feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

1. HAVE_AEAD and HAVE_PFS should be set in internal.h, not CFLAGS

Browse Source 
2. Added WOLFSSL_MAX_STRENGTH as option in settings.h for non-autoconf
3. When selecting max-strength cipher suites, ECDHE is only dependent on
   ECC, not DH
This commit is contained in:
John Safranek
2015-04-01 13:35:13 -07:00
parent 5ecbe14d2c
commit 3039d16e09
3 changed files with 24 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
configure.ac
View File

@ -1866,17 +1866,6 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"], AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"]) [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" || \
test "x$ENABLED_AESGCM" = "xyes" || \
test "x$ENABLED_AESCCM" = "xyes" || \
test "x$ENABLED_CHACHA" = "xyes" || \
test "x$ENABLED_POLY1305" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_AEAD"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" || \
test "x$ENABLED_DH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_PFS"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_OLD_TLS" = "xyes"], test "x$ENABLED_OLD_TLS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"

21
wolfssl/internal.h
View File

@ -459,7 +459,7 @@ typedef byte word24[3];
#endif #endif
#endif #endif
#if defined(HAVE_ECC) && !defined(NO_DH) && !defined(NO_TLS) && !defined(NO_AES) #if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
#ifndef NO_SHA256 #ifndef NO_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
@ -480,16 +480,14 @@ typedef byte word24[3];
#endif #endif
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) && \ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
!defined(NO_DH)
#ifdef HAVE_ECC #ifdef HAVE_ECC
#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#ifndef NO_RSA #ifndef NO_RSA
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif #endif
#endif #endif
#ifndef NO_RSA #if !defined(NO_DH) && !defined(NO_RSA)
#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif #endif
#endif #endif
@ -550,6 +548,19 @@ typedef byte word24[3];
#define CHACHA20_BLOCK_SIZE 16 #define CHACHA20_BLOCK_SIZE 16
#endif #endif
#if defined(WOLFSSL_MAX_STRENGTH) || \
defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
#define HAVE_AEAD
#endif
#if defined(WOLFSSL_MAX_STRENGTH) || \
defined(HAVE_ECC) || !defined(NO_DH)
#define HAVE_PFS
#endif
/* actual cipher values, 2nd byte */ /* actual cipher values, 2nd byte */
enum { enum {

8
wolfssl/wolfcrypt/settings.h
View File

@ -30,6 +30,9 @@
extern "C" { extern "C" {
#endif #endif
/* Uncomment next line if using Max Strength build */
/* #define WOLFSSL_MAX_STRENGTH */
/* Uncomment next line if using IPHONE */ /* Uncomment next line if using IPHONE */
/* #define IPHONE */ /* #define IPHONE */
@ -107,6 +110,11 @@
#include <wolfssl/wolfcrypt/visibility.h> #include <wolfssl/wolfcrypt/visibility.h>
#ifdef WOLFSSL_MAX_STRENGTH
#undef NO_OLD_TLS
#define NO_OLD_TLS
#endif
#ifdef IPHONE #ifdef IPHONE
#define SIZEOF_LONG_LONG 8 #define SIZEOF_LONG_LONG 8
#endif #endif