Skip to content

Make sure all configure.ac rules are also enforced in settings.h #9717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JacobBarthelmeh merged 2 commits into from
Jan 28, 2026
+208 −0
Merged

Make sure all configure.ac rules are also enforced in settings.h #9717

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
74a4bcb
Enforce all configure.ac rules in settings.h also. Keeping configure.…
dgarske Jan 27, 2026
46251bb
Fix issue with `NO_DES3_TLS_SUITES`
dgarske Jan 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions examples/configs/user_settings_wolftpm.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,7 @@ extern "C" {
#define NO_PWDBASED
#define NO_DSA
#define NO_DES3
#define NO_DES3_TLS_SUITES
#define NO_RC4
#define NO_PSK
#define NO_MD4
Expand Down
206 changes: 206 additions & 0 deletions wolfssl/wolfcrypt/settings.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4779,6 +4779,212 @@ extern void uITRON4_free(void *p) ;
#endif
#endif /* HAVE_ENTROPY_MEMUSE */

/* ---------------------------------------------------------------------------*/
/* Configuration validation rules */
/* These enforce build constraints across all platforms */
/* ---------------------------------------------------------------------------*/

/* Mutual Exclusivity Rules */
#if defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_MATH_ALL)
#error "WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL are incompatible"
#endif
#if defined(WOLFCRYPT_ONLY) && defined(OPENSSL_ALL)
#error "WOLFCRYPT_ONLY and OPENSSL_ALL are mutually incompatible"
#endif
#if defined(WOLFSSL_MAX_STRENGTH) && defined(WOLFSSL_LEANPSK)
#error "Cannot use Max Strength and Lean PSK at the same time"
#endif
#if defined(WOLFSSL_HAVE_WOLFSCEP) && defined(WOLFSSL_LEANTLS)
#error "Cannot use SCEP and Lean TLS at the same time"
#endif
#if defined(WOLFSSL_MAX_STRENGTH) && defined(WOLFSSL_ALLOW_SSLV3)
#error "Cannot use Max Strength and SSLv3 at the same time"
#endif

