wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).

Browse Source
This commit is contained in:
David Garske
2016-02-12 14:30:26 -08:00
parent 375d85fe9a
commit 8e8ee45828
3 changed files with 53 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
configure.ac
View File

@@ -256,6 +256,21 @@ fi
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"]) AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
AC_ARG_ENABLE([leantls],
[ --enable-leantls Enable Lean TLS build (default: disabled)],
[ ENABLED_LEANTLS=$enableval ],
[ ENABLED_LEANTLS=no ]
)
if test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_FILESYSTEM -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY -DNO_CODING"
fi
AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"])
# big cache # big cache
AC_ARG_ENABLE([bigcache], AC_ARG_ENABLE([bigcache],
[ --enable-bigcache Enable big session cache (default: disabled)], [ --enable-bigcache Enable big session cache (default: disabled)],
@@ -354,7 +369,7 @@ AC_ARG_ENABLE([sniffer],
[ ENABLED_SNIFFER=no ] [ ENABLED_SNIFFER=no ]
) )
# sniffer does't work in maxstrength mode # sniffer doesn't work in maxstrength mode
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes" if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
then then
AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.]) AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
@@ -380,8 +395,8 @@ AC_ARG_ENABLE([aesgcm],
[ ENABLED_AESGCM=yes ] [ ENABLED_AESGCM=yes ]
) )
# lean psk does't need gcm # leanpsk and leantls don't need gcm
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
ENABLED_AESGCM=no ENABLED_AESGCM=no
fi fi
@@ -566,8 +581,8 @@ AC_ARG_ENABLE([sha512],
[ ENABLED_SHA512=$SHA512_DEFAULT ] [ ENABLED_SHA512=$SHA512_DEFAULT ]
) )
# lean psk does't need sha512 # leanpsk and leantls don't need sha512
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
ENABLED_SHA512=no ENABLED_SHA512=no
fi fi
@@ -723,7 +738,7 @@ AC_ARG_ENABLE([ecc],
[ ENABLED_ECC=$ECC_DEFAULT ] [ ENABLED_ECC=$ECC_DEFAULT ]
) )
# lean psk does't need ecc # lean psk doesn't need ecc
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes"
then then
ENABLED_ECC=no ENABLED_ECC=no
@@ -742,12 +757,6 @@ fi
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"]) AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
fi
# for using memory optimization setting on both curve25519 and ed25519 # for using memory optimization setting on both curve25519 and ed25519
ENABLED_CURVED25519_SMALL=no ENABLED_CURVED25519_SMALL=no
@@ -874,8 +883,8 @@ if test "$ENABLED_ERROR_STRINGS" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS" AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
else else
# turn off error strings if leanpsk on # turn off error strings if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS" AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
ENABLED_ERROR_STRINGS=no ENABLED_ERROR_STRINGS=no
@@ -894,8 +903,8 @@ if test "$ENABLED_OLD_TLS" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
else else
# turn off old if leanpsk on # turn off old if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no ENABLED_OLD_TLS=no
@@ -942,8 +951,8 @@ if test "$ENABLED_MEMORY" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY" AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
else else
# turn off memory cb if leanpsk on # turn off memory cb if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
# but don't turn on NO_WOLFSSL_MEMORY because using own # but don't turn on NO_WOLFSSL_MEMORY because using own
ENABLED_MEMORY=no ENABLED_MEMORY=no
@@ -964,8 +973,8 @@ if test "$ENABLED_RSA" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA" AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
else else
# turn off RSA if leanpsk on # turn off RSA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA" AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no ENABLED_RSA=no
@@ -991,8 +1000,8 @@ if test "$ENABLED_DH" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_DH" AM_CFLAGS="$AM_CFLAGS -DNO_DH"
else else
# turn off DH if leanpsk on # turn off DH if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_DH" AM_CFLAGS="$AM_CFLAGS -DNO_DH"
ENABLED_DH=no ENABLED_DH=no
@@ -1115,8 +1124,8 @@ if test "$ENABLED_CODING" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING" AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
else else
# turn off CODING if leanpsk on # turn off CODING if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING" AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
ENABLED_CODING=no ENABLED_CODING=no
@@ -1137,8 +1146,8 @@ if test "$ENABLED_DES3" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3" AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else else
# turn off DES3 if leanpsk on # turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3" AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no ENABLED_DES3=no
@@ -1180,8 +1189,8 @@ if test "$ENABLED_ARC4" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4" AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
else else
# turn off ARC4 if leanpsk on # turn off ARC4 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4" AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
ENABLED_ARC4=no ENABLED_ARC4=no
@@ -1202,8 +1211,8 @@ if test "$ENABLED_MD5" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
else else
# turn off MD5 if leanpsk on # turn off MD5 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
ENABLED_MD5=no ENABLED_MD5=no
@@ -1224,8 +1233,8 @@ if test "$ENABLED_SHA" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS" AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
else else
# turn off SHA if leanpsk on # turn off SHA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS" AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
ENABLED_SHA=no ENABLED_SHA=no
@@ -1332,8 +1341,8 @@ AC_ARG_ENABLE([poly1305],
[ ENABLED_POLY1305=$POLY1305_DEFAULT] [ ENABLED_POLY1305=$POLY1305_DEFAULT]
) )
# lean psk does't need poly1305 # leanpsk and leantls don't need poly1305
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
ENABLED_POLY1305=no ENABLED_POLY1305=no
fi fi
@@ -1361,8 +1370,8 @@ AC_ARG_ENABLE([chacha],
[ ENABLED_CHACHA=$CHACHA_DEFAULT] [ ENABLED_CHACHA=$CHACHA_DEFAULT]
) )
# lean psk does't need chacha # leanpsk and leantls don't need chacha
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
ENABLED_CHACHA=no ENABLED_CHACHA=no
fi fi
@@ -1406,8 +1415,8 @@ if test "$ENABLED_FILESYSTEM" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
else else
# turn off filesystem if leanpsk on # turn off filesystem if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
ENABLED_FILESYSTEM=no ENABLED_FILESYSTEM=no
@@ -1636,10 +1645,6 @@ AC_ARG_WITH([ntru],
AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"]) AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
fi
# SNI # SNI
AC_ARG_ENABLE([sni], AC_ARG_ENABLE([sni],
@@ -2759,6 +2764,7 @@ echo " * MD4: $ENABLED_MD4"
echo " * PSK: $ENABLED_PSK" echo " * PSK: $ENABLED_PSK"
echo " * Poly1305: $ENABLED_POLY1305" echo " * Poly1305: $ENABLED_POLY1305"
echo " * LEANPSK: $ENABLED_LEANPSK" echo " * LEANPSK: $ENABLED_LEANPSK"
echo " * LEANTLS: $ENABLED_LEANTLS"
echo " * RSA: $ENABLED_RSA" echo " * RSA: $ENABLED_RSA"
echo " * DSA: $ENABLED_DSA" echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH" echo " * DH: $ENABLED_DH"

