mirror of
				https://github.com/Mbed-TLS/mbedtls.git
				synced 2025-10-24 13:32:59 +03:00 
			
		
		
		
	| @@ -4412,9 +4412,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, | |||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) | ||||||
| #if !defined(MBEDTLS_DEPRECATED_REMOVED) |  | ||||||
|             conf->sig_hashes = NULL; |  | ||||||
| #endif /* !MBEDTLS_DEPRECATED_REMOVED */ |  | ||||||
| #if defined(MBEDTLS_SSL_PROTO_TLS1_2) | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) | ||||||
|             if( mbedtls_ssl_conf_is_tls12_only( conf ) ) |             if( mbedtls_ssl_conf_is_tls12_only( conf ) ) | ||||||
|                 conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; |                 conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; | ||||||
| @@ -4441,9 +4438,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, | |||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) | ||||||
| #if !defined(MBEDTLS_DEPRECATED_REMOVED) |  | ||||||
|             conf->sig_hashes = NULL; |  | ||||||
| #endif /* !MBEDTLS_DEPRECATED_REMOVED */ |  | ||||||
| #if defined(MBEDTLS_SSL_PROTO_TLS1_2) | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) | ||||||
|             if( mbedtls_ssl_conf_is_tls12_only( conf ) ) |             if( mbedtls_ssl_conf_is_tls12_only( conf ) ) | ||||||
|                 conf->sig_algs = ssl_tls12_preset_default_sig_algs; |                 conf->sig_algs = ssl_tls12_preset_default_sig_algs; | ||||||
| @@ -8177,7 +8171,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, | |||||||
|         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); |         MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); | ||||||
|         MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); |         MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); | ||||||
|         p += 2; |         p += 2; | ||||||
|  |  | ||||||
|         MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); |         MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|   | |||||||
| @@ -855,7 +855,8 @@ cleanup: | |||||||
|  * STATE HANDLING: Output Certificate Verify |  * STATE HANDLING: Output Certificate Verify | ||||||
|  */ |  */ | ||||||
|  |  | ||||||
| static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, | static int ssl_tls13_select_sig_alg_for_certificate_verify( | ||||||
|  |                                           mbedtls_ssl_context *ssl, | ||||||
|                                           mbedtls_pk_context *own_key, |                                           mbedtls_pk_context *own_key, | ||||||
|                                           uint16_t *algorithm ) |                                           uint16_t *algorithm ) | ||||||
| { | { | ||||||
| @@ -935,8 +936,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, | |||||||
|      *    opaque signature<0..2^16-1>; |      *    opaque signature<0..2^16-1>; | ||||||
|      *  } CertificateVerify; |      *  } CertificateVerify; | ||||||
|      */ |      */ | ||||||
|     ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm ); |     ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key, | ||||||
|     if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) |                                                            &algorithm ); | ||||||
|  |     if( ret != 0 ) | ||||||
|     { |     { | ||||||
|         MBEDTLS_SSL_DEBUG_MSG( 1, |         MBEDTLS_SSL_DEBUG_MSG( 1, | ||||||
|                     ( "signature algorithm not in received or offered list." ) ); |                     ( "signature algorithm not in received or offered list." ) ); | ||||||
|   | |||||||
| @@ -389,7 +389,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) | |||||||
|                 continue; |                 continue; | ||||||
|             } |             } | ||||||
|  |  | ||||||
|             MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg)); |  | ||||||
|             if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( |             if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( | ||||||
|                     ssl, *sig_alg, &key_cert->cert->pk ) ) |                     ssl, *sig_alg, &key_cert->cert->pk ) ) | ||||||
|             { |             { | ||||||
| @@ -402,7 +401,8 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) | |||||||
|         } |         } | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found")); |     MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: " | ||||||
|  |                                 "No signature algorithm found" ) ); | ||||||
|     return( -1 ); |     return( -1 ); | ||||||
| } | } | ||||||
| #endif /* MBEDTLS_X509_CRT_PARSE_C && | #endif /* MBEDTLS_X509_CRT_PARSE_C && | ||||||
|   | |||||||
| @@ -1600,7 +1600,7 @@ requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6" | |||||||
| requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED | requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED | ||||||
| run_test    "Default" \ | run_test    "Default" \ | ||||||
|             "$P_SRV debug_level=3" \ |             "$P_SRV debug_level=3" \ | ||||||
|             "$P_CLI debug_level=4" \ |             "$P_CLI" \ | ||||||
|             0 \ |             0 \ | ||||||
|             -s "Protocol is TLSv1.2" \ |             -s "Protocol is TLSv1.2" \ | ||||||
|             -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ |             -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user