From ce0aa58fd98240b6716d352306f9bf0c2308dce0 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 12 Sep 2022 13:24:25 +0200 Subject: [PATCH] check_config.h: make TLS1.3 requirements verification more readable Signed-off-by: Przemek Stekiel --- include/mbedtls/check_config.h | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c2fda364b..fa70058de 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -757,11 +757,21 @@ #endif /* TLS 1.3 requires at least one ciphersuite, so at least SHA-256 or SHA-384 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - !( ( defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_348) ) && \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) || ( defined(MBEDTLS_MD_C) && ( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C) ) ) ) ) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +/* We always need at least one of the hashes via PSA (for use with HKDF) */ +#if !( defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384) ) #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" -#endif +#endif /* !(PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384) */ +#if !defined(MBEDTLS_USE_PSA_CRYPTO) +/* When USE_PSA_CRYPTO is not defined, we also need SHA-256 or SHA-384 via the + * legacy interface, including via the MD layer, for the parts of the code + * that are shared with TLS 1.2 (running handshake hash). */ +#if !defined(MBEDTLS_MD_C) || \ + !( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C) ) +#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" +#endif /* !MBEDTLS_MD_C || !(MBEDTLS_SHA256_C || MBEDTLS_SHA384_C) */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ /* * The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE.