diff --git a/examples/configs/user_settings_wolftpm.h b/examples/configs/user_settings_wolftpm.h index e7512c6df..8e9c55434 100644 --- a/examples/configs/user_settings_wolftpm.h +++ b/examples/configs/user_settings_wolftpm.h @@ -187,6 +187,7 @@ extern "C" { #define NO_PWDBASED #define NO_DSA #define NO_DES3 +#define NO_DES3_TLS_SUITES #define NO_RC4 #define NO_PSK #define NO_MD4 diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 24f06c575..a499a9527 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4803,170 +4803,186 @@ extern void uITRON4_free(void *p) ; /* Dependency Rules (Feature X requires Feature Y) */ #if defined(WOLFSSL_SHA224) && defined(NO_SHA256) - #error "SHA-224 requires SHA-256" + #error "SHA-224 (WOLFSSL_SHA224) requires SHA-256" #endif #if defined(WOLFSSL_SM2) && !defined(HAVE_ECC) - #error "SM2 requires ECC" + #error "SM2 (WOLFSSL_SM2) requires ECC (HAVE_ECC)" #endif #if defined(HAVE_ECC_BRAINPOOL) && !defined(WOLFSSL_CUSTOM_CURVES) - #error "Brainpool curves require WOLFSSL_CUSTOM_CURVES" + #error "Brainpool curves (HAVE_ECC_BRAINPOOL) require WOLFSSL_CUSTOM_CURVES" #endif #if defined(FP_ECC) && !defined(HAVE_ECC) - #error "FP_ECC requires ECC" + #error "FP_ECC requires ECC (HAVE_ECC)" #endif #if defined(HAVE_ECC_ENCRYPT) && !defined(HAVE_ECC) - #error "ECC encrypt requires ECC" + #error "ECC encrypt (HAVE_ECC_ENCRYPT) requires ECC (HAVE_ECC)" #endif #if defined(HAVE_ECC_ENCRYPT) && !defined(HAVE_HKDF) - #error "ECC encrypt requires HKDF" + #error "ECC encrypt (HAVE_ECC_ENCRYPT) requires HKDF (HAVE_HKDF)" #endif #if defined(WOLFCRYPT_HAVE_ECCSI) && !defined(HAVE_ECC) - #error "ECCSI requires ECC" + #error "ECCSI (WOLFCRYPT_HAVE_ECCSI) requires ECC (HAVE_ECC)" #endif #if defined(WOLFCRYPT_HAVE_SAKKE) && !defined(HAVE_ECC) - #error "SAKKE requires ECC" + #error "SAKKE (WOLFCRYPT_HAVE_SAKKE) requires ECC (HAVE_ECC)" #endif #if !defined(WOLFCRYPT_ONLY) && defined(HAVE_ANON) && defined(NO_DH) - #error "Anonymous ciphers require DH" + #error "Anonymous ciphers (HAVE_ANON) require DH" #endif #if defined(FORTRESS) && defined(NO_AES) - #error "Fortress requires AES" + #error "Fortress (FORTRESS) requires AES" #endif #if defined(HAVE_AESGCM) && defined(NO_AES) - #error "AES-GCM requires AES" + #error "AES-GCM (HAVE_AESGCM) requires AES" #endif #if defined(HAVE_AESCCM) && defined(NO_AES) - #error "AES-CCM requires AES" + #error "AES-CCM (HAVE_AESCCM) requires AES" #endif #if defined(WOLFSSL_AES_COUNTER) && defined(NO_AES) - #error "AES-CTR requires AES" + #error "AES-CTR (WOLFSSL_AES_COUNTER) requires AES" #endif #if defined(HAVE_ED448) && !defined(WOLFSSL_SHA512) - #error "ED448 requires SHA-512" + #error "ED448 (HAVE_ED448) requires SHA-512 (WOLFSSL_SHA512)" #endif #if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_SHA3) - #error "SHAKE128 requires SHA-3" + #error "SHAKE128 (WOLFSSL_SHAKE128) requires SHA-3 (WOLFSSL_SHA3)" #endif #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_SHA3) - #error "SHAKE256 requires SHA-3" + #error "SHAKE256 (WOLFSSL_SHAKE256) requires SHA-3 (WOLFSSL_SHA3)" #endif #if defined(HAVE_XCHACHA) && !defined(HAVE_CHACHA) - #error "XChaCha requires ChaCha" + #error "XChaCha (HAVE_XCHACHA) requires ChaCha (HAVE_CHACHA)" #endif #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_REQUIRE_FFDHE) && \ defined(NO_DH) - #error "FFDHE-only requires DH" + #error "FFDHE-only (WOLFSSL_REQUIRE_FFDHE) requires DH" #endif #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_REQUIRE_FFDHE) && \ !defined(HAVE_SUPPORTED_CURVES) - #error "FFDHE-only requires Supported Curves extension" + #error "FFDHE-only (WOLFSSL_REQUIRE_FFDHE) requires" \ + " Supported Curves (HAVE_SUPPORTED_CURVES)" #endif #if defined(HAVE_SCRYPT) && defined(NO_PWDBASED) - #error "scrypt requires pwdbased" + #error "scrypt (HAVE_SCRYPT) requires pwdbased" #endif #if defined(HAVE_OCSP) && defined(NO_ASN) - #error "OCSP requires ASN" + #error "OCSP (HAVE_OCSP) requires ASN" #endif #if defined(HAVE_SMIME) && defined(NO_ASN) - #error "S/MIME requires ASN" + #error "S/MIME (HAVE_SMIME) requires ASN" #endif #if defined(HAVE_OCSP) && defined(NO_RSA) && !defined(HAVE_ECC) - #error "OCSP requires RSA or ECC" + #error "OCSP (HAVE_OCSP) requires RSA or ECC (HAVE_ECC)" #endif #if defined(HAVE_PKCS7) && defined(NO_RSA) && !defined(HAVE_ECC) - #error "PKCS7 requires RSA or ECC" + #error "PKCS7 (HAVE_PKCS7) requires RSA or ECC (HAVE_ECC)" #endif #if defined(HAVE_PKCS7) && defined(NO_SHA) && defined(NO_SHA256) - #error "PKCS7 requires SHA or SHA-256" + #error "PKCS7 (HAVE_PKCS7) requires SHA or SHA-256" #endif #if defined(WOLFSSL_HAVE_WOLFSCEP) && defined(NO_AES) && defined(NO_DES3) - #error "SCEP requires AES or 3DES" + #error "SCEP (WOLFSSL_HAVE_WOLFSCEP) requires AES or 3DES" #endif #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_SNIFFER) && \ defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) - #error "Sniffer requires RSA, ECC, or Curve25519" + #error "Sniffer (WOLFSSL_SNIFFER) requires RSA," \ + " ECC (HAVE_ECC), or Curve25519 (HAVE_CURVE25519)" #endif #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ defined(NO_ASN) && !defined(WOLFCRYPT_ONLY) - #error "RSA requires ASN" + #error "RSA requires ASN (NO_ASN must not be defined)" #endif #if !defined(NO_DSA) && defined(NO_ASN) - #error "DSA requires ASN" + #error "DSA requires ASN (NO_ASN must not be defined)" #endif #if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && defined(NO_ASN) - #error "Please enable PSK if disabling ASN" + #error "Enable PSK (NO_PSK must not be defined)" \ + " if disabling ASN (NO_ASN)" #endif #if defined(WOLFSSL_WOLFSSH) && defined(NO_HMAC) - #error "WOLFSSH requires HMAC" + #error "WOLFSSH (WOLFSSL_WOLFSSH) requires HMAC" #endif /* Conflicting Feature Rules */ #if defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) #if defined(WOLFSSL_CUSTOM_CURVES) - #error "Cannot use single precision math and custom curves" + #error "Cannot use SP math (WOLFSSL_SP_MATH)" \ + " with custom curves (WOLFSSL_CUSTOM_CURVES)" #endif #if !defined(NO_DSA) - #error "Cannot use single precision math and DSA" + #error "Cannot use single precision math (WOLFSSL_SP_MATH) and DSA" #endif #if defined(WOLFCRYPT_HAVE_SRP) - #error "Cannot use single precision math and SRP" + #error "Cannot use SP math (WOLFSSL_SP_MATH)" \ + " with SRP (WOLFCRYPT_HAVE_SRP)" #endif #endif #if defined(USE_INTEGER_HEAP_MATH) && defined(WOLFSSL_STATIC_MEMORY) - #error "Heap math is incompatible with static memory" + #error "Heap math (USE_INTEGER_HEAP_MATH) is incompatible" \ + " with static