mirror of
https://github.com/cuberite/polarssl.git
synced 2025-10-03 02:23:32 -04:00
check_config.h: fix TLS 1.3 requirements (add HKDF_EXTRACT/EXPAND) and comments
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
parent
dcec7ac3e8
commit
8a2f2b0bd6
@ -750,11 +750,13 @@
|
|||||||
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/* TLS 1.3 requires separate HKDF parts from PSA */
|
||||||
* HKDF is mandatory for TLS 1.3.
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||||
* Otherwise support for at least one ciphersuite mandates either SHA_256 or
|
!( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_HKDF_EXTRACT) && defined(PSA_WANT_ALG_HKDF_EXPAND) )
|
||||||
* SHA_384.
|
#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
|
||||||
*/
|
#endif
|
||||||
|
|
||||||
|
/* TLS 1.3 requires at least one ciphersuite, so at least SHA-256 or SHA-384 */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||||
!( ( defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_348) ) && \
|
!( ( defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_348) ) && \
|
||||||
( defined(MBEDTLS_USE_PSA_CRYPTO) || ( defined(MBEDTLS_MD_C) && ( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C) ) ) ) )
|
( defined(MBEDTLS_USE_PSA_CRYPTO) || ( defined(MBEDTLS_MD_C) && ( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C) ) ) ) )
|
||||||
|
Loading…
x
Reference in New Issue
Block a user