PIC32MZ_CRYPT
373 #define WOLFSSL_PIC32MZ_CRYPT
374 #endif
375 #ifndef NO_PIC32MZ_RNG
376 #define WOLFSSL_PIC32MZ_RNG
377 #endif
378 #ifndef NO_PIC32MZ_HASH
379 #define WOLFSSL_PIC32MZ_HASH
380 #endif
381#endif
382
383#ifdef MICROCHIP_TCPIP_V5
384 /* include timer functions */
385 #include "TCPIP Stack/TCPIP.h"
386#endif
387
388#ifdef MICROCHIP_TCPIP
389 /* include timer, NTP functions */
390 #ifdef MICROCHIP_MPLAB_HARMONY
391 #include "tcpip/tcpip.h"
392 #else
393 #include "system/system_services.h"
394 #include "tcpip/sntp.h"
395 #endif
396#endif
397
398#ifdef WOLFSSL_ATECC508A
399 /* backwards compatibility */
400#ifndef WOLFSSL_ATECC_NO_ECDH_ENC
401 #define WOLFSSL_ATECC_ECDH_ENC
402#endif
403 #ifdef WOLFSSL_ATECC508A_DEBUG
404 #define WOLFSSL_ATECC_DEBUG
405 #endif
406#endif
407
408#ifdef MBED
409 #define WOLFSSL_USER_IO
410 #define NO_FILESYSTEM
411 #define NO_CERTS
412 #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096)
413 #define USE_CERT_BUFFERS_1024
414 #endif
415 #define NO_WRITEV
416 #define NO_DEV_RANDOM
417 #define NO_SHA512
418 #define NO_DH
419 /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
420 /* WOLFSSL_DH_CONST */
421 #define NO_DSA
422 #define NO_HC128
423 #define HAVE_ECC
424 #define NO_SESSION_CACHE
425 #define WOLFSSL_CMSIS_RTOS
426#endif
427
428
429#ifdef WOLFSSL_EROAD
430 #define FREESCALE_MQX
431 #define FREESCALE_MMCAU
432 #define SINGLE_THREADED
433 #define NO_STDIO_FILESYSTEM
434 #define WOLFSSL_LEANPSK
435 #define HAVE_NULL_CIPHER
436 #define NO_OLD_TLS
437 #define NO_ASN
438 #define NO_BIG_INT
439 #define NO_RSA
440 #define NO_DSA
441 #define NO_DH
442 /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
443 /* WOLFSSL_DH_CONST */
444 #define NO_CERTS
445 #define NO_PWDBASED
446 #define NO_DES3
447 #define NO_MD4
448 #define NO_RC4
449 #define NO_MD5
450 #define NO_SESSION_CACHE
451 #define NO_MAIN_DRIVER
452#endif
453
454#ifdef WOLFSSL_PICOTCP
455 #ifndef errno
456 #define errno pico_err
457 #endif
458 #include "pico_defines.h"
459 #include "pico_stack.h"
460 #include "pico_constants.h"
461 #include "pico_protocol.h"
462 #define CUSTOM_RAND_GENERATE pico_rand
463#endif
464
465#ifdef WOLFSSL_PICOTCP_DEMO
466 #define WOLFSSL_STM32
467 #define USE_FAST_MATH
468 #define TFM_TIMING_RESISTANT
469 #define XMALLOC(s, h, type) PICO_ZALLOC((s))
470 #define XFREE(p, h, type) PICO_FREE((p))
471 #define SINGLE_THREADED
472 #define NO_WRITEV
473 #define WOLFSSL_USER_IO
474 #define NO_DEV_RANDOM
475 #define NO_FILESYSTEM
476#endif
477
478#ifdef FREERTOS_WINSIM
479 #define FREERTOS
480 #define USE_WINDOWS_API
481#endif
482
483
484#ifdef WOLFSSL_VXWORKS
485 /* VxWorks simulator incorrectly detects building for i386 */
486 #ifdef VXWORKS_SIM
487 #define TFM_NO_ASM
488 #endif
489 /* For VxWorks pthreads wrappers for mutexes uncomment the next line. */
490 /* #define WOLFSSL_PTHREADS */
491 #define WOLFSSL_HAVE_MIN
492 #define WOLFSSL_HAVE_MAX
493 #define USE_FAST_MATH
494 #define TFM_TIMING_RESISTANT
495 #define NO_MAIN_DRIVER
496 #define NO_DEV_RANDOM
497 #define NO_WRITEV
498 #define HAVE_STRINGS_H
499#endif
500
501
502#ifdef WOLFSSL_ARDUINO
503 #define NO_WRITEV
504 #define NO_WOLFSSL_DIR
505 #define SINGLE_THREADED
506 #define NO_DEV_RANDOM
507 #ifndef INTEL_GALILEO /* Galileo has time.h compatibility */
508 #define TIME_OVERRIDES
509 #ifndef XTIME
510 #error "Must define XTIME externally see porting guide"
511 #error "https://www.wolfssl.com/docs/porting-guide/"
512 #endif
513 #ifndef XGMTIME
514 #error "Must define XGMTIME externally see porting guide"
515 #error "https://www.wolfssl.com/docs/porting-guide/"
516 #endif
517 #endif
518 #define WOLFSSL_USER_IO
519 #define HAVE_ECC
520 #define NO_DH
521 #define NO_SESSION_CACHE
522#endif
523
524
525#ifdef WOLFSSL_UTASKER
526 /* uTasker configuration - used for fnRandom() */
527 #include "config.h"
528
529 #define SINGLE_THREADED
530 #define NO_WOLFSSL_DIR
531 #define WOLFSSL_HAVE_MIN
532 #define NO_WRITEV
533
534 #define HAVE_ECC
535 #define ALT_ECC_SIZE
536 #define USE_FAST_MATH
537 #define TFM_TIMING_RESISTANT
538 #define ECC_TIMING_RESISTANT
539
540 /* used in wolfCrypt test */
541 #define NO_MAIN_DRIVER
542 #define USE_CERT_BUFFERS_2048
543
544 /* uTasker port uses RAW sockets, use I/O callbacks
545 * See wolfSSL uTasker example for sample callbacks */
546 #define WOLFSSL_USER_IO
547
548 /* uTasker filesystem not ported */
549 #define NO_FILESYSTEM
550
551 /* uTasker RNG is abstracted, calls HW RNG when available */
552 #define CUSTOM_RAND_GENERATE fnRandom
553 #define CUSTOM_RAND_TYPE unsigned short
554
555 /* user needs to define XTIME to function that provides
556 * seconds since Unix epoch */
557 #ifndef XTIME
558 #error XTIME must be defined in wolfSSL settings.h
559 /* #define XTIME fnSecondsSinceEpoch */
560 #endif
561
562 /* use uTasker std library replacements where available */
563 #define STRING_USER
564 #define XMEMCPY(d,s,l) uMemcpy((d),(s),(l))
565 #define XMEMSET(b,c,l) uMemset((b),(c),(l))
566 #define XMEMCMP(s1,s2,n) uMemcmp((s1),(s2),(n))
567 #define XMEMMOVE(d,s,l) memmove((d),(s),(l))
568
569 #define XSTRLEN(s1) uStrlen((s1))
570 #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
571 #define XSTRSTR(s1,s2) strstr((s1),(s2))
572 #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
573 #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
574 #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
575 #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
576 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \
577 || defined(HAVE_ALPN)
578 #define XSTRTOK strtok_r
579 #endif
580#endif
581
582#ifdef WOLFSSL_EMBOS
583 #define NO_FILESYSTEM /* Not ported at this time */
584 #define USE_CERT_BUFFERS_2048 /* use when NO_FILESYSTEM */
585 #define NO_MAIN_DRIVER
586 #define NO_RC4
587 #define SINGLE_THREADED /* Not ported at this time */
588#endif
589
590#ifdef WOLFSSL_RIOT_OS
591 #define NO_WRITEV
592 #define TFM_NO_ASM
593 #define NO_FILESYSTEM
594 #define USE_CERT_BUFFERS_2048
595 #if defined(WOLFSSL_GNRC) && !defined(WOLFSSL_DTLS)
596 #define WOLFSSL_DTLS
597 #endif
598#endif
599
600#ifdef WOLFSSL_CHIBIOS
601 /* ChibiOS definitions. This file is distributed with chibiOS. */
602 #include "wolfssl_chibios.h"
603#endif
604
605#ifdef WOLFSSL_PB
606 /* PB is using older 1.2 version of Nucleus */
607 #undef WOLFSSL_NUCLEUS
608 #define WOLFSSL_NUCLEUS_1_2
609#endif
610
611#ifdef WOLFSSL_NUCLEUS_1_2
612 #define NO_WRITEV
613 #define NO_WOLFSSL_DIR
614
615 #if !defined(NO_ASN_TIME) && !defined(USER_TIME)
616 #error User must define XTIME, see manual
617 #endif
618
619 #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER)
620 extern void* nucleus_malloc(unsigned long size, void* heap, int type);
621 extern void* nucleus_realloc(void* ptr, unsigned long size, void* heap,
622 int type);
623 extern void nucleus_free(void* ptr, void* heap, int type);
624
625 #define XMALLOC(s, h, type) nucleus_malloc((s), (h), (type))
626 #define XREALLOC(p, n, h, t) nucleus_realloc((p), (n), (h), (t))
627 #define XFREE(p, h, type) nucleus_free((p), (h), (type))
628 #endif
629#endif
630
631#ifdef WOLFSSL_NRF5x
632 #define SIZEOF_LONG 4
633 #define SIZEOF_LONG_LONG 8
634 #define NO_DEV_RANDOM
635 #define NO_FILESYSTEM
636 #define NO_MAIN_DRIVER
637 #define NO_WRITEV
638 #define SINGLE_THREADED
639 #define USE_FAST_MATH
640 #define TFM_TIMING_RESISTANT
641 #define WOLFSSL_NRF51
642 #define WOLFSSL_USER_IO
643 #define NO_SESSION_CACHE
644#endif
645
646/* Micrium will use Visual Studio for compilation but not the Win32 API */
647#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
648 !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
