wolf SSL
/
wolfSSL-TLS13-Beta
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Diff: wolfssl/wolfcrypt/settings.h
- Revision:
- 3:6f956bdb3073
- Parent:
- 2:28278596c2a2
--- a/wolfssl/wolfcrypt/settings.h Tue Jul 21 11:37:09 2015 +0000
+++ b/wolfssl/wolfcrypt/settings.h Thu Apr 28 00:56:55 2016 +0000
@@ -1,8 +1,8 @@
/* settings.h
*
- * Copyright (C) 2006-2015 wolfSSL Inc.
+ * Copyright (C) 2006-2016 wolfSSL Inc.
*
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -16,9 +16,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
+
/* Place OS specific preprocessor flags, defines, includes here, will be
included into every file because types.h includes it */
@@ -57,6 +58,9 @@
/* Uncomment next line if using FreeRTOS */
/* #define FREERTOS */
+/* Uncomment next line if using FreeRTOS+ TCP */
+/* #define FREERTOS_TCP */
+
/* Uncomment next line if using FreeRTOS Windows Simulator */
/* #define FREERTOS_WINSIM */
@@ -72,9 +76,18 @@
/* Uncomment next line if building wolfSSL for LSR */
/* #define WOLFSSL_LSR */
-/* Uncomment next line if building wolfSSL for Freescale MQX/RTCS/MFS */
+/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */
/* #define FREESCALE_MQX */
+/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */
+/* #define FREESCALE_KSDK_MQX */
+
+/* Uncomment next line if building for Freescale KSDK Bare Metal */
+/* #define FREESCALE_KSDK_BM */
+
+/* Uncomment next line if building for Freescale FreeRTOS */
+/* #define FREESCALE_FREE_RTOS */
+
/* Uncomment next line if using STM32F2 */
/* #define WOLFSSL_STM32F2 */
@@ -90,6 +103,9 @@
/* Uncomment next line if building for IAR EWARM */
/* #define WOLFSSL_IAR_ARM */
+/* Uncomment next line if building for Rowley CrossWorks ARM */
+/* #define WOLFSSL_ROWLEY_ARM */
+
/* Uncomment next line if using TI-RTOS settings */
/* #define WOLFSSL_TIRTOS */
@@ -111,6 +127,15 @@
/* Uncomment next line if building for VxWorks */
/* #define WOLFSSL_VXWORKS */
+/* Uncomment next line to enable deprecated less secure static DH suites */
+/* #define WOLFSSL_STATIC_DH */
+
+/* Uncomment next line to enable deprecated less secure static RSA suites */
+/* #define WOLFSSL_STATIC_RSA */
+
+/* Uncomment next line if building for ARDUINO */
+/* #define WOLFSSL_ARDUINO */
+
#include <wolfssl/wolfcrypt/visibility.h>
#define WOLFSSL_USER_SETTINGS
@@ -119,6 +144,12 @@
#endif
+/* make sure old RNG name is used with CTaoCrypt FIPS */
+#ifdef HAVE_FIPS
+ #define WC_RNG RNG
+#endif
+
+
#ifdef IPHONE
#define SIZEOF_LONG_LONG 8
#endif
@@ -133,6 +164,8 @@
#define NO_FILESYSTEM
#define NO_SHA512
#define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
#define NO_DSA
#define NO_HC128
#define NO_RSA
@@ -157,7 +190,7 @@
#define NO_FILESYSTEM
#endif
-#if defined(WOLFSSL_IAR_ARM)
+#if defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_ROWLEY_ARM)
#define NO_MAIN_DRIVER
#define SINGLE_THREADED
#define USE_CERT_BUFFERS_1024
@@ -165,7 +198,7 @@
#define NO_FILESYSTEM
#define NO_WRITEV
#define WOLFSSL_USER_IO
- #define BENCH_EMBEDDED
+ #define BENCH_EMBEDDED
#endif
#ifdef MICROCHIP_PIC32
@@ -179,6 +212,7 @@
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define NEED_AES_TABLES
+ #define WOLFSSL_HAVE_MIN
#endif
#ifdef WOLFSSL_MICROCHIP_PIC32MZ
@@ -209,11 +243,23 @@
#ifdef MBED
#define WOLFSSL_USER_IO
+ #define NO_FILESYSTEM
+ #define NO_CERT
+ #define USE_CERT_BUFFERS_1024
#define NO_WRITEV
#define NO_DEV_RANDOM
+ #define NO_SHA512
+ #define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
+ #define NO_DSA
+ #define NO_HC128
+ #define HAVE_ECC
+ #define NO_SESSION_CACHE
#define WOLFSSL_CMSIS_RTOS
#endif
+
#ifdef WOLFSSL_EROAD
#define FREESCALE_MQX
#define FREESCALE_MMCAU
@@ -227,6 +273,8 @@
#define NO_RSA
#define NO_DSA
#define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
#define NO_CERTS
#define NO_PWDBASED
#define NO_DES3
@@ -268,17 +316,91 @@
#ifdef WOLFSSL_VXWORKS
+ /* VxWorks simulator incorrectly detects building for i386 */
+ #ifdef VXWORKS_SIM
+ #define TFM_NO_ASM
+ #endif
+ #define WOLFSSL_HAVE_MIN
+ #define USE_FAST_MATH
+ #define TFM_TIMING_RESISTANT
+ #define NO_MAIN_DRIVER
#define NO_DEV_RANDOM
#define NO_WRITEV
#endif
+#ifdef WOLFSSL_ARDUINO
+ #define NO_WRITEV
+ #define NO_WOLFSSL_DIR
+ #define SINGLE_THREADED
+ #define NO_DEV_RANDOM
+ #ifndef INTEL_GALILEO /* Galileo has time.h compatibility */
+ #define TIME_OVERRIDES /* must define XTIME and XGMTIME externally */
+ #endif
+ #define WOLFSSL_USER_IO
+ #define HAVE_ECC
+ #define NO_DH
+ #define NO_SESSION_CACHE
+ #define USE_SLOW_SHA
+ #define NO_WOLFSSL_SERVER
+ #define NO_ERROR_STRINGS
+#endif
+
+
/* Micrium will use Visual Studio for compilation but not the Win32 API */
-#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) \
+#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && !defined(FREERTOS_TCP)\
&& !defined(EBSNET) && !defined(WOLFSSL_EROAD)
#define USE_WINDOWS_API
#endif
+#if defined(WOLFSSL_uITRON4)
+
+#define XMALLOC_USER
+#include <stddef.h>
+#define ITRON_POOL_SIZE 1024*20
+extern int uITRON4_minit(size_t poolsz) ;
+extern void *uITRON4_malloc(size_t sz) ;
+extern void *uITRON4_realloc(void *p, size_t sz) ;
+extern void uITRON4_free(void *p) ;
+
+#define XMALLOC(sz, heap, type) uITRON4_malloc(sz)
+#define XREALLOC(p, sz, heap, type) uITRON4_realloc(p, sz)
+#define XFREE(p, heap, type) uITRON4_free(p)
+#endif
+
+#if defined(WOLFSSL_uTKERNEL2)
+#define WOLFSSL_CLOSESOCKET
+#define XMALLOC_USER
+int uTKernel_init_mpool(unsigned int sz) ; /* initializing malloc pool */
+void *uTKernel_malloc(unsigned int sz) ;
+void *uTKernel_realloc(void *p, unsigned int sz) ;
+void uTKernel_free(void *p) ;
+#define XMALLOC(s, h, type) uTKernel_malloc((s))
+#define XREALLOC(p, n, h, t) uTKernel_realloc((p), (n))
+#define XFREE(p, h, type) uTKernel_free((p))
+
+#include <stdio.h>
+#include "tm/tmonitor.h"
+static char *fgets(char *buff, int sz, FILE *fp)
+/*static char * gets(char *buff)*/
+{
+ char * p = buff ;
+ *p = '\0' ;
+ while(1) {
+ *p = tm_getchar(-1) ;
+ tm_putchar(*p) ;
+ if(*p == '\r') {
+ tm_putchar('\n') ;
+ *p = '\0' ;
+ break ;
