From 57cad81091bb5b92a9e03b01b52f449e6c3a8cae Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sat, 24 Dec 2016 13:49:25 -0500 Subject: [PATCH] build-wolfssl: Sync config with wolfSSL 3.10 wolfSSL configure script relevant changes from 3.9 to 3.10: - DES3 no longer enabled by default - Shamir no longer enabled by default - Extended master secret enabled by default - RSA and ECC timing protections enabled by default For backwards compatibility I enabled DES3 and ECC shamir config options (ie no change from 3.9), and the other changes are included. --- projects/wolfssl_options.h | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/projects/wolfssl_options.h b/projects/wolfssl_options.h index 04752b811..d0ece9640 100644 --- a/projects/wolfssl_options.h +++ b/projects/wolfssl_options.h @@ -5,8 +5,8 @@ To remedy this issue for libcurl I've generated this options file that build-wolfssl will copy to the wolfSSL include directories and will result in maximum compatibility. -These are the configure options that were used to build wolfSSL v3.9.0 in mingw -and generate the options in this file: +These are the configure options that were used to build wolfSSL v3.10.0 in +mingw and generate the options in this file: C_EXTRA_FLAGS="\ -Wno-attributes \ @@ -17,12 +17,15 @@ C_EXTRA_FLAGS="\ -DWOLFSSL_STATIC_RSA \ " \ ./configure --prefix=/usr/local \ + --disable-jobserver \ --enable-aesgcm \ --enable-alpn \ --enable-certgen \ + --enable-des3 \ --enable-dh \ --enable-dsa \ --enable-ecc \ + --enable-eccshamir \ --enable-fastmath \ --enable-opensslextra \ --enable-ripemd \ @@ -93,6 +96,15 @@ extern "C" { #undef OPENSSL_EXTRA #define OPENSSL_EXTRA +#undef TFM_TIMING_RESISTANT +#define TFM_TIMING_RESISTANT + +#undef ECC_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT + +#undef WC_RSA_BLINDING +#define WC_RSA_BLINDING + #undef HAVE_AESGCM #define HAVE_AESGCM @@ -162,6 +174,9 @@ extern "C" { #undef HAVE_SUPPORTED_CURVES #define HAVE_SUPPORTED_CURVES +#undef HAVE_EXTENDED_MASTER +#define HAVE_EXTENDED_MASTER + #undef WOLFSSL_TEST_CERT #define WOLFSSL_TEST_CERT