mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-28 19:13:28 +00:00
tls: fix guards for ECDSA support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
parent
c8ccc8f86d
commit
e9646ecd08
@ -2022,7 +2022,7 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersu
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
|
||||
{
|
||||
@ -2040,7 +2040,7 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
|
||||
* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
|
||||
* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
|
||||
@ -375,7 +375,7 @@ static int ssl_write_client_hello_cipher_suites(
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
(defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
|
||||
*tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info);
|
||||
#endif
|
||||
|
||||
@ -783,7 +783,7 @@ struct mbedtls_ssl_handshake_params {
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */
|
||||
#endif
|
||||
@ -2482,7 +2482,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
|
||||
break;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
case MBEDTLS_SSL_SIG_ECDSA:
|
||||
break;
|
||||
#endif
|
||||
|
||||
@ -1208,7 +1208,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
|
||||
if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
|
||||
continue;
|
||||
}
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
sig_algs_len += sizeof(uint16_t);
|
||||
#endif
|
||||
|
||||
@ -1236,7 +1236,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
|
||||
if (hash == MBEDTLS_SSL_HASH_NONE) {
|
||||
continue;
|
||||
}
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
*p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
|
||||
p++;
|
||||
#endif
|
||||
@ -5042,7 +5042,7 @@ static uint16_t ssl_preset_default_sig_algs[] = {
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
static uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||
#if defined(MBEDTLS_MD_CAN_SHA512)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512),
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
@ -5053,7 +5053,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||
#endif
|
||||
#endif /* MBEDTLS_MD_CAN_SHA512*/
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
@ -5064,7 +5064,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||
#endif
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384*/
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
@ -5113,7 +5113,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
@ -5121,7 +5121,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
|
||||
#endif
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256*/
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
@ -5412,7 +5412,7 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PK_C) && \
|
||||
(defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED))
|
||||
(defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
|
||||
/*
|
||||
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
|
||||
*/
|
||||
@ -5423,7 +5423,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
|
||||
return MBEDTLS_SSL_SIG_RSA;
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
|
||||
if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
|
||||
return MBEDTLS_SSL_SIG_ECDSA;
|
||||
}
|
||||
@ -5451,7 +5451,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
|
||||
case MBEDTLS_SSL_SIG_RSA:
|
||||
return MBEDTLS_PK_RSA;
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
|
||||
case MBEDTLS_SSL_SIG_ECDSA:
|
||||
return MBEDTLS_PK_ECDSA;
|
||||
#endif
|
||||
@ -5459,7 +5459,8 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
|
||||
return MBEDTLS_PK_NONE;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED ) */
|
||||
#endif /* MBEDTLS_PK_C &&
|
||||
( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */
|
||||
|
||||
/*
|
||||
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
|
||||
|
||||
@ -100,7 +100,7 @@ static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
@ -132,7 +132,7 @@ static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
@ -550,7 +550,7 @@ int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if (uses_ec) {
|
||||
if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end,
|
||||
@ -819,7 +819,7 @@ static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
|
||||
@ -864,7 +864,7 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
@ -1550,7 +1550,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
|
||||
MBEDTLS_SSL_DEBUG_MSG(3,
|
||||
@ -1563,7 +1563,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
|
||||
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
||||
@ -149,7 +149,7 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/*
|
||||
* Function for parsing a supported groups (TLS 1.3) or supported elliptic
|
||||
@ -294,7 +294,7 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl,
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
@ -670,7 +670,7 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
|
||||
/*
|
||||
* Return 0 if the given key uses one of the acceptable curves, -1 otherwise
|
||||
*/
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_key_curve(mbedtls_pk_context *pk,
|
||||
uint16_t *curves_tls_id)
|
||||
@ -689,7 +689,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk,
|
||||
|
||||
return -1;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
/*
|
||||
* Try picking a certificate for this ciphersuite,
|
||||
@ -774,7 +774,7 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
|
||||
continue;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
if (pk_alg == MBEDTLS_PK_ECDSA &&
|
||||
ssl_check_key_curve(&cur->cert->pk,
|
||||
ssl->handshake->curves_tls_id) != 0) {
|
||||
@ -839,7 +839,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
|
||||
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) &&
|
||||
(ssl->handshake->curves_tls_id == NULL ||
|
||||
ssl->handshake->curves_tls_id[0] == 0)) {
|
||||
@ -1384,7 +1384,7 @@ read_record_header:
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension"));
|
||||
@ -1405,7 +1405,7 @@ read_record_header:
|
||||
}
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
@ -1515,7 +1515,7 @@ read_record_header:
|
||||
if (!sig_hash_alg_ext_present) {
|
||||
uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
|
||||
const uint16_t default_sig_algs[] = {
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
|
||||
MBEDTLS_SSL_HASH_SHA1),
|
||||
#endif
|
||||
@ -1900,7 +1900,7 @@ static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
@ -1929,7 +1929,7 @@ static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
|
||||
*olen = 6;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
@ -2360,7 +2360,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
const mbedtls_ssl_ciphersuite_t *suite =
|
||||
mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user