API tools faq
paste
hannson

wolfSSL minimal user_settings header

hannson
May 20th, 2025
49
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 14.28 KB | None | 0 0
raw download clone embed print report
  1. /* user_settings_template.h
  2.  *
  3.  * Copyright (C) 2006-2025 wolfSSL Inc.
  4.  *
  5.  * This file is part of wolfSSL.
  6.  *
  7.  * wolfSSL is free software; you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License as published by
  9.  * the Free Software Foundation; either version 2 of the License, or
  10.  * (at your option) any later version.
  11.  *
  12.  * wolfSSL is distributed in the hope that it will be useful,
  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15.  * GNU General Public License for more details.
  16.  *
  17.  * You should have received a copy of the GNU General Public License
  18.  * along with this program; if not, write to the Free Software
  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20.  */
  21.  
  22. /* Example wolfSSL user settings with #if 0/1 gates to enable/disable algorithms and features.
  23.  * This file is included with wolfssl/wolfcrypt/settings.h when WOLFSSL_USER_SETTINGS is defined.
  24.  * Based on IDE/GCC-ARM/Headers/user_settings.h
  25.  */
  26.  
  27. #ifndef WOLFSSL_USER_SETTINGS_H
  28. #define WOLFSSL_USER_SETTINGS_H
  29.  
  30. // clang-format off
  31.  
  32. #ifdef __cplusplus
  33. extern "C" {
  34. #endif
  35.  
  36. /* If TARGET_EMBEDDED is defined then small target settings are used */
  37. #if !(defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__) || defined(_WIN32))
  38.     #define TARGET_EMBEDDED
  39. #endif
  40.  
  41. /* ------------------------------------------------------------------------- */
  42. /* Platform */
  43. /* ------------------------------------------------------------------------- */
  44. #define WOLFSSL_GENERAL_ALIGNMENT 4
  45. #define SIZEOF_LONG_LONG 8
  46. #if 0
  47.     #define NO_64BIT /* disable use of 64-bit variables */
  48. #endif
  49.  
  50. #ifdef TARGET_EMBEDDED
  51.     /* disable mutex locking */
  52.     #define SINGLE_THREADED
  53.  
  54.     /* reduce stack use. For variables over 100 bytes allocate from heap */
  55.     #define WOLFSSL_SMALL_STACK
  56.  
  57.     /* Disable the built-in socket support and use the IO callbacks.
  58.      * Set IO callbacks with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
  59.      */
  60.     #define WOLFSSL_USER_IO
  61. #endif
  62.  
  63. /* ------------------------------------------------------------------------- */
  64. /* Math Configuration */
  65. /* ------------------------------------------------------------------------- */
  66. /* Wolf Single Precision Math */
  67. #if 1
  68.     #define WOLFSSL_HAVE_SP_RSA
  69.     #define WOLFSSL_HAVE_SP_DH
  70.     #define WOLFSSL_HAVE_SP_ECC
  71.     //#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
  72.     //#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
  73.  
  74.     //#define WOLFSSL_SP_MATH     /* only SP math - disables integer.c/tfm.c */
  75.     #define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
  76.  
  77.     //#define WOLFSSL_SP_NO_MALLOC
  78.     //#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
  79.  
  80.     #ifdef TARGET_EMBEDDED
  81.         /* use smaller version of code */
  82.         #define WOLFSSL_SP_SMALL
  83.     #else
  84.         /* SP Assembly Speedups - specific to chip type */
  85.         #define WOLFSSL_SP_ASM
  86.     #endif
  87.     //#define WOLFSSL_SP_X86_64
  88.     //#define WOLFSSL_SP_X86
  89.     //#define WOLFSSL_SP_ARM32_ASM
  90.     //#define WOLFSSL_SP_ARM64_ASM
  91.     //#define WOLFSSL_SP_ARM_THUMB_ASM
  92.     //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
  93. #elif 1
  94.     /* Fast Math (tfm.c) (stack based and timing resistant) */
  95.     #define USE_FAST_MATH
  96.     #define TFM_TIMING_RESISTANT
  97. #else
  98.     /* Normal (integer.c) (heap based, not timing resistant) - not recommended*/
  99.     #define USE_INTEGER_HEAP_MATH
  100. #endif
  101.  
