Address code review

This commit is contained in:
Juliusz Sosinowicz
2023-03-30 15:35:52 +02:00
parent 4338ed9b7b
commit 9120712438
2 changed files with 10 additions and 9 deletions

View File

@@ -81,7 +81,7 @@
* https://www.rfc-editor.org/rfc/rfc9147.html#name-aead-limits
* WOLFSSL_HARDEN_TLS
* Implement the recommendations specified in RFC9325. This macro needs to
* be defined to the desired amount of bits of security. The currently
* be defined to the desired number of bits of security. The currently
* implemented values are 112 and 128 bits. The following macros disable
* certain checks.
* - WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC

View File

@@ -310,6 +310,7 @@
!defined(WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES)
/* Use a separate define (undef'ed later) to simplify macro logic. */
#define WSSL_HARDEN_TLS WOLFSSL_HARDEN_TLS
#define NO_TLS_DH
#endif
#ifndef WOLFSSL_AEAD_ONLY
@@ -386,7 +387,7 @@
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif
#endif
#if !defined(NO_DH) && !defined(WSSL_HARDEN_TLS)
#if !defined(NO_DH) && !defined(NO_TLS_DH)
/* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@@ -471,7 +472,7 @@
#endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
!defined(NO_RSA) && !defined(NO_TLS_DH)
/* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@@ -509,7 +510,7 @@
#endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
!defined(WSSL_HARDEN_TLS)
!defined(NO_TLS_DH)
/* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@@ -718,7 +719,7 @@
#if !defined(NO_RSA) && defined(HAVE_ECC)
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
#endif
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH)
/* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@@ -731,7 +732,7 @@
defined(HAVE_ED448)
#define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
#endif
#if !defined(NO_DH) && !defined(WSSL_HARDEN_TLS)
#if !defined(NO_DH) && !defined(NO_TLS_DH)
/* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@@ -743,7 +744,7 @@
#endif /* !WOLFSSL_MAX_STRENGTH */
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(WSSL_HARDEN_TLS)
!defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(NO_TLS_DH)
/* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@@ -758,7 +759,7 @@
#endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
!defined(WSSL_HARDEN_TLS)
!defined(NO_TLS_DH)
/* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@@ -831,7 +832,7 @@
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif
#endif
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(WSSL_HARDEN_TLS)
#if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH)
/* SHOULD NOT negotiate cipher suites based on ephemeral
* finite-field Diffie-Hellman key agreement (i.e., "TLS_DHE_*"
* suites). https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */