From bb6b521f69c0508276f6f5af46c4576dc0b9e1e3 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Thu, 6 Aug 2015 02:08:58 -0400 Subject: build: Added wolfSSL build script for Visual Studio projects Added the wolfSSL build script, based on build-openssl.bat, as well as the property sheet and header file required for the upcoming additions to the Visual Studio project files. --- projects/wolfssl_options.h | 136 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 projects/wolfssl_options.h (limited to 'projects/wolfssl_options.h') diff --git a/projects/wolfssl_options.h b/projects/wolfssl_options.h new file mode 100644 index 000000000..61cc22593 --- /dev/null +++ b/projects/wolfssl_options.h @@ -0,0 +1,136 @@ +/* +By default wolfSSL has a very conservative configuration that can result in +connections to servers failing due to certificate or algorithm problems. +To remedy this issue for libcurl I've generated this options file that +build-wolfssl will copy to the wolfSSL include directories and will result in +maximum compatibility. + +These configure flags were used in MinGW to generate the options in this file: + +--enable-opensslextra +--enable-aesgcm +--enable-ripemd +--enable-sha512 +--enable-dh +--enable-dsa +--enable-ecc +--enable-sni +--enable-fastmath +--enable-sessioncerts +--enable-certgen +--enable-testcert +C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT" + +Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they +are inapplicable for our Visual Studio build. + +Regarding the two options that were added via C_EXTRA_FLAGS: + +FP_MAX_BITS=16384 +http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html +"Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath +buffer size. You can do this using the define: +FP_MAX_BITS and setting it to 8192." + +TFM_TIMING_RESISTANT +https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html +From section 2.4.5 Increasing Performance, USE_FAST_MATH: +"Because the stack memory usage can be larger when using fastmath, we recommend +defining TFM_TIMING_RESISTANT as well when using this option." +*/ + +/* wolfssl options.h + * generated from configure options + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + */ + +#pragma once + +#ifdef __cplusplus +extern "C" { +#endif + +#undef FP_MAX_BITS +#define FP_MAX_BITS 16384 + +#undef TFM_TIMING_RESISTANT +#define TFM_TIMING_RESISTANT + +#undef OPENSSL_EXTRA +#define OPENSSL_EXTRA + +#undef HAVE_AESGCM +#define HAVE_AESGCM + +#undef WOLFSSL_RIPEMD +#define WOLFSSL_RIPEMD + +#undef WOLFSSL_SHA512 +#define WOLFSSL_SHA512 + +#undef WOLFSSL_SHA384 +#define WOLFSSL_SHA384 + +#undef SESSION_CERTS +#define SESSION_CERTS + +#undef WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_GEN + +#undef HAVE_ECC +#define HAVE_ECC + +#undef TFM_ECC256 +#define TFM_ECC256 + +#undef ECC_SHAMIR +#define ECC_SHAMIR + +#undef NO_PSK +#define NO_PSK + +#undef NO_RC4 +#define NO_RC4 + +#undef NO_MD4 +#define NO_MD4 + +#undef NO_HC128 +#define NO_HC128 + +#undef NO_RABBIT +#define NO_RABBIT + +#undef HAVE_POLY1305 +#define HAVE_POLY1305 + +#undef HAVE_ONE_TIME_AUTH +#define HAVE_ONE_TIME_AUTH + +#undef HAVE_CHACHA +#define HAVE_CHACHA + +#undef HAVE_HASHDRBG +#define HAVE_HASHDRBG + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_SNI +#define HAVE_SNI + +#undef WOLFSSL_TEST_CERT +#define WOLFSSL_TEST_CERT + +#undef USE_FAST_MATH +#define USE_FAST_MATH + + +#ifdef __cplusplus +} +#endif + -- cgit v1.2.3