/* Dependency Rules (Feature X requires Feature Y) */
#if defined(WOLFSSL_SHA224) && defined(NO_SHA256)
#error "SHA-224 (WOLFSSL_SHA224) requires SHA-256"
#endif
#if defined(WOLFSSL_SM2) && !defined(HAVE_ECC)
#error "SM2 (WOLFSSL_SM2) requires ECC (HAVE_ECC)"
#endif
#if defined(HAVE_ECC_BRAINPOOL) && !defined(WOLFSSL_CUSTOM_CURVES)
#error "Brainpool curves (HAVE_ECC_BRAINPOOL) require WOLFSSL_CUSTOM_CURVES"
#endif
#if defined(FP_ECC) && !defined(HAVE_ECC)
#error "FP_ECC requires ECC (HAVE_ECC)"
#endif
#if defined(HAVE_ECC_ENCRYPT) && !defined(HAVE_ECC)
#error "ECC encrypt (HAVE_ECC_ENCRYPT) requires ECC (HAVE_ECC)"
#endif
#if defined(HAVE_ECC_ENCRYPT) && !defined(HAVE_HKDF)
#error "ECC encrypt (HAVE_ECC_ENCRYPT) requires HKDF (HAVE_HKDF)"
#endif
#if defined(WOLFCRYPT_HAVE_ECCSI) && !defined(HAVE_ECC)
#error "ECCSI (WOLFCRYPT_HAVE_ECCSI) requires ECC (HAVE_ECC)"
#endif
#if defined(WOLFCRYPT_HAVE_SAKKE) && !defined(HAVE_ECC)
#error "SAKKE (WOLFCRYPT_HAVE_SAKKE) requires ECC (HAVE_ECC)"
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(HAVE_ANON) && defined(NO_DH)
#error "Anonymous ciphers (HAVE_ANON) require DH"
#endif
#if defined(FORTRESS) && defined(NO_AES)
#error "Fortress (FORTRESS) requires AES"
#endif
#if defined(HAVE_AESGCM) && defined(NO_AES)
#error "AES-GCM (HAVE_AESGCM) requires AES"
#endif
#if defined(HAVE_AESCCM) && defined(NO_AES)
#error "AES-CCM (HAVE_AESCCM) requires AES"
#endif
#if defined(WOLFSSL_AES_COUNTER) && defined(NO_AES)
#error "AES-CTR (WOLFSSL_AES_COUNTER) requires AES"
#endif
#if defined(HAVE_ED448) && !defined(WOLFSSL_SHA512)
#error "ED448 (HAVE_ED448) requires SHA-512 (WOLFSSL_SHA512)"
#endif
#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_SHA3)
#error "SHAKE128 (WOLFSSL_SHAKE128) requires SHA-3 (WOLFSSL_SHA3)"
#endif
#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_SHA3)
#error "SHAKE256 (WOLFSSL_SHAKE256) requires SHA-3 (WOLFSSL_SHA3)"
#endif
#if defined(HAVE_XCHACHA) && !defined(HAVE_CHACHA)
#error "XChaCha (HAVE_XCHACHA) requires ChaCha (HAVE_CHACHA)"
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_REQUIRE_FFDHE) && \
defined(NO_DH)
#error "FFDHE-only (WOLFSSL_REQUIRE_FFDHE) requires DH"
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_REQUIRE_FFDHE) && \
!defined(HAVE_SUPPORTED_CURVES)
#error "FFDHE-only (WOLFSSL_REQUIRE_FFDHE) requires" \
" Supported Curves (HAVE_SUPPORTED_CURVES)"
#endif
#if defined(HAVE_SCRYPT) && defined(NO_PWDBASED)
#error "scrypt (HAVE_SCRYPT) requires pwdbased"
#endif
#if defined(HAVE_OCSP) && defined(NO_ASN)
#error "OCSP (HAVE_OCSP) requires ASN"
#endif
#if defined(HAVE_SMIME) && defined(NO_ASN)
#error "S/MIME (HAVE_SMIME) requires ASN"
#endif
#if defined(HAVE_OCSP) && defined(NO_RSA) && !defined(HAVE_ECC)
#error "OCSP (HAVE_OCSP) requires RSA or ECC (HAVE_ECC)"
#endif
#if defined(HAVE_PKCS7) && defined(NO_RSA) && !defined(HAVE_ECC)
#error "PKCS7 (HAVE_PKCS7) requires RSA or ECC (HAVE_ECC)"
#endif
#if defined(HAVE_PKCS7) && defined(NO_SHA) && defined(NO_SHA256)
#error "PKCS7 (HAVE_PKCS7) requires SHA or SHA-256"
#endif
#if defined(WOLFSSL_HAVE_WOLFSCEP) && defined(NO_AES) && defined(NO_DES3)
#error "SCEP (WOLFSSL_HAVE_WOLFSCEP) requires AES or 3DES"
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_SNIFFER) && \
defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519)
#error "Sniffer (WOLFSSL_SNIFFER) requires RSA," \
" ECC (HAVE_ECC), or Curve25519 (HAVE_CURVE25519)"
#endif
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
defined(NO_ASN) && !defined(WOLFCRYPT_ONLY)
#error "RSA requires ASN (NO_ASN must not be defined)"
#endif
#if !defined(NO_DSA) && defined(NO_ASN)
#error "DSA requires ASN (NO_ASN must not be defined)"
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && defined(NO_ASN)
#error "Enable PSK (NO_PSK must not be defined)" \
" if disabling ASN (NO_ASN)"
#endif
#if defined(WOLFSSL_WOLFSSH) && defined(NO_HMAC)
#error "WOLFSSH (WOLFSSL_WOLFSSH) requires HMAC"
#endif

