From 3039d16e0959c8c2c44ecedd67f27eafc6b5291f Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 1 Apr 2015 13:35:13 -0700 Subject: [PATCH] 1. HAVE_AEAD and HAVE_PFS should be set in internal.h, not CFLAGS 2. Added WOLFSSL_MAX_STRENGTH as option in settings.h for non-autoconf 3. When selecting max-strength cipher suites, ECDHE is only dependent on ECC, not DH --- configure.ac | 11 ----------- wolfssl/internal.h | 21 ++++++++++++++++----- wolfssl/wolfcrypt/settings.h | 8 ++++++++ 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac index d2b78f39d..be2811325 100644 --- a/configure.ac +++ b/configure.ac @@ -1866,17 +1866,6 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"]) -AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" || \ - test "x$ENABLED_AESGCM" = "xyes" || \ - test "x$ENABLED_AESCCM" = "xyes" || \ - test "x$ENABLED_CHACHA" = "xyes" || \ - test "x$ENABLED_POLY1305" = "xyes"], - [AM_CFLAGS="$AM_CFLAGS -DHAVE_AEAD"]) - -AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" || \ - test "x$ENABLED_DH" = "xyes"], - [AM_CFLAGS="$AM_CFLAGS -DHAVE_PFS"]) - AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ test "x$ENABLED_OLD_TLS" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ee056b850..410b403de 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -459,7 +459,7 @@ typedef byte word24[3]; #endif #endif -#if defined(HAVE_ECC) && !defined(NO_DH) && !defined(NO_TLS) && !defined(NO_AES) +#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES) #ifdef HAVE_AESGCM #ifndef NO_SHA256 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 @@ -480,16 +480,14 @@ typedef byte word24[3]; #endif #endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) && \ - !defined(NO_DH) - +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) #ifdef HAVE_ECC #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 #ifndef NO_RSA #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #endif #endif - #ifndef NO_RSA + #if !defined(NO_DH) && !defined(NO_RSA) #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #endif #endif @@ -550,6 +548,19 @@ typedef byte word24[3]; #define CHACHA20_BLOCK_SIZE 16 #endif +#if defined(WOLFSSL_MAX_STRENGTH) || \ + defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) + + #define HAVE_AEAD +#endif + +#if defined(WOLFSSL_MAX_STRENGTH) || \ + defined(HAVE_ECC) || !defined(NO_DH) + + #define HAVE_PFS +#endif + /* actual cipher values, 2nd byte */ enum { diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 39b75f8e9..1bcc8794c 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -30,6 +30,9 @@ extern "C" { #endif +/* Uncomment next line if using Max Strength build */ +/* #define WOLFSSL_MAX_STRENGTH */ + /* Uncomment next line if using IPHONE */ /* #define IPHONE */ @@ -107,6 +110,11 @@ #include +#ifdef WOLFSSL_MAX_STRENGTH + #undef NO_OLD_TLS + #define NO_OLD_TLS +#endif + #ifdef IPHONE #define SIZEOF_LONG_LONG 8 #endif