1. HAVE_AEAD and HAVE_PFS should be set in internal.h, not CFLAGS

2. Added WOLFSSL_MAX_STRENGTH as option in settings.h for non-autoconf 3. When selecting max-strength cipher suites, ECDHE is only dependent on ECC, not DH
2015-04-01 13:35:13 -07:00 · 2015-04-01 13:35:13 -07:00 · 3039d16e09
commit 3039d16e09
parent 5ecbe14d2c
3 changed files with 24 additions and 16 deletions
--- a/configure.ac
+++ b/configure.ac
@ -1866,17 +1866,6 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
 AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])

-AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" || \
-       test "x$ENABLED_AESGCM" = "xyes" || \
-       test "x$ENABLED_AESCCM" = "xyes" || \
-       test "x$ENABLED_CHACHA" = "xyes" || \
-       test "x$ENABLED_POLY1305" = "xyes"],
-      [AM_CFLAGS="$AM_CFLAGS -DHAVE_AEAD"])
-
-AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" || \
-       test "x$ENABLED_DH" = "xyes"],
-      [AM_CFLAGS="$AM_CFLAGS -DHAVE_PFS"])
-
 AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
       test "x$ENABLED_OLD_TLS" = "xyes"],
      [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -459,7 +459,7 @@ typedef byte word24[3];
    #endif
 #endif

-#if defined(HAVE_ECC) && !defined(NO_DH) && !defined(NO_TLS) && !defined(NO_AES)
+#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES)
    #ifdef HAVE_AESGCM
        #ifndef NO_SHA256
            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
@ -480,16 +480,14 @@ typedef byte word24[3];
    #endif
 #endif

-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) && \
-    !defined(NO_DH)
-
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
    #ifdef HAVE_ECC
        #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        #ifndef NO_RSA
            #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        #endif
    #endif
-    #ifndef NO_RSA
+    #if !defined(NO_DH) && !defined(NO_RSA)
        #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    #endif
 #endif
@ -550,6 +548,19 @@ typedef byte word24[3];
    #define CHACHA20_BLOCK_SIZE 16
 #endif

+#if defined(WOLFSSL_MAX_STRENGTH) || \
+    defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
+    (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
+
+    #define HAVE_AEAD
+#endif
+
+#if defined(WOLFSSL_MAX_STRENGTH) || \
+    defined(HAVE_ECC) || !defined(NO_DH)
+
+    #define HAVE_PFS
+#endif
+

 /* actual cipher values, 2nd byte */
 enum {
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -30,6 +30,9 @@
    extern "C" {
 #endif

+/* Uncomment next line if using Max Strength build */
+/* #define WOLFSSL_MAX_STRENGTH */
+
 /* Uncomment next line if using IPHONE */
 /* #define IPHONE */

@ -107,6 +110,11 @@

 #include <wolfssl/wolfcrypt/visibility.h>

+#ifdef WOLFSSL_MAX_STRENGTH
+    #undef NO_OLD_TLS
+    #define NO_OLD_TLS
+#endif
+
 #ifdef IPHONE
    #define SIZEOF_LONG_LONG 8
 #endif