forked from wolfSSL/wolfssl
Disable RC4 unless forcefully enabled with --enable-rc4 or if WOLFSSL_ALLOW_RC4 is specified. Related to issue #4248
This commit is contained in:
David Garske
29
configure.ac
29
configure.ac
@@ -2684,11 +2684,8 @@ then
|
|||||||
ENABLED_PSK="yes"
|
ENABLED_PSK="yes"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Requires RC4 make sure on
|
# Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
|
||||||
if test "x$ENABLED_ARC4" = "xno"
|
test "$enable_arc4" = "" && enable_arc4=yes
|
||||||
then
|
|
||||||
ENABLED_ARC4="yes"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "x$ENABLED_CERTEXT" = "xno"
|
if test "x$ENABLED_CERTEXT" = "xno"
|
||||||
then
|
then
|
||||||
@@ -3021,17 +3018,18 @@ then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# ARC4
|
# ARC4
|
||||||
|
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
|
||||||
|
then
|
||||||
|
# Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
|
||||||
|
test "$enable_arc4" = "" && enable_arc4=yes
|
||||||
|
fi
|
||||||
|
|
||||||
AC_ARG_ENABLE([arc4],
|
AC_ARG_ENABLE([arc4],
|
||||||
[AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
|
[AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
|
||||||
[ ENABLED_ARC4=$enableval ],
|
[ ENABLED_ARC4=$enableval ],
|
||||||
[ ENABLED_ARC4=no ]
|
[ ENABLED_ARC4=no ]
|
||||||
)
|
)
|
||||||
|
|
||||||
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
|
|
||||||
then
|
|
||||||
ENABLED_ARC4="yes"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$ENABLED_ARC4" = "no"
|
if test "$ENABLED_ARC4" = "no"
|
||||||
then
|
then
|
||||||
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
|
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
|
||||||
@@ -4415,7 +4413,7 @@ fi
|
|||||||
|
|
||||||
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
|
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
|
||||||
then
|
then
|
||||||
ENABLED_ARC4="yes"
|
test "$enable_arc4" = "" && enable_arc4=yes
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test "$ENABLED_ARC4" = "no"
|
if test "$ENABLED_ARC4" = "no"
|
||||||
@@ -6378,6 +6376,15 @@ fi
|
|||||||
if test "x$ENABLED_CERTS" = "xno" || test "x$ENABLED_LEANPSK" = "xyes" || test "x$ENABLED_ASN" = "xno"; then
|
if test "x$ENABLED_CERTS" = "xno" || test "x$ENABLED_LEANPSK" = "xyes" || test "x$ENABLED_ASN" = "xno"; then
|
||||||
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
|
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Depricated Algorithm Handling
|
||||||
|
if test "$ENABLED_ARC4" = "yes"
|
||||||
|
then
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_RC4"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
# USER SETTINGS
|
# USER SETTINGS
|
||||||
|
|||||||
@@ -2497,6 +2497,19 @@ extern void uITRON4_free(void *p) ;
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------
|
||||||
|
* Depricated Algorithm Handling
|
||||||
|
* Unless allowed via a build macro, disable support
|
||||||
|
* ---------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
/* RC4: Per RFC7465 Feb 2015, the cipher suite has been deprecated due to a
|
||||||
|
* number of exploits capable of decrypting portions of encrypted messages. */
|
||||||
|
#ifndef WOLFSSL_ALLOW_RC4
|
||||||
|
#undef NO_RC4
|
||||||
|
#define NO_RC4
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
} /* extern "C" */
|
} /* extern "C" */
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user