mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
Add flags to disable certain checks
This commit is contained in:
Juliusz Sosinowicz
@ -82,7 +82,13 @@
|
||||
* WOLFSSL_HARDEN_TLS
|
||||
* Implement the recommendations specified in RFC9325. This macro needs to
|
||||
* be defined to the desired amount of bits of security. The currently
|
||||
* implemented values are 112 and 128 bits.
|
||||
* implemented values are 112 and 128 bits. The following macros disable
|
||||
* certain checks.
|
||||
* - WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
|
||||
* - WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
|
||||
* - WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
|
||||
* - WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
|
||||
* - WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
|
||||
*/
|
||||
|
||||
|
||||
@ -7137,7 +7143,8 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
int useSecureReneg = ssl->ctx->useSecureReneg;
|
||||
/* use secure renegotiation by default (not recommend) */
|
||||
#if defined(WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT) || \
|
||||
(defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12))
|
||||
(defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \
|
||||
!defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK))
|
||||
useSecureReneg = 1;
|
||||
#endif
|
||||
if (useSecureReneg) {
|
||||
@ -26994,7 +27001,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_HARDEN_TLS
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK)
|
||||
if (ssl->secure_renegotiation == NULL ||
|
||||
!ssl->secure_renegotiation->enabled) {
|
||||
/* If the server does not acknowledge the extension, the client
|
||||
|
||||
@ -304,11 +304,15 @@
|
||||
#undef HAVE_AES_CBC
|
||||
#endif
|
||||
|
||||
/* When adding new ciphersuites, make sure that they have appropriate
|
||||
* guards for WOLFSSL_HARDEN_TLS. */
|
||||
/* When adding new ciphersuites, make sure that they have appropriate
|
||||
* guards for WOLFSSL_HARDEN_TLS. */
|
||||
#ifndef WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
|
||||
/* Use a separate define (undef'ed later) to simplify macro logic. */
|
||||
#define WSSL_HARDEN_TLS WOLFSSL_HARDEN_TLS
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_AEAD_ONLY
|
||||
#if !defined(NO_RSA) && !defined(NO_RC4) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
#if !defined(NO_RSA) && !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
|
||||
/* MUST NOT negotiate RC4 cipher suites
|
||||
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
#if defined(WOLFSSL_STATIC_RSA)
|
||||
@ -381,7 +385,7 @@
|
||||
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_DH) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
#if !defined(NO_DH) && !defined(WSSL_HARDEN_TLS)
|
||||
/* SHOULD NOT negotiate cipher suites based on ephemeral
|
||||
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
|
||||
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
@ -466,7 +470,7 @@
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
|
||||
!defined(NO_RSA) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
!defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
|
||||
/* SHOULD NOT negotiate cipher suites based on ephemeral
|
||||
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
|
||||
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
@ -504,7 +508,7 @@
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
|
||||
!defined(WOLFSSL_HARDEN_TLS)
|
||||
!defined(WSSL_HARDEN_TLS)
|
||||
/* SHOULD NOT negotiate cipher suites based on ephemeral
|
||||
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
|
||||
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
@ -634,7 +638,7 @@
|
||||
#endif
|
||||
#endif
|
||||
#endif /* NO_AES */
|
||||
#if !defined(NO_RC4) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
#if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
|
||||
/* MUST NOT negotiate RC4 cipher suites
|
||||
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
#if !defined(NO_SHA)
|
||||
@ -659,8 +663,8 @@
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_DES3) && !(defined(WOLFSSL_HARDEN_TLS) && \
|
||||
WOLFSSL_HARDEN_TLS > 112)
|
||||
#if !defined(NO_DES3) && !(defined(WSSL_HARDEN_TLS) && \
|
||||
WSSL_HARDEN_TLS > 112)
|
||||
/* 3DES offers only 112 bits of security.
|
||||
* Using guidance from section 5.6.1
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
|
||||
@ -713,7 +717,7 @@
|
||||
#if !defined(NO_RSA) && defined(HAVE_ECC)
|
||||
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
|
||||
#endif
|
||||
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
|
||||
/* SHOULD NOT negotiate cipher suites based on ephemeral
|
||||
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
|
||||
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
@ -726,7 +730,7 @@
|
||||
defined(HAVE_ED448)
|
||||
#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||
#endif
|
||||
#if !defined(NO_DH) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
#if !defined(NO_DH) && !defined(WSSL_HARDEN_TLS)
|
||||
/* SHOULD NOT negotiate cipher suites based on ephemeral
|
||||
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
|
||||
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
@ -738,7 +742,7 @@
|
||||
#endif /* !WOLFSSL_MAX_STRENGTH */
|
||||
|
||||
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
|
||||
!defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
!defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(WSSL_HARDEN_TLS)
|
||||
/* SHOULD NOT negotiate cipher suites based on ephemeral
|
||||
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
|
||||
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
@ -753,7 +757,7 @@
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
|
||||
!defined(WOLFSSL_HARDEN_TLS)
|
||||
!defined(WSSL_HARDEN_TLS)
|
||||
/* SHOULD NOT negotiate cipher suites based on ephemeral
|
||||
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
|
||||
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
@ -826,7 +830,7 @@
|
||||
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
|
||||
/* SHOULD NOT negotiate cipher suites based on ephemeral
|
||||
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
|
||||
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
@ -949,7 +953,7 @@
|
||||
#define BUILD_AES
|
||||
#endif
|
||||
|
||||
#if !defined(NO_RC4) && !defined(WOLFSSL_HARDEN_TLS)
|
||||
#if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
|
||||
/* MUST NOT negotiate RC4 cipher suites
|
||||
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
|
||||
#undef BUILD_ARC4
|
||||
@ -976,7 +980,7 @@
|
||||
#define HAVE_PFS
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_HARDEN_TLS
|
||||
#ifdef WSSL_HARDEN_TLS
|
||||
#ifdef HAVE_NULL_CIPHER
|
||||
#error "NULL ciphers not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.1"
|
||||
#endif
|
||||
@ -991,6 +995,8 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#undef WSSL_HARDEN_TLS
|
||||
|
||||
/* actual cipher values, 2nd byte */
|
||||
enum {
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
|
||||
@ -1177,7 +1183,7 @@ enum {
|
||||
|
||||
/* set minimum DH key size allowed */
|
||||
#ifndef WOLFSSL_MIN_DHKEY_BITS
|
||||
#ifdef WOLFSSL_HARDEN_TLS
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
|
||||
/* Using guidance from section 5.6.1
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
|
||||
#if WOLFSSL_HARDEN_TLS >= 128
|
||||
@ -1191,7 +1197,8 @@ enum {
|
||||
#define WOLFSSL_MIN_DHKEY_BITS 1024
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_DHKEY_BITS < 2048
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_DHKEY_BITS < 2048 && \
|
||||
!defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
|
||||
/* Implementations MUST NOT negotiate cipher suites offering less than
|
||||
* 112 bits of security.
|
||||
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1
|
||||
@ -1825,7 +1832,7 @@ enum Misc {
|
||||
|
||||
/* set minimum RSA key size allowed */
|
||||
#ifndef WOLFSSL_MIN_RSA_BITS
|
||||
#ifdef WOLFSSL_HARDEN_TLS
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
|
||||
/* Using guidance from section 5.6.1
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
|
||||
#if WOLFSSL_HARDEN_TLS >= 128
|
||||
@ -1839,7 +1846,8 @@ enum Misc {
|
||||
#define WOLFSSL_MIN_RSA_BITS 1024
|
||||
#endif
|
||||
#endif /* WOLFSSL_MIN_RSA_BITS */
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_RSA_BITS < 2048
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && WOLFSSL_MIN_RSA_BITS < 2048 && \
|
||||
!defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
|
||||
/* Implementations MUST NOT negotiate cipher suites offering less than
|
||||
* 112 bits of security.
|
||||
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1
|
||||
|
||||
@ -2023,7 +2023,8 @@ extern void uITRON4_free(void *p) ;
|
||||
#ifdef WOLFSSL_MIN_ECC_BITS
|
||||
#define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS
|
||||
#else
|
||||
#ifdef WOLFSSL_HARDEN_TLS
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && \
|
||||
!defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
|
||||
/* Using guidance from section 5.6.1
|
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf */
|
||||
#if WOLFSSL_HARDEN_TLS >= 128
|
||||
@ -2040,7 +2041,8 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && ECC_MIN_KEY_SZ < 224
|
||||
#if defined(WOLFSSL_HARDEN_TLS) && ECC_MIN_KEY_SZ < 224 && \
|
||||
!defined(WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK)
|
||||
/* Implementations MUST NOT negotiate cipher suites offering less than
|
||||
* 112 bits of security.
|
||||
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1
|
||||
@ -2989,14 +2991,14 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_HARDEN_TLS
|
||||
#ifdef HAVE_TRUNCATED_HMAC
|
||||
#if defined(HAVE_TRUNCATED_HMAC) && !defined(WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC)
|
||||
#error "Truncated HMAC Extension not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.6"
|
||||
#endif
|
||||
#ifndef NO_OLD_TLS
|
||||
#if !defined(NO_OLD_TLS) && !defined(WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS)
|
||||
#error "TLS < 1.2 protocol versions not allowed https://www.rfc-editor.org/rfc/rfc9325#section-3.1.1"
|
||||
#endif
|
||||
#if !defined(WOLFSSL_NO_TLS12) && !defined(HAVE_SECURE_RENEGOTIATION) && \
|
||||
!defined(HAVE_SERVER_RENEGOTIATION_INFO)
|
||||
!defined(HAVE_SERVER_RENEGOTIATION_INFO) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK)
|
||||
#error "TLS 1.2 requires at least HAVE_SERVER_RENEGOTIATION_INFO to send the secure renegotiation extension https://www.rfc-editor.org/rfc/rfc9325#section-3.5"
|
||||
#endif
|
||||
#if !defined(WOLFSSL_EXTRA_ALERTS) || !defined(WOLFSSL_CHECK_ALERT_ON_ERR)
|
||||
|
||||
Reference in New Issue
Block a user