Fix issue with NO_DES3_TLS_SUITES

dgarske · dgarske · commit 46251bb40114 · 2026-01-27T14:42:41.000-08:00
diff --git a/examples/configs/user_settings_wolftpm.h b/examples/configs/user_settings_wolftpm.h
@@ -187,6 +187,7 @@ extern "C" {
 #define NO_PWDBASED
 #define NO_DSA
 #define NO_DES3
+#define NO_DES3_TLS_SUITES
 #define NO_RC4
 #define NO_PSK
 #define NO_MD4
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -4803,170 +4803,186 @@ extern void uITRON4_free(void *p) ;
 
 /* Dependency Rules (Feature X requires Feature Y) */
 #if defined(WOLFSSL_SHA224) && defined(NO_SHA256)
-    #error "SHA-224 requires SHA-256"
+    #error "SHA-224 (WOLFSSL_SHA224) requires SHA-256"
 #endif
 #if defined(WOLFSSL_SM2) && !defined(HAVE_ECC)
-    #error "SM2 requires ECC"
+    #error "SM2 (WOLFSSL_SM2) requires ECC (HAVE_ECC)"
 #endif
 #if defined(HAVE_ECC_BRAINPOOL) && !defined(WOLFSSL_CUSTOM_CURVES)
-    #error "Brainpool curves require WOLFSSL_CUSTOM_CURVES"
+    #error "Brainpool curves (HAVE_ECC_BRAINPOOL) require WOLFSSL_CUSTOM_CURVES"
 #endif
 #if defined(FP_ECC) && !defined(HAVE_ECC)
-    #error "FP_ECC requires ECC"
+    #error "FP_ECC requires ECC (HAVE_ECC)"
 #endif
 #if defined(HAVE_ECC_ENCRYPT) && !defined(HAVE_ECC)
-    #error "ECC encrypt requires ECC"
+    #error "ECC encrypt (HAVE_ECC_ENCRYPT) requires ECC (HAVE_ECC)"
 #endif
 #if defined(HAVE_ECC_ENCRYPT) && !defined(HAVE_HKDF)
-    #error "ECC encrypt requires HKDF"
+    #error "ECC encrypt (HAVE_ECC_ENCRYPT) requires HKDF (HAVE_HKDF)"
 #endif
 #if defined(WOLFCRYPT_HAVE_ECCSI) && !defined(HAVE_ECC)
-    #error "ECCSI requires ECC"
+    #error "ECCSI (WOLFCRYPT_HAVE_ECCSI) requires ECC (HAVE_ECC)"
 #endif
 #if defined(WOLFCRYPT_HAVE_SAKKE) && !defined(HAVE_ECC)
-    #error "SAKKE requires ECC"
+    #error "SAKKE (WOLFCRYPT_HAVE_SAKKE) requires ECC (HAVE_ECC)"
 #endif
 #if !defined(WOLFCRYPT_ONLY) && defined(HAVE_ANON) && defined(NO_DH)
-    #error "Anonymous ciphers require DH"
+    #error "Anonymous ciphers (HAVE_ANON) require DH"
 #endif
 #if defined(FORTRESS) && defined(NO_AES)
-    #error "Fortress requires AES"
+    #error "Fortress (FORTRESS) requires AES"
 #endif
 #if defined(HAVE_AESGCM) && defined(NO_AES)
-    #error "AES-GCM requires AES"
+    #error "AES-GCM (HAVE_AESGCM) requires AES"
 #endif
 #if defined(HAVE_AESCCM) && defined(NO_AES)
-    #error "AES-CCM requires AES"
+    #error "AES-CCM (HAVE_AESCCM) requires AES"
 #endif
 #if defined(WOLFSSL_AES_COUNTER) && defined(NO_AES)
-    #error "AES-CTR requires AES"
+    #error "AES-CTR (WOLFSSL_AES_COUNTER) requires AES"
 #endif
 #if defined(HAVE_ED448) && !defined(WOLFSSL_SHA512)
-    #error "ED448 requires SHA-512"
+    #error "ED448 (HAVE_ED448) requires SHA-512 (WOLFSSL_SHA512)"
 #endif
 #if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_SHA3)
-    #error "SHAKE128 requires SHA-3"
+    #error "SHAKE128 (WOLFSSL_SHAKE128) requires SHA-3 (WOLFSSL_SHA3)"
 #endif
 #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_SHA3)
-    #error "SHAKE256 requires SHA-3"
+    #error "SHAKE256 (WOLFSSL_SHAKE256) requires SHA-3 (WOLFSSL_SHA3)"
 #endif
 #if defined(HAVE_XCHACHA) && !defined(HAVE_CHACHA)
-    #error "XChaCha requires ChaCha"
+    #error "XChaCha (HAVE_XCHACHA) requires ChaCha (HAVE_CHACHA)"
 #endif
 #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_REQUIRE_FFDHE) && \
     defined(NO_DH)
-    #error "FFDHE-only requires DH"
+    #error "FFDHE-only (WOLFSSL_REQUIRE_FFDHE) requires DH"
 #endif
 #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_REQUIRE_FFDHE) && \
     !defined(HAVE_SUPPORTED_CURVES)
-    #error "FFDHE-only requires Supported Curves extension"
+    #error "FFDHE-only (WOLFSSL_REQUIRE_FFDHE) requires" \
+           " Supported Curves (HAVE_SUPPORTED_CURVES)"
 #endif
 #if defined(HAVE_SCRYPT) && defined(NO_PWDBASED)
-    #error "scrypt requires pwdbased"
+    #error "scrypt (HAVE_SCRYPT) requires pwdbased"
 #endif
 #if defined(HAVE_OCSP) && defined(NO_ASN)
-    #error "OCSP requires ASN"
+    #error "OCSP (HAVE_OCSP) requires ASN"
 #endif
 #if defined(HAVE_SMIME) && defined(NO_ASN)
-    #error "S/MIME requires ASN"
+    #error "S/MIME (HAVE_SMIME) requires ASN"
 #endif
 #if defined(HAVE_OCSP) && defined(NO_RSA) && !defined(HAVE_ECC)
-    #error "OCSP requires RSA or ECC"
+    #error "OCSP (HAVE_OCSP) requires RSA or ECC (HAVE_ECC)"
 #endif
 #if defined(HAVE_PKCS7) && defined(NO_RSA) && !defined(HAVE_ECC)
-    #error "PKCS7 requires RSA or ECC"
+    #error "PKCS7 (HAVE_PKCS7) requires RSA or ECC (HAVE_ECC)"
 #endif
 #if defined(HAVE_PKCS7) && defined(NO_SHA) && defined(NO_SHA256)
-    #error "PKCS7 requires SHA or SHA-256"
+    #error "PKCS7 (HAVE_PKCS7) requires SHA or SHA-256"
 #endif
 #if defined(WOLFSSL_HAVE_WOLFSCEP) && defined(NO_AES) && defined(NO_DES3)
-    #error "SCEP requires AES or 3DES"
+    #error "SCEP (WOLFSSL_HAVE_WOLFSCEP) requires AES or 3DES"
 #endif
 #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_SNIFFER) && \
     defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519)
-    #error "Sniffer requires RSA, ECC, or Curve25519"
+    #error "Sniffer (WOLFSSL_SNIFFER) requires RSA," \
+           " ECC (HAVE_ECC), or Curve25519 (HAVE_CURVE25519)"
 #endif
 #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
     defined(NO_ASN) && !defined(WOLFCRYPT_ONLY)
-    #error "RSA requires ASN"
+    #error "RSA requires ASN (NO_ASN must not be defined)"
 #endif
 #if !defined(NO_DSA) && defined(NO_ASN)
-    #error "DSA requires ASN"
+    #error "DSA requires ASN (NO_ASN must not be defined)"
 #endif
 #if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && defined(NO_ASN)
-    #error "Please enable PSK if disabling ASN"
+    #error "Enable PSK (NO_PSK must not be defined)" \
+           " if disabling ASN (NO_ASN)"
 #endif
 #if defined(WOLFSSL_WOLFSSH) && defined(NO_HMAC)
-    #error "WOLFSSH requires HMAC"
+    #error "WOLFSSH (WOLFSSL_WOLFSSH) requires HMAC"
 #endif
 
