Create API for mbedtls_ssl_conf_sig_hashes().

Not implemented yet.
2015-06-17 12:43:26 +02:00 · 2015-06-17 12:43:26 +02:00 · 36a8b575a9
commit 36a8b575a9
parent 9d412d872c
3 changed files with 57 additions and 10 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1836,9 +1836,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */

 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
 static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
                                          unsigned char **p,
                                          unsigned char *end,
@ -1884,12 +1882,9 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,

    return( 0 );
 }
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */

-
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
 static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5478,6 +5478,17 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
 }
 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */

+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
+/*
+ * Set allowed/preferred hashes for handshake signatures
+ */
+void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
+                                  const int *hashes )
+{
+    conf->sig_hashes = hashes;
+}
+#endif
+
 #if defined(MBEDTLS_ECP_C)
 /*
 * Set the allowed elliptic curves
@ -6665,8 +6676,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
    conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
 #endif

+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
+    conf->sig_hashes = mbedtls_md_list();
+#endif
+
 #if defined(MBEDTLS_ECP_C)
-    conf->curve_list = mbedtls_ecp_grp_id_list( );
+    conf->curve_list = mbedtls_ecp_grp_id_list();
 #endif

 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)