feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for building with TLS 1.3 only when AES CBC is enabled. Algorithm is allowed to be enabled, but the AES CBC cipher suites should not be. Fixed AEAD enable to check AES CBC based on HAVE_AES_CBC define.

Browse Source
This commit is contained in:
David Garske
2018-08-20 16:29:48 -07:00
parent b12386fbb1
commit 389f56b5c7
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
wolfssl/internal.h
View File

@ -249,6 +249,11 @@
#ifndef WOLFSSL_MAX_STRENGTH #ifndef WOLFSSL_MAX_STRENGTH
#ifdef WOLFSSL_AEAD_ONLY
/* AES CBC ciphers are not allowed in AEAD only mode */
#undef HAVE_AES_CBC
#endif
#ifndef WOLFSSL_AEAD_ONLY #ifndef WOLFSSL_AEAD_ONLY
#if !defined(NO_RSA) && !defined(NO_RC4) #if !defined(NO_RSA) && !defined(NO_RC4)
#if defined(WOLFSSL_STATIC_RSA) #if defined(WOLFSSL_STATIC_RSA)
@ -282,7 +287,7 @@
#define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
#endif #endif
#endif #endif
#endif #endif /* !WOLFSSL_AEAD_ONLY */
#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(HAVE_AES_CBC)

2
wolfssl/wolfcrypt/settings.h
View File

@ -1548,7 +1548,7 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \ #if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \
(defined(NO_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \ (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
!defined(HAVE_IDEA) && !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128)) !defined(HAVE_IDEA) && !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128))
#define WOLFSSL_AEAD_ONLY #define WOLFSSL_AEAD_ONLY
#endif #endif