memory (WOLFSSL_STATIC_MEMORY)" #endif #if defined(WC_16BIT_CPU) && \ (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) - #error "16-bit build is not available with SP math" + #error "16-bit build (WC_16BIT_CPU) is not available with SP math" #endif /* Streaming Feature Rules */ #if defined(WOLFSSL_AESGCM_STREAM) && !defined(HAVE_AESGCM) - #error "AES-GCM streaming requires AES-GCM" + #error "AES-GCM streaming (WOLFSSL_AESGCM_STREAM)" \ + " requires AES-GCM (HAVE_AESGCM)" #endif #if defined(WOLFSSL_AESXTS_STREAM) && !defined(WOLFSSL_AES_XTS) - #error "AES-XTS streaming requires AES-XTS" + #error "AES-XTS streaming (WOLFSSL_AESXTS_STREAM)" \ + " requires AES-XTS (WOLFSSL_AES_XTS)" #endif #if defined(WOLFSSL_ED25519_STREAMING_VERIFY) && !defined(HAVE_ED25519) - #error "ED25519 streaming verify requires ED25519" + #error "ED25519 streaming verify" \ + " (WOLFSSL_ED25519_STREAMING_VERIFY)" \ + " requires ED25519 (HAVE_ED25519)" #endif #if defined(WOLFSSL_ED448_STREAMING_VERIFY) && !defined(HAVE_ED448) - #error "ED448 streaming verify requires ED448" + #error "ED448 streaming verify" \ + " (WOLFSSL_ED448_STREAMING_VERIFY)" \ + " requires ED448 (HAVE_ED448)" #endif /* QUIC Rules */ #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_QUIC) && \ !defined(WOLFSSL_TLS13) - #error "QUIC requires TLS 1.3" + #error "QUIC (WOLFSSL_QUIC) requires TLS 1.3 (WOLFSSL_TLS13)" #endif #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_QUIC) && \ !defined(HAVE_AESGCM) - #error "QUIC requires AES-GCM" + #error "QUIC (WOLFSSL_QUIC) requires AES-GCM (HAVE_AESGCM)" #endif /* Crypto Callback Rules */ #if defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && !defined(WOLF_CRYPTO_CB) - #error "Crypto callback SW test requires WOLF_CRYPTO_CB" + #error "Crypto callback SW test" \ + " (WC_TEST_NO_CRYPTOCB_SW_TEST)" \ + " requires WOLF_CRYPTO_CB" #endif #if (defined(WOLF_CRYPTO_CB_COPY) || defined(WOLF_CRYPTO_CB_FREE)) && \ !defined(WOLF_CRYPTO_CB) - #error "Crypto callback utilities require WOLF_CRYPTO_CB" + #error "Crypto callback utilities" \ + " (WOLF_CRYPTO_CB_COPY/WOLF_CRYPTO_CB_FREE)" \ + " require WOLF_CRYPTO_CB" #endif /* Early Data / Session Rules */ #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_EARLY_DATA) && \ !defined(WOLFSSL_TLS13) - #error "Early data requires TLS 1.3" + #error "Early data requires TLS 1.3 (WOLFSSL_TLS13)" #endif #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_EARLY_DATA) && \ !defined(HAVE_SESSION_TICKET) && defined(NO_PSK) - #error "Early data requires session tickets or PSK" + #error "Early data requires session tickets (HAVE_SESSION_TICKET) or PSK" #endif -/* DES3 TLS Suite Rule */ +/* DES3 TLS Suite Rule - auto-disable DES3 TLS suites when DES3 is disabled */ #if !defined(WOLFCRYPT_ONLY) && !defined(NO_DES3_TLS_SUITES) && \ defined(NO_DES3) - #error "DES3 TLS suites require DES3" + #define NO_DES3_TLS_SUITES #endif #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) && \ diff --git a/wrapper/CSharp/user_settings.h b/wrapper/CSharp/user_settings.h index ce37a599d..d68b0816e 100644 --- a/wrapper/CSharp/user_settings.h +++ b/wrapper/CSharp/user_settings.h @@ -91,6 +91,7 @@ /* Disable Algorithms */ #define NO_DES3 +#define NO_DES3_TLS_SUITES #define NO_DSA #define NO_RC4 #define NO_MD4