mirror of https://github.com/wolfSSL/wolfssl
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
This commit is contained in:
parent
375d85fe9a
commit
8e8ee45828
90
configure.ac
90
configure.ac
|
@ -256,6 +256,21 @@ fi
|
|||
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
|
||||
|
||||
|
||||
# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
|
||||
AC_ARG_ENABLE([leantls],
|
||||
[ --enable-leantls Enable Lean TLS build (default: disabled)],
|
||||
[ ENABLED_LEANTLS=$enableval ],
|
||||
[ ENABLED_LEANTLS=no ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_FILESYSTEM -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY -DNO_CODING"
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"])
|
||||
|
||||
|
||||
# big cache
|
||||
AC_ARG_ENABLE([bigcache],
|
||||
[ --enable-bigcache Enable big session cache (default: disabled)],
|
||||
|
@ -354,7 +369,7 @@ AC_ARG_ENABLE([sniffer],
|
|||
[ ENABLED_SNIFFER=no ]
|
||||
)
|
||||
|
||||
# sniffer does't work in maxstrength mode
|
||||
# sniffer doesn't work in maxstrength mode
|
||||
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
|
||||
then
|
||||
AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
|
||||
|
@ -380,8 +395,8 @@ AC_ARG_ENABLE([aesgcm],
|
|||
[ ENABLED_AESGCM=yes ]
|
||||
)
|
||||
|
||||
# lean psk does't need gcm
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# leanpsk and leantls don't need gcm
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
ENABLED_AESGCM=no
|
||||
fi
|
||||
|
@ -566,8 +581,8 @@ AC_ARG_ENABLE([sha512],
|
|||
[ ENABLED_SHA512=$SHA512_DEFAULT ]
|
||||
)
|
||||
|
||||
# lean psk does't need sha512
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# leanpsk and leantls don't need sha512
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
ENABLED_SHA512=no
|
||||
fi
|
||||
|
@ -723,7 +738,7 @@ AC_ARG_ENABLE([ecc],
|
|||
[ ENABLED_ECC=$ECC_DEFAULT ]
|
||||
)
|
||||
|
||||
# lean psk does't need ecc
|
||||
# lean psk doesn't need ecc
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
then
|
||||
ENABLED_ECC=no
|
||||
|
@ -742,12 +757,6 @@ fi
|
|||
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
|
||||
|
||||
|
||||
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
|
||||
then
|
||||
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
|
||||
fi
|
||||
|
||||
|
||||
# for using memory optimization setting on both curve25519 and ed25519
|
||||
ENABLED_CURVED25519_SMALL=no
|
||||
|
||||
|
@ -874,8 +883,8 @@ if test "$ENABLED_ERROR_STRINGS" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
|
||||
else
|
||||
# turn off error strings if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off error strings if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
|
||||
ENABLED_ERROR_STRINGS=no
|
||||
|
@ -894,8 +903,8 @@ if test "$ENABLED_OLD_TLS" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
|
||||
else
|
||||
# turn off old if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off old if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
|
||||
ENABLED_OLD_TLS=no
|
||||
|
@ -942,8 +951,8 @@ if test "$ENABLED_MEMORY" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
|
||||
else
|
||||
# turn off memory cb if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off memory cb if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
# but don't turn on NO_WOLFSSL_MEMORY because using own
|
||||
ENABLED_MEMORY=no
|
||||
|
@ -964,8 +973,8 @@ if test "$ENABLED_RSA" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
|
||||
else
|
||||
# turn off RSA if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off RSA if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
|
||||
ENABLED_RSA=no
|
||||
|
@ -991,8 +1000,8 @@ if test "$ENABLED_DH" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
|
||||
else
|
||||
# turn off DH if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off DH if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
|
||||
ENABLED_DH=no
|
||||
|
@ -1115,8 +1124,8 @@ if test "$ENABLED_CODING" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
|
||||
else
|
||||
# turn off CODING if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off CODING if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
|
||||
ENABLED_CODING=no