  102.  
  103. /* ------------------------------------------------------------------------- */
  104. /* Crypto */
  105. /* ------------------------------------------------------------------------- */
  106. /* RSA */
  107. #undef NO_RSA
  108. #if 0
  109.     #ifdef USE_FAST_MATH
  110.         /* Maximum math bits (Max RSA key bits * 2) */
  111.         #define FP_MAX_BITS 4096
  112.     #endif
  113.  
  114.     /* half as much memory but twice as slow */
  115.     //#define RSA_LOW_MEM
  116.  
  117.     /* Enables blinding mode, to prevent timing attacks */
  118.     #define WC_RSA_BLINDING
  119.  
  120.     /* RSA PSS Support */
  121.     #define WC_RSA_PSS
  122. #else
  123.     #define NO_RSA
  124. #endif
  125.  
  126. /* DH */
  127. #undef  NO_DH
  128. #if 0
  129.     /* Use table for DH instead of -lm (math) lib dependency */
  130.     #if 1
  131.         #define WOLFSSL_DH_CONST
  132.         #define HAVE_FFDHE_2048
  133.         //#define HAVE_FFDHE_4096
  134.         //#define HAVE_FFDHE_6144
  135.         //#define HAVE_FFDHE_8192
  136.     #endif
  137. #else
  138.     #define NO_DH
  139. #endif
  140.  
  141. /* ECC */
  142. #undef HAVE_ECC
  143. #if 0
  144.     #define HAVE_ECC
  145.  
  146.     /* Manually define enabled curves */
  147.     #define ECC_USER_CURVES
  148.  
  149.     #ifdef ECC_USER_CURVES
  150.         /* Manual Curve Selection */
  151.         //#define HAVE_ECC192
  152.         //#define HAVE_ECC224
  153.         #undef NO_ECC256
  154.         //#define HAVE_ECC384
  155.         //#define HAVE_ECC521
  156.     #endif
  157.  
  158.     /* Fixed point cache (speeds repeated operations against same private key) */
  159.     //#define FP_ECC
  160.     #ifdef FP_ECC
  161.         /* Bits / Entries */
  162.         #define FP_ENTRIES  2
  163.         #define FP_LUT      4
  164.     #endif
  165.  
  166.     /* Optional ECC calculation method */
  167.     /* Note: doubles heap usage, but slightly faster */
  168.     #define ECC_SHAMIR
  169.  
  170.     /* Reduces heap usage, but slower */
  171.     #define ECC_TIMING_RESISTANT
  172.  
  173.     /* Compressed ECC Key Support */
  174.     //#define HAVE_COMP_KEY
  175.  
  176.     /* Use alternate ECC size for ECC math */
  177.     #ifdef USE_FAST_MATH
  178.         /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
  179.         #if defined(NO_RSA) && defined(NO_DH)
  180.             /* Custom fastmath size if not using RSA/DH */
  181.             #define FP_MAX_BITS     (256 * 2)
  182.         #else
  183.             /* use heap allocation for ECC points */
  184.             #define ALT_ECC_SIZE
  185.  
  186.             /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
  187.             //#define FP_MAX_BITS_ECC (256 * 2)
  188.         #endif
  189.  
  190.         /* Speedups specific to curve */
  191.         #ifndef NO_ECC256
  192.             #define TFM_ECC256
  193.         #endif
  194.     #endif
  195. #endif
  196.  
  197.  
  198. /* AES */
  199. #undef NO_AES
  200. #if 0
  201.     #define HAVE_AES_CBC
  202.  
  203.     /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
  204.     #define HAVE_AESGCM
  205.     #ifdef TARGET_EMBEDDED
  206.         #define GCM_SMALL
  207.     #else
  208.         #define GCM_TABLE_4BIT
  209.     #endif
  210.  