7
src/internal.c
View File

@@ -142,10 +142,9 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
#ifndef NO_CERTS #ifndef NO_CERTS
static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
#endif
static void PickHashSigAlgo(WOLFSSL* ssl, static void PickHashSigAlgo(WOLFSSL* ssl,
const byte* hashSigAlgo, word32 hashSigAlgoSz); const byte* hashSigAlgo, word32 hashSigAlgoSz);
#endif
#ifdef HAVE_QSH #ifdef HAVE_QSH
int QSH_Init(WOLFSSL* ssl); int QSH_Init(WOLFSSL* ssl);
@@ -10594,7 +10593,7 @@ int SetCipherList(Suites* suites, const char* list)
return ret; return ret;
} }
#ifndef NO_CERTS
static void PickHashSigAlgo(WOLFSSL* ssl, static void PickHashSigAlgo(WOLFSSL* ssl,
const byte* hashSigAlgo, word32 hashSigAlgoSz) const byte* hashSigAlgo, word32 hashSigAlgoSz)
{ {
@@ -10630,7 +10629,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
} }
} }
} }
#endif
#ifdef WOLFSSL_CALLBACKS #ifdef WOLFSSL_CALLBACKS

4
wolfcrypt/src/asn.c
View File

@@ -4908,7 +4908,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
#endif #endif
#ifdef WOLFCRYPT_ONLY #if defined(WOLFCRYPT_ONLY) || defined(NO_CERTS)
/* dummy functions, not using wolfSSL so don't need actual ones */ /* dummy functions, not using wolfSSL so don't need actual ones */
Signer* GetCA(void* signers, byte* hash) Signer* GetCA(void* signers, byte* hash)
@@ -4927,7 +4927,7 @@ Signer* GetCAByName(void* signers, byte* hash)
} }
#endif /* NO_SKID */ #endif /* NO_SKID */
#endif /* WOLFCRYPT_ONLY */ #endif /* WOLFCRYPT_ONLY || NO_CERTS */
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)