mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-18 14:42:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix various issues

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-01-19 11:08:05 +08:00
parent 4131ec1260
commit 7ddc38cedb
3 changed files with 45 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/mbedtls/ssl.h
View File

@ -3267,7 +3267,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
const uint16_t *groups ); const uint16_t *groups );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
/** /**
* \brief Set the allowed hashes for signatures during the handshake. * \brief Set the allowed hashes for signatures during the handshake.
* *
@ -3299,7 +3299,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
*/ */
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes ); const int *hashes );
#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
/** /**
* \brief Configure allowed signature algorithms for use in TLS 1.3 * \brief Configure allowed signature algorithms for use in TLS 1.3

9
library/ssl_misc.h
View File

@ -1821,10 +1821,11 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
* In future, invocations can be changed to ssl->conf->sig_algs when * In future, invocations can be changed to ssl->conf->sig_algs when
* mbedtls_ssl_conf_sig_hashes() is deleted. * mbedtls_ssl_conf_sig_hashes() is deleted.
* *
* ssl->handshake->sig_algs is either a translation of sig_hases to IANA TLS group * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS
* identifiers when mbedtls_ssl_conf_sig_hashes() has been used, or a pointer to * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been
* ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has been more recently * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has
* invoked. * been more recently invoked.
*
*/ */
static inline const void *mbedtls_ssl_get_sig_algs( static inline const void *mbedtls_ssl_get_sig_algs(
const mbedtls_ssl_context *ssl ) const mbedtls_ssl_context *ssl )

52
library/ssl_tls.c
View File

@ -4052,7 +4052,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* /*
* Set allowed/preferred hashes for handshake signatures * Set allowed/preferred hashes for handshake signatures
*/ */
@ -4061,7 +4061,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
{ {
conf->sig_hashes = hashes; conf->sig_hashes = hashes;
} }
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
/* Configure allowed signature algorithms for handshake */ /* Configure allowed signature algorithms for handshake */
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
@ -7434,21 +7434,45 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* /*
* mbedtls_ssl_tls13_write_sig_alg_ext( ) * Function for writing a signature algorithm extension.
* *
* enum { * The `exitension_data` field of signature algorithm contains `SignatureSchemeList`
* .... * value (TLS 1.3 RFC8446):
* ecdsa_secp256r1_sha256( 0x0403 ), * enum {
* ecdsa_secp384r1_sha384( 0x0503 ), * ....
* ecdsa_secp521r1_sha512( 0x0603 ), * ecdsa_secp256r1_sha256( 0x0403 ),
* .... * ecdsa_secp384r1_sha384( 0x0503 ),
* } SignatureScheme; * ecdsa_secp521r1_sha512( 0x0603 ),
* ....
* } SignatureScheme;
* *
* struct { * struct {
* SignatureScheme supported_signature_algorithms<2..2^16-2>; * SignatureScheme supported_signature_algorithms<2..2^16-2>;
* } SignatureSchemeList; * } SignatureSchemeList;
*
* The `exitension_data` field of signature algorithm contains
* `SignatureAndHashAlgorithm` value (TLS 1.2 RFC5246):
* enum {
* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
* sha512(6), (255)
* } HashAlgorithm;
*
* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
* SignatureAlgorithm;
*
* struct {
* HashAlgorithm hash;
* SignatureAlgorithm signature;
* } SignatureAndHashAlgorithm;
*
* SignatureAndHashAlgorithm
* supported_signature_algorithms<2..2^16-2>;
*
* The TLS 1.3 signature algorithm extension was defined to be a compatible
* generalization of the TLS 1.2 signature algorithm extension.
* `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by
* `SignatureScheme` field of TLS 1.3
* *
* Only if we handle at least one key exchange that needs signatures.
*/ */
int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
const unsigned char *end, size_t *out_len ) const unsigned char *end, size_t *out_len )