wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add flags to disable certain checks

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2023-03-29 14:22:31 +02:00
parent 7116f1e005
commit 4a75d78682
3 changed files with 45 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/internal.c
View File

@ -82,7 +82,13 @@
* WOLFSSL_HARDEN_TLS * WOLFSSL_HARDEN_TLS
* Implement the recommendations specified in RFC9325. This macro needs to * Implement the recommendations specified in RFC9325. This macro needs to
* be defined to the desired amount of bits of security. The currently * be defined to the desired amount of bits of security. The currently
* implemented values are 112 and 128 bits. * implemented values are 112 and 128 bits. The following macros disable
* certain checks.
* - WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
* - WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
* - WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
* - WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
* - WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
*/ */
@ -7137,7 +7143,8 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
int useSecureReneg = ssl->ctx->useSecureReneg; int useSecureReneg = ssl->ctx->useSecureReneg;
/* use secure renegotiation by default (not recommend) */ /* use secure renegotiation by default (not recommend) */
#if defined(WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT) || \ #if defined(WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT) || \
(defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12)) (defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \
!defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK))
useSecureReneg = 1; useSecureReneg = 1;
#endif #endif
if (useSecureReneg) { if (useSecureReneg) {
@ -26994,7 +27001,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
} }
#endif #endif
#ifdef WOLFSSL_HARDEN_TLS #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK)
if (ssl->secure_renegotiation == NULL || if (ssl->secure_renegotiation == NULL ||
!ssl->secure_renegotiation->enabled) { !ssl->secure_renegotiation->enabled) {
/* If the server does not acknowledge the extension, the client /* If the server does not acknowledge the extension, the client

