fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
4131ec1260
commit
7ddc38cedb
3 changed files with 45 additions and 20 deletions
|
|
@ -3267,7 +3267,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
|
|||
const uint16_t *groups );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/**
|
||||
* \brief Set the allowed hashes for signatures during the handshake.
|
||||
*
|
||||
|
|
@ -3299,7 +3299,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
|
|||
*/
|
||||
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
const int *hashes );
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/**
|
||||
* \brief Configure allowed signature algorithms for use in TLS 1.3
|
||||
|
|
|
|||
|
|
@ -1821,10 +1821,11 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
|
|||
* In future, invocations can be changed to ssl->conf->sig_algs when
|
||||
* mbedtls_ssl_conf_sig_hashes() is deleted.
|
||||
*
|
||||
* ssl->handshake->sig_algs is either a translation of sig_hases to IANA TLS group
|
||||
* identifiers when mbedtls_ssl_conf_sig_hashes() has been used, or a pointer to
|
||||
* ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has been more recently
|
||||
* invoked.
|
||||
* ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS
|
||||
* signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been
|
||||
* used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has
|
||||
* been more recently invoked.
|
||||
*
|
||||
*/
|
||||
static inline const void *mbedtls_ssl_get_sig_algs(
|
||||
const mbedtls_ssl_context *ssl )
|
||||
|
|
|
|||
|
|
@ -4052,7 +4052,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* Set allowed/preferred hashes for handshake signatures
|
||||
*/
|
||||
|
|
@ -4061,7 +4061,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
|||
{
|
||||
conf->sig_hashes = hashes;
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* Configure allowed signature algorithms for handshake */
|
||||
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||
|
|
@ -7434,21 +7434,45 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* mbedtls_ssl_tls13_write_sig_alg_ext( )
|
||||
* Function for writing a signature algorithm extension.
|
||||
*
|
||||
* enum {
|
||||
* ....
|
||||
* ecdsa_secp256r1_sha256( 0x0403 ),
|
||||
* ecdsa_secp384r1_sha384( 0x0503 ),
|
||||
* ecdsa_secp521r1_sha512( 0x0603 ),
|
||||
* ....
|
||||
* } SignatureScheme;
|
||||
* The `exitension_data` field of signature algorithm contains `SignatureSchemeList`
|
||||
* value (TLS 1.3 RFC8446):
|
||||
* enum {
|
||||
* ....
|
||||
* ecdsa_secp256r1_sha256( 0x0403 ),
|
||||
* ecdsa_secp384r1_sha384( 0x0503 ),
|
||||
* ecdsa_secp521r1_sha512( 0x0603 ),
|
||||
* ....
|
||||
* } SignatureScheme;
|
||||
*
|
||||
* struct {
|
||||
* SignatureScheme supported_signature_algorithms<2..2^16-2>;
|
||||
* } SignatureSchemeList;
|
||||
* struct {
|
||||
* SignatureScheme supported_signature_algorithms<2..2^16-2>;
|
||||
* } SignatureSchemeList;
|
||||
*
|
||||
* The `exitension_data` field of signature algorithm contains
|
||||
* `SignatureAndHashAlgorithm` value (TLS 1.2 RFC5246):
|
||||
* enum {
|
||||
* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
|
||||
* sha512(6), (255)
|
||||
* } HashAlgorithm;
|
||||
*
|
||||
* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
|
||||
* SignatureAlgorithm;
|
||||
*
|
||||
* struct {
|
||||
* HashAlgorithm hash;
|
||||
* SignatureAlgorithm signature;
|
||||
* } SignatureAndHashAlgorithm;
|
||||
*
|
||||
* SignatureAndHashAlgorithm
|
||||
* supported_signature_algorithms<2..2^16-2>;
|
||||
*
|
||||
* The TLS 1.3 signature algorithm extension was defined to be a compatible
|
||||
* generalization of the TLS 1.2 signature algorithm extension.
|
||||
* `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by
|
||||
* `SignatureScheme` field of TLS 1.3
|
||||
*
|
||||
* Only if we handle at least one key exchange that needs signatures.
|
||||
*/
|
||||
int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
|
||||
const unsigned char *end, size_t *out_len )
|
||||
|
|
|
|||
Loading…
Reference in a new issue