649 !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
650 #define USE_WINDOWS_API
651#endif
652
653#if defined(WOLFSSL_uITRON4)
654
655#define XMALLOC_USER
656#include <stddef.h>
657#define ITRON_POOL_SIZE 1024*20
658extern int uITRON4_minit(size_t poolsz) ;
659extern void *uITRON4_malloc(size_t sz) ;
660extern void *uITRON4_realloc(void *p, size_t sz) ;
661extern void uITRON4_free(void *p) ;
662
663#define XMALLOC(sz, heap, type) uITRON4_malloc(sz)
664#define XREALLOC(p, sz, heap, type) uITRON4_realloc(p, sz)
665#define XFREE(p, heap, type) uITRON4_free(p)
666#endif
667
668#if defined(WOLFSSL_uTKERNEL2)
669 #ifndef NO_TKERNEL_MEM_POOL
670 #define XMALLOC_OVERRIDE
671 int uTKernel_init_mpool(unsigned int sz); /* initializing malloc pool */
672 void* uTKernel_malloc(unsigned int sz);
673 void* uTKernel_realloc(void *p, unsigned int sz);
674 void uTKernel_free(void *p);
675 #define XMALLOC(s, h, type) uTKernel_malloc((s))
676 #define XREALLOC(p, n, h, t) uTKernel_realloc((p), (n))
677 #define XFREE(p, h, type) uTKernel_free((p))
678 #endif
679
680 #ifndef NO_STDIO_FGETS_REMAP
681 #include <stdio.h>
682 #include "tm/tmonitor.h"
683
684 /* static char* gets(char *buff); */
685 static char* fgets(char *buff, int sz, XFILE fp) {
686 char * s = buff;
687 *s = '\0';
688 while (1) {
689 *s = tm_getchar(-1);
690 tm_putchar(*s);
691 if (*s == '\r') {
692 tm_putchar('\n');
693 *s = '\0';
694 break;
695 }
696 s++;
697 }
698 return buff;
699 }
700 #endif /* !NO_STDIO_FGETS_REMAP */
701#endif
702
703
704#if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) && \
705 !defined(NO_WOLFSSL_MEMORY)
706 #include <stdlib.h>
707 #define XMALLOC(s, h, type) malloc((s))
708 #define XFREE(p, h, type) free((p))
709 #define XREALLOC(p, n, h, t) realloc((p), (n))
710#endif
711
712#if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
713 #undef XMALLOC
714 #define XMALLOC yaXMALLOC
715 #undef XFREE
716 #define XFREE yaXFREE
717 #undef XREALLOC
718 #define XREALLOC yaXREALLOC
719#endif
720
721
722#ifdef FREERTOS
723 #include "FreeRTOS.h"
724
725 #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
726 !defined(WOLFSSL_STATIC_MEMORY)
727 #define XMALLOC(s, h, type) pvPortMalloc((s))
728 #define XFREE(p, h, type) vPortFree((p))
729 /* FreeRTOS pvPortRealloc() implementation can be found here:
730 https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
731 #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || \
732 defined(HAVE_ED448)
733 #if defined(WOLFSSL_ESPIDF)
734 /*In IDF, realloc(p, n) is equivalent to
735 heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */
736 #define XREALLOC(p, n, h, t) realloc((p), (n))
737 #else
738 #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
739 #endif
740 #endif
741 #endif
742
743 #ifndef NO_WRITEV
744 #define NO_WRITEV
745 #endif
746 #ifndef HAVE_SHA512
747 #ifndef NO_SHA512
748 #define NO_SHA512
749 #endif
750 #endif
751 #ifndef HAVE_DH
752 #ifndef NO_DH
753 #define NO_DH
754 #endif
755 #endif
756 #ifndef NO_DSA
757 #define NO_DSA
758 #endif
759 #ifndef NO_HC128
760 #define NO_HC128
761 #endif
762
763 #ifndef SINGLE_THREADED
764 #include "semphr.h"
765 #endif
766#endif
767
768#ifdef FREERTOS_TCP
769 #if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER) && \
770 !defined(WOLFSSL_STATIC_MEMORY)
771 #define XMALLOC(s, h, type) pvPortMalloc((s))
772 #define XFREE(p, h, type) vPortFree((p))
773 #endif
774
775 #define WOLFSSL_GENSEED_FORTEST
776
777 #define NO_WOLFSSL_DIR
778 #define NO_WRITEV
779 #define USE_FAST_MATH
780 #define TFM_TIMING_RESISTANT
781 #define NO_MAIN_DRIVER
782#endif
783
784#ifdef WOLFSSL_TIRTOS
785 #define SIZEOF_LONG_LONG 8
786 #define NO_WRITEV
787 #define NO_WOLFSSL_DIR
788 #define USE_FAST_MATH
789 #define TFM_TIMING_RESISTANT
790 #define ECC_TIMING_RESISTANT
791 #define WC_RSA_BLINDING
792 #define NO_DEV_RANDOM
793 #define NO_FILESYSTEM
794 #define USE_CERT_BUFFERS_2048
795 #define NO_ERROR_STRINGS
796 /* Uncomment this setting if your toolchain does not offer time.h header */
797 /* #define USER_TIME */
798 #define HAVE_ECC
799 #define HAVE_ALPN
800 #define USE_WOLF_STRTOK /* use with HAVE_ALPN */
801 #define HAVE_TLS_EXTENSIONS
802 #define HAVE_AESGCM
803 #ifdef WOLFSSL_TI_CRYPT
804 #define NO_GCM_ENCRYPT_EXTRA
805 #define NO_PUBLIC_GCM_SET_IV
806 #define NO_PUBLIC_CCM_SET_NONCE
807 #endif
808 #define HAVE_SUPPORTED_CURVES
809 #define ALT_ECC_SIZE
810
811 #ifdef __IAR_SYSTEMS_ICC__
812 #pragma diag_suppress=Pa089
813 #elif !defined(__GNUC__)
814 /* Suppress the sslpro warning */
815 #pragma diag_suppress=11
816 #endif
817
818 #include <ti/sysbios/hal/Seconds.h>
819#endif
820
821#ifdef EBSNET
822 #include "rtip.h"
823
824 /* #define DEBUG_WOLFSSL */
825 #define NO_WOLFSSL_DIR /* tbd */
826
827 #if (POLLOS)
828 #define SINGLE_THREADED
829 #endif
830
831 #if (RTPLATFORM)
832 #if (!RTP_LITTLE_ENDIAN)
833 #define BIG_ENDIAN_ORDER
834 #endif
835 #else
836 #if (!KS_LITTLE_ENDIAN)
837 #define BIG_ENDIAN_ORDER
838 #endif
839 #endif
840
841 #if (WINMSP3)
842 #undef SIZEOF_LONG
843 #define SIZEOF_LONG_LONG 8
844 #else
845 #if !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
846 #error settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG
847 #endif
848 #endif
849
850 #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC))
851 #define XFREE(p, h, type) (rtp_free(p))
852 #define XREALLOC(p, n, h, t) (rtp_realloc((p), (n)))
853
854 #if (WINMSP3)
855 #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
856 #else
857 #ifndef XSTRNCASECMP
858 #error settings.h - please implement XSTRNCASECMP - needed for HAVE_ECC
859 #endif
860 #endif
861
862 #define WOLFSSL_HAVE_MAX
863 #define WOLFSSL_HAVE_MIN
864
865 #define USE_FAST_MATH
866 #define TFM_TIMING_RESISTANT
867 #define WC_RSA_BLINDING
868 #define ECC_TIMING_RESISTANT
869
870 #define HAVE_ECC
871
872#endif /* EBSNET */
873
874#ifdef WOLFSSL_GAME_BUILD
875 #define SIZEOF_LONG_LONG 8
876 #if defined(__PPU) || defined(__XENON)
877 #define BIG_ENDIAN_ORDER
878 #endif
879#endif
880
881#ifdef WOLFSSL_LSR
882 #define HAVE_WEBSERVER
883 #define SIZEOF_LONG_LONG 8
884 #define WOLFSSL_LOW_MEMORY
885 #define NO_WRITEV
886 #define NO_SHA512
887 #define NO_DH
888 /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
889 /* WOLFSSL_DH_CONST */
890 #define NO_DSA
891 #define NO_HC128
892 #define NO_DEV_RANDOM
893 #define NO_WOLFSSL_DIR
894 #define NO_RABBIT
895 #ifndef NO_FILESYSTEM
896 #define LSR_FS
897 #include "inc/hw_types.h"
898 #include "fs.h"
899 #endif
900 #define WOLFSSL_LWIP
901 #include <errno.h> /* for tcp errno */
902 #define WOLFSSL_SAFERTOS
903 #if defined(__IAR_SYSTEMS_ICC__)
904 /* enum uses enum */
905 #pragma diag_suppress=Pa089
906 #endif
907#endif
908
909#ifdef WOLFSSL_SAFERTOS
910 #ifndef SINGLE_THREADED
911 #include "SafeRTOS/semphr.h"
912 #endif
913 #ifndef WOLFSSL_NO_MALLOC
914 #include "SafeRTOS/heap.h"
915 #endif
916 #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
917 !defined(WOLFSSL_STATIC_MEMORY)
918 #define XMALLOC(s, h, type) pvPortMalloc((s))
919 #define XFREE(p, h, type) vPortFree((p))
920
921 /* FreeRTOS pvPortRealloc() implementation can be found here:
922 https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
923 #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || \
924 defined(HAVE_ED448)
925 #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
926 #endif
927 #endif
928#endif
929
930#ifdef WOLFSSL_LOW_MEMORY
931 #undef RSA_LOW_MEM
932 #define RSA_LOW_MEM
933 #undef WOLFSSL_SMALL_STACK
934 #define WOLFSSL_SMALL_STACK
935 #undef TFM_TIMING_RESISTANT
936 #define TFM_TIMING_RESISTANT
937#endif
938
939/* To support storing some of the large constant tables in flash memory rather than SRAM.
940 Useful for processors that have limited SRAM, such as the AVR family of microtrollers. */
941#ifdef WOLFSSL_USE_FLASHMEM
942 /* This is supported on the avr-gcc compiler, for more information see:
943 https://gcc.gnu.org/onlinedocs/gcc/Named-Address-Spaces.html */
944 #define FLASH_QUALIFIER __flash
945
946 /* Copy data out of flash memory and into SRAM */
947 #define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size))
948#else
949 #define FLASH_QUALIFIER
950#endif
951
952#ifdef FREESCALE_MQX_5_0
953 /* use normal Freescale MQX port, but with minor changes for 5.0 */
954 #define FREESCALE_MQX
955#endif
956
957#ifdef FREESCALE_MQX_4_0
958 /* use normal Freescale MQX port, but with minor changes for 4.0 */
959 #define FREESCALE_MQX
960#endif
961
962#ifdef FREESCALE_MQX
963 #define FREESCALE_COMMON
964 #include "mqx.h"
965 #ifndef NO_FILESYSTEM
966 #include "mfs.h"
967 #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \
968 defined(FREESCALE_MQX_5_0)
969 #include "fio.h"
970 #define NO_STDIO_FILESYSTEM
971 #else
972 #include "nio.h"
973 #endif
974 #endif
975 #ifndef SINGLE_THREADED
976 #include "mutex.h"
977 #endif
978
979 #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER)
980 #define XMALLOC_OVERRIDE
981 #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s))
982 #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));}
983 /* Note: MQX has no realloc, using fastmath above */
984 #endif
985 #ifdef USE_FAST_MATH
986 /* Undef first to avoid re-definition if user_settings.h defines */
987 #undef TFM_TIMING_RESISTANT
988 #define TFM_TIMING_RESISTANT
989 #undef ECC_TIMING_RESISTANT
990 #define ECC_TIMING_RESISTANT
991 #undef WC_RSA_BLINDING
992 #define WC_RSA_BLINDING
993 #endif
994#endif
995
996#ifdef FREESCALE_KSDK_MQX
997 #define FREESCALE_COMMON
998 #include <mqx.h>
999 #ifndef NO_FILESYSTEM
1000 #if (defined(MQX_USE_IO_OLD) && MQX_USE_IO_OLD) || \
1001 defined(FREESCALE_MQX_5_0)
1002 #include <fio.h>
1003 #else
1004 #include <stdio.h>
1005 #include <nio.h>
1006 #endif
1007 #endif
1008 #ifndef SINGLE_THREADED
1009 #include <mutex.h>
1010 #endif
1011
1012 #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s))
1013 #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));}
1014 #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */
1015
1016 #define MQX_FILE_PTR FILE *
1017 #define IO_SEEK_SET SEEK_SET
1018 #define IO_SEEK_END SEEK_END
1019#endif /* FREESCALE_KSDK_MQX */
1020
1021#if defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
1022 #define NO_FILESYSTEM
1023 #define WOLFSSL_CRYPT_HW_MUTEX 1
1024
1025 #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY)
1026 #define XMALLOC(s, h, type) pvPortMalloc((s))
1027 #define XFREE(p, h, type) vPortFree((p))
1028 #endif
1029
1030 //#define USER_TICKS
1031 /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
1032 /* WOLFSSL_DH_CONST */
1033 #define WOLFSSL_LWIP
1034 #define FREERTOS_TCP
1035
1036 #define FREESCALE_FREE_RTOS
1037 #define FREERTOS_SOCKET_ERROR ( -1 )
1038 #define FREERTOS_EWOULDBLOCK ( -2 )
1039 #define FREERTOS_EINVAL ( -4 )
1040 #define FREERTOS_EADDRNOTAVAIL ( -5 )
1041 #define FREERTOS_EADDRINUSE ( -6 )
1042 #define FREERTOS_ENOBUFS ( -7 )
1043 #define FREERTOS_ENOPROTOOPT ( -8 )
1044#endif /* FREESCALE_FREE_RTOS || FREESCALE_KSDK_FREERTOS */
1045
1046#ifdef FREESCALE_KSDK_BM
1047 #define FREESCALE_COMMON
1048 #define WOLFSSL_USER_IO
1049 #define SINGLE_THREADED
1050 #define NO_FILESYSTEM
1051 #ifndef TIME_OVERRIDES
1052 #define USER_TICKS
1053 #endif
1054#endif /* FREESCALE_KSDK_BM */
1055
1056#ifdef FREESCALE_COMMON
1057 #define SIZEOF_LONG_LONG 8
1058
1059 /* disable features */
1060 #undef NO_WRITEV
1061 #define NO_WRITEV
1062 #undef NO_DEV_RANDOM
1063 #define NO_DEV_RANDOM
1064 #undef NO_RABBIT
1065 #define NO_RABBIT
1066 #undef NO_WOLFSSL_DIR
1067 #define NO_WOLFSSL_DIR
1068 #undef NO_RC4
1069 #define NO_RC4
1070
1071 /* enable features */
1072 #undef USE_FAST_MATH
1073 #define USE_FAST_MATH
1074
1075 #define USE_CERT_BUFFERS_2048
1076 #define BENCH_EMBEDDED
1077
1078 #define TFM_TIMING_RESISTANT
1079 #define ECC_TIMING_RESISTANT
1080
1081 #undef HAVE_ECC
1082 #ifndef WOLFCRYPT_FIPS_RAND
1083 #define HAVE_ECC
1084 #endif
1085 #ifndef NO_AES
1086 #undef HAVE_AESCCM
1087 #define HAVE_AESCCM
1088 #undef HAVE_AESGCM
1089 #define HAVE_AESGCM
1090 #undef WOLFSSL_AES_COUNTER
1091 #define WOLFSSL_AES_COUNTER
1092 #undef WOLFSSL_AES_DIRECT
1093 #define WOLFSSL_AES_DIRECT
1094 #endif
1095
1096 #ifdef FREESCALE_KSDK_1_3
1097 #include "fsl_device_registers.h"
1098 #elif !defined(FREESCALE_MQX)
1099 /* Classic MQX does not have fsl_common.h */
1100 #include "fsl_common.h"
1101 #endif
1102
1103 /* random seed */
1104 #define NO_OLD_RNGNAME
1105 #if defined(FREESCALE_NO_RNG)
1106 /* nothing to define */
1107 #elif defined(FSL_FEATURE_SOC_TRNG_COUNT) && (FSL_FEATURE_SOC_TRNG_COUNT > 0)
1108 #define FREESCALE_KSDK_2_0_TRNG
1109 #elif defined(FSL_FEATURE_SOC_RNG_COUNT) && (FSL_FEATURE_SOC_RNG_COUNT > 0)
1110 #ifdef FREESCALE_KSDK_1_3
1111 #include "fsl_rnga_driver.h"
1112 #define FREESCALE_RNGA
1113 #define RNGA_INSTANCE (0)
1114 #else
1115 #define FREESCALE_KSDK_2_0_RNGA
1116 #endif
1117 #elif !defined(FREESCALE_KSDK_BM) && !defined(FREESCALE_FREE_RTOS) && !defined(FREESCALE_KSDK_FREERTOS)
1118 #define FREESCALE_RNGA
1119 #define RNGA_INSTANCE (0)
1120 /* defaulting to K70 RNGA, user should change if different */
1121 /* #define FREESCALE_K53_RNGB */
1122 #define FREESCALE_K70_RNGA
1123 #endif
1124
1125 /* HW crypto */
1126 /* automatic enable based on Kinetis feature */
1127 /* if case manual selection is required, for example for benchmarking purposes,
1128 * just define FREESCALE_USE_MMCAU or FREESCALE_USE_LTC or none of these two macros (for software only)
1129 * both can be enabled simultaneously as LTC has priority over MMCAU in source code.
1130 */
1131 /* #define FSL_HW_CRYPTO_MANUAL_SELECTION */
1132 #ifndef FSL_HW_CRYPTO_MANUAL_SELECTION
1133 #if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && FSL_FEATURE_SOC_MMCAU_COUNT
1134 #define FREESCALE_USE_MMCAU
1135 #endif
1136
1137 #if defined(FSL_FEATURE_SOC_LTC_COUNT) && FSL_FEATURE_SOC_LTC_COUNT
1138 #define FREESCALE_USE_LTC
1139 #endif
1140 #else
1141 /* #define FREESCALE_USE_MMCAU */
1142 /* #define FREESCALE_USE_LTC */
1143 #endif
1144#endif /* FREESCALE_COMMON */
1145
1146/* Classic pre-KSDK mmCAU library */
1147#ifdef FREESCALE_USE_MMCAU_CLASSIC
1148 #define FREESCALE_USE_MMCAU
1149 #define FREESCALE_MMCAU_CLASSIC
1150 #define FREESCALE_MMCAU_CLASSIC_SHA
1151#endif
1152
1153/* KSDK mmCAU library */
1154#ifdef FREESCALE_USE_MMCAU
1155 /* AES and DES */
1156 #define FREESCALE_MMCAU
1157 /* MD5, SHA-1 and SHA-256 */
1158 #define FREESCALE_MMCAU_SHA
1159#endif /* FREESCALE_USE_MMCAU */
1160
1161#ifdef FREESCALE_USE_LTC
1162 #if defined(FSL_FEATURE_SOC_LTC_COUNT) && FSL_FEATURE_SOC_LTC_COUNT
1163 #define FREESCALE_LTC
1164 #define LTC_BASE LTC0
1165
1166 #if defined(FSL_FEATURE_LTC_HAS_DES) && FSL_FEATURE_LTC_HAS_DES
1167 #define FREESCALE_LTC_DES
1168 #endif
1169
1170 #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM
1171 #define FREESCALE_LTC_AES_GCM
1172 #endif
1173
1174 #if defined(FSL_FEATURE_LTC_HAS_SHA) && FSL_FEATURE_LTC_HAS_SHA
1175 #define FREESCALE_LTC_SHA
1176 #endif
1177
1178 #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA
1179 #ifndef WOLFCRYPT_FIPS_RAND
1180 #define FREESCALE_LTC_ECC
1181 #endif
1182 #define FREESCALE_LTC_TFM
1183
1184 /* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic.
1185 the LTC_MAX_INT_BYTES defines the size of local variables that hold big integers. */
1186 /* size is multiplication of 2 big ints */
1187 #if !defined(NO_RSA) || !defined(NO_DH)
1188 #define LTC_MAX_INT_BYTES (256*2)
1189 #else
1190 #define LTC_MAX_INT_BYTES (48*2)
1191 #endif
1192
1193 /* This FREESCALE_LTC_TFM_RSA_4096_ENABLE macro can be defined.
1194 * In such a case both software and hardware algorithm
1195 * for TFM is linked in. The decision for which algorithm is used is determined at runtime
1196 * from size of inputs. If inputs and result can fit into LTC (see LTC_MAX_INT_BYTES)
1197 * then we call hardware algorithm, otherwise we call software algorithm.
1198 *
1199 * Chinese reminder theorem is used to break RSA 4096 exponentiations (both public and private key)
1200 * into several computations with 2048-bit modulus and exponents.
1201 */
1202 /* #define FREESCALE_LTC_TFM_RSA_4096_ENABLE */
1203
1204 /* ECC-384, ECC-256, ECC-224 and ECC-192 have been enabled with LTC PKHA acceleration */
1205 #ifdef HAVE_ECC
1206 #undef ECC_TIMING_RESISTANT
1207 #define ECC_TIMING_RESISTANT
1208
1209 /* the LTC PKHA hardware limit is 512 bits (64 bytes) for ECC.