48
wolfssl/internal.h
View File

@ -304,11 +304,15 @@
#undef HAVE_AES_CBC #undef HAVE_AES_CBC
#endif #endif
/* When adding new ciphersuites, make sure that they have appropriate /* When adding new ciphersuites, make sure that they have appropriate
* guards for WOLFSSL_HARDEN_TLS. */ * guards for WOLFSSL_HARDEN_TLS. */
#ifndef WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
/* Use a separate define (undef'ed later) to simplify macro logic. */
#define WSSL_HARDEN_TLS WOLFSSL_HARDEN_TLS
#endif
#ifndef WOLFSSL_AEAD_ONLY #ifndef WOLFSSL_AEAD_ONLY
#if !defined(NO_RSA) && !defined(NO_RC4) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_RSA) && !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
/* MUST NOT negotiate RC4 cipher suites /* MUST NOT negotiate RC4 cipher suites
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
#if defined(WOLFSSL_STATIC_RSA) #if defined(WOLFSSL_STATIC_RSA)
@ -381,7 +385,7 @@
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif #endif
#endif #endif
#if !defined(NO_DH) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_DH) && !defined(WSSL_HARDEN_TLS)
/* SHOULD NOT negotiate cipher suites based on ephemeral /* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@ -466,7 +470,7 @@
#endif #endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && !defined(WOLFSSL_HARDEN_TLS) !defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
/* SHOULD NOT negotiate cipher suites based on ephemeral /* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@ -504,7 +508,7 @@
#endif #endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \ #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
!defined(WOLFSSL_HARDEN_TLS) !defined(WSSL_HARDEN_TLS)
/* SHOULD NOT negotiate cipher suites based on ephemeral /* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@ -634,7 +638,7 @@
#endif #endif
#endif #endif
#endif /* NO_AES */ #endif /* NO_AES */
#if !defined(NO_RC4) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
/* MUST NOT negotiate RC4 cipher suites /* MUST NOT negotiate RC4 cipher suites
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
#if !defined(NO_SHA) #if !defined(NO_SHA)
@ -659,8 +663,8 @@
#endif #endif
#endif #endif
#endif #endif
#if !defined(NO_DES3) && !(defined(WOLFSSL_HARDEN_TLS) && \ #if !defined(NO_DES3) && !(defined(WSSL_HARDEN_TLS) && \
WOLFSSL_HARDEN_TLS > 112) WSSL_HARDEN_TLS > 112)
/* 3DES offers only 112 bits of security. /* 3DES offers only 112 bits of security.
* Using guidance from section 5.6.1 * Using guidance from section 5.6.1
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
@ -713,7 +717,7 @@
#if !defined(NO_RSA) && defined(HAVE_ECC) #if !defined(NO_RSA) && defined(HAVE_ECC)
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
#endif #endif
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_DH) && !defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
/* SHOULD NOT negotiate cipher suites based on ephemeral /* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@ -726,7 +730,7 @@
defined(HAVE_ED448) defined(HAVE_ED448)
#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
#endif #endif
#if !defined(NO_DH) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_DH) && !defined(WSSL_HARDEN_TLS)
/* SHOULD NOT negotiate cipher suites based on ephemeral /* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@ -738,7 +742,7 @@
#endif /* !WOLFSSL_MAX_STRENGTH */ #endif /* !WOLFSSL_MAX_STRENGTH */
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(WOLFSSL_HARDEN_TLS) !defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(WSSL_HARDEN_TLS)
/* SHOULD NOT negotiate cipher suites based on ephemeral /* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@ -753,7 +757,7 @@
#endif #endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \ #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
!defined(WOLFSSL_HARDEN_TLS) !defined(WSSL_HARDEN_TLS)
/* SHOULD NOT negotiate cipher suites based on ephemeral /* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@ -826,7 +830,7 @@
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif #endif
#endif #endif
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_DH) && !defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
/* SHOULD NOT negotiate cipher suites based on ephemeral /* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*" * finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@ -949,7 +953,7 @@
#define BUILD_AES #define BUILD_AES
#endif #endif
#if !defined(NO_RC4) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
/* MUST NOT negotiate RC4 cipher suites /* MUST NOT negotiate RC4 cipher suites
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */ * https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
#undef BUILD_ARC4 #undef BUILD_ARC4
@ -976,7 +980,7 @@
#define HAVE_PFS #define HAVE_PFS
#endif #endif
#ifdef WOLFSSL_HARDEN_TLS #ifdef WSSL_HARDEN_TLS
#ifdef HAVE_NULL_CIPHER #ifdef HAVE_NULL_CIPHER
#error "NULL ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1" #error "NULL ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1"
#endif #endif
@ -991,6 +995,8 @@
#endif #endif
#endif #endif
#undef WSSL_HARDEN_TLS
/* actual cipher values, 2nd byte */ /* actual cipher values, 2nd byte */
enum { enum {
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
@ -1177,7 +1183,7 @@ enum {
/* set minimum DH key size allowed */ /* set minimum DH key size allowed */
#ifndef WOLFSSL_MIN_DHKEY_BITS #ifndef WOLFSSL_MIN_DHKEY_BITS
#ifdef WOLFSSL_HARDEN_TLS #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
/* Using guidance from section 5.6.1 /* Using guidance from section 5.6.1
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
#if WOLFSSL_HARDEN_TLS >= 128 #if WOLFSSL_HARDEN_TLS >= 128
@ -1191,7 +1197,8 @@ enum {
#define WOLFSSL_MIN_DHKEY_BITS 1024 #define WOLFSSL_MIN_DHKEY_BITS 1024
#endif #endif
#endif #endif
#if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_DHKEY_BITS < 2048 #if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_DHKEY_BITS < 2048 && \
!defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
/* Implementations MUST NOT negotiate cipher suites offering less than /* Implementations MUST NOT negotiate cipher suites offering less than
* 112 bits of security. * 112 bits of security.
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 * https://www.rfc-editor.org/rfc/rfc9325#section-4.1
@ -1825,7 +1832,7 @@ enum Misc {
/* set minimum RSA key size allowed */ /* set minimum RSA key size allowed */
#ifndef WOLFSSL_MIN_RSA_BITS #ifndef WOLFSSL_MIN_RSA_BITS
#ifdef WOLFSSL_HARDEN_TLS #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
/* Using guidance from section 5.6.1 /* Using guidance from section 5.6.1
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
#if WOLFSSL_HARDEN_TLS >= 128 #if WOLFSSL_HARDEN_TLS >= 128
@ -1839,7 +1846,8 @@ enum Misc {
#define WOLFSSL_MIN_RSA_BITS 1024 #define WOLFSSL_MIN_RSA_BITS 1024
#endif #endif
#endif /* WOLFSSL_MIN_RSA_BITS */ #endif /* WOLFSSL_MIN_RSA_BITS */
#if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_RSA_BITS < 2048 #if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_RSA_BITS < 2048 && \
!defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
/* Implementations MUST NOT negotiate cipher suites offering less than /* Implementations MUST NOT negotiate cipher suites offering less than
* 112 bits of security. * 112 bits of security.
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 * https://www.rfc-editor.org/rfc/rfc9325#section-4.1

12
wolfssl/wolfcrypt/settings.h
View File

@ -2023,7 +2023,8 @@ extern void uITRON4_free(void *p) ;
#ifdef WOLFSSL_MIN_ECC_BITS #ifdef WOLFSSL_MIN_ECC_BITS
#define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS #define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS
#else #else
#ifdef WOLFSSL_HARDEN_TLS #if defined(WOLFSSL_HARDEN_TLS) && \
!defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
/* Using guidance from section 5.6.1 /* Using guidance from section 5.6.1
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */ * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
#if WOLFSSL_HARDEN_TLS >= 128 #if WOLFSSL_HARDEN_TLS >= 128
@ -2040,7 +2041,8 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#endif #endif
#if defined(WOLFSSL_HARDEN_TLS) && ECC_MIN_KEY_SZ < 224 #if defined(WOLFSSL_HARDEN_TLS) && ECC_MIN_KEY_SZ < 224 && \
!defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
/* Implementations MUST NOT negotiate cipher suites offering less than /* Implementations MUST NOT negotiate cipher suites offering less than
* 112 bits of security. * 112 bits of security.
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 * https://www.rfc-editor.org/rfc/rfc9325#section-4.1
@ -2989,14 +2991,14 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#ifdef WOLFSSL_HARDEN_TLS #ifdef WOLFSSL_HARDEN_TLS
#ifdef HAVE_TRUNCATED_HMAC #if defined(HAVE_TRUNCATED_HMAC) && !defined(WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC)
#error "Truncated HMAC Extension not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.6" #error "Truncated HMAC Extension not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.6"
#endif #endif
#ifndef NO_OLD_TLS #if !defined(NO_OLD_TLS) && !defined(WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS)
#error "TLS < 1.2 protocol versions not allowed https://www.rfc-editor.org/rfc/rfc9325#section-3.1.1" #error "TLS < 1.2 protocol versions not allowed https://www.rfc-editor.org/rfc/rfc9325#section-3.1.1"
#endif #endif
#if !defined(WOLFSSL_NO_TLS12) && !defined(HAVE_SECURE_RENEGOTIATION) && \ #if !defined(WOLFSSL_NO_TLS12) && !defined(HAVE_SECURE_RENEGOTIATION) && \
!defined(HAVE_SERVER_RENEGOTIATION_INFO) !defined(HAVE_SERVER_RENEGOTIATION_INFO) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK)
#error "TLS 1.2 requires at least HAVE_SERVER_RENEGOTIATION_INFO to send the secure renegotiation extension https://www.rfc-editor.org/rfc/rfc9325#section-3.5" #error "TLS 1.2 requires at least HAVE_SERVER_RENEGOTIATION_INFO to send the secure renegotiation extension https://www.rfc-editor.org/rfc/rfc9325#section-3.5"
#endif #endif
#if !defined(WOLFSSL_EXTRA_ALERTS) || !defined(WOLFSSL_CHECK_ALERT_ON_ERR) #if !defined(WOLFSSL_EXTRA_ALERTS) || !defined(WOLFSSL_CHECK_ALERT_ON_ERR)