/** * @file matrixsslCheck.h * @version $Format:%h%d$ * * Configuration validation/sanity checks. */ /* * Copyright (c) 2013-2018 INSIDE Secure Corporation * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org * * This software is open source; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a * commercial license for this software may be purchased from INSIDE at * http://www.insidesecure.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * http://www.gnu.org/copyleft/gpl.html */ /******************************************************************************/ #ifndef _h_MATRIXSSLCHECK # define _h_MATRIXSSLCHECK # ifdef __cplusplus extern "C" { # endif /*****************************************************************************/ /* Start with compile-time checks for the necessary proto and crypto support. */ # if !defined(USE_TLS) && defined(DISABLE_SSLV3) # error "Must enable a protocol: USE_TLS enabled or DISABLE_SSLV3 disabled" # endif # ifdef USE_DTLS # ifndef USE_TLS_1_1 # error "Must enable USE_TLS_1_1 (at a minimum) for DTLS support" # endif # define DTLS_MAJ_VER 0xFE # define DTLS_MIN_VER 0xFF # define DTLS_1_0_MIN_VER DTLS_MIN_VER # define DTLS_1_2_MIN_VER 0xFD/* DTLS 1.2 */ # endif /* USE_DTLS */ # if defined(USE_TLS_1_1) && !defined(USE_TLS) # error "Must define USE_TLS if defining USE_TLS_1_1" # endif # ifdef USE_TLS # if !defined(USE_TLS_1_2) && defined(DISABLE_TLS_1_0) && defined(DISABLE_TLS_1_1) && defined(DISABLE_SSLV3) # error "Bad combination of USE_TLS and DISABLE_TLS" # endif # endif # if defined(USE_TLS_1_3) && !defined(DISABLE_SSLV3) # error "DISABLE_SSLV3 required with USE_TLS_1_3" # endif # if defined(USE_TLS_1_3) && defined(USE_RSA) && !defined(USE_PKCS1_PSS) # error "USE_RSA with USE_TLS_1_3 requires USE_PKCS1_PSS" # endif # ifdef USE_SHARED_SESSION_CACHE # ifndef POSIX # error "USE_SHARED_SESSION_CACHE only implemented for POSIX platforms." # endif # ifndef USE_MULTITHREADING # error "USE_MULTITHREADING required for USE_SHARED_SESSION_CACHE." # endif # endif # if defined(USE_ED25519) # ifndef USE_CERT_PARSE # error "USE_ED25519 requires USE_CERT_PARSE" # endif # endif # ifdef USE_EAP_FAST /******************************************************************************/ # ifndef USE_SHA1 # error "Must enable USE_SHA1 in cryptoConfig.h for EAP_FAST" # endif # if !defined(USE_TLS_RSA_WITH_RC4_128_SHA) || \ !defined(USE_TLS_RSA_WITH_AES_128_CBC_SHA) || \ !defined(USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA) # pragma message("WARNING: Not all EAP_FAST required ciphersuites enabled") # endif # ifndef USE_CLIENT_SIDE_SSL # error "EAP_FAST requires CLIENT_SIDE_SSL" # endif # ifndef USE_STATELESS_SESSION_TICKETS # error "EAP_FAST requires STATELESS_SESSION_TICKETS" # endif # ifdef USE_TLS_1_3 # error "USE_TLS_1_3 not allowed with EAP_FAST" # endif # endif /* USE_EAP_FAST */ /******************************************************************************/ /* SHA1 and MD5 are essential elements for SSL key derivation during protocol */ # ifndef USE_MD5SHA1 # if defined(USE_TLS_1_2) && defined(DISABLE_TLS_1_0) && defined(DISABLE_TLS_1_1) \ && defined(DISABLE_SSLV3) # define USE_ONLY_TLS_1_2 # else # error "Must enable USE_MD5SHA1 in cryptoConfig.h for < TLS 1.2" # endif # endif # if !defined USE_CLIENT_SIDE_SSL && !defined USE_SERVER_SIDE_SSL # error "Must enable either USE_CLIENT_SIDE_SSL or USE_SERVER_SIDE_SSL (or both)" # endif # ifdef USE_TLS # ifdef USE_HMAC_SHA256 /* TODO */ /* #error "Must enable USE_HMAC in cryptoConfig.h for TLS protocol support" */ # endif # endif /* Handle the various combos of REHANDSHAKES defines */ # if defined(ENABLE_INSECURE_REHANDSHAKES) && defined(REQUIRE_SECURE_REHANDSHAKES) # error "Can't enable both ENABLE_INSECURE_REHANDSHAKES and