diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index d61932cb95..2809a1424a 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -902,17 +902,17 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui } #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_RSA; + return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ECDSA; + return MBEDTLS_PK_SIGALG_ECDSA; default: - return MBEDTLS_PK_NONE; + return MBEDTLS_PK_SIGALG_NONE; } } @@ -943,17 +943,17 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c } } -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_RSA; + return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ECDSA; + return MBEDTLS_PK_SIGALG_ECDSA; default: - return MBEDTLS_PK_NONE; + return MBEDTLS_PK_SIGALG_NONE; } } diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 524e419f47..9a9b42b998 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -16,10 +16,10 @@ #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); #endif /* MBEDTLS_PK_C */ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 6462917093..cf3791e900 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1510,7 +1510,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type); +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type); mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig); #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8a35a5753e..9c6f236ded 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5619,13 +5619,12 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) return MBEDTLS_SSL_SIG_ANON; } -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type) +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) { switch (type) { - case MBEDTLS_PK_RSA: + case MBEDTLS_PK_SIGALG_RSA_PKCS1V15: return MBEDTLS_SSL_SIG_RSA; - case MBEDTLS_PK_ECDSA: - case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_SIGALG_ECDSA: return MBEDTLS_SSL_SIG_ECDSA; default: return MBEDTLS_SSL_SIG_ANON; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3511016080..6f88d31e3e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -760,7 +760,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, const mbedtls_ssl_ciphersuite_t *suite_info; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_type_t sig_type; + mbedtls_pk_sigalg_t sig_type; #endif suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); @@ -829,7 +829,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); - if (sig_type != MBEDTLS_PK_NONE && + if (sig_type != MBEDTLS_PK_SIGALG_NONE && mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( ssl, mbedtls_ssl_sig_from_pk_alg(sig_type)) == MBEDTLS_SSL_HASH_NONE) { MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm " @@ -1608,8 +1608,8 @@ have_ciphersuite: /* Debugging-only output for testsuite */ #if defined(MBEDTLS_DEBUG_C) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); - if (sig_alg != MBEDTLS_PK_NONE) { + mbedtls_pk_sigalg_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); + if (sig_alg != MBEDTLS_PK_SIGALG_NONE) { unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %u", @@ -2788,7 +2788,7 @@ curve_matching_done: * to choose appropriate hash. */ - mbedtls_pk_type_t sig_alg = + mbedtls_pk_sigalg_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); unsigned char sig_hash = @@ -2799,7 +2799,7 @@ curve_matching_done: /* For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ - if (sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE) { + if (sig_alg == MBEDTLS_PK_SIGALG_NONE || md_alg == MBEDTLS_MD_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); /* (... because we choose a cipher suite * only if there is a matching hash.) */