  211.     //#define WOLFSSL_AES_DIRECT
  212.     //#define HAVE_AES_ECB
  213.     //#define WOLFSSL_AES_COUNTER
  214.     //#define HAVE_AESCCM
  215. #else
  216.     #define NO_AES
  217. #endif
  218.  
  219.  
  220. /* DES3 */
  221. #undef NO_DES3
  222. #if 0
  223. #else
  224.     #define NO_DES3
  225. #endif
  226.  
  227. /* ChaCha20 / Poly1305 */
  228. #undef HAVE_CHACHA
  229. #undef HAVE_POLY1305
  230. #if 0
  231.     #define HAVE_CHACHA
  232.     #define HAVE_POLY1305
  233.  
  234.     /* Needed for Poly1305 */
  235.     #define HAVE_ONE_TIME_AUTH
  236. #endif
  237.  
  238. /* Ed25519 / Curve25519 */
  239. #undef HAVE_CURVE25519
  240. #undef HAVE_ED25519
  241. #if 0
  242.     #define HAVE_CURVE25519
  243.     #define HAVE_ED25519 /* ED25519 Requires SHA512 */
  244.  
  245.     /* Optionally use small math (less flash usage, but much slower) */
  246.     #if 1
  247.         #define CURVED25519_SMALL
  248.     #endif
  249. #endif
  250.  
  251.  
  252. /* ------------------------------------------------------------------------- */
  253. /* Hashing */
  254. /* ------------------------------------------------------------------------- */
  255. /* Sha */
  256. #undef NO_SHA
  257. #if 0
  258.     /* 1k smaller, but 25% slower */
  259.     //#define USE_SLOW_SHA
  260. #else
  261.     #define NO_SHA
  262. #endif
  263.  
  264. /* Sha256 */
  265. #undef NO_SHA256
  266. #if 1
  267.     /* not unrolled - ~2k smaller and ~25% slower */
  268.     //#define USE_SLOW_SHA256
  269.  
  270.     /* Sha224 */
  271.     #if 0
  272.         #define WOLFSSL_SHA224
  273.     #endif
  274. #else
  275.     #define NO_SHA256
  276. #endif
  277.  
  278. /* Sha512 */
  279. #undef WOLFSSL_SHA512
  280. #if 0
  281.     #define WOLFSSL_SHA512
  282.  
  283.     /* Sha384 */
  284.     #undef  WOLFSSL_SHA384
  285.     #if 0
  286.         #define WOLFSSL_SHA384
  287.     #endif
  288.  
  289.     /* over twice as small, but 50% slower */
  290.     //#define USE_SLOW_SHA512
  291. #endif
  292.  
  293. /* Sha3 */
  294. #undef WOLFSSL_SHA3
  295. #if 0
  296.     #define WOLFSSL_SHA3
  297. #endif
  298.  
  299. /* MD5 */
  300. #undef  NO_MD5
  301. #if 0
  302.  
  303. #else
  304.     #define NO_MD5
  305. #endif
  306.  
  307. /* HKDF */
  308. #undef HAVE_HKDF
  309. #if 0
  310.     #define HAVE_HKDF
  311. #endif
  312.  
  313. /* CMAC */
  314. #undef WOLFSSL_CMAC
  315. #if 0
  316.     #define WOLFSSL_CMAC
  317. #endif
  318.  
  319.  
  320. /* ------------------------------------------------------------------------- */
  321. /* Benchmark / Test */
  322. /* ------------------------------------------------------------------------- */
  323. #ifdef TARGET_EMBEDDED
  324.     /* Use reduced benchmark / test sizes */
  325.     #define BENCH_EMBEDDED
  326. #endif
  327.  
  328. /* Use test buffers from array (not filesystem) */
  329. #ifndef NO_FILESYSTEM
  330. #define USE_CERT_BUFFERS_256
  331. #define USE_CERT_BUFFERS_2048
  332. #endif
  333.  
  334. /* ------------------------------------------------------------------------- */
  335. /* Debugging */
  336. /* ------------------------------------------------------------------------- */
  337.  
  338. #undef DEBUG_WOLFSSL
  339. #undef NO_ERROR_STRINGS
  340. #if 0
  341.     #define DEBUG_WOLFSSL
  342. #else
  343.     #if 0
  344.         #define NO_ERROR_STRINGS
  345.     #endif
  346. #endif
  347.  
  348.  
  349. /* ------------------------------------------------------------------------- */
  350. /* Memory */
  351. /* ------------------------------------------------------------------------- */
  352.  
  353. /* Override Memory API's */
  354. #if 0
  355.     #define XMALLOC_OVERRIDE
  356.  
  357.     /* prototypes for user heap override functions */
  358.     /* Note: Realloc only required for normal math */
  359.     /* Note2: XFREE(NULL) must be properly handled */
  360.     #include <stddef.h>  /* for size_t */
  361.     extern void *myMalloc(size_t n, void* heap, int type);
  362.     extern void myFree(void *p, void* heap, int type);
  363.     extern void *myRealloc(void *p, size_t n, void* heap, int type);
  364.  
  365.     #define XMALLOC(n, h, t)     myMalloc(n, h, t)
  366.     #define XFREE(p, h, t)       myFree(p, h, t)
  367.     #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
  368. #endif
  369.  
  370. #if 0
  371.     /* Static memory requires fast math */
  372.     #define WOLFSSL_STATIC_MEMORY
  373.  
  374.     /* Disable fallback malloc/free */
  375.     #define WOLFSSL_NO_MALLOC
  376.     #if 1
  377.         #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
  378.     #endif
  379. #endif
  380.  
  381. /* Memory callbacks */
  382. #if 0
  383.     #undef  USE_WOLFSSL_MEMORY
  384.     #define USE_WOLFSSL_MEMORY
  385.  
  386.     /* Use this to measure / print heap usage */
  387.     #if 0
  388.         #define WOLFSSL_TRACK_MEMORY
  389.         #define WOLFSSL_DEBUG_MEMORY
  390.     #endif
  391. #else
  392.     #ifndef WOLFSSL_STATIC_MEMORY
  393.         #define NO_WOLFSSL_MEMORY
  394.         /* Otherwise we will use stdlib malloc, free and realloc */
  395.     #endif
  396. #endif
  397.  
  398.  
  399. /* ------------------------------------------------------------------------- */
  400. /* Port */
  401. /* ------------------------------------------------------------------------- */
  402.  
  403. /* Override Current Time */
  404. #if 0
  405.     /* Allows custom "custom_time()" function to be used for benchmark */
  406.     #define WOLFSSL_USER_CURRTIME
  407.     #define WOLFSSL_GMTIME
  408.     #define USER_TICKS
  409.     extern unsigned long my_time(unsigned long* timer);
  410.     #define XTIME my_time
  411. #endif
  412.  
  413.  
  414. /* ------------------------------------------------------------------------- */
  415. /* RNG */
  416. /* ------------------------------------------------------------------------- */
  417.  
  418. /* Choose RNG method */
  419. #if 0
  420.     /* Custom Seed Source */
  421.     #if 0
  422.         /* Size of returned HW RNG value */
  423.         #define CUSTOM_RAND_TYPE      unsigned int
  424.         extern unsigned int my_rng_seed_gen(void);
  425.         #undef  CUSTOM_RAND_GENERATE
  426.         #define CUSTOM_RAND_GENERATE  my_rng_seed_gen
  427.     #endif
  428.  
  429.     /* Use built-in P-RNG (SHA256 based) with HW RNG */
  430.     /* P-RNG + HW RNG (P-RNG is ~8K) */
  431.     #undef  HAVE_HASHDRBG
  432.     #define HAVE_HASHDRBG
  433. #else
  434.     #undef  WC_NO_HASHDRBG
  435.     #define WC_NO_HASHDRBG
  436.  
