Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 9ed821d7e5d875a3395740a9cc2545671fa429b7 / . / ap / lib / libcurl / curl-7.54.1 / projects / wolfssl_options.h
blob: f6af47cab2da5ecba46157e838b942ea77950c4e [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame^]1/*
2By default wolfSSL has a very conservative configuration that can result in
3connections to servers failing due to certificate or algorithm problems.
4To remedy this issue for libcurl I've generated this options file that
5build-wolfssl will copy to the wolfSSL include directories and will result in
6maximum compatibility.
7
8These are the configure options that were used to build wolfSSL v3.11.0 in
9mingw and generate the options in this file:
10
11C_EXTRA_FLAGS="\
12 -Wno-attributes \
13 -Wno-unused-but-set-variable \
14 -DFP_MAX_BITS=16384 \
15 -DTFM_TIMING_RESISTANT \
16 -DWOLFSSL_STATIC_DH \
17 -DWOLFSSL_STATIC_RSA \
18 " \
19./configure --prefix=/usr/local \
20 --disable-jobserver \
21 --enable-aesgcm \
22 --enable-alpn \
23 --enable-certgen \
24 --enable-des3 \
25 --enable-dh \
26 --enable-dsa \
27 --enable-ecc \
28 --enable-eccshamir \
29 --enable-fastmath \
30 --enable-opensslextra \
31 --enable-ripemd \
32 --enable-sessioncerts \
33 --enable-sha512 \
34 --enable-sni \
35 --enable-sslv3 \
36 --enable-supportedcurves \
37 --enable-testcert \
38 > config.out 2>&1
39
40Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
41are inapplicable for our Visual Studio build. Currently thread local storage is
42only used by the Fixed Point cache ECC which we're not enabling. However even
43if we later may decide to enable the cache it will fallback on mutexes when
44thread local storage is not available. wolfSSL is using __declspec(thread) to
45create the thread local storage and that could be a problem for LoadLibrary.
46
47Regarding the options that were added via C_EXTRA_FLAGS:
48
49FP_MAX_BITS=16384
50http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
51"Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
52buffer size. You can do this using the define:
53FP_MAX_BITS and setting it to 8192."
54
55TFM_TIMING_RESISTANT
56https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
57From section 2.4.5 Increasing Performance, USE_FAST_MATH:
58"Because the stack memory usage can be larger when using fastmath, we recommend
59defining TFM_TIMING_RESISTANT as well when using this option."
60
61WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers
62WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers
63https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
64Static key cipher suites are deprecated and disabled by default since v3.6.6.
65*/
66
67/* wolfssl options.h
68 * generated from configure options
69 *
70 * Copyright (C) 2006-2015 wolfSSL Inc.
71 *
72 * This file is part of wolfSSL. (formerly known as CyaSSL)
73 *
74 */
75
76#ifndef WOLFSSL_OPTIONS_H
77#define WOLFSSL_OPTIONS_H
78
79
80#ifdef __cplusplus
81extern "C" {
82#endif
83
84#undef FP_MAX_BITS
85#define FP_MAX_BITS 16384
86
87#undef TFM_TIMING_RESISTANT
88#define TFM_TIMING_RESISTANT
89
90#undef WOLFSSL_STATIC_DH
91#define WOLFSSL_STATIC_DH
92
93#undef WOLFSSL_STATIC_RSA
94#define WOLFSSL_STATIC_RSA
95
96#undef OPENSSL_EXTRA
97#define OPENSSL_EXTRA
98
99/*
100The commented out defines below are the equivalent of --enable-tls13.
101Uncomment them to build wolfSSL with TLS 1.3 support as of v3.11.1-tls13-beta.
102This is for experimenting only, afaict TLS 1.3 support doesn't appear to be
103functioning correctly yet. https://github.com/wolfSSL/wolfssl/pull/943
104
105#undef WC_RSA_PSS
106#define WC_RSA_PSS
107
108#undef WOLFSSL_TLS13
109#define WOLFSSL_TLS13
110
111#undef HAVE_TLS_EXTENSIONS
112#define HAVE_TLS_EXTENSIONS
113
114#undef HAVE_FFDHE_2048
115#define HAVE_FFDHE_2048
116
117#undef HAVE_HKDF
118#define HAVE_HKDF
119*/
120
121#undef TFM_TIMING_RESISTANT
122#define TFM_TIMING_RESISTANT
123
124#undef ECC_TIMING_RESISTANT
125#define ECC_TIMING_RESISTANT
126
127#undef WC_RSA_BLINDING
128#define WC_RSA_BLINDING
129
130#undef HAVE_AESGCM
131#define HAVE_AESGCM
132
133#undef WOLFSSL_RIPEMD
134#define WOLFSSL_RIPEMD
135
136#undef WOLFSSL_SHA512
137#define WOLFSSL_SHA512
138
139#undef WOLFSSL_SHA384
140#define WOLFSSL_SHA384
141
142#undef SESSION_CERTS
143#define SESSION_CERTS
144
145#undef WOLFSSL_CERT_GEN
146#define WOLFSSL_CERT_GEN
147
148#undef HAVE_ECC
149#define HAVE_ECC
150
151#undef TFM_ECC256
152#define TFM_ECC256
153
154#undef ECC_SHAMIR
155#define ECC_SHAMIR
156
157#undef WOLFSSL_ALLOW_SSLV3
158#define WOLFSSL_ALLOW_SSLV3
159
160#undef NO_RC4
161#define NO_RC4
162
163#undef NO_HC128
164#define NO_HC128
165
166#undef NO_RABBIT
167#define NO_RABBIT
168
169#undef HAVE_POLY1305
170#define HAVE_POLY1305
171
172#undef HAVE_ONE_TIME_AUTH
173#define HAVE_ONE_TIME_AUTH
174
175#undef HAVE_CHACHA
176#define HAVE_CHACHA
177
178#undef HAVE_HASHDRBG
179#define HAVE_HASHDRBG
180
181#undef HAVE_TLS_EXTENSIONS
182#define HAVE_TLS_EXTENSIONS
183
184#undef HAVE_SNI
185#define HAVE_SNI
186
187#undef HAVE_TLS_EXTENSIONS
188#define HAVE_TLS_EXTENSIONS
189
190#undef HAVE_ALPN
191#define HAVE_ALPN
192
193#undef HAVE_TLS_EXTENSIONS
194#define HAVE_TLS_EXTENSIONS
195
196#undef HAVE_SUPPORTED_CURVES
197#define HAVE_SUPPORTED_CURVES
198
199#undef HAVE_EXTENDED_MASTER
200#define HAVE_EXTENDED_MASTER
201
202#undef WOLFSSL_TEST_CERT
203#define WOLFSSL_TEST_CERT
204
205#undef NO_PSK
206#define NO_PSK
207
208#undef NO_MD4
209#define NO_MD4
210
211#undef USE_FAST_MATH
212#define USE_FAST_MATH
213
214#undef WC_NO_ASYNC_THREADING
215#define WC_NO_ASYNC_THREADING
216
217
218#ifdef __cplusplus
219}
220#endif
221
222
223#endif /* WOLFSSL_OPTIONS_H */
224