mariadb/extra/wolfssl/user_settings.h.in

#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H

#define HAVE_CRL
#define WOLFSSL_HAVE_ERROR_QUEUE
#define WOLFSSL_MYSQL_COMPATIBLE
#define HAVE_ECC
#define ECC_TIMING_RESISTANT
#define HAVE_HASHDRBG
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define WOLFSSL_SHA224
#define SESSION_CERT
#define KEEP_OUR_CERT
#define WOLFSSL_STATIC_RSA
#define WOLFSSL_USER_IO
#define WC_RSA_BLINDING
#define HAVE_TLS_EXTENSIONS
#define HAVE_AES_ECB
#define HAVE_AESGCM
#define HAVE_CHACHA
#define HAVE_POLY1305
#define HAVE_THREAD_LS
#define WOLFSSL_AES_COUNTER
#define NO_WOLFSSL_STUB
#define OPENSSL_ALL
#define WOLFSSL_ALLOW_TLSV10
#define NO_OLD_TIMEVAL_NAME
#define HAVE_SECURE_RENEGOTIATION
#define HAVE_EXTENDED_MASTER
/*
  Following is workaround about a WolfSSL 5.6.6 bug.
  The bug is about undefined sessionCtxSz during compilation.
*/
#define WOLFSSL_SESSION_ID_CTX

/* TLSv1.3 definitions (all needed to build) */
#define WOLFSSL_TLS13
#define HAVE_HKDF
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_FFDHE_2048
#define WC_RSA_PSS
/* End of TLSv1.3 defines */

/* Features we exclude */
#define NO_DSA
#define NO_HC128
#define NO_MD4
#define NO_PSK
#define NO_RABBIT
#define NO_RC4

#define RSA_MAX_SIZE 8192
#define WOLFSSL_SP_MATH_ALL
#define WOLFSSL_HAVE_SP_RSA
#ifndef WOLFSSL_SP_4096
#define WOLFSSL_SP_4096
#endif

#cmakedefine WOLFSSL_AESNI
#cmakedefine HAVE_INTEL_RDSEED
#cmakedefine HAVE_INTEL_RDRAND
#cmakedefine USE_INTEL_SPEEDUP
#cmakedefine WOLFSSL_X86_64_BUILD
#cmakedefine WOLFSSL_SP_X86_64
#cmakedefine WOLFSSL_SP_X86_64_ASM

#endif  /* WOLFSSL_USER_SETTINGS_H */
Use generated user_settings.h for WolfSSL, as recommended by WolfSSL documentation Apparently, WolfSSL wants to have exactly the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc) 2019-06-04 17:11:42 +02:00			`#ifndef WOLFSSL_USER_SETTINGS_H`
			`#define WOLFSSL_USER_SETTINGS_H`

			`#define HAVE_CRL`
MDEV-27373 wolfSSL 5.1.1 - compile wolfcrypt with kdf.c, to avoid undefined symbols in tls13.c - define WOLFSSL_HAVE_ERROR_QUEUE to avoid endless loop SSL_get_error - Do not use SSL_CTX_set_tmp_dh/get_dh2048, this would require additional compilation options in WolfSSL. Disable it for WolfSSL build, it works without it anyway. - fix "macro already defined" Windows warning. 2022-01-24 20:00:35 +01:00			`#define WOLFSSL_HAVE_ERROR_QUEUE`
Use generated user_settings.h for WolfSSL, as recommended by WolfSSL documentation Apparently, WolfSSL wants to have exactly the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc) 2019-06-04 17:11:42 +02:00			`#define WOLFSSL_MYSQL_COMPATIBLE`
			`#define HAVE_ECC`
			`#define ECC_TIMING_RESISTANT`
			`#define HAVE_HASHDRBG`
			`#define WOLFSSL_AES_DIRECT`
			`#define WOLFSSL_SHA384`
			`#define WOLFSSL_SHA512`
			`#define WOLFSSL_SHA224`
			`#define SESSION_CERT`
			`#define KEEP_OUR_CERT`
			`#define WOLFSSL_STATIC_RSA`
Do not compile socket IO code in WolfSSL We use own IO callbacks from server code anyway. 2019-07-01 00:43:26 +02:00			`#define WOLFSSL_USER_IO`
Use generated user_settings.h for WolfSSL, as recommended by WolfSSL documentation Apparently, WolfSSL wants to have exactly the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc) 2019-06-04 17:11:42 +02:00			`#define WC_RSA_BLINDING`
			`#define HAVE_TLS_EXTENSIONS`
			`#define HAVE_AES_ECB`
MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL Enable AES-GCM for SSL (only). AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug in GCM or CTR padding) 2021-06-09 13:27:00 +02:00			`#define HAVE_AESGCM`
wolfssl: enable chacha cyphers and secure negotiation compaitibility with: * chacha - mobile devices * secure negotiation - openssl 3 2023-08-02 20:52:53 +02:00			`#define HAVE_CHACHA`
			`#define HAVE_POLY1305`
MDEV-33482: Optimize WolfSSL for improved performance - Use "new" math library WOLFSSL_SP_MATH_ALL, which is now promoted by WolfSSL for faster performance. "fastmath" we used previously is going to be deprecated, it was not really always fast. - Optimize common RSA math operations with WOLFSSL_HAVE_SP_RSA - Incorporate assembly optimizations, currently for Intel x64 only This patch significantly reduces execution time for SSL tests like main.ssl-big and main.ssl_connect, which now run 2 to 3 times faster. Notably, when this patch is applied to 11.4, server startup in with ephemeral certificates becomes approximately 10x faster due to optimized wolfSSL_EVP_PKEY_keygen(). Additionally, refactored WolfSSL by removing old workarounds and consolidating wolfssl and wolfcrypt into a single library wolfssl, just like it was done in WolfSSL's own CMake. 2024-02-10 00:30:47 +01:00			`#define HAVE_THREAD_LS`
Use generated user_settings.h for WolfSSL, as recommended by WolfSSL documentation Apparently, WolfSSL wants to have exactly the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc) 2019-06-04 17:11:42 +02:00			`#define WOLFSSL_AES_COUNTER`
			`#define NO_WOLFSSL_STUB`
			`#define OPENSSL_ALL`
Remove WolfSSL workaround for old version. We're already on 4.4.6 2021-06-09 12:34:23 +02:00			`#define WOLFSSL_ALLOW_TLSV10`
Update WolfSSL Fix WolfSSL build: - Do not build with TLSv1.0,it stopped working,at least with SChannel client - Disable a test that depends on TLSv1.0 - define FP_MAX_BITS always, to fix 32bit builds. - Increase MAX_AES_CTX_SIZE, to fix build on Linux 2020-05-05 18:10:53 +02:00			`#define NO_OLD_TIMEVAL_NAME`
wolfssl: enable chacha cyphers and secure negotiation compaitibility with: * chacha - mobile devices * secure negotiation - openssl 3 2023-08-02 20:52:53 +02:00			`#define HAVE_SECURE_RENEGOTIATION`
			`#define HAVE_EXTENDED_MASTER`
new WolfSSL v5.6.6-stable 2024-01-17 10:45:05 +01:00			`/*`
			`Following is workaround about a WolfSSL 5.6.6 bug.`
			`The bug is about undefined sessionCtxSz during compilation.`
			`*/`
			`#define WOLFSSL_SESSION_ID_CTX`
MDEV-22221 Compile WolfSSL with TLSv1.3 support 2021-07-21 21:26:25 +02:00
			`/* TLSv1.3 definitions (all needed to build) */`
			`#define WOLFSSL_TLS13`
			`#define HAVE_HKDF`
			`#define HAVE_TLS_EXTENSIONS`
			`#define HAVE_SUPPORTED_CURVES`
			`#define HAVE_FFDHE_2048`
			`#define WC_RSA_PSS`
			`/* End of TLSv1.3 defines */`