  437.     /* Bypass P-RNG and use only HW RNG */
  438.     extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
  439.     #undef  CUSTOM_RAND_GENERATE_BLOCK
  440.     #define CUSTOM_RAND_GENERATE_BLOCK  my_rng_gen_block
  441. #endif
  442.  
  443.  
  444. /* ------------------------------------------------------------------------- */
  445. /* Custom Standard Lib */
  446. /* ------------------------------------------------------------------------- */
  447. /* Allows override of all standard library functions */
  448. #undef STRING_USER
  449. #if 0
  450.     #define STRING_USER
  451.  
  452.     #include <string.h>
  453.  
  454.     #define USE_WOLF_STRSEP
  455.     #define XSTRSEP(s1,d)     wc_strsep((s1),(d))
  456.  
  457.     #define USE_WOLF_STRTOK
  458.     #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
  459.  
  460.     #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
  461.  
  462.     #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
  463.     #define XMEMSET(b,c,l)    memset((b),(c),(l))
  464.     #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
  465.     #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
  466.  
  467.     #define XSTRLEN(s1)       strlen((s1))
  468.     #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
  469.     #define XSTRSTR(s1,s2)    strstr((s1),(s2))
  470.  
  471.     #define XSTRNCMP(s1,s2,n)     strncmp((s1),(s2),(n))
  472.     #define XSTRNCAT(s1,s2,n)     strncat((s1),(s2),(n))
  473.     #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
  474.  
  475.     #define XSNPRINTF snprintf
  476. #endif
  477.  
  478.  
  479.  
  480. /* ------------------------------------------------------------------------- */
  481. /* Enable Features */
  482. /* ------------------------------------------------------------------------- */
  483.  
  484. // #define WOLFSSL_TLS13
  485. // #define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
  486. // #define HAVE_TLS_EXTENSIONS
  487. // #define HAVE_SUPPORTED_CURVES
  488. // #define WOLFSSL_BASE64_ENCODE
  489.  
  490. //#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
  491. //#define KEEP_PEER_CERT
  492. //#define HAVE_COMP_KEY
  493.  
  494. /* TLS Session Cache */
  495. #if 0
  496.     #define SMALL_SESSION_CACHE
  497. #else
  498.     #define NO_SESSION_CACHE
  499. #endif
  500.  
  501.  
  502. /* ------------------------------------------------------------------------- */
  503. /* Disable Features */
  504. /* ------------------------------------------------------------------------- */
  505. //#define NO_WOLFSSL_SERVER
  506. //#define NO_WOLFSSL_CLIENT
  507. //#define NO_CRYPT_TEST
  508. //#define NO_CRYPT_BENCHMARK
  509. #define WOLFCRYPT_ONLY
  510.  
  511. /* do not warm when file is included to be built and not required to be */
  512. // #define WOLFSSL_IGNORE_FILE_WARN
  513.  
  514. /* In-lining of misc.c functions */
  515. /* If defined, must include wolfcrypt/src/misc.c in build */
  516. /* Slower, but about 1k smaller */
  517. //#define NO_INLINE
  518.  
  519. #ifdef TARGET_EMBEDDED
  520.     #define NO_FILESYSTEM
  521.     #define NO_WRITEV
  522.     #define NO_MAIN_DRIVER
  523.     #define NO_DEV_RANDOM
  524. #endif
  525.  
  526. #define NO_OLD_TLS
  527. #define NO_PSK
  528.  
  529. #define NO_DSA
  530. #define NO_RC4
  531. #define NO_MD4
  532. #define NO_PWDBASED
  533. //#define NO_CODING
  534. //#define NO_ASN_TIME
  535. //#define NO_CERTS
  536. //#define NO_SIG_WRAPPER
  537.  
  538. #ifdef __cplusplus
  539. }
  540. #endif
  541.  
  542. #endif /* WOLFSSL_USER_SETTINGS_H */
  543.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!