Create API for mbedtls_ssl_conf_sig_hashes().
Not implemented yet.
This commit is contained in:
parent
9d412d872c
commit
36a8b575a9
3 changed files with 57 additions and 10 deletions
|
@ -70,6 +70,12 @@
|
|||
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
|
||||
#endif
|
||||
|
||||
/*
|
||||
* SSL Error codes
|
||||
*/
|
||||
|
@ -529,12 +535,16 @@ struct mbedtls_ssl_config
|
|||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
|
||||
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
|
||||
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
|
||||
mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
|
||||
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
const int *sig_hashes; /*!< allowed signature hashes */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
|
||||
#endif
|
||||
|
@ -1527,13 +1537,40 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
* controlled by \c mbedtls_ssl_conf_curves() but for CA_int
|
||||
* and CA_root it's \c mbedtls_ssl_conf_cert_profile().
|
||||
*
|
||||
* \note This list should be ordered by decreasing preference
|
||||
* (preferred curve first).
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param curves Ordered list of allowed curves,
|
||||
* terminated by MBEDTLS_ECP_DP_NONE.
|
||||
*/
|
||||
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );
|
||||
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||
const mbedtls_ecp_group_id *curves );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
/**
|
||||
* \brief Set the allowed hashes for signatures during the handshake.
|
||||
* (Default: all available hashes.)
|
||||
*
|
||||
* \note This only affects which hashes are offered and can be used
|
||||
* for signatures during the handshake. Hashes for message
|
||||
* authentication and the TLS PRF are controlled by the
|
||||
* ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
|
||||
* used for certificate signature are controlled by the
|
||||
* verification profile, see \c mbedtls_ssl_conf_cert_profile().
|
||||
*
|
||||
* \note This list should be ordered by decreasing preference
|
||||
* (preferred hash first).
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param hashes Ordered list of allowed signature hashes,
|
||||
* terminated by \c MBEDTLS_MD_NONE.
|
||||
*/
|
||||
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
const int *hashes );
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Set hostname for ServerName TLS extension
|
||||
|
|
|
@ -1836,9 +1836,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
||||
unsigned char **p,
|
||||
unsigned char *end,
|
||||
|
@ -1884,12 +1882,9 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
||||
|
|
|
@ -5478,6 +5478,17 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
}
|
||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
/*
|
||||
* Set allowed/preferred hashes for handshake signatures
|
||||
*/
|
||||
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
const int *hashes )
|
||||
{
|
||||
conf->sig_hashes = hashes;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/*
|
||||
* Set the allowed elliptic curves
|
||||
|
@ -6665,8 +6676,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
conf->sig_hashes = mbedtls_md_list();
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
conf->curve_list = mbedtls_ecp_grp_id_list( );
|
||||
conf->curve_list = mbedtls_ecp_grp_id_list();
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
|
|
Loading…
Reference in a new issue