/* Conflicting Feature Rules */
#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)
#if defined(WOLFSSL_CUSTOM_CURVES)
#error "Cannot use SP math (WOLFSSL_SP_MATH)" \
" with custom curves (WOLFSSL_CUSTOM_CURVES)"
#endif
#if !defined(NO_DSA)
#error "Cannot use single precision math (WOLFSSL_SP_MATH) and DSA"
#endif
#if defined(WOLFCRYPT_HAVE_SRP)
#error "Cannot use SP math (WOLFSSL_SP_MATH)" \
" with SRP (WOLFCRYPT_HAVE_SRP)"
#endif
#endif
#if defined(USE_INTEGER_HEAP_MATH) && defined(WOLFSSL_STATIC_MEMORY)
#error "Heap math (USE_INTEGER_HEAP_MATH) is incompatible" \
" with static memory (WOLFSSL_STATIC_MEMORY)"
#endif
#if defined(WC_16BIT_CPU) && \
(defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL))
#error "16-bit build (WC_16BIT_CPU) is not available with SP math"
#endif

/* Streaming Feature Rules */
#if defined(WOLFSSL_AESGCM_STREAM) && !defined(HAVE_AESGCM)
#error "AES-GCM streaming (WOLFSSL_AESGCM_STREAM)" \
" requires AES-GCM (HAVE_AESGCM)"
#endif
#if defined(WOLFSSL_AESXTS_STREAM) && !defined(WOLFSSL_AES_XTS)
#error "AES-XTS streaming (WOLFSSL_AESXTS_STREAM)" \
" requires AES-XTS (WOLFSSL_AES_XTS)"
#endif
#if defined(WOLFSSL_ED25519_STREAMING_VERIFY) && !defined(HAVE_ED25519)
#error "ED25519 streaming verify" \
" (WOLFSSL_ED25519_STREAMING_VERIFY)" \
" requires ED25519 (HAVE_ED25519)"
#endif
#if defined(WOLFSSL_ED448_STREAMING_VERIFY) && !defined(HAVE_ED448)
#error "ED448 streaming verify" \
" (WOLFSSL_ED448_STREAMING_VERIFY)" \
" requires ED448 (HAVE_ED448)"
#endif

/* QUIC Rules */
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_QUIC) && \
!defined(WOLFSSL_TLS13)
#error "QUIC (WOLFSSL_QUIC) requires TLS 1.3 (WOLFSSL_TLS13)"
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_QUIC) && \
!defined(HAVE_AESGCM)
#error "QUIC (WOLFSSL_QUIC) requires AES-GCM (HAVE_AESGCM)"
#endif

/* Crypto Callback Rules */
#if defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && !defined(WOLF_CRYPTO_CB)
#error "Crypto callback SW test" \
" (WC_TEST_NO_CRYPTOCB_SW_TEST)" \
" requires WOLF_CRYPTO_CB"
#endif
#if (defined(WOLF_CRYPTO_CB_COPY) || defined(WOLF_CRYPTO_CB_FREE)) && \
!defined(WOLF_CRYPTO_CB)
#error "Crypto callback utilities" \
" (WOLF_CRYPTO_CB_COPY/WOLF_CRYPTO_CB_FREE)" \
" require WOLF_CRYPTO_CB"
#endif

/* Early Data / Session Rules */
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_EARLY_DATA) && \
!defined(WOLFSSL_TLS13)
#error "Early data requires TLS 1.3 (WOLFSSL_TLS13)"
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_EARLY_DATA) && \
!defined(HAVE_SESSION_TICKET) && defined(NO_PSK)
#error "Early data requires session tickets (HAVE_SESSION_TICKET) or PSK"
#endif

/* DES3 TLS Suite Rule - auto-disable DES3 TLS suites when DES3 is disabled */
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_DES3_TLS_SUITES) && \
defined(NO_DES3)
#define NO_DES3_TLS_SUITES
#endif

#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) && \
!defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
#error "If TLS is enabled please make sure either client or server is enabled."
Expand Down
1 change: 1 addition & 0 deletions wrapper/CSharp/user_settings.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@

/* Disable Algorithms */
#define NO_DES3
#define NO_DES3_TLS_SUITES
#define NO_DSA
#define NO_RC4
#define NO_MD4
Expand Down