1210 the LTC_MAX_ECC_BITS defines the size of local variables that hold ECC parameters
1211 and point coordinates */
1212 #ifndef LTC_MAX_ECC_BITS
1213 #define LTC_MAX_ECC_BITS (384)
1214 #endif
1215
1216 /* Enable curves up to 384 bits */
1217 #if !defined(ECC_USER_CURVES) && !defined(HAVE_ALL_CURVES)
1218 #define ECC_USER_CURVES
1219 #define HAVE_ECC192
1220 #define HAVE_ECC224
1221 #undef NO_ECC256
1222 #define HAVE_ECC384
1223 #endif
1224 #endif
1225 #endif
1226 #endif
1227#endif /* FREESCALE_USE_LTC */
1228
1229#ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE
1230 #undef USE_CERT_BUFFERS_4096
1231 #define USE_CERT_BUFFERS_4096
1232 #undef FP_MAX_BITS
1233 #define FP_MAX_BITS (8192)
1234 #undef SP_INT_BITS
1235 #define SP_INT_BITS (4096)
1236
1237 #undef NO_DH
1238 #define NO_DH
1239 #undef NO_DSA
1240 #define NO_DSA
1241#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
1242
1243/* if LTC has AES engine but doesn't have GCM, use software with LTC AES ECB mode */
1244#if defined(FREESCALE_USE_LTC) && !defined(FREESCALE_LTC_AES_GCM)
1245 #define GCM_TABLE
1246#endif
1247
1248#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
1249 defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
1250 defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
1251 defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \
1252 defined(WOLFSSL_STM32G0)
1253
1254 #define SIZEOF_LONG_LONG 8
1255 #ifndef CHAR_BIT
1256 #define CHAR_BIT 8
1257 #endif
1258 #define NO_DEV_RANDOM
1259 #define NO_WOLFSSL_DIR
1260 #undef NO_RABBIT
1261 #define NO_RABBIT
1262 #ifndef NO_STM32_RNG
1263 #undef STM32_RNG
1264 #define STM32_RNG
1265 #ifdef WOLFSSL_STM32F427_RNG
1266 #include "stm32f427xx.h"
1267 #endif
1268 #endif
1269 #ifndef NO_STM32_CRYPTO
1270 #undef STM32_CRYPTO
1271 #define STM32_CRYPTO
1272
1273 #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
1274 defined(WOLFSSL_STM32WB)
1275 #define NO_AES_192 /* hardware does not support 192-bit */
1276 #endif
1277 #endif
1278 #ifndef NO_STM32_HASH
1279 #undef STM32_HASH
1280 #define STM32_HASH
1281 #endif
1282 #if !defined(__GNUC__) && !defined(__ICCARM__)
1283 #define KEIL_INTRINSICS
1284 #endif
1285 #define NO_OLD_RNGNAME
1286 #ifdef WOLFSSL_STM32_CUBEMX
1287 #if defined(WOLFSSL_STM32F1)
1288 #include "stm32f1xx_hal.h"
1289 #elif defined(WOLFSSL_STM32F2)
1290 #include "stm32f2xx_hal.h"
1291 #elif defined(WOLFSSL_STM32L5)
1292 #include "stm32l5xx_hal.h"
1293 #elif defined(WOLFSSL_STM32L4)
1294 #include "stm32l4xx_hal.h"
1295 #elif defined(WOLFSSL_STM32F4)
1296 #include "stm32f4xx_hal.h"
1297 #elif defined(WOLFSSL_STM32F7)
1298 #include "stm32f7xx_hal.h"
1299 #elif defined(WOLFSSL_STM32F1)
1300 #include "stm32f1xx_hal.h"
1301 #elif defined(WOLFSSL_STM32H7)
1302 #include "stm32h7xx_hal.h"
1303 #elif defined(WOLFSSL_STM32WB)
1304 #include "stm32wbxx_hal.h"
1305 #elif defined(WOLFSSL_STM32G0)
1306 #include "stm32g0xx_hal.h"
1307 #endif
1308 #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
1309 #include "stm32l4xx_ll_rng.h"
1310 #endif
1311
1312 #ifndef STM32_HAL_TIMEOUT
1313 #define STM32_HAL_TIMEOUT 0xFF
1314 #endif
1315 #else
1316 #if defined(WOLFSSL_STM32F2)
1317 #include "stm32f2xx.h"
1318 #ifdef STM32_CRYPTO
1319 #include "stm32f2xx_cryp.h"
1320 #endif
1321 #ifdef STM32_HASH
1322 #include "stm32f2xx_hash.h"
1323 #endif
1324 #elif defined(WOLFSSL_STM32F4)
1325 #include "stm32f4xx.h"
1326 #ifdef STM32_CRYPTO
1327 #include "stm32f4xx_cryp.h"
1328 #endif
1329 #ifdef STM32_HASH
1330 #include "stm32f4xx_hash.h"
1331 #endif
1332 #elif defined(WOLFSSL_STM32L5)
1333 #include "stm32l5xx.h"
1334 #ifdef STM32_CRYPTO
1335 #include "stm32l5xx_cryp.h"
1336 #endif
1337 #ifdef STM32_HASH
1338 #include "stm32l5xx_hash.h"
1339 #endif
1340 #elif defined(WOLFSSL_STM32L4)
1341 #include "stm32l4xx.h"
1342 #ifdef STM32_CRYPTO
1343 #include "stm32l4xx_cryp.h"
1344 #endif
1345 #ifdef STM32_HASH
1346 #include "stm32l4xx_hash.h"
1347 #endif
1348 #elif defined(WOLFSSL_STM32F7)
1349 #include "stm32f7xx.h"
1350 #elif defined(WOLFSSL_STM32H7)
1351 #include "stm32h7xx.h"
1352 #elif defined(WOLFSSL_STM32F1)
1353 #include "stm32f1xx.h"
1354 #endif
1355 #endif /* WOLFSSL_STM32_CUBEMX */
1356#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
1357 WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB ||
1358 WOLFSSL_STM32H7 || WOLFSSL_STM32G0 */
1359#ifdef WOLFSSL_DEOS
1360 #include <deos.h>
1361 #include <timeout.h>
1362 #include <socketapi.h>
1363 #include <lwip-socket.h>
1364 #include <mem.h>
1365 #include <string.h>
1366 #include <stdlib.h> /* for rand_r: pseudo-random number generator */
1367 #include <stdio.h> /* for snprintf */
1368
1369 /* use external memory XMALLOC, XFREE and XREALLOC functions */
1370 #define XMALLOC_USER
1371
1372 /* disable fall-back case, malloc, realloc and free are unavailable */
1373 #define WOLFSSL_NO_MALLOC
1374
1375 /* file system has not been ported since it is a separate product. */
1376
1377 #define NO_FILESYSTEM
1378
1379 #ifdef NO_FILESYSTEM
1380 #define NO_WOLFSSL_DIR
1381 #define NO_WRITEV
1382 #endif
1383
1384 #define USE_FAST_MATH
1385 #define TFM_TIMING_RESISTANT
1386 #define ECC_TIMING_RESISTANT
1387 #define WC_RSA_BLINDING
1388
1389 #define HAVE_ECC
1390 #define TFM_ECC192
1391 #define TFM_ECC224
1392 #define TFM_ECC256
1393 #define TFM_ECC384
1394 #define TFM_ECC521
1395
1396 #define HAVE_TLS_EXTENSIONS
1397 #define HAVE_SUPPORTED_CURVES
1398 #define HAVE_EXTENDED_MASTER
1399
1400 #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
1401 #define BIG_ENDIAN_ORDER
1402 #else
1403 #undef BIG_ENDIAN_ORDER
1404 #define LITTLE_ENDIAN_ORDER
1405 #endif
1406#endif /* WOLFSSL_DEOS*/
1407
1408#ifdef MICRIUM
1409 #include <stdlib.h>
1410 #include <os.h>
1411 #if defined(RTOS_MODULE_NET_AVAIL) || (APP_CFG_TCPIP_EN == DEF_ENABLED)
1412 #include <net_cfg.h>
1413 #include <net_sock.h>
1414 #if (OS_VERSION < 50000)
1415 #include <net_err.h>
1416 #endif
1417 #endif
1418 #include <lib_mem.h>
1419 #include <lib_math.h>
1420 #include <lib_str.h>
1421 #include <stdio.h>
1422 #include <string.h>
1423
1424 #define USE_FAST_MATH
1425 #define TFM_TIMING_RESISTANT
1426 #define ECC_TIMING_RESISTANT
1427 #define WC_RSA_BLINDING
1428 #define HAVE_HASHDRBG
1429
1430 #define HAVE_ECC
1431 #define ALT_ECC_SIZE
1432 #define TFM_ECC192
1433 #define TFM_ECC224
1434 #define TFM_ECC256
1435 #define TFM_ECC384
1436 #define TFM_ECC521
1437
1438 #define NO_RC4
1439 #define HAVE_TLS_EXTENSIONS
1440 #define HAVE_SUPPORTED_CURVES
1441 #define HAVE_EXTENDED_MASTER
1442
1443 #define NO_WOLFSSL_DIR
1444 #define NO_WRITEV
1445
1446 #if ! defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(CUSTOM_RAND_GENERATE)
1447 #define CUSTOM_RAND_TYPE RAND_NBR
1448 #define CUSTOM_RAND_GENERATE Math_Rand
1449 #endif
1450 #define STRING_USER
1451 #define XSTRLEN(pstr) ((CPU_SIZE_T)Str_Len((CPU_CHAR *)(pstr)))
1452 #define XSTRNCPY(pstr_dest, pstr_src, len_max) \
1453 ((CPU_CHAR *)Str_Copy_N((CPU_CHAR *)(pstr_dest), \
1454 (CPU_CHAR *)(pstr_src), (CPU_SIZE_T)(len_max)))
1455 #define XSTRNCMP(pstr_1, pstr_2, len_max) \
1456 ((CPU_INT16S)Str_Cmp_N((CPU_CHAR *)(pstr_1), \
1457 (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))
1458 #define XSTRNCASECMP(pstr_1, pstr_2, len_max) \
1459 ((CPU_INT16S)Str_CmpIgnoreCase_N((CPU_CHAR *)(pstr_1), \
1460 (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))
1461 #define XSTRSTR(pstr, pstr_srch) \
1462 ((CPU_CHAR *)Str_Str((CPU_CHAR *)(pstr), \
1463 (CPU_CHAR *)(pstr_srch)))
1464 #define XSTRNSTR(pstr, pstr_srch, len_max) \
1465 ((CPU_CHAR *)Str_Str_N((CPU_CHAR *)(pstr), \
1466 (CPU_CHAR *)(pstr_srch),(CPU_SIZE_T)(len_max)))
1467 #define XSTRNCAT(pstr_dest, pstr_cat, len_max) \