REQUIRE_SECURE_REHANDSHAKES" # endif # ifdef USE_STATELESS_SESSION_TICKETS # ifndef USE_HMAC_SHA256 # error "Must enable USE_HMAC for USE_STATELESS_SESSION_TICKETS" # endif # ifndef USE_SHA256 # error "Must enable USE_SHA256 for USE_STATELESS_SESSION_TICKETS" # endif # ifndef USE_AES # error "Must enable USE_AES for USE_STATELESS_SESSION_TICKETS" # endif # endif /******************************************************************************/ /* Test specific crypto features based on which cipher suites are enabled */ /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_SSL_RSA_WITH_NULL_MD5 # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_NULL_MD5 suite" # endif # define USE_MD5_MAC # define USE_RSA_CIPHER_SUITE # endif /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_SSL_RSA_WITH_NULL_SHA # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_NULL_SHA suite" # endif # define USE_SHA_MAC # define USE_RSA_CIPHER_SUITE # endif /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_SSL_RSA_WITH_RC4_128_SHA # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_SHA suite" # endif # ifndef USE_ARC4 # error "Enable USE_ARC4 in cryptoConfig.h for SSL_RSA_WITH_RC4_128_SHA suite" # endif # define USE_SHA_MAC # define USE_RSA_CIPHER_SUITE # define USE_ARC4_CIPHER_SUITE # endif /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_SSL_RSA_WITH_RC4_128_MD5 # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_RC4_128_MD5 suite" # endif # ifndef USE_ARC4 # error "Enable USE_ARC4 in cryptoConfig.h for SSL_RSA_WITH_RC4_128_MD5 suite" # endif # define USE_MD5_MAC # define USE_RSA_CIPHER_SUITE # define USE_ARC4_CIPHER_SUITE # endif # ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_CBC_SHA" # endif # ifndef USE_3DES # error "Enable USE_3DES in cryptoConfig.h for SSL_RSA_WITH_3DES_EDE_CBC_SHA" # endif # define USE_SHA_MAC # define USE_RSA_CIPHER_SUITE # define USE_3DES_CIPHER_SUITE # endif # ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_128_CBC_SHA" # endif # define USE_SHA_MAC # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # ifdef USE_TLS_RSA_WITH_AES_256_CBC_SHA # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_256_CBC_SHA" # endif # define USE_SHA_MAC # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif /******************************************************************************/ /* Notes on DHE-related defines USE_DHE_CIPHER_SUITE is used for SSL state control for ECC or DH ciphers USE_ECC_CIPHER_SUITE is a subset of DHE_CIPHER to determine ECC key REQUIRE_DH_PARAMS is a subset of DHE_CIPHER to use 'normal' dh params */ # ifdef USE_TLS_1_2 # ifndef USE_TLS_1_1 # error "Enable USE_TLS_1_1 in matrixsslConfig.h for TLS_1_2 support" # endif # ifndef USE_SHA256 # error "Enable USE_SHA256 in matrixsslConfig.h for TLS_1_2 support" # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 # ifndef USE_CHACHA20_POLY1305_IETF # error "Enable USE_CHACHA20_POLY1305_IETF in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" # endif # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" # endif # define USE_DHE_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_CHACHA20_POLY1305_IETF_CIPHER_SUITE # endif # if defined(USE_TLS_AES_256_GCM_SHA384) || defined(USE_TLS_AES_128_GCM_SHA256) # define USE_DHE_CIPHER_SUITE # ifdef USE_RSA # define USE_RSA_CIPHER_SUITE # endif # ifdef USE_ECC # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # endif # define USE_AES_CIPHER_SUITE # define USE_TLS_1_3_CIPHER_SUITE # endif # ifdef USE_/* TLS_CHACHA20_POLY1305_SHA256 */ # define USE_DHE_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_CHACHA20_POLY1305_IETF_CIPHER_SUITE # define USE_TLS_1_3_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" # endif # ifndef USE_CHACHA20_POLY1305_IETF # error "Enable