 /* Conflicting Feature Rules */
 #if defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)
     #if defined(WOLFSSL_CUSTOM_CURVES)
-        #error "Cannot use single precision math and custom curves"
+        #error "Cannot use SP math (WOLFSSL_SP_MATH)" \
+               " with custom curves (WOLFSSL_CUSTOM_CURVES)"
     #endif
     #if !defined(NO_DSA)
-        #error "Cannot use single precision math and DSA"
+        #error "Cannot use single precision math (WOLFSSL_SP_MATH) and DSA"
     #endif
     #if defined(WOLFCRYPT_HAVE_SRP)
-        #error "Cannot use single precision math and SRP"
+        #error "Cannot use SP math (WOLFSSL_SP_MATH)" \
+               " with SRP (WOLFCRYPT_HAVE_SRP)"
     #endif
 #endif
 #if defined(USE_INTEGER_HEAP_MATH) && defined(WOLFSSL_STATIC_MEMORY)
-    #error "Heap math is incompatible with static memory"
+    #error "Heap math (USE_INTEGER_HEAP_MATH) is incompatible" \
+           " with static memory (WOLFSSL_STATIC_MEMORY)"
 #endif
 #if defined(WC_16BIT_CPU) && \
     (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL))
-    #error "16-bit build is not available with SP math"
+    #error "16-bit build (WC_16BIT_CPU) is not available with SP math"
 #endif
 
 /* Streaming Feature Rules */
 #if defined(WOLFSSL_AESGCM_STREAM) && !defined(HAVE_AESGCM)
-    #error "AES-GCM streaming requires AES-GCM"
+    #error "AES-GCM streaming (WOLFSSL_AESGCM_STREAM)" \
+           " requires AES-GCM (HAVE_AESGCM)"
 #endif
 #if defined(WOLFSSL_AESXTS_STREAM) && !defined(WOLFSSL_AES_XTS)
-    #error "AES-XTS streaming requires AES-XTS"
+    #error "AES-XTS streaming (WOLFSSL_AESXTS_STREAM)" \
+           " requires AES-XTS (WOLFSSL_AES_XTS)"
 #endif
 #if defined(WOLFSSL_ED25519_STREAMING_VERIFY) && !defined(HAVE_ED25519)
-    #error "ED25519 streaming verify requires ED25519"
+    #error "ED25519 streaming verify" \
+           " (WOLFSSL_ED25519_STREAMING_VERIFY)" \
+           " requires ED25519 (HAVE_ED25519)"
 #endif
 #if defined(WOLFSSL_ED448_STREAMING_VERIFY) && !defined(HAVE_ED448)
-    #error "ED448 streaming verify requires ED448"
+    #error "ED448 streaming verify" \
+           " (WOLFSSL_ED448_STREAMING_VERIFY)" \
+           " requires ED448 (HAVE_ED448)"
 #endif
 
 /* QUIC Rules */
 #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_QUIC) && \
     !defined(WOLFSSL_TLS13)
-    #error "QUIC requires TLS 1.3"
+    #error "QUIC (WOLFSSL_QUIC) requires TLS 1.3 (WOLFSSL_TLS13)"
 #endif
 #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_QUIC) && \
     !defined(HAVE_AESGCM)
-    #error "QUIC requires AES-GCM"
+    #error "QUIC (WOLFSSL_QUIC) requires AES-GCM (HAVE_AESGCM)"
 #endif
 
 /* Crypto Callback Rules */
 #if defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && !defined(WOLF_CRYPTO_CB)
-    #error "Crypto callback SW test requires WOLF_CRYPTO_CB"
+    #error "Crypto callback SW test" \
+           " (WC_TEST_NO_CRYPTOCB_SW_TEST)" \
+           " requires WOLF_CRYPTO_CB"
 #endif
 #if (defined(WOLF_CRYPTO_CB_COPY) || defined(WOLF_CRYPTO_CB_FREE)) && \
     !defined(WOLF_CRYPTO_CB)
-    #error "Crypto callback utilities require WOLF_CRYPTO_CB"
+    #error "Crypto callback utilities" \
+           " (WOLF_CRYPTO_CB_COPY/WOLF_CRYPTO_CB_FREE)" \
+           " require WOLF_CRYPTO_CB"
 #endif
 
 /* Early Data / Session Rules */
 #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_EARLY_DATA) && \
     !defined(WOLFSSL_TLS13)
-    #error "Early data requires TLS 1.3"
+    #error "Early data requires TLS 1.3 (WOLFSSL_TLS13)"
 #endif
 #if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_EARLY_DATA) && \
     !defined(HAVE_SESSION_TICKET) && defined(NO_PSK)
-    #error "Early data requires session tickets or PSK"
+    #error "Early data requires session tickets (HAVE_SESSION_TICKET) or PSK"
 #endif
 
-/* DES3 TLS Suite Rule */
+/* DES3 TLS Suite Rule - auto-disable DES3 TLS suites when DES3 is disabled */
 #if !defined(WOLFCRYPT_ONLY) && !defined(NO_DES3_TLS_SUITES) && \
     defined(NO_DES3)
-    #error "DES3 TLS suites require DES3"
+    #define NO_DES3_TLS_SUITES
 #endif
 
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) && \
diff --git a/wrapper/CSharp/user_settings.h b/wrapper/CSharp/user_settings.h
@@ -91,6 +91,7 @@
 
 /* Disable Algorithms */
 #define NO_DES3
+#define NO_DES3_TLS_SUITES
 #define NO_DSA
 #define NO_RC4
 #define NO_MD4