1468 ((CPU_CHAR *)Str_Cat_N((CPU_CHAR *)(pstr_dest), \
1469 (const CPU_CHAR *)(pstr_cat),(CPU_SIZE_T)(len_max)))
1470 #define XMEMSET(pmem, data_val, size) \
1471 ((void)Mem_Set((void *)(pmem), \
1472 (CPU_INT08U) (data_val), \
1473 (CPU_SIZE_T)(size)))
1474 #define XMEMCPY(pdest, psrc, size) ((void)Mem_Copy((void *)(pdest), \
1475 (void *)(psrc), (CPU_SIZE_T)(size)))
1476
1477 #if (OS_VERSION < 50000)
1478 #define XMEMCMP(pmem_1, pmem_2, size) \
1479 (((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \
1480 (void *)(pmem_2), \
1481 (CPU_SIZE_T)(size))) ? DEF_NO : DEF_YES)
1482 #else
1483 /* Work around for Micrium OS version 5.8 change in behavior
1484 * that returns DEF_NO for 0 size compare
1485 */
1486 #define XMEMCMP(pmem_1, pmem_2, size) \
1487 (( (size < 1 ) || \
1488 ((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \
1489 (void *)(pmem_2), \
1490 (CPU_SIZE_T)(size)) == DEF_YES)) \
1491 ? 0 : 1)
1492 #define XSNPRINTF snprintf
1493 #endif
1494
1495 #define XMEMMOVE XMEMCPY
1496
1497 #if (OS_CFG_MUTEX_EN == DEF_DISABLED)
1498 #define SINGLE_THREADED
1499 #endif
1500
1501 #if (CPU_CFG_ENDIAN_TYPE == CPU_ENDIAN_TYPE_BIG)
1502 #define BIG_ENDIAN_ORDER
1503 #else
1504 #undef BIG_ENDIAN_ORDER
1505 #define LITTLE_ENDIAN_ORDER
1506 #endif
1507#endif /* MICRIUM */
1508
1509#if defined(sun) || defined(__sun)
1510# if defined(__SVR4) || defined(__svr4__)
1511 /* Solaris */
1512 #ifndef WOLFSSL_SOLARIS
1513 #define WOLFSSL_SOLARIS
1514 #endif
1515# else
1516 /* SunOS */
1517# endif
1518#endif
1519
1520#ifdef WOLFSSL_SOLARIS
1521 /* Avoid naming clash with fp_zero from math.h > ieefp.h */
1522 #define WOLFSSL_DH_CONST
1523#endif
1524
1525#ifdef WOLFSSL_MCF5441X
1526 #define BIG_ENDIAN_ORDER
1527 #ifndef SIZEOF_LONG
1528 #define SIZEOF_LONG 4
1529 #endif
1530 #ifndef SIZEOF_LONG_LONG
1531 #define SIZEOF_LONG_LONG 8
1532 #endif
1533#endif
1534
1535#ifdef WOLFSSL_QL
1536 #ifndef WOLFSSL_SEP
1537 #define WOLFSSL_SEP
1538 #endif
1539 #ifndef OPENSSL_EXTRA
1540 #define OPENSSL_EXTRA
1541 #endif
1542 #ifndef SESSION_CERTS
1543 #define SESSION_CERTS
1544 #endif
1545 #ifndef HAVE_AESCCM
1546 #define HAVE_AESCCM
1547 #endif
1548 #ifndef ATOMIC_USER
1549 #define ATOMIC_USER
1550 #endif
1551 #ifndef WOLFSSL_DER_LOAD
1552 #define WOLFSSL_DER_LOAD
1553 #endif
1554 #ifndef KEEP_PEER_CERT
1555 #define KEEP_PEER_CERT
1556 #endif
1557 #ifndef HAVE_ECC
1558 #define HAVE_ECC
1559 #endif
1560 #ifndef SESSION_INDEX
1561 #define SESSION_INDEX
1562 #endif
1563#endif /* WOLFSSL_QL */
1564
1565
1566#if defined(WOLFSSL_XILINX)
1567 #define NO_WOLFSSL_DIR
1568 #define NO_DEV_RANDOM
1569 #define HAVE_AESGCM
1570#endif
1571
1572#if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX)
1573 #if defined(WOLFSSL_ARMASM)
1574 #error can not use both ARMv8 instructions and XILINX hardened crypto
1575 #endif
1576 #if defined(WOLFSSL_SHA3)
1577 /* only SHA3-384 is supported */
1578 #undef WOLFSSL_NOSHA3_224
1579 #undef WOLFSSL_NOSHA3_256
1580 #undef WOLFSSL_NOSHA3_512
1581 #define WOLFSSL_NOSHA3_224
1582 #define WOLFSSL_NOSHA3_256
1583 #define WOLFSSL_NOSHA3_512
1584 #endif
1585 #ifdef WOLFSSL_AFALG_XILINX_AES
1586 #undef WOLFSSL_AES_DIRECT
1587 #define WOLFSSL_AES_DIRECT
1588 #endif
1589#endif /*(WOLFSSL_XILINX_CRYPT)*/
1590
1591#if defined(WOLFSSL_APACHE_MYNEWT)
1592 #include "os/os_malloc.h"
1593 #if !defined(WOLFSSL_LWIP)
1594 #include <mn_socket/mn_socket.h>
1595 #endif
1596
1597 #if !defined(SIZEOF_LONG)
1598 #define SIZEOF_LONG 4
1599 #endif
1600 #if !defined(SIZEOF_LONG_LONG)
1601 #define SIZEOF_LONG_LONG 8
1602 #endif
1603 #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
1604 #define BIG_ENDIAN_ORDER
1605 #else
1606 #undef BIG_ENDIAN_ORDER
1607 #define LITTLE_ENDIAN_ORDER
1608 #endif
1609 #define NO_WRITEV
1610 #define WOLFSSL_USER_IO
1611 #define SINGLE_THREADED
1612 #define NO_DEV_RANDOM
1613 #define NO_DH
1614 #define NO_WOLFSSL_DIR
1615 #define NO_ERROR_STRINGS
1616 #define HAVE_ECC
1617 #define NO_SESSION_CACHE
1618 #define NO_ERROR_STRINGS
1619 #define XMALLOC_USER
1620 #define XMALLOC(sz, heap, type) os_malloc(sz)
1621 #define XREALLOC(p, sz, heap, type) os_realloc(p, sz)
1622 #define XFREE(p, heap, type) os_free(p)
1623
1624#endif /*(WOLFSSL_APACHE_MYNEWT)*/
1625
1626#ifdef WOLFSSL_ZEPHYR
1627 #include <zephyr.h>
1628 #include <sys/printk.h>
1629 #include <sys/util.h>
1630 #include <stdlib.h>
1631
1632 #define WOLFSSL_DH_CONST
1633 #define WOLFSSL_HAVE_MAX
1634 #define NO_WRITEV
1635
1636 #define USE_FLAT_BENCHMARK_H
1637 #define USE_FLAT_TEST_H
1638 #define EXIT_FAILURE 1
1639 #define MAIN_NO_ARGS
1640
1641 void *z_realloc(void *ptr, size_t size);
1642 #define realloc z_realloc
1643
1644 #ifndef CONFIG_NET_SOCKETS_POSIX_NAMES
1645 #define CONFIG_NET_SOCKETS_POSIX_NAMES
1646 #endif
1647#endif
1648
1649#ifdef WOLFSSL_IMX6
1650 #ifndef SIZEOF_LONG_LONG
1651 #define SIZEOF_LONG_LONG 8
1652 #endif
1653#endif
1654
1655/* if defined turn on all CAAM support */
1656#ifdef WOLFSSL_IMX6_CAAM
1657 #undef WOLFSSL_IMX6_CAAM_RNG
1658 #define WOLFSSL_IMX6_CAAM_RNG
1659
1660 #undef WOLFSSL_IMX6_CAAM_BLOB
1661 #define WOLFSSL_IMX6_CAAM_BLOB
1662
1663#if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_XTS)
1664 /* large performance gain with HAVE_AES_ECB defined */
1665 #undef HAVE_AES_ECB
1666 #define HAVE_AES_ECB
1667
1668 //@TODO used for now until plugging in caam aes use with qnx
1669 #undef WOLFSSL_AES_DIRECT
1670 #define WOLFSSL_AES_DIRECT
1671#endif
1672#endif
1673
1674/* If DCP is used without SINGLE_THREADED, enforce WOLFSSL_CRYPT_HW_MUTEX */
1675#if defined(WOLFSSL_IMXRT_DCP) && !defined(SINGLE_THREADED)
1676 #undef WOLFSSL_CRYPT_HW_MUTEX
1677 #define WOLFSSL_CRYPT_HW_MUTEX 1
1678#endif
1679
1680#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
1681 !defined(WOLFSSL_LEANPSK) && !defined(NO_WOLFSSL_MEMORY) && \
1682 !defined(XMALLOC_OVERRIDE)
1683 #define USE_WOLFSSL_MEMORY
1684#endif
1685
1686
1687#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
1688 #undef KEEP_PEER_CERT
1689 #define KEEP_PEER_CERT
1690#endif
1691
1692
1693/* stream ciphers except arc4 need 32bit alignment, intel ok without */
1694#ifndef XSTREAM_ALIGN
1695 #if defined(__x86_64__) || defined(__ia64__) || defined(__i386__)
1696 #define NO_XSTREAM_ALIGN
1697 #else
1698 #define XSTREAM_ALIGN
1699 #endif
1700#endif
1701
1702/* write dup cannot be used with secure renegotiation because write dup
1703 * make write side write only and read side read only */
1704#if defined(HAVE_WRITE_DUP) && defined(HAVE_SECURE_RENEGOTIATION)
1705 #error "WRITE DUP and SECURE RENEGOTIATION cannot both be on"
1706#endif
1707
1708#ifdef WOLFSSL_SGX
1709 #ifdef _MSC_VER
1710 #define NO_RC4
1711 #ifndef HAVE_FIPS
1712 #define WOLFCRYPT_ONLY
1713 #define NO_DES3
1714 #define NO_SHA
1715 #define NO_MD5
1716 #else
1717 #define TFM_TIMING_RESISTANT
1718 #define NO_WOLFSSL_DIR
1719 #define NO_WRITEV
1720 #define NO_MAIN_DRIVER
1721 #define WOLFSSL_LOG_PRINTF
1722 #define WOLFSSL_DH_CONST
1723 #endif
1724 #else
1725 #define HAVE_ECC
1726 #define NO_WRITEV
1727 #define NO_MAIN_DRIVER
1728 #define USER_TICKS
1729 #define WOLFSSL_LOG_PRINTF
1730 #define WOLFSSL_DH_CONST
1731 #endif /* _MSC_VER */
1732 #if !defined(HAVE_FIPS) && !defined(NO_RSA)
1733 #define WC_RSA_BLINDING
1734 #endif
1735
1736 #define NO_FILESYSTEM
1737 #define ECC_TIMING_RESISTANT
1738 #define TFM_TIMING_RESISTANT
1739 #define SINGLE_THREADED
1740 #define NO_ASN_TIME /* can not use headers such as windows.h */
1741 #define HAVE_AESGCM
1742 #define USE_CERT_BUFFERS_2048
1743 #define USE_FAST_MATH
1744#endif /* WOLFSSL_SGX */
1745
1746/* FreeScale MMCAU hardware crypto has 4 byte alignment.
