feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

disable static rsa cipher suites in non max strength build by default

Browse Source
This commit is contained in:
toddouska
2015-08-13 11:05:07 -07:00
parent 4eafff0c21
commit fb35dc61db
2 changed files with 58 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
wolfssl/internal.h
View File

@ -211,12 +211,14 @@ typedef byte word24[3];
#ifndef WOLFSSL_MAX_STRENGTH
#if !defined(NO_RSA) && !defined(NO_RC4)
#if defined(WOLFSSL_STATIC_RSA)
#if !defined(NO_SHA)
#define BUILD_SSL_RSA_WITH_RC4_128_SHA
#endif
#if !defined(NO_MD5)
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#endif
#endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
#endif
@ -224,7 +226,9 @@ typedef byte word24[3];
#if !defined(NO_RSA) && !defined(NO_DES3)
#if !defined(NO_SHA)
#if defined(WOLFSSL_STATIC_RSA)
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#if !defined(NO_TLS) && defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
#endif
@ -233,13 +237,16 @@ typedef byte word24[3];
#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
#if !defined(NO_SHA)
#if defined(WOLFSSL_STATIC_RSA)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#endif
#if defined(HAVE_NTRU)
#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
#endif
#endif
#if defined(WOLFSSL_STATIC_RSA)
#if !defined (NO_SHA256)
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
@ -259,9 +266,11 @@ typedef byte word24[3];
#define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
#endif
#endif
#endif
#if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
#ifndef NO_RSA
#if defined(WOLFSSL_STATIC_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
@ -270,6 +279,7 @@ typedef byte word24[3];
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif
#endif
#if !defined(NO_DH)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
@ -310,6 +320,7 @@ typedef byte word24[3];
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
#if !defined(NO_RSA)
#if defined(WOLFSSL_STATIC_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_RSA_WITH_NULL_SHA
#endif
@ -317,6 +328,7 @@ typedef byte word24[3];
#define BUILD_TLS_RSA_WITH_NULL_SHA256
#endif
#endif
#endif
#if !defined(NO_PSK)
#if !defined(NO_SHA)
#define BUILD_TLS_PSK_WITH_NULL_SHA
@ -330,6 +342,7 @@ typedef byte word24[3];
#endif
#endif
#if defined(WOLFSSL_STATIC_RSA)
#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
#ifndef NO_MD5
#define BUILD_TLS_RSA_WITH_HC_128_MD5
@ -347,6 +360,7 @@ typedef byte word24[3];
#define BUILD_TLS_RSA_WITH_RABBIT_SHA
#endif
#endif
#endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA)

11
wolfssl/wolfcrypt/settings.h
View File

@ -114,6 +114,9 @@
/* Uncomment next line to enable deprecated less secure static DH suites */
/* #define WOLFSSL_STATIC_DH */
/* Uncomment next line to enable deprecated less secure static RSA suites */
/* #define WOLFSSL_STATIC_RSA */
#include <wolfssl/wolfcrypt/visibility.h>
#ifdef WOLFSSL_USER_SETTINGS
@ -813,6 +816,14 @@
#define HAVE_HASHDRBG
#endif
/* sniffer requires static RSA cipher suites */
#ifdef WOLFSSL_SNIFFER
#ifndef WOLFSSL_STATIC_RSA
#define WOLFSSL_STATIC_RSA
#endif
#endif
/* Place any other flags or defines here */