+ }
+ p ++ ;
+ }
+ return buff ;
+}
+
+#endif
+
#if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER)
#include <stdlib.h>
@@ -298,6 +420,14 @@
#ifdef FREERTOS
+ #include "FreeRTOS.h"
+
+ /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */
+ #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY)
+ #define XMALLOC(s, h, type) pvPortMalloc((s))
+ #define XFREE(p, h, type) vPortFree((p))
+ #endif
+
#ifndef NO_WRITEV
#define NO_WRITEV
#endif
@@ -319,11 +449,28 @@
#endif
#ifndef SINGLE_THREADED
- #include "FreeRTOS.h"
#include "semphr.h"
#endif
#endif
+#ifdef FREERTOS_TCP
+
+#if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER)
+#define XMALLOC(s, h, type) pvPortMalloc((s))
+#define XFREE(p, h, type) vPortFree((p))
+#endif
+
+#define WOLFSSL_GENSEED_FORTEST
+
+#define NO_WOLFSSL_DIR
+#define NO_WRITEV
+#define WOLFSSL_HAVE_MIN
+#define USE_FAST_MATH
+#define TFM_TIMING_REGISTANT
+#define NO_MAIN_DRIVER
+
+#endif
+
#ifdef WOLFSSL_TIRTOS
#define SIZEOF_LONG_LONG 8
#define NO_WRITEV
@@ -335,6 +482,7 @@
#define USE_CERT_BUFFERS_2048
#define NO_ERROR_STRINGS
#define USER_TIME
+ #define HAVE_ECC
#ifdef __IAR_SYSTEMS_ICC__
#pragma diag_suppress=Pa089
@@ -393,6 +541,8 @@
#define NO_WRITEV
#define NO_SHA512
#define NO_DH
+ /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
+ /* WOLFSSL_DH_CONST */
#define NO_DSA
#define NO_HC128
#define NO_DEV_RANDOM
@@ -433,19 +583,15 @@
#endif
#ifdef FREESCALE_MQX
- #define SIZEOF_LONG_LONG 8
- #define NO_WRITEV
- #define NO_DEV_RANDOM
- #define NO_RABBIT
- #define NO_WOLFSSL_DIR
- #define USE_FAST_MATH
- #define TFM_TIMING_RESISTANT
- #define FREESCALE_K70_RNGA
- /* #define FREESCALE_K53_RNGB */
+ #define FREESCALE_COMMON
#include "mqx.h"
#ifndef NO_FILESYSTEM
#include "mfs.h"
- #include "fio.h"
+ #if MQX_USE_IO_OLD
+ #include "fio.h"
+ #else
+ #include "nio.h"
+ #endif
#endif
#ifndef SINGLE_THREADED
#include "mutex.h"
@@ -456,6 +602,100 @@
/* Note: MQX has no realloc, using fastmath above */
#endif
+#ifdef FREESCALE_KSDK_MQX
+ #define FREESCALE_COMMON
+ #include <mqx.h>
+ #ifndef NO_FILESYSTEM
+ #if MQX_USE_IO_OLD
+ #include <fio.h>
+ #else
+ #include <stdio.h>
+ #include <nio.h>
+ #endif
+ #endif
+ #ifndef SINGLE_THREADED
+ #include <mutex.h>
+ #endif
+
+ #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s))
+ #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));}
+ #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */
+
+ #define MQX_FILE_PTR FILE *
+ #define IO_SEEK_SET SEEK_SET
+ #define IO_SEEK_END SEEK_END
+#endif
+
+#ifdef FREESCALE_KSDK_BM
+ #define FREESCALE_COMMON
+ #define WOLFSSL_USER_IO
+ #define SINGLE_THREADED
+ #define NO_FILESYSTEM
+ #define USE_WOLFSSL_MEMORY
+#endif
+
+#ifdef FREESCALE_FREE_RTOS
+ #define FREESCALE_COMMON
+ #define NO_FILESYSTEM
+ #define NO_MAIN_DRIVER
+ #define XMALLOC(s, h, t) OSA_MemAlloc(s);(void)h;(void)t;
+ #define XFREE(p, h, t) {void* xp = (p); if((xp)) OSA_MemFree((xp));}
+ #ifdef FREESCALE_KSDK_BM
+ #error Baremetal and FreeRTOS cannot be both enabled at the same time!
+ #endif
+ #ifndef SINGLE_THREADED
+ #include "FreeRTOS.h"
+ #include "semphr.h"
+ #endif
+#endif
+
+#ifdef FREESCALE_COMMON
+ #define SIZEOF_LONG_LONG 8
+
+ /* disable features */
+ #define NO_WRITEV
+ #define NO_DEV_RANDOM
+ #define NO_RABBIT
+ #define NO_WOLFSSL_DIR
+
+ /* enable features */
+ #define USE_FAST_MATH
+ #define HAVE_ECC
+ #define HAVE_AESGCM
+
+ /* memory reduction */
+ #define TFM_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+ #define ALT_ECC_SIZE
+
+ /* setting for PIT timer */
+ #define PIT_INSTANCE 0
+ #define PIT_CHANNEL 0
+
+ #if defined(FREESCALE_KSDK_MQX) || defined(FREESCALE_KSDK_BM) || \
+ defined(FREESCALE_FREE_RTOS)
+ #include "fsl_device_registers.h"
+ #endif
+
+ /* random seed */
+ #define NO_OLD_RNGNAME
+ #if (FSL_FEATURE_SOC_TRNG_COUNT > 0)
+ #define FREESCALE_TRNG
+ #define TRNG_INSTANCE (0)
+ #elif (FSL_FEATURE_SOC_RNG_COUNT > 0)
+ #include "fsl_rnga_driver.h"
+ #define FREESCALE_RNGA
+ #define RNGA_INSTANCE (0)
+ #elif !defined(FREESCALE_KSDK_BM) && !defined(FREESCALE_FREE_RTOS)
+ /* defaulting to K70 RNGA, user should change if different */
+ /* #define FREESCALE_K53_RNGB */
+ #define FREESCALE_K70_RNGA
+ #endif
+
+ /* HW crypto */
+ /* #define FREESCALE_MMCAU */
+#endif
+
#ifdef WOLFSSL_STM32F2
#define SIZEOF_LONG_LONG 8
#define NO_DEV_RANDOM
@@ -721,7 +961,7 @@
#endif
/* if using hardware crypto and have alignment requirements, specify the
- requirement here. The record header of SSL/TLS will prvent easy alignment.
+ requirement here. The record header of SSL/TLS will prevent easy alignment.
This hint tries to help as much as possible. */
#ifndef WOLFSSL_GENERAL_ALIGNMENT
#ifdef WOLFSSL_AESNI
@@ -766,6 +1006,90 @@
#endif
#endif
+/* ECC Configs */
+#ifdef HAVE_ECC
+ /* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
+ #ifndef NO_ECC_SIGN
+ #undef HAVE_ECC_SIGN
+ #define HAVE_ECC_SIGN
+ #endif
+ #ifndef NO_ECC_VERIFY
+ #undef HAVE_ECC_VERIFY
+ #define HAVE_ECC_VERIFY
+ #endif
+ #ifndef NO_ECC_DHE
+ #undef HAVE_ECC_DHE
+ #define HAVE_ECC_DHE
+ #endif
+ #ifndef NO_ECC_KEY_IMPORT
+ #undef HAVE_ECC_KEY_IMPORT
+ #define HAVE_ECC_KEY_IMPORT
+ #endif
+ #ifndef NO_ECC_KEY_EXPORT
+ #undef HAVE_ECC_KEY_EXPORT
+ #define HAVE_ECC_KEY_EXPORT
+ #endif
+#endif /* HAVE_ECC */
+
+/* Curve255519 Configs */
+#ifdef HAVE_CURVE25519
+ /* By default enable shared secret, key export and import */
+ #ifndef NO_CURVE25519_SHARED_SECRET
+ #undef HAVE_CURVE25519_SHARED_SECRET
+ #define HAVE_CURVE25519_SHARED_SECRET
+ #endif
