feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Disable DES3 by default. Force it enabled when it is a prereq for

Browse Source 
another option. (SCEP and PKCS7)
This commit is contained in:
John Safranek
2016-09-15 11:17:30 -07:00
parent 01be5cdc07
commit 2d4757b446
1 changed files with 65 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
configure.ac
View File

@@ -348,7 +348,7 @@ AC_ARG_ENABLE([leanpsk],
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
ENABLED_SLOWMATH="no" ENABLED_SLOWMATH="no"
ENABLED_SINGLETHREADED="yes" ENABLED_SINGLETHREADED="yes"
fi fi
@@ -365,7 +365,7 @@ AC_ARG_ENABLE([leantls],
if test "$ENABLED_LEANTLS" = "yes" if test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_DES3 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY"
fi fi
AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"]) AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"])
@@ -1309,25 +1309,11 @@ fi
# DES3 # DES3
AC_ARG_ENABLE([des3], AC_ARG_ENABLE([des3],
[ --enable-des3 Enable DES3 (default: enabled)], [AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
[ ENABLED_DES3=$enableval ], [ ENABLED_DES3=$enableval ],
[ ENABLED_DES3=yes ] [ ENABLED_DES3=no ]
) )
if test "$ENABLED_DES3" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
# IDEA # IDEA
AC_ARG_ENABLE([idea], AC_ARG_ENABLE([idea],
@@ -1953,9 +1939,9 @@ fi
# Supported Elliptic Curves Extensions # Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves], AC_ARG_ENABLE([supportedcurves],
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: disabled)])], [AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
[ ENABLED_SUPPORTED_CURVES=$enableval ], [ ENABLED_SUPPORTED_CURVES=$enableval ],
[ ENABLED_SUPPORTED_CURVES=no ] [ ENABLED_SUPPORTED_CURVES=yes ]
) )
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes" if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
@@ -1994,18 +1980,11 @@ fi
# PKCS7 # PKCS7
AC_ARG_ENABLE([pkcs7], AC_ARG_ENABLE([pkcs7],
[ --enable-pkcs7 Enable PKCS7 (default: disabled)], [AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
[ ENABLED_PKCS7=$enableval ], [ ENABLED_PKCS7=$enableval ],
[ ENABLED_PKCS7=no ], [ ENABLED_PKCS7=no ],
) )
if test "$ENABLED_PKCS7" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
fi
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
# Simple Certificate Enrollment Protocol (SCEP) # Simple Certificate Enrollment Protocol (SCEP)
AC_ARG_ENABLE([scep], AC_ARG_ENABLE([scep],
@@ -2013,37 +1992,6 @@ AC_ARG_ENABLE([scep],
[ ENABLED_WOLFSCEP=$enableval ], [ ENABLED_WOLFSCEP=$enableval ],
[ ENABLED_WOLFSCEP=no ] [ ENABLED_WOLFSCEP=no ]
) )
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
# Secure Remote Password # Secure Remote Password
@@ -2906,6 +2854,11 @@ AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
test "x$ENABLED_RSA" = "xno"], test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling sniffer.])]) [AC_MSG_ERROR([please enable rsa if enabling sniffer.])])
# Lean TLS forces off prereqs of SCEP.
AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
test "x$ENABLED_LEANTLS" = "xyes"],
[AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
# CMAC currently requires AES. # CMAC currently requires AES.
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \ AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
test "x$ENABLED_AES" = "xno"], test "x$ENABLED_AES" = "xno"],
@@ -2915,6 +2868,59 @@ AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
# Update CFLAGS based on options # # Update CFLAGS based on options #
################################################################################ ################################################################################
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
if test "x$ENABLED_PKCS7" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
# Enable prereqs if not already enabled
AS_IF([test "x$ENABLED_DES3" = "xno"],
[ENABLED_DES3=yes])
fi
if test "x$ENABLED_DES3" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"], AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"]) [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])