1747 However, KSDK fsl_mmcau.h gives API with no alignment
1748 requirements (4 byte alignment is managed internally by fsl_mmcau.c) */
1749#ifdef FREESCALE_MMCAU
1750 #ifdef FREESCALE_MMCAU_CLASSIC
1751 #define WOLFSSL_MMCAU_ALIGNMENT 4
1752 #else
1753 #define WOLFSSL_MMCAU_ALIGNMENT 0
1754 #endif
1755#endif
1756
1757/* if using hardware crypto and have alignment requirements, specify the
1758 requirement here. The record header of SSL/TLS will prevent easy alignment.
1759 This hint tries to help as much as possible. */
1760#ifndef WOLFSSL_GENERAL_ALIGNMENT
1761 #ifdef WOLFSSL_AESNI
1762 #define WOLFSSL_GENERAL_ALIGNMENT 16
1763 #elif defined(XSTREAM_ALIGN)
1764 #define WOLFSSL_GENERAL_ALIGNMENT 4
1765 #elif defined(FREESCALE_MMCAU) || defined(FREESCALE_MMCAU_CLASSIC)
1766 #define WOLFSSL_GENERAL_ALIGNMENT WOLFSSL_MMCAU_ALIGNMENT
1767 #else
1768 #define WOLFSSL_GENERAL_ALIGNMENT 0
1769 #endif
1770#endif
1771
1772#if defined(WOLFSSL_GENERAL_ALIGNMENT) && (WOLFSSL_GENERAL_ALIGNMENT > 0)
1773 #if defined(_MSC_VER)
1774 #define XGEN_ALIGN __declspec(align(WOLFSSL_GENERAL_ALIGNMENT))
1775 #elif defined(__GNUC__)
1776 #define XGEN_ALIGN __attribute__((aligned(WOLFSSL_GENERAL_ALIGNMENT)))
1777 #else
1778 #define XGEN_ALIGN
1779 #endif
1780#else
1781 #define XGEN_ALIGN
1782#endif
1783
1784
1785#ifdef __INTEL_COMPILER
1786 #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
1787#endif
1788
1789/* user can specify what curves they want with ECC_USER_CURVES otherwise
1790 * all curves are on by default for now */
1791#ifndef ECC_USER_CURVES
1792 #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_ALL_CURVES)
1793 #define HAVE_ALL_CURVES
1794 #endif
1795#endif
1796
1797/* The minimum allowed ECC key size */
1798/* Note: 224-bits is equivelant to 2048-bit RSA */
1799#ifndef ECC_MIN_KEY_SZ
1800 #ifdef WOLFSSL_MIN_ECC_BITS
1801 #define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS
1802 #else
1803 #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2
1804 /* FIPSv2 and ready (for now) includes 192-bit support */
1805 #define ECC_MIN_KEY_SZ 192
1806 #else
1807 #define ECC_MIN_KEY_SZ 224
1808 #endif
1809 #endif
1810#endif
1811
1812/* ECC Configs */
1813#ifdef HAVE_ECC
1814 /* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
1815 #if !defined(NO_ECC_SIGN) && \
1816 (!defined(ECC_TIMING_RESISTANT) || \
1817 (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
1818 #undef HAVE_ECC_SIGN
1819 #define HAVE_ECC_SIGN
1820 #endif
1821 #ifndef NO_ECC_VERIFY
1822 #undef HAVE_ECC_VERIFY
1823 #define HAVE_ECC_VERIFY
1824 #endif
1825 #ifndef NO_ECC_CHECK_KEY
1826 #undef HAVE_ECC_CHECK_KEY
1827 #define HAVE_ECC_CHECK_KEY
1828 #endif
1829 #if !defined(NO_ECC_DHE) && !defined(WC_NO_RNG)
1830 #undef HAVE_ECC_DHE
1831 #define HAVE_ECC_DHE
1832 #endif
1833 #ifndef NO_ECC_KEY_IMPORT
1834 #undef HAVE_ECC_KEY_IMPORT
1835 #define HAVE_ECC_KEY_IMPORT
1836 #endif
1837 #ifndef NO_ECC_KEY_EXPORT
1838 #undef HAVE_ECC_KEY_EXPORT
1839 #define HAVE_ECC_KEY_EXPORT
1840 #endif
1841#endif /* HAVE_ECC */
1842
1843/* Curve25519 Configs */
1844#ifdef HAVE_CURVE25519
1845 /* By default enable shared secret, key export and import */
1846 #ifndef NO_CURVE25519_SHARED_SECRET
1847 #undef HAVE_CURVE25519_SHARED_SECRET
1848 #define HAVE_CURVE25519_SHARED_SECRET
1849 #endif
1850 #ifndef NO_CURVE25519_KEY_EXPORT
1851 #undef HAVE_CURVE25519_KEY_EXPORT
1852 #define HAVE_CURVE25519_KEY_EXPORT
1853 #endif
1854 #ifndef NO_CURVE25519_KEY_IMPORT
1855 #undef HAVE_CURVE25519_KEY_IMPORT
1856 #define HAVE_CURVE25519_KEY_IMPORT
1857 #endif
1858#endif /* HAVE_CURVE25519 */
1859
1860/* Ed25519 Configs */
1861#ifdef HAVE_ED25519
1862 /* By default enable sign, verify, key export and import */
1863 #ifndef NO_ED25519_SIGN
1864 #undef HAVE_ED25519_SIGN
1865 #define HAVE_ED25519_SIGN
1866 #endif
1867 #ifndef NO_ED25519_VERIFY
1868 #undef HAVE_ED25519_VERIFY
1869 #define HAVE_ED25519_VERIFY
1870 #endif
1871 #ifndef NO_ED25519_KEY_EXPORT
1872 #undef HAVE_ED25519_KEY_EXPORT
1873 #define HAVE_ED25519_KEY_EXPORT
1874 #endif
1875 #ifndef NO_ED25519_KEY_IMPORT
1876 #undef HAVE_ED25519_KEY_IMPORT
1877 #define HAVE_ED25519_KEY_IMPORT
1878 #endif
1879#endif /* HAVE_ED25519 */
1880
1881/* Curve448 Configs */
1882#ifdef HAVE_CURVE448
1883 /* By default enable shared secret, key export and import */
1884 #ifndef NO_CURVE448_SHARED_SECRET
1885 #undef HAVE_CURVE448_SHARED_SECRET
1886 #define HAVE_CURVE448_SHARED_SECRET
1887 #endif
1888 #ifndef NO_CURVE448_KEY_EXPORT
1889 #undef HAVE_CURVE448_KEY_EXPORT
1890 #define HAVE_CURVE448_KEY_EXPORT
1891 #endif
1892 #ifndef NO_CURVE448_KEY_IMPORT
1893 #undef HAVE_CURVE448_KEY_IMPORT
1894 #define HAVE_CURVE448_KEY_IMPORT
1895 #endif
1896#endif /* HAVE_CURVE448 */
1897
1898/* Ed448 Configs */
1899#ifdef HAVE_ED448
1900 /* By default enable sign, verify, key export and import */
1901 #ifndef NO_ED448_SIGN
1902 #undef HAVE_ED448_SIGN
1903 #define HAVE_ED448_SIGN
1904 #endif
1905 #ifndef NO_ED448_VERIFY
1906 #undef HAVE_ED448_VERIFY
1907 #define HAVE_ED448_VERIFY
1908 #endif
1909 #ifndef NO_ED448_KEY_EXPORT
1910 #undef HAVE_ED448_KEY_EXPORT
1911 #define HAVE_ED448_KEY_EXPORT
1912 #endif
1913 #ifndef NO_ED448_KEY_IMPORT
1914 #undef HAVE_ED448_KEY_IMPORT
1915 #define HAVE_ED448_KEY_IMPORT
1916 #endif
1917#endif /* HAVE_ED448 */
1918
1919/* AES Config */
1920#ifndef NO_AES
1921 /* By default enable all AES key sizes, decryption and CBC */
1922 #ifndef AES_MAX_KEY_SIZE
1923 #undef AES_MAX_KEY_SIZE
1924 #define AES_MAX_KEY_SIZE 256
1925 #endif
1926
1927 #ifndef NO_AES_128
1928 #undef WOLFSSL_AES_128
1929 #define WOLFSSL_AES_128
1930 #endif
1931 #if !defined(NO_AES_192) && AES_MAX_KEY_SIZE >= 192
1932 #undef WOLFSSL_AES_192
1933 #define WOLFSSL_AES_192
1934 #endif
1935 #if !defined(NO_AES_256) && AES_MAX_KEY_SIZE >= 256
1936 #undef WOLFSSL_AES_256
1937 #define WOLFSSL_AES_256
1938 #endif
1939 #if !defined(WOLFSSL_AES_128) && defined(HAVE_ECC_ENCRYPT)
1940 #warning HAVE_ECC_ENCRYPT uses AES 128 bit keys
1941 #endif
1942
1943 #ifndef NO_AES_DECRYPT
1944 #undef HAVE_AES_DECRYPT
1945 #define HAVE_AES_DECRYPT
1946 #endif
1947 #ifndef NO_AES_CBC
1948 #undef HAVE_AES_CBC
1949 #define HAVE_AES_CBC
1950 #endif
1951 #ifdef WOLFSSL_AES_XTS
1952 /* AES-XTS makes calls to AES direct functions */
1953 #ifndef WOLFSSL_AES_DIRECT
1954 #define WOLFSSL_AES_DIRECT
1955 #endif
1956 #endif
1957 #ifdef WOLFSSL_AES_CFB
1958 /* AES-CFB makes calls to AES direct functions */
1959 #ifndef WOLFSSL_AES_DIRECT
1960 #define WOLFSSL_AES_DIRECT
1961 #endif
1962 #endif
1963#endif
1964
1965#if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \
1966 (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
1967 !defined(HAVE_CAMELLIA) && !defined(HAVE_IDEA) && \
1968 !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128))
1969 #define WOLFSSL_AEAD_ONLY
1970#endif
1971
1972#if !defined(NO_DH) && !defined(HAVE_FFDHE)
1973 #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) || \
1974 defined(HAVE_FFDHE_4096) || defined(HAVE_FFDHE_6144) || \
1975 defined(HAVE_FFDHE_8192)
1976 #define HAVE_FFDHE
1977 #endif
1978#endif
1979#if defined(HAVE_FFDHE_8192)
1980 #define MIN_FFDHE_FP_MAX_BITS 16384
1981#elif defined(HAVE_FFDHE_6144)
1982 #define MIN_FFDHE_FP_MAX_BITS 12288
1983#elif defined(HAVE_FFDHE_4096)
1984 #define MIN_FFDHE_FP_MAX_BITS 8192
1985#elif defined(HAVE_FFDHE_3072)
1986 #define MIN_FFDHE_FP_MAX_BITS 6144
1987#elif defined(HAVE_FFDHE_2048)
1988 #define MIN_FFDHE_FP_MAX_BITS 4096
1989#else
1990 #define MIN_FFDHE_FP_MAX_BITS 0
1991#endif
1992#if defined(HAVE_FFDHE) && defined(FP_MAX_BITS)
1993 #if MIN_FFDHE_FP_MAX_BITS > FP_MAX_BITS
1994 #error "FFDHE parameters are too large for FP_MAX_BIT as set"
1995 #endif
1996#endif