|
||||
|
@ -1137,8 +1146,8 @@ if test "$ENABLED_DES3" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
|
||||
else
|
||||
# turn off DES3 if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off DES3 if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
|
||||
ENABLED_DES3=no
|
||||
|
@ -1180,8 +1189,8 @@ if test "$ENABLED_ARC4" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
|
||||
else
|
||||
# turn off ARC4 if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off ARC4 if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
|
||||
ENABLED_ARC4=no
|
||||
|
@ -1202,8 +1211,8 @@ if test "$ENABLED_MD5" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
|
||||
else
|
||||
# turn off MD5 if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off MD5 if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
|
||||
ENABLED_MD5=no
|
||||
|
@ -1224,8 +1233,8 @@ if test "$ENABLED_SHA" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
|
||||
else
|
||||
# turn off SHA if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off SHA if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
|
||||
ENABLED_SHA=no
|
||||
|
@ -1332,8 +1341,8 @@ AC_ARG_ENABLE([poly1305],
|
|||
[ ENABLED_POLY1305=$POLY1305_DEFAULT]
|
||||
)
|
||||
|
||||
# lean psk does't need poly1305
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# leanpsk and leantls don't need poly1305
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
ENABLED_POLY1305=no
|
||||
fi
|
||||
|
@ -1361,8 +1370,8 @@ AC_ARG_ENABLE([chacha],
|
|||
[ ENABLED_CHACHA=$CHACHA_DEFAULT]
|
||||
)
|
||||
|
||||
# lean psk does't need chacha
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# leanpsk and leantls don't need chacha
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
ENABLED_CHACHA=no
|
||||
fi
|
||||
|
@ -1406,8 +1415,8 @@ if test "$ENABLED_FILESYSTEM" = "no"
|
|||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
|
||||
else
|
||||
# turn off filesystem if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
# turn off filesystem if leanpsk or leantls on
|
||||
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
|
||||
ENABLED_FILESYSTEM=no
|
||||
|
@ -1636,10 +1645,6 @@ AC_ARG_WITH([ntru],
|
|||
|
||||
AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
|
||||
|
||||
if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
|
||||
then
|
||||
AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
|
||||
fi
|
||||
|
||||
# SNI
|
||||
AC_ARG_ENABLE([sni],
|
||||
|
@ -2759,6 +2764,7 @@ echo " * MD4: $ENABLED_MD4"
|
|||
echo " * PSK: $ENABLED_PSK"
|
||||
echo " * Poly1305: $ENABLED_POLY1305"
|
||||
echo " * LEANPSK: $ENABLED_LEANPSK"
|
||||
echo " * LEANTLS: $ENABLED_LEANTLS"
|
||||
echo " * RSA: $ENABLED_RSA"
|
||||
echo " * DSA: $ENABLED_DSA"
|
||||
echo " * DH: $ENABLED_DH"
|
||||
|
|
|
@ -142,10 +142,9 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
|||
|
||||
#ifndef NO_CERTS
|
||||
static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
|
||||
#endif
|
||||
|
||||
static void PickHashSigAlgo(WOLFSSL* ssl,
|
||||
const byte* hashSigAlgo, word32 hashSigAlgoSz);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_QSH
|
||||
int QSH_Init(WOLFSSL* ssl);
|
||||
|
@ -10594,7 +10593,7 @@ int SetCipherList(Suites* suites, const char* list)
|
|||
return ret;
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_CERTS
|
||||
static void PickHashSigAlgo(WOLFSSL* ssl,
|
||||
const byte* hashSigAlgo, word32 hashSigAlgoSz)
|
||||
{
|
||||
|
@ -10630,7 +10629,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_CALLBACKS
|
||||
|
||||
|
|
|
@ -4908,7 +4908,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
|
|||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFCRYPT_ONLY
|
||||
#if defined(WOLFCRYPT_ONLY) || defined(NO_CERTS)
|
||||
|
||||
/* dummy functions, not using wolfSSL so don't need actual ones */
|
||||
Signer* GetCA(void* signers, byte* hash)
|
||||
|
@ -4927,7 +4927,7 @@ Signer* GetCAByName(void* signers, byte* hash)
|
|||
}
|
||||
#endif /* NO_SKID */
|
||||
|
||||
#endif /* WOLFCRYPT_ONLY */
|
||||
#endif /* WOLFCRYPT_ONLY || NO_CERTS */
|
||||
|
||||
#ifndef NO_ASN_TIME
|
||||
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
||||
|
|
Loading…
Reference in New Issue