feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for RSA RSS check to make sure RSA is enabled. Added TLS 1.3 DH check for key sizes.

Browse Source
This commit is contained in:
David Garske
2018-04-26 14:04:54 -07:00
parent ef7b40dcab
commit 5c97374156
2 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/tls.c
View File

@ -48,6 +48,7 @@
#include "libntruencrypt/ntru_crypto.h" #include "libntruencrypt/ntru_crypto.h"
#include <wolfssl/wolfcrypt/random.h> #include <wolfssl/wolfcrypt/random.h>
#endif #endif
#ifdef HAVE_QSH #ifdef HAVE_QSH
static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key); static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key);
static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name); static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name);
@ -76,6 +77,18 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions);
#endif #endif
#endif #endif
#ifdef WOLFSSL_TLS13
#if !defined(NO_DH) && \
!defined(HAVE_FFDHE_2048) && !defined(HAVE_FFDHE_3072) && \
!defined(HAVE_FFDHE_4096) && !defined(HAVE_FFDHE_6144) && \
!defined(HAVE_FFDHE_8192)
#error Please configure your TLS 1.3 DH key size using either: HAVE_FFDHE_2048, HAVE_FFDHE_3072, HAVE_FFDHE_4096, HAVE_FFDHE_6144 or HAVE_FFDHE_8192
#endif
#if !defined(NO_RSA) && !defined(WC_RSA_PSS)
#error The build option WC_RSA_PSS is required for TLS 1.3 with RSA
#endif
#endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
#define P_HASH_MAX_SIZE WC_SHA384_DIGEST_SIZE #define P_HASH_MAX_SIZE WC_SHA384_DIGEST_SIZE

5
src/tls13.c
View File

@ -129,10 +129,7 @@
#endif #endif
#ifndef HAVE_HKDF #ifndef HAVE_HKDF
#error The build option `HAVE_HKDF` is required for TLS 1.3 #error The build option HAVE_HKDF is required for TLS 1.3
#endif
#ifndef WC_RSA_PSS
#error The build option `WC_RSA_PSS` is required for TLS 1.3
#endif #endif