USE_CHACHA20_POLY1305_IETF in cryptoConfig.h for USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" # endif # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" # endif # define USE_DHE_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_CHACHA20_POLY1305_IETF_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" # endif # define USE_DHE_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" # endif # define USE_DHE_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA256 # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_128_CBC_SHA256" # endif # define USE_SHA_MAC # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # ifdef USE_TLS_RSA_WITH_AES_256_CBC_SHA256 # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_256_CBC_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_RSA_WITH_AES_256_CBC_SHA256" # endif # define USE_SHA_MAC # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # ifdef USE_TLS_RSA_WITH_AES_256_GCM_SHA384 # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for TLS_RSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for TLS_RSA_WITH_AES_256_GCM_SHA384" # endif # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # ifdef USE_TLS_RSA_WITH_AES_128_GCM_SHA256 # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for TLS_RSA_WITH_AES_128_GCM_SHA256" # endif # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # if defined(USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) || defined(USE_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # if defined(USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) || defined(USE_TLS_DHE_RSA_WITH_AES_256_GCM_SHA256) # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" # endif # define USE_SHA_MAC # define USE_DH_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" # endif # define USE_SHA_MAC # define USE_DH_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" # endif # define USE_DH_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" # endif # define USE_DH_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" # endif # define USE_DHE_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" # endif # define USE_DHE_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" # endif # define USE_DH_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" # endif # ifndef USE_AES_GCM # error "Enable USE_AES_GCM in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" # endif # define USE_DH_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" # endif # define USE_SHA_MAC # define USE_DH_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" # endif # define USE_SHA_MAC # define USE_DH_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # endif /* USE_TLS_1_2 */ # ifdef USE_TLS_1_1 # ifndef USE_TLS # error "Enable USE_TLS in matrixsslConfig.h for TLS_1_1 support" # endif # endif # ifndef USE_TLS_1_2 # if defined(USE_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \ defined(USE_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) # error "Enable USE_TLS_1_2 in matrixsslConfig.h for CHACHA20_POLY1305 cipher suites" # endif # ifdef USE_TLS_RSA_WITH_AES_128_CBC_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_RSA_WITH_AES_128_CBC_SHA256" # endif # ifdef USE_TLS_RSA_WITH_AES_256_CBC_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_RSA_WITH_AES_256_CBC_SHA256" # endif # ifdef USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" # endif # ifdef USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" # endif # ifdef USE_TLS_RSA_WITH_AES_128_GCM_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_RSA_WITH_AES_128_GCM_SHA256" # endif # ifdef USE_TLS_RSA_WITH_AES_256_GCM_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_RSA_WITH_AES_256_GCM_SHA384" # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 # error "Enable USE_TLS_1_2 in matrixsslConfig.h for TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 " # endif # endif /* ! TLS_1_2 */ /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_SSL_DH_anon_WITH_3DES_EDE_CBC_SHA # ifndef USE_3DES # error "Enable USE_3DES in cryptoConfig.h for SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" # endif # define REQUIRE_DH_PARAMS # define USE_ANON_DH_CIPHER_SUITE # define USE_DHE_CIPHER_SUITE # define USE_3DES_CIPHER_SUITE # define USE_SHA_MAC # endif /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_SSL_DH_anon_WITH_RC4_128_MD5 # ifndef USE_ARC4 # error "Enable USE_ARC4 in cryptoConfig.h for SSL_DH_anon_WITH_RC4_128_MD5" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for SSL_DH_anon_WITH_RC4_128_MD5" # endif # define REQUIRE_DH_PARAMS # define USE_ANON_DH_CIPHER_SUITE # define USE_DHE_CIPHER_SUITE # define USE_ARC4_CIPHER_SUITE # define USE_MD5_MAC # endif # ifdef USE_SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" # endif # ifndef USE_3DES # error "Enable USE_3DES in cryptoConfig.h for SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_3DES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # if defined(USE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA) || defined(USE_TLS_DHE_RSA_WITH_AES_128_GCM_SHA) # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_128_CBC_SHA" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # if defined(USE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA) || defined(USE_TLS_DHE_RSA_WITH_AES_256_GCM_SHA) # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for TLS_DHE_RSA_WITH_AES_256_CBC_SHA" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # ifdef USE_TLS_DHE_PSK_WITH_AES_128_CBC_SHA # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_DHE_PSK_WITH_AES_128_CBC_SHA" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for TLS_DHE_PSK_WITH_AES_128_CBC_SHA" # endif # if !defined(USE_TLS) && !defined(USE_DTLS) # error "Enable USE_TLS in matrixsslConfig.h for TLS_DHE_PSK_WITH_AES_128_CBC_SHA" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_ANON_DH_CIPHER_SUITE # define USE_DHE_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # define USE_PSK_CIPHER_SUITE # define USE_DHE_PSK_CIPHER_SUITE # endif # ifdef USE_TLS_DHE_PSK_WITH_AES_256_CBC_SHA # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_DHE_PSK_WITH_AES_256_CBC_SHA" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for TLS_DHE_PSK_WITH_AES_256_CBC_SHA" # endif # if !defined(USE_TLS) && !defined(USE_DTLS) # error "Enable USE_TLS in matrixsslConfig.h for TLS_DHE_PSK_WITH_AES_256_CBC_SHA" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_ANON_DH_CIPHER_SUITE # define USE_DHE_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # define USE_PSK_CIPHER_SUITE # define USE_DHE_PSK_CIPHER_SUITE # endif # if defined(USE_TLS_PSK_WITH_AES_256_CBC_SHA) || defined(USE_TLS_PSK_WITH_AES_256_GCM_SHA) # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_PSK_WITH_AES_256_CBC_SHA" # endif # if !defined(USE_TLS) && !defined(USE_DTLS) # error "Enable USE_TLS in matrixsslConfig.h for TLS_PSK_WITH_AES_256_CBC_SHA" # endif # define USE_SHA_MAC # define USE_AES_CIPHER_SUITE # define USE_PSK_CIPHER_SUITE # endif # if defined(USE_TLS_PSK_WITH_AES_128_CBC_SHA) || defined(USE_TLS_PSK_WITH_AES_128_GCM_SHA) # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_PSK_WITH_AES_128_CBC_SHA" # endif # if !defined(USE_TLS) && !defined(USE_DTLS) # error "Enable USE_TLS in matrixsslConfig.h for TLS_PSK_WITH_AES_128_CBC_SHA" # endif # define USE_SHA_MAC # define USE_AES_CIPHER_SUITE # define USE_PSK_CIPHER_SUITE # endif # if defined(USE_TLS_PSK_WITH_AES_128_CBC_SHA256) || defined(USE_TLS_PSK_WITH_AES_128_GCM_SHA256) # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_PSK_WITH_AES_128_CBC_SHA256" # endif # if !defined(USE_TLS) && !defined(USE_DTLS) # error "Enable USE_TLS in matrixsslConfig.h for TLS_PSK_WITH_AES_128_CBC_SHA256" # endif # ifndef USE_SHA256 # error "Enable USE_SHA256 in cryptoConfig.h for TLS_PSK_WITH_AES_128_CBC_SHA256" # endif # define USE_SHA_MAC # define USE_AES_CIPHER_SUITE # define USE_PSK_CIPHER_SUITE # endif # if defined(USE_TLS_PSK_WITH_AES_256_CBC_SHA384) || defined(USE_TLS_PSK_WITH_AES_256_GCM_SHA384) # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_PSK_WITH_AES_256_CBC_SHA384" # endif # if !defined(USE_TLS) && !defined(USE_DTLS) # error "Enable USE_TLS in matrixsslConfig.h for TLS_PSK_WITH_AES_256_CBC_SHA384" # endif # ifndef USE_SHA384 # error "Enable USE_SHA384 in cryptoConfig.h for TLS_PSK_WITH_AES_256_CBC_SHA384" # endif # define USE_SHA_MAC # define USE_AES_CIPHER_SUITE # define USE_PSK_CIPHER_SUITE # endif /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_TLS_DH_anon_WITH_AES_128_CBC_SHA # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_DH_anon_WITH_AES_128_CBC_SHA" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for TLS_DH_anon_WITH_AES_128_CBC_SHA" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_ANON_DH_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # define USE_DHE_CIPHER_SUITE # endif /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_TLS_DH_anon_WITH_AES_256_CBC_SHA # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_DH_anon_WITH_AES_256_CBC_SHA" # endif # ifndef USE_DH # error "Enable USE_DH in cryptoConfig.h for TLS_DH_anon_WITH_AES_256_CBC_SHA" # endif # define REQUIRE_DH_PARAMS # define USE_SHA_MAC # define USE_ANON_DH_CIPHER_SUITE # define USE_DHE_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_TLS_RSA_WITH_SEED_CBC_SHA # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_SEED_CBC_SHA" # endif # ifndef USE_SEED # error "Enable USE_SEED in cryptoConfig.h for TLS_RSA_WITH_SEED_CBC_SHA" # endif # define USE_SHA_MAC # define USE_RSA_CIPHER_SUITE # define USE_SEED_CIPHER_SUITE # endif /** @note This cipher is deprecated from matrixsslConfig.h */ # ifdef USE_TLS_RSA_WITH_IDEA_CBC_SHA # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_RSA_WITH_IDEA_CBC_SHA" # endif # ifndef USE_IDEA # error "Enable USE_IDEA in cryptoConfig.h for TLS_RSA_WITH_IDEA_CBC_SHA" # endif # define USE_SHA_MAC # define USE_IDEA_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DH_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DH_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECDSA_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" # endif # ifndef USE_3DES # error "Enable USE_3DES in cryptoConfig.h for TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DHE_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_3DES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DH_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif # ifdef USE_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA # ifndef USE_ECC # error "Enable USE_ECC in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_RSA # error "Enable USE_RSA in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" # endif # ifndef USE_AES # error "Enable USE_AES in cryptoConfig.h for TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" # endif # define USE_SHA_MAC # define USE_DH_CIPHER_SUITE # define USE_ECC_CIPHER_SUITE # define USE_RSA_CIPHER_SUITE # define USE_AES_CIPHER_SUITE # endif /******************************************************************************/ /* If only PSK suites have been enabled (non-DHE), flip on the USE_ONLY_PSK define to create the smallest version of the library. If this is hit, the user can disable USE_X509, USE_RSA, USE_ECC, and USE_PRIVATE_KEY_PARSING in cryptoConfig.h. */ # if !defined(USE_RSA_CIPHER_SUITE) && !defined(USE_ECC_CIPHER_SUITE) && !defined(USE_DH_CIPHER_SUITE) && !defined(USE_DHE_PSK_CIPHER_SUITE) # ifndef USE_ONLY_PSK_CIPHER_SUITE # define USE_ONLY_PSK_CIPHER_SUITE # endif # ifndef USE_X509 typedef int32 psX509Cert_t; # endif # endif /* !RSA && !DH */ # if !defined(USE_RSA_CIPHER_SUITE) && !defined(USE_DH_CIPHER_SUITE) && \ defined(USE_DHE_PSK_CIPHER_SUITE) # define USE_ONLY_PSK_CIPHER_SUITE # ifndef USE_X509 typedef int32 psX509Cert_t; # endif # endif /* DHE_PSK only */ # if !defined(USE_CERT_PARSE) && !defined(USE_ONLY_PSK_CIPHER_SUITE) # ifdef USE_CLIENT_SIDE_SSL # error "Must enable USE_CERT_PARSE if building client with USE_CLIENT_SIDE_SSL" # endif # ifdef USE_CLIENT_AUTH # error "Must enable USE_CERT_PARSE if client auth (USE_CLIENT_AUTH) is needed" # endif # endif # if defined(USE_CLIENT_AUTH) || defined(USE_CLIENT_SIDE_SSL) # if defined(USE_CERT_PARSE) && !defined(USE_ONLY_PSK_CIPHER_SUITE) # define USE_CERT_VALIDATE /* Shorthand. */ # endif /* USE_CERT_PARSE && USE_ONLY_PSK_CIPHER_SUITE */ # endif /* USE_CLIENT_AUTH || USE_CLIENT_SIDE_SSL */ # if defined(USE_EXT_CERTIFICATE_VERIFY_SIGNING) # ifndef USE_CLIENT_AUTH # error "Must enable USE_CLIENT_AUTH if USE_EXT_CERTIFICATE_VERIFY_SIGNING is enabled" # endif /* USE_CLIENT_AUTH */ # ifndef USE_CERT_PARSE # error "Must enable USE_CERT_PARSE if USE_EXT_CERTIFICATE_VERIFY_SIGNING is enabled" # endif /* USE_CERT_PARSE */ # endif /* USE_EXT_CERTIFICATE_VERIFY_SIGNING */ # ifdef USE_TRUSTED_CA_INDICATION # ifndef ENABLE_CA_CERT_HASH # error "Define ENABLE_CA_CERT_HASH in cryptoConfig.h for Trusted CA Indication" # endif # endif # ifdef USE_TLS_1_3_CIPHER_SUITE # ifndef USE_TLS_1_3 # error "Need USE_TLS_1_3 for TLS 1.3 suites" # endif # ifdef SEND_HELLO_RANDOM_TIME # error "Not allowed to use SEND_HELLO_RANDOM_TIME when TLS 1.3 enabled" # endif # if !defined(USE_SHA256) && !defined(USE_SHA384) # error "Need USE_SHA256 or USE_SHA384 for TLS 1.3" # endif # ifndef USE_HKDF # error "Need USE_HKDF for TLS 1.3" # endif # ifdef USE_ECC # define USE_ECC_CIPHER_SUITE # endif # ifdef USE_DH # define USE_DHE_CIPHER_SUITE # endif # ifdef USE_RSA # define USE_RSA_CIPHER_SUITE # endif # define USE_PSK_CIPHER_SUITE # ifdef USE_DH # define REQUIRE_DH_PARAMS # endif # endif # if defined(USE_TLS_1_3) && !defined(DISABLE_TLS_1_3) # ifndef USE_TLS_1_3_CIPHER_SUITE # error "Need at least one TLS 1.3 ciphersuite for USE_TLS_1_3" # endif # endif # ifdef USE_SSL_INFORMATIONAL_TRACE # ifndef USE_SSL_HANDSHAKE_MSG_TRACE # error "Need USE_SSL_HANDSHAKE_MSG_TRACE for USE_SSL_INFORMATIONAL_TRACE" # endif # endif #ifdef USE_RSA_CIPHER_SUITE #endif /* USE_IDENTITY_CERTIFICATES maps high level "features" requiring certificate/public key authentication into a single concrete CPP definition used to guard code line needed to implement the features. Key-pair/certificate selection is used for client, if client-authentication is enabled, and for server that is not PSK-only. The keys->identity, and chosenIdentity, and functions handling these depend on this definition. The client use of certificate to verify server identity using trusted CA certificates is not covered by USE_IDENTITY_CERTIFICATES. */ #if !defined(USE_ONLY_PSK_CIPHER_SUITE) # if (defined(USE_CLIENT_SIDE_SSL) && defined(USE_CLIENT_AUTH)) || defined(USE_SERVER_SIDE_SSL) # define USE_IDENTITY_CERTIFICATES 1 # if !defined(USE_ECC_CIPHER_SUITE) && !defined(USE_RSA_CIPHER_SUITE) && !defined(USE_ECDSA_CIPHER_SUITE) # error "conflicting compilation options detected" # endif # endif # if defined(USE_IDENTITY_CERTIFICATES) || defined(USE_CLIENT_SIDE_SSL) # define USE_CA_CERTIFICATES 1 # endif #endif # ifdef __cplusplus } # endif #endif /* _h_MATRIXSSLCHECK */ /******************************************************************************/