forked from wolfSSL/wolfssl
disable static rsa cipher suites in non max strength build by default
This commit is contained in:
toddouska
@ -211,11 +211,13 @@ typedef byte word24[3];
|
||||
#ifndef WOLFSSL_MAX_STRENGTH
|
||||
|
||||
#if !defined(NO_RSA) && !defined(NO_RC4)
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_SSL_RSA_WITH_RC4_128_SHA
|
||||
#endif
|
||||
#if !defined(NO_MD5)
|
||||
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
|
||||
#if defined(WOLFSSL_STATIC_RSA)
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_SSL_RSA_WITH_RC4_128_SHA
|
||||
#endif
|
||||
#if !defined(NO_MD5)
|
||||
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
|
||||
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
|
||||
@ -224,7 +226,9 @@ typedef byte word24[3];
|
||||
|
||||
#if !defined(NO_RSA) && !defined(NO_DES3)
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#if defined(WOLFSSL_STATIC_RSA)
|
||||
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#endif
|
||||
#if !defined(NO_TLS) && defined(HAVE_NTRU)
|
||||
#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#endif
|
||||
@ -233,43 +237,49 @@ typedef byte word24[3];
|
||||
|
||||
#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
|
||||
#if defined(WOLFSSL_STATIC_RSA)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
|
||||
#endif
|
||||
#if defined(HAVE_NTRU)
|
||||
#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
|
||||
#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
|
||||
#endif
|
||||
#endif
|
||||
#if !defined (NO_SHA256)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
#endif
|
||||
#if defined (HAVE_AESGCM)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||
#if defined (WOLFSSL_SHA384)
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
#if defined(WOLFSSL_STATIC_RSA)
|
||||
#if !defined (NO_SHA256)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
#endif
|
||||
#if defined (HAVE_AESGCM)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||
#if defined (WOLFSSL_SHA384)
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
#endif
|
||||
#endif
|
||||
#if defined (HAVE_AESCCM)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
|
||||
#endif
|
||||
#if defined(HAVE_BLAKE2)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
|
||||
#endif
|
||||
#endif
|
||||
#if defined (HAVE_AESCCM)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
|
||||
#endif
|
||||
#if defined(HAVE_BLAKE2)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
|
||||
#ifndef NO_RSA
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
#endif
|
||||
#if defined(WOLFSSL_STATIC_RSA)
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_DH)
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
@ -310,11 +320,13 @@ typedef byte word24[3];
|
||||
|
||||
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
|
||||
#if !defined(NO_RSA)
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_TLS_RSA_WITH_NULL_SHA
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_RSA_WITH_NULL_SHA256
|
||||
#if defined(WOLFSSL_STATIC_RSA)
|
||||
#if !defined(NO_SHA)
|
||||
#define BUILD_TLS_RSA_WITH_NULL_SHA
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_RSA_WITH_NULL_SHA256
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_PSK)
|
||||
@ -330,6 +342,7 @@ typedef byte word24[3];
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_STATIC_RSA)
|
||||
#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
|
||||
#ifndef NO_MD5
|
||||
#define BUILD_TLS_RSA_WITH_HC_128_MD5
|
||||
@ -347,6 +360,7 @@ typedef byte word24[3];
|
||||
#define BUILD_TLS_RSA_WITH_RABBIT_SHA
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
|
||||
!defined(NO_RSA)
|
||||
|
||||
@ -114,6 +114,9 @@
|
||||
/* Uncomment next line to enable deprecated less secure static DH suites */
|
||||
/* #define WOLFSSL_STATIC_DH */
|
||||
|
||||
/* Uncomment next line to enable deprecated less secure static RSA suites */
|
||||
/* #define WOLFSSL_STATIC_RSA */
|
||||
|
||||
#include <wolfssl/wolfcrypt/visibility.h>
|
||||
|
||||
#ifdef WOLFSSL_USER_SETTINGS
|
||||
@ -813,6 +816,14 @@
|
||||
#define HAVE_HASHDRBG
|
||||
#endif
|
||||
|
||||
|
||||
/* sniffer requires static RSA cipher suites */
|
||||
#ifdef WOLFSSL_SNIFFER
|
||||
#ifndef WOLFSSL_STATIC_RSA
|
||||
#define WOLFSSL_STATIC_RSA
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Place any other flags or defines here */
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user