NTRU suites considered part of static RSA suites group

2015-12-22 15:19:11 -07:00 · 2015-12-22 15:19:11 -07:00 · 41f50b7a73
commit 41f50b7a73
parent 0721b79282
4 changed files with 14 additions and 5 deletions
--- a/4
+++ b/4
@ -12,7 +12,9 @@ key cipher suites with
    WOLFSSL_STATIC_PSK

 though static key cipher suites are deprecated and will be removed from future
-versions of TLS.  They also lower your security by removing PFS.
+versions of TLS.  They also lower your security by removing PFS. Since current
+NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
+used in order to build with NTRU suites.

 When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
 are available.  You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@ -152,7 +152,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)

 #ifndef NO_FILESYSTEM
    if (doPSK == 0) {
-    #ifdef HAVE_NTRU
+    #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
        /* ntru */
        if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -229,7 +229,8 @@ typedef byte word24[3];
                #define BUILD_SSL_RSA_WITH_RC4_128_MD5
            #endif
        #endif
-        #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
+        #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
+            && defined(WOLFSSL_STATIC_RSA)
            #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
        #endif
    #endif
@ -239,7 +240,8 @@ typedef byte word24[3];
            #if defined(WOLFSSL_STATIC_RSA)
                #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
            #endif
-            #if !defined(NO_TLS) && defined(HAVE_NTRU)
+            #if !defined(NO_TLS) && defined(HAVE_NTRU) \
+                && defined(WOLFSSL_STATIC_RSA)
                    #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
            #endif
        #endif
@ -257,7 +259,7 @@ typedef byte word24[3];
                #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
                #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
            #endif
-            #if defined(HAVE_NTRU)
+            #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
                    #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
                    #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
            #endif
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@ -455,7 +455,12 @@ static INLINE void showPeer(WOLFSSL* ssl)
    printf("SSL version is %s\n", wolfSSL_get_version(ssl));

    cipher = wolfSSL_get_current_cipher(ssl);
+#ifdef HAVE_QSH
+    printf("SSL cipher suite is %s%s\n", (wolfSSL_isQSH(ssl))? "QSH:": "",
+            wolfSSL_CIPHER_get_name(cipher));
+#else
    printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
+#endif

 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
    {