1997#if defined(HAVE_FFDHE) && defined(SP_INT_BITS)
1998 #if MIN_FFDHE_FP_MAX_BITS > SP_INT_BITS * 2
1999 #error "FFDHE parameters are too large for SP_INT_BIT as set"
2000 #endif
2001#endif
2002
2003/* if desktop type system and fastmath increase default max bits */
2004#if defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD)
2005 #if defined(USE_FAST_MATH) && !defined(FP_MAX_BITS)
2006 #if MIN_FFDHE_FP_MAX_BITS <= 8192
2007 #define FP_MAX_BITS 8192
2008 #else
2009 #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
2010 #endif
2011 #endif
2012 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(SP_INT_BITS)
2013 #if MIN_FFDHE_FP_MAX_BITS <= 8192
2014 #define SP_INT_BITS 4096
2015 #else
2016 #define PS_INT_BITS MIN_FFDHE_FP_MAX_BITS / 2
2017 #endif
2018 #endif
2019#endif
2020
2021/* If using the max strength build, ensure OLD TLS is disabled. */
2022#ifdef WOLFSSL_MAX_STRENGTH
2023 #undef NO_OLD_TLS
2024 #define NO_OLD_TLS
2025#endif
2026
2027
2028/* Default AES minimum auth tag sz, allow user to override */
2029#ifndef WOLFSSL_MIN_AUTH_TAG_SZ
2030 #define WOLFSSL_MIN_AUTH_TAG_SZ 12
2031#endif
2032
2033
2034/* sniffer requires:
2035 * static RSA cipher suites
2036 * session stats and peak stats
2037 */
2038#ifdef WOLFSSL_SNIFFER
2039 #ifndef WOLFSSL_STATIC_RSA
2040 #define WOLFSSL_STATIC_RSA
2041 #endif
2042 #ifndef WOLFSSL_STATIC_DH
2043 #define WOLFSSL_STATIC_DH
2044 #endif
2045 /* Allow option to be disabled. */
2046 #ifndef WOLFSSL_NO_SESSION_STATS
2047 #ifndef WOLFSSL_SESSION_STATS
2048 #define WOLFSSL_SESSION_STATS
2049 #endif
2050 #ifndef WOLFSSL_PEAK_SESSIONS
2051 #define WOLFSSL_PEAK_SESSIONS
2052 #endif
2053 #endif
2054#endif
2055
2056/* Decode Public Key extras on by default, user can turn off with
2057 * WOLFSSL_NO_DECODE_EXTRA */
2058#ifndef WOLFSSL_NO_DECODE_EXTRA
2059 #ifndef RSA_DECODE_EXTRA
2060 #define RSA_DECODE_EXTRA
2061 #endif
2062 #ifndef ECC_DECODE_EXTRA
2063 #define ECC_DECODE_EXTRA
2064 #endif
2065#endif
2066
2067/* C Sharp wrapper defines */
2068#ifdef HAVE_CSHARP
2069 #ifndef WOLFSSL_DTLS
2070 #define WOLFSSL_DTLS
2071 #endif
2072 #undef NO_PSK
2073 #undef NO_SHA256
2074 #undef NO_DH
2075#endif
2076
2077/* Asynchronous Crypto */
2078#ifdef WOLFSSL_ASYNC_CRYPT
2079 /* Make sure wolf events are enabled */
2080 #undef HAVE_WOLF_EVENT
2081 #define HAVE_WOLF_EVENT
2082
2083 #ifdef WOLFSSL_ASYNC_CRYPT_TEST
2084 #define WC_ASYNC_DEV_SIZE 168
2085 #else
2086 #define WC_ASYNC_DEV_SIZE 336
2087 #endif
2088
2089 #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
2090 !defined(WOLFSSL_ASYNC_CRYPT_TEST)
2091 #error No async hardware defined with WOLFSSL_ASYNC_CRYPT!
2092 #endif
2093
2094 /* Enable ECC_CACHE_CURVE for ASYNC */
2095 #if !defined(ECC_CACHE_CURVE)
2096 #define ECC_CACHE_CURVE
2097 #endif
2098#endif /* WOLFSSL_ASYNC_CRYPT */
2099#ifndef WC_ASYNC_DEV_SIZE
2100 #define WC_ASYNC_DEV_SIZE 0
2101#endif
2102
2103/* leantls checks */
2104#ifdef WOLFSSL_LEANTLS
2105 #ifndef HAVE_ECC
2106 #error leantls build needs ECC
2107 #endif
2108#endif /* WOLFSSL_LEANTLS*/
2109
2110/* restriction with static memory */
2111#ifdef WOLFSSL_STATIC_MEMORY
2112 #if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY)
2113 #error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY
2114 #endif
2115 #if !defined(WOLFSSL_SP_NO_MALLOC) && \
2116 !defined(USE_FAST_MATH) && !defined(NO_BIG_INT)
2117 #error The static memory option is only supported for fast math or SP with no malloc
2118 #endif
2119 #ifdef WOLFSSL_SMALL_STACK
2120 #error static memory does not support small stack please undefine
2121 #endif
2122#endif /* WOLFSSL_STATIC_MEMORY */
2123
2124#ifdef HAVE_AES_KEYWRAP
2125 #ifndef WOLFSSL_AES_DIRECT
2126 #error AES key wrap requires AES direct please define WOLFSSL_AES_DIRECT
2127 #endif
2128#endif
2129
2130#ifdef HAVE_PKCS7
2131 #if defined(NO_AES) && defined(NO_DES3)
2132 #error PKCS7 needs either AES or 3DES enabled, please enable one
2133 #endif
2134 #ifndef HAVE_AES_KEYWRAP
2135 #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP
2136 #endif
2137 #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF)
2138 #error PKCS7 requires X963 KDF please define HAVE_X963_KDF
2139 #endif
2140#endif
2141
2142#ifndef NO_PKCS12
2143 #undef HAVE_PKCS12
2144 #define HAVE_PKCS12
2145#endif
2146
2147#ifndef NO_PKCS8
2148 #undef HAVE_PKCS8
2149 #define HAVE_PKCS8
2150#endif
2151
2152#if !defined(NO_PBKDF1) || defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8) || defined(HAVE_PKCS12)
2153 #undef HAVE_PBKDF1
2154 #define HAVE_PBKDF1
2155#endif
2156
2157#if !defined(NO_PBKDF2) || defined(HAVE_PKCS7) || defined(HAVE_SCRYPT)
2158 #undef HAVE_PBKDF2
2159 #define HAVE_PBKDF2
2160#endif
2161
2162
2163#if !defined(WOLFCRYPT_ONLY) && !defined(NO_OLD_TLS) && \
2164 (defined(NO_SHA) || defined(NO_MD5))
2165 #error old TLS requires MD5 and SHA
2166#endif
2167
2168/* for backwards compatibility */
2169#if defined(TEST_IPV6) && !defined(WOLFSSL_IPV6)
2170 #define WOLFSSL_IPV6
2171#endif
2172
2173
2174#ifdef WOLFSSL_LINUXKM
2175 #ifndef NO_DEV_RANDOM
2176 #define NO_DEV_RANDOM
2177 #endif
2178 #ifndef NO_WRITEV
2179 #define NO_WRITEV
2180 #endif
2181 #ifndef NO_FILESYSTEM
2182 #define NO_FILESYSTEM
2183 #endif
2184 #ifndef NO_STDIO_FILESYSTEM
2185 #define NO_STDIO_FILESYSTEM
2186 #endif
2187 #ifndef WOLFSSL_NO_SOCK
2188 #define WOLFSSL_NO_SOCK
2189 #endif
2190 #ifndef WOLFSSL_DH_CONST
2191 #define WOLFSSL_DH_CONST
2192 #endif
2193 #ifndef WOLFSSL_USER_IO
2194 #define WOLFSSL_USER_IO
2195 #endif
2196 #ifndef USE_WOLF_STRTOK
2197 #define USE_WOLF_STRTOK
2198 #endif
2199 #ifndef WOLFSSL_SP_DIV_WORD_HALF
2200 #define WOLFSSL_SP_DIV_WORD_HALF
2201 #endif
2202 #ifndef WOLFSSL_OLD_PRIME_CHECK
2203 #define WOLFSSL_OLD_PRIME_CHECK
2204 #endif
2205 #ifndef WOLFSSL_TEST_SUBROUTINE
2206 #define WOLFSSL_TEST_SUBROUTINE static
2207 #endif
2208 #undef HAVE_STRINGS_H
2209 #undef HAVE_ERRNO_H
2210 #undef HAVE_THREAD_LS
2211 #undef WOLFSSL_HAVE_MIN
2212 #undef WOLFSSL_HAVE_MAX
2213 #define SIZEOF_LONG 8
2214 #define SIZEOF_LONG_LONG 8
2215 #define CHAR_BIT 8
2216 #ifndef WOLFSSL_SP_DIV_64
2217 #define WOLFSSL_SP_DIV_64
2218 #endif
2219 #ifndef WOLFSSL_SP_DIV_WORD_HALF
2220 #define WOLFSSL_SP_DIV_WORD_HALF
2221 #endif
2222#endif
2223
2224
2225/* Place any other flags or defines here */
2226
2227#if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \
2228 && defined(HAVE_GMTIME_R)
2229 #undef HAVE_GMTIME_R /* don't trust macro with windows */
2230#endif /* WOLFSSL_MYSQL_COMPATIBLE */
2231
2232#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
2233 || defined(HAVE_LIGHTY)
2234 #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION
2235 #define OPENSSL_NO_ENGINE
2236 #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
2237 #ifndef OPENSSL_EXTRA
2238 #define OPENSSL_EXTRA
2239 #endif
2240 #ifndef HAVE_SESSION_TICKET
2241 #define HAVE_SESSION_TICKET
2242 #endif
2243 #ifndef HAVE_OCSP
2244 #define HAVE_OCSP
2245 #endif
2246 #ifndef KEEP_OUR_CERT
2247 #define KEEP_OUR_CERT
2248 #endif
2249 #ifndef HAVE_SNI
2250 #define HAVE_SNI
2251 #endif
2252#endif
2253
2254#ifdef HAVE_SNI
2255 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
2256#endif
2257
2258
2259/* both CURVE and ED small math should be enabled */
2260#ifdef CURVED25519_SMALL
2261 #define CURVE25519_SMALL
2262 #define ED25519_SMALL
2263#endif
2264
2265/* both CURVE and ED small math should be enabled */
2266#ifdef CURVED448_SMALL
2267 #define CURVE448_SMALL
2268 #define ED448_SMALL
2269#endif
2270
2271
2272#ifndef WOLFSSL_ALERT_COUNT_MAX
2273 #define WOLFSSL_ALERT_COUNT_MAX 5
2274#endif
2275
2276/* warning for not using harden build options (default with ./configure) */
2277#ifndef WC_NO_HARDEN