+ #ifndef NO_CURVE25519_KEY_EXPORT
+ #undef HAVE_CURVE25519_KEY_EXPORT
+ #define HAVE_CURVE25519_KEY_EXPORT
+ #endif
+ #ifndef NO_CURVE25519_KEY_IMPORT
+ #undef HAVE_CURVE25519_KEY_IMPORT
+ #define HAVE_CURVE25519_KEY_IMPORT
+ #endif
+#endif /* HAVE_CURVE25519 */
+
+/* Ed255519 Configs */
+#ifdef HAVE_ED25519
+ /* By default enable sign, verify, key export and import */
+ #ifndef NO_ED25519_SIGN
+ #undef HAVE_ED25519_SIGN
+ #define HAVE_ED25519_SIGN
+ #endif
+ #ifndef NO_ED25519_VERIFY
+ #undef HAVE_ED25519_VERIFY
+ #define HAVE_ED25519_VERIFY
+ #endif
+ #ifndef NO_ED25519_KEY_EXPORT
+ #undef HAVE_ED25519_KEY_EXPORT
+ #define HAVE_ED25519_KEY_EXPORT
+ #endif
+ #ifndef NO_ED25519_KEY_IMPORT
+ #undef HAVE_ED25519_KEY_IMPORT
+ #define HAVE_ED25519_KEY_IMPORT
+ #endif
+#endif /* HAVE_ED25519 */
+
+/* AES Config */
+#ifndef NO_AES
+ /* By default enable all AES key sizes, decryption and CBC */
+ #ifndef AES_MAX_KEY_SIZE
+ #undef AES_MAX_KEY_SIZE
+ #define AES_MAX_KEY_SIZE 256
+ #endif
+ #ifndef NO_AES_DECRYPT
+ #undef HAVE_AES_DECRYPT
+ #define HAVE_AES_DECRYPT
+ #endif
+ #ifndef NO_AES_CBC
+ #undef HAVE_AES_CBC
+ #define HAVE_AES_CBC
+ #else
+ #ifndef WOLFCRYPT_ONLY
+ #error "AES CBC is required for TLS and can only be disabled for WOLFCRYPT_ONLY builds"
+ #endif
+ #endif
+#endif
+
/* if desktop type system and fastmath increase default max bits */
#ifdef WOLFSSL_X86_64_BUILD
#ifdef USE_FAST_MATH
@@ -781,6 +1105,50 @@
#define NO_OLD_TLS
#endif
+/* If not forcing ARC4 as the DRBG or using custom RNG block gen, enable Hash_DRBG */
+#undef HAVE_HASHDRBG
+#if !defined(WOLFSSL_FORCE_RC4_DRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
+ #define HAVE_HASHDRBG
+#endif
+
+
+/* sniffer requires:
+ * static RSA cipher suites
+ * session stats and peak stats
+ */
+#ifdef WOLFSSL_SNIFFER
+ #ifndef WOLFSSL_STATIC_RSA
+ #define WOLFSSL_STATIC_RSA
+ #endif
+ #ifndef WOLFSSL_SESSION_STATS
+ #define WOLFSSL_SESSION_STATS
+ #endif
+ #ifndef WOLFSSL_PEAK_SESSIONS
+ #define WOLFSSL_PEAK_SESSIONS
+ #endif
+#endif
+
+/* Decode Public Key extras on by default, user can turn off with
+ * WOLFSSL_NO_DECODE_EXTRA */
+#ifndef WOLFSSL_NO_DECODE_EXTRA
+ #ifndef RSA_DECODE_EXTRA
+ #define RSA_DECODE_EXTRA
+ #endif
+ #ifndef ECC_DECODE_EXTRA
+ #define ECC_DECODE_EXTRA
+ #endif
+#endif
+
+/* C Sharp wrapper defines */
+#ifdef HAVE_CSHARP
+ #ifndef WOLFSSL_DTLS
+ #define WOLFSSL_DTLS
+ #endif
+ #undef NO_PSK
+ #undef NO_SHA256
+ #undef NO_DH
+#endif
+
/* Place any other flags or defines here */