blob: 61cc22593a381f4d1bb0feca66b45664c237510b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
/*
By default wolfSSL has a very conservative configuration that can result in
connections to servers failing due to certificate or algorithm problems.
To remedy this issue for libcurl I've generated this options file that
build-wolfssl will copy to the wolfSSL include directories and will result in
maximum compatibility.
These configure flags were used in MinGW to generate the options in this file:
--enable-opensslextra
--enable-aesgcm
--enable-ripemd
--enable-sha512
--enable-dh
--enable-dsa
--enable-ecc
--enable-sni
--enable-fastmath
--enable-sessioncerts
--enable-certgen
--enable-testcert
C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"
Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
are inapplicable for our Visual Studio build.
Regarding the two options that were added via C_EXTRA_FLAGS:
FP_MAX_BITS=16384
http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
"Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
buffer size. You can do this using the define:
FP_MAX_BITS and setting it to 8192."
TFM_TIMING_RESISTANT
https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
From section 2.4.5 Increasing Performance, USE_FAST_MATH:
"Because the stack memory usage can be larger when using fastmath, we recommend
defining TFM_TIMING_RESISTANT as well when using this option."
*/
/* wolfssl options.h
* generated from configure options
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
*/
#pragma once
#ifdef __cplusplus
extern "C" {
#endif
#undef FP_MAX_BITS
#define FP_MAX_BITS 16384
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#undef OPENSSL_EXTRA
#define OPENSSL_EXTRA
#undef HAVE_AESGCM
#define HAVE_AESGCM
#undef WOLFSSL_RIPEMD
#define WOLFSSL_RIPEMD
#undef WOLFSSL_SHA512
#define WOLFSSL_SHA512
#undef WOLFSSL_SHA384
#define WOLFSSL_SHA384
#undef SESSION_CERTS
#define SESSION_CERTS
#undef WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_GEN
#undef HAVE_ECC
#define HAVE_ECC
#undef TFM_ECC256
#define TFM_ECC256
#undef ECC_SHAMIR
#define ECC_SHAMIR
#undef NO_PSK
#define NO_PSK
#undef NO_RC4
#define NO_RC4
#undef NO_MD4
#define NO_MD4
#undef NO_HC128
#define NO_HC128
#undef NO_RABBIT
#define NO_RABBIT
#undef HAVE_POLY1305
#define HAVE_POLY1305
#undef HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#undef HAVE_CHACHA
#define HAVE_CHACHA
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_SNI
#define HAVE_SNI
#undef WOLFSSL_TEST_CERT
#define WOLFSSL_TEST_CERT
#undef USE_FAST_MATH
#define USE_FAST_MATH
#ifdef __cplusplus
}
#endif
|