2278 #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
2279 (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
2280 (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
2281 !defined(WC_NO_RNG))
2282
2283 #ifndef _MSC_VER
2284 #warning "For timing resistance / side-channel attack prevention consider using harden options"
2285 #else
2286 #pragma message("Warning: For timing resistance / side-channel attack prevention consider using harden options")
2287 #endif
2288 #endif
2289#endif
2290
2291#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
2292 /* added to have compatibility with SHA256() */
2293 #if !defined(NO_OLD_SHA_NAMES) && (!defined(HAVE_FIPS) || \
2294 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
2295 #define NO_OLD_SHA_NAMES
2296 #endif
2297 #if !defined(NO_OLD_MD5_NAME) && (!defined(HAVE_FIPS) || \
2298 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
2299 #define NO_OLD_MD5_NAME
2300 #endif
2301#endif
2302
2303/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509
2304 * When opensslextra is enabled all subparts should be turned on. */
2305#ifdef OPENSSL_EXTRA
2306 #undef OPENSSL_EXTRA_X509_SMALL
2307 #define OPENSSL_EXTRA_X509_SMALL
2308#endif /* OPENSSL_EXTRA */
2309
2310/* support for converting DER to PEM */
2311#if (defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_NO_DER_TO_PEM)) || \
2312 defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)
2313 #undef WOLFSSL_DER_TO_PEM
2314 #define WOLFSSL_DER_TO_PEM
2315#endif
2316
2317/* keep backwards compatibility enabling encrypted private key */
2318#ifndef WOLFSSL_ENCRYPTED_KEYS
2319 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
2320 defined(HAVE_WEBSERVER)
2321 #define WOLFSSL_ENCRYPTED_KEYS
2322 #endif
2323#endif
2324
2325/* support for disabling PEM to DER */
2326#if !defined(WOLFSSL_NO_PEM) && !defined(NO_CODING)
2327 #undef WOLFSSL_PEM_TO_DER
2328 #define WOLFSSL_PEM_TO_DER
2329#endif
2330
2331/* Parts of the openssl compatibility layer require peer certs */
2332#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
2333 || defined(HAVE_LIGHTY)
2334 #undef KEEP_PEER_CERT
2335 #define KEEP_PEER_CERT
2336#endif
2337
2338/* RAW hash function APIs are not implemented */
2339#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH)
2340 #undef WOLFSSL_NO_HASH_RAW
2341 #define WOLFSSL_NO_HASH_RAW
2342#endif
2343
2344/* XChacha not implemented with ARM assembly ChaCha */
2345#if defined(WOLFSSL_ARMASM)
2346 #undef HAVE_XCHACHA
2347#endif
2348
2349#if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \
2350 !defined(WOLFSSL_SHA3)
2351 #undef WOLFSSL_NO_WORD64_OPS
2352 #define WOLFSSL_NO_WORD64_OPS
2353#endif
2354
2355#if !defined(WOLFCRYPT_ONLY) && !defined(WOLFSSL_NO_TLS12)
2356 #undef WOLFSSL_HAVE_PRF
2357 #define WOLFSSL_HAVE_PRF
2358#endif
2359
2360#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_CAMELLIA) && \
2361 !defined(WOLFSSL_HAVE_PRF) && defined(NO_PWDBASED) && !defined(HAVE_IDEA)
2362 #undef WOLFSSL_NO_XOR_OPS
2363 #define WOLFSSL_NO_XOR_OPS
2364#endif
2365
2366#if defined(NO_ASN) && defined(WOLFCRYPT_ONLY)
2367 #undef WOLFSSL_NO_INT_ENCODE
2368 #define WOLFSSL_NO_INT_ENCODE
2369 #undef WOLFSSL_NO_INT_DECODE
2370 #define WOLFSSL_NO_INT_DECODE
2371#endif
2372
2373#if defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_RSA_VERIFY_ONLY) && \
2374 defined(WC_NO_RSA_OAEP)
2375 #undef WOLFSSL_NO_CT_OPS
2376 #define WOLFSSL_NO_CT_OPS
2377#endif
2378
2379#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(HAVE_CURVE25519) && \
2380 !defined(HAVE_CURVE448) && defined(WC_NO_RNG) && defined(WC_NO_RSA_OAEP)
2381 #undef WOLFSSL_NO_CONST_CMP
2382 #define WOLFSSL_NO_CONST_CMP
2383#endif
2384
2385#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
2386 !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
2387 (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
2388 defined(WOLFSSL_RSA_PUBLIC_ONLY)
2389 #undef WOLFSSL_NO_FORCE_ZERO
2390 #define WOLFSSL_NO_FORCE_ZERO
2391#endif
2392
2393/* Detect old cryptodev name */
2394#if defined(WOLF_CRYPTO_DEV) && !defined(WOLF_CRYPTO_CB)
2395 #define WOLF_CRYPTO_CB
2396#endif
2397
2398#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_SIGALG)
2399 #error TLS 1.3 requires the Signature Algorithms extension to be enabled
2400#endif
2401
2402#ifndef NO_WOLFSSL_BASE64_DECODE
2403 #define WOLFSSL_BASE64_DECODE
2404#endif
2405
2406#if defined(HAVE_EX_DATA) || defined(FORTRESS)
2407 #define MAX_EX_DATA 5 /* allow for five items of ex_data */
2408#endif
2409
2410#ifdef NO_WOLFSSL_SMALL_STACK
2411 #undef WOLFSSL_SMALL_STACK
2412#endif
2413
2414#ifdef WOLFSSL_SMALL_STACK_STATIC
2415 #undef WOLFSSL_SMALL_STACK_STATIC
2416 #define WOLFSSL_SMALL_STACK_STATIC static
2417#else
2418 #define WOLFSSL_SMALL_STACK_STATIC
2419#endif
2420
2421/* The client session cache requires time for timeout */
2422#if defined(NO_ASN_TIME) && !defined(NO_SESSION_CACHE)
2423 #define NO_SESSION_CACHE
2424#endif
2425
2426/* Use static ECC structs for Position Independant Code (PIC) */
2427#if defined(__IAR_SYSTEMS_ICC__) && defined(__ROPI__)
2428 #define WOLFSSL_ECC_CURVE_STATIC
2429 #define WOLFSSL_NAMES_STATIC
2430 #define WOLFSSL_NO_CONSTCHARCONST
2431#endif
2432
2433/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */
2434#if defined(HAVE_FIPS) && !defined(HAVE_FIPS_VERSION)
2435 #undef WC_RSA_PSS
2436 #undef WOLFSSL_TLS13
2437#endif
2438
2439/* For FIPSv2 make sure the ECDSA encoding allows extra bytes
2440 * but make sure users consider enabling it */
2441#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \
2442 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
2443 /* ECDSA length checks off by default for CAVP testing
2444 * consider enabling strict checks in production */
2445 #define NO_STRICT_ECDSA_LEN
2446#endif
2447
2448/* Do not allow using small stack with no malloc */
2449#if defined(WOLFSSL_NO_MALLOC) && \
2450 (defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_SMALL_STACK_CACHE))
2451 #error Small stack cannot be used with no malloc (WOLFSSL_NO_MALLOC)
2452#endif
2453
2454/* Enable DH Extra for QT, openssl all, openssh and static ephemeral */
2455/* Allows export/import of DH key and params as DER */
2456#if !defined(NO_DH) && !defined(WOLFSSL_DH_EXTRA) && \
2457 (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
2458 defined(WOLFSSL_STATIC_EPHEMERAL))
2459 #define WOLFSSL_DH_EXTRA
2460#endif
2461
2462/* DH Extra is not supported on FIPS v1 or v2 (is missing DhKey .pub/.priv) */
2463#if defined(WOLFSSL_DH_EXTRA) && defined(HAVE_FIPS) && \
2464 (!defined(HAVE_FIPS_VERSION) || HAVE_FIPS_VERSION <= 2)
2465 #undef WOLFSSL_DH_EXTRA
2466#endif
2467
2468/* Check for insecure build combination:
2469 * secure renegotiation [enabled]
2470 * extended master secret [disabled]
2471 * session resumption [enabled]
2472 */
2473#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(HAVE_EXTENDED_MASTER) && \
2474 (defined(HAVE_SESSION_TICKET) || !defined(NO_SESSION_CACHE))
2475 /* secure renegotiation requires extended master secret with resumption */
2476 #ifndef _MSC_VER
2477 #warning Extended master secret must be enabled with secure renegotiation and session resumption
2478 #else
2479 #pragma message("Warning: Extended master secret must be enabled with secure renegotiation and session resumption")
2480 #endif
2481
2482 /* Note: "--enable-renegotiation-indication" ("HAVE_RENEGOTIATION_INDICATION")
2483 * only sends the secure renegotiation extension, but is not actually supported.
2484 * This was added because some TLS peers required it even if not used, so we call
2485 * this "(FAKE Secure Renegotiation)"
2486 */
2487#endif
2488
2489
2490#ifdef __cplusplus
2491 } /* extern "C" */
2492#endif
2493
2494#endif