wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

NTRU suites considered part of static RSA suites group

Browse Source
This commit is contained in:
Jacob Barthelmeh
2015-12-22 15:19:11 -07:00
parent 0721b79282
commit 41f50b7a73
4 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README
View File

@@ -12,7 +12,9 @@ key cipher suites with
WOLFSSL_STATIC_PSK WOLFSSL_STATIC_PSK
though static key cipher suites are deprecated and will be removed from future though static key cipher suites are deprecated and will be removed from future
versions of TLS. They also lower your security by removing PFS. versions of TLS. They also lower your security by removing PFS. Since current
NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
used in order to build with NTRU suites.
When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES

2
examples/echoserver/echoserver.c
View File

@@ -152,7 +152,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
if (doPSK == 0) { if (doPSK == 0) {
#ifdef HAVE_NTRU #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
/* ntru */ /* ntru */
if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM) if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) != SSL_SUCCESS)

8
wolfssl/internal.h
View File

@@ -229,7 +229,8 @@ typedef byte word24[3];
#define BUILD_SSL_RSA_WITH_RC4_128_MD5 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
#endif #endif
#endif #endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
&& defined(WOLFSSL_STATIC_RSA)
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
#endif #endif
#endif #endif
@@ -239,7 +240,8 @@ typedef byte word24[3];
#if defined(WOLFSSL_STATIC_RSA) #if defined(WOLFSSL_STATIC_RSA)
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#endif #endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) #if !defined(NO_TLS) && defined(HAVE_NTRU) \
&& defined(WOLFSSL_STATIC_RSA)
#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
#endif #endif
#endif #endif
@@ -257,7 +259,7 @@ typedef byte word24[3];
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#endif #endif
#if defined(HAVE_NTRU) #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
#endif #endif

5
wolfssl/test.h
View File

@@ -455,7 +455,12 @@ static INLINE void showPeer(WOLFSSL* ssl)
printf("SSL version is %s\n", wolfSSL_get_version(ssl)); printf("SSL version is %s\n", wolfSSL_get_version(ssl));
cipher = wolfSSL_get_current_cipher(ssl); cipher = wolfSSL_get_current_cipher(ssl);
#ifdef HAVE_QSH
printf("SSL cipher suite is %s%s\n", (wolfSSL_isQSH(ssl))? "QSH:": "",
wolfSSL_CIPHER_get_name(cipher));
#else
printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher)); printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
#endif
#if defined(SESSION_CERTS) && defined(SHOW_CERTS) #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
{ {