MDEV-26092 Remove things we do not use in wolfssl Add a couple of NO_XXX prprocessor constants to wolfssl build. Looked into cmake defaults, those are set there too. Some of these are (supposedly) weak ciphers, and some just fallen out from wide use. 2021-07-28 15:43:12 +02:00			`/* Features we exclude */`
			`#define NO_DSA`
			`#define NO_HC128`
			`#define NO_MD4`
			`#define NO_PSK`
			`#define NO_RABBIT`
			`#define NO_RC4`

Fixes for WolfSSL 5.4.0 2022-07-25 13:27:23 +02:00			`#define RSA_MAX_SIZE 8192`
MDEV-33482: Optimize WolfSSL for improved performance - Use "new" math library WOLFSSL_SP_MATH_ALL, which is now promoted by WolfSSL for faster performance. "fastmath" we used previously is going to be deprecated, it was not really always fast. - Optimize common RSA math operations with WOLFSSL_HAVE_SP_RSA - Incorporate assembly optimizations, currently for Intel x64 only This patch significantly reduces execution time for SSL tests like main.ssl-big and main.ssl_connect, which now run 2 to 3 times faster. Notably, when this patch is applied to 11.4, server startup in with ephemeral certificates becomes approximately 10x faster due to optimized wolfSSL_EVP_PKEY_keygen(). Additionally, refactored WolfSSL by removing old workarounds and consolidating wolfssl and wolfcrypt into a single library wolfssl, just like it was done in WolfSSL's own CMake. 2024-02-10 00:30:47 +01:00			`#define WOLFSSL_SP_MATH_ALL`
			`#define WOLFSSL_HAVE_SP_RSA`
			`#ifndef WOLFSSL_SP_4096`
			`#define WOLFSSL_SP_4096`
			`#endif`

Use generated user_settings.h for WolfSSL, as recommended by WolfSSL documentation Apparently, WolfSSL wants to have exactly the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc) 2019-06-04 17:11:42 +02:00			`#cmakedefine WOLFSSL_AESNI`
			`#cmakedefine HAVE_INTEL_RDSEED`
MDEV-23663 - Add HAVE_INTEL_RDRAND flag for building WolfSSL, where appropiate 2020-09-17 18:05:53 +02:00			`#cmakedefine HAVE_INTEL_RDRAND`
Use generated user_settings.h for WolfSSL, as recommended by WolfSSL documentation Apparently, WolfSSL wants to have exactly the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc) 2019-06-04 17:11:42 +02:00			`#cmakedefine USE_INTEL_SPEEDUP`
			`#cmakedefine WOLFSSL_X86_64_BUILD`
MDEV-33482: Optimize WolfSSL for improved performance - Use "new" math library WOLFSSL_SP_MATH_ALL, which is now promoted by WolfSSL for faster performance. "fastmath" we used previously is going to be deprecated, it was not really always fast. - Optimize common RSA math operations with WOLFSSL_HAVE_SP_RSA - Incorporate assembly optimizations, currently for Intel x64 only This patch significantly reduces execution time for SSL tests like main.ssl-big and main.ssl_connect, which now run 2 to 3 times faster. Notably, when this patch is applied to 11.4, server startup in with ephemeral certificates becomes approximately 10x faster due to optimized wolfSSL_EVP_PKEY_keygen(). Additionally, refactored WolfSSL by removing old workarounds and consolidating wolfssl and wolfcrypt into a single library wolfssl, just like it was done in WolfSSL's own CMake. 2024-02-10 00:30:47 +01:00			`#cmakedefine WOLFSSL_SP_X86_64`
			`#cmakedefine WOLFSSL_SP_X86_64_ASM`
Use generated user_settings.h for WolfSSL, as recommended by WolfSSL documentation Apparently, WolfSSL wants to have exactly the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc) 2019-06-04 17:11:42 +02:00
			`#endif /* WOLFSSL_USER_SETTINGS_H */`