blob: 61cc22593a381f4d1bb0feca66b45664c237510b (
plain)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 | /*
By default wolfSSL has a very conservative configuration that can result in
connections to servers failing due to certificate or algorithm problems.
To remedy this issue for libcurl I've generated this options file that
build-wolfssl will copy to the wolfSSL include directories and will result in
maximum compatibility.
These configure flags were used in MinGW to generate the options in this file:
--enable-opensslextra
--enable-aesgcm
--enable-ripemd
--enable-sha512
--enable-dh
--enable-dsa
--enable-ecc
--enable-sni
--enable-fastmath
--enable-sessioncerts
--enable-certgen
--enable-testcert
C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"
Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
are inapplicable for our Visual Studio build.
Regarding the two options that were added via C_EXTRA_FLAGS:
FP_MAX_BITS=16384
http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
"Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
buffer size.  You can do this using the define:
FP_MAX_BITS and setting it to 8192."
TFM_TIMING_RESISTANT
https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
From section 2.4.5 Increasing Performance, USE_FAST_MATH:
"Because the stack memory usage can be larger when using fastmath, we recommend
defining TFM_TIMING_RESISTANT as well when using this option."
*/
/* wolfssl options.h
 * generated from configure options
 *
 * Copyright (C) 2006-2015 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
 */
#pragma once
#ifdef __cplusplus
extern "C" {
#endif
#undef  FP_MAX_BITS
#define FP_MAX_BITS 16384
#undef  TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#undef  OPENSSL_EXTRA
#define OPENSSL_EXTRA
#undef  HAVE_AESGCM
#define HAVE_AESGCM
#undef  WOLFSSL_RIPEMD
#define WOLFSSL_RIPEMD
#undef  WOLFSSL_SHA512
#define WOLFSSL_SHA512
#undef  WOLFSSL_SHA384
#define WOLFSSL_SHA384
#undef  SESSION_CERTS
#define SESSION_CERTS
#undef  WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_GEN
#undef  HAVE_ECC
#define HAVE_ECC
#undef  TFM_ECC256
#define TFM_ECC256
#undef  ECC_SHAMIR
#define ECC_SHAMIR
#undef  NO_PSK
#define NO_PSK
#undef  NO_RC4
#define NO_RC4
#undef  NO_MD4
#define NO_MD4
#undef  NO_HC128
#define NO_HC128
#undef  NO_RABBIT
#define NO_RABBIT
#undef  HAVE_POLY1305
#define HAVE_POLY1305
#undef  HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#undef  HAVE_CHACHA
#define HAVE_CHACHA
#undef  HAVE_HASHDRBG
#define HAVE_HASHDRBG
#undef  HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef  HAVE_SNI
#define HAVE_SNI
#undef  WOLFSSL_TEST_CERT
#define WOLFSSL_TEST_CERT
#undef  USE_FAST_MATH
#define USE_FAST_MATH
#ifdef __cplusplus
}
#endif
 |