From 7914938e607ff91436177b154de87b6926cfb045 Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 11 Mar 2013 17:37:08 -0700 Subject: [PATCH] --enable-md5 and build, needs NO_OLD_TLS, suite test version check --- configure.ac | 23 +++++++++++++++++++++++ cyassl/internal.h | 6 ++++-- src/include.am | 5 ++++- tests/suites.c | 34 ++++++++++++++++++++++++++++++++++ 4 files changed, 65 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index b5ee2e061..91067a6cb 100644 --- a/configure.ac +++ b/configure.ac @@ -551,6 +551,28 @@ fi AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"]) +# MD5 +AC_ARG_ENABLE([md5], + [ --enable-md5 Enable MD5 (default: enabled)], + [ ENABLED_MD5=$enableval ], + [ ENABLED_MD5=yes ] + ) + +if test "$ENABLED_MD5" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" +else + # turn off MD5 if leanpsk on + if test "$ENABLED_LEANPSK" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" + ENABLED_MD5=no + fi +fi + +AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"]) + + # MD4 AC_ARG_ENABLE([md4], [ --enable-md4 Enable MD4 (default: disabled)], @@ -985,6 +1007,7 @@ echo " * AES-NI: $ENABLED_AESNI" echo " * AES-GCM: $ENABLED_AESGCM" echo " * AES-CCM: $ENABLED_AESCCM" echo " * Camellia: $ENABLED_CAMELLIA" +echo " * MD5: $ENABLED_MD5" echo " * RIPEMD: $ENABLED_RIPEMD" echo " * SHA-512: $ENABLED_SHA512" echo " * keygen: $ENABLED_KEYGEN" diff --git a/cyassl/internal.h b/cyassl/internal.h index becf5adcd..6c386d71f 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -138,8 +138,10 @@ void c32to24(word32 in, word24 out); #if !defined(NO_SHA) #define BUILD_SSL_RSA_WITH_RC4_128_SHA #endif - #define BUILD_SSL_RSA_WITH_RC4_128_MD5 - #if !defined(NO_TLS) && defined(HAVE_NTRU) + #if !defined(NO_MD5) + #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #endif + #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA #endif #endif diff --git a/src/include.am b/src/include.am index bd50a2eeb..b653ecd8d 100644 --- a/src/include.am +++ b/src/include.am @@ -23,7 +23,6 @@ src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS) if !BUILD_LEANPSK src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c \ ctaocrypt/src/coding.c \ - ctaocrypt/src/md5.c \ ctaocrypt/src/asn.c \ ctaocrypt/src/dh.c \ ctaocrypt/src/memory.c @@ -45,6 +44,10 @@ if BUILD_MD4 src_libcyassl_la_SOURCES += ctaocrypt/src/md4.c endif +if BUILD_MD5 +src_libcyassl_la_SOURCES += ctaocrypt/src/md5.c +endif + if BUILD_PWDBASED src_libcyassl_la_SOURCES += ctaocrypt/src/pwdbased.c endif diff --git a/tests/suites.c b/tests/suites.c index e5f1fd163..156c536cb 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -34,6 +34,7 @@ #define MAX_COMMAND_SZ 240 #define MAX_SUITE_SZ 80 #define NOT_BUILT_IN -123 +#define VERSION_TOO_OLD -124 #include "examples/client/client.h" #include "examples/server/server.h" @@ -41,6 +42,30 @@ CYASSL_CTX* cipherSuiteCtx = NULL; + +#ifdef NO_OLD_TLS +/* if the protcol versoin is less than tls 1.2 return 1, else 0 */ +static int IsOldTlsVersion(const char* line) +{ + const char* find = "-v "; + char* begin = strnstr(line, find, MAX_COMMAND_SZ); + + if (begin) { + int version = -1; + + begin += 3; + + version = atoi(begin); + + if (version < 3) + return 1; + } + + return 0; +} +#endif /* NO_OLD_TLS */ + + /* if the cipher suite on line is valid store in suite and return 1, else 0 */ static int IsValidCipherSuite(const char* line, char* suite) { @@ -116,6 +141,15 @@ static int execute_test_case(int svr_argc, char** svr_argv, return NOT_BUILT_IN; } +#ifdef NO_OLD_TLS + if (IsOldTlsVersion(commandLine) == 1) { + #ifdef DEBUG_SUITE_TESTS + printf("protocol version on line %s is too old\n", commandLine); + #endif + return VERSION_TOO_OLD; + } +#endif + if (addNoVerify) { printf("repeating test with client cert request off\n"); added += 4; /* -d plus space plus terminator */