diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 26fdf2238..6afccbdbb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6509,34 +6509,26 @@ static uint16_t ssl_preset_default_sig_algs[] = { #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ - #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ - #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ - #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + MBEDTLS_TLS1_3_SIG_NONE }; @@ -6558,15 +6550,6 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { /* NOTICE: see above */ static uint16_t ssl_preset_suiteb_sig_algs[] = { -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && - MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) @@ -6574,14 +6557,20 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + MBEDTLS_TLS1_3_SIG_NONE };