TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8540cf66acad6283f97a0f35426488741d8b85aa^! / . / library
commit8540cf66acad6283f97a0f35426488741d8b85aa[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Wed Mar 16 08:01:09 2022 +0100
committerRonald Cron <ronald.cron@arm.com>Tue Mar 29 14:42:17 2022 +0200
treeb43ccf5fa49c9082f8ca6b63d1737d865d1ea71c
parent60ff79424eec7fd3c5a023729d57e7233748ebe8 [diff]
ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512

In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose
PKCS1 v1.5 signatures with SHA_384/512 not only
SHA_256. There is no point in not proposing them
if they are available.

In TLS 1.3 those could be useful for certificate
signature verification.

In hybrid TLS 1.2/1.3 this allows to propose for
TLS 1.2 the same set of signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5c65cc5..3cd6f27 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3939,6 +3939,14 @@
     MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */
 
+#if defined(MBEDTLS_RSA_C) &&  defined(MBEDTLS_SHA512_C)
+    MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_RSA_C) &&  defined(MBEDTLS_SHA384_C)
+    MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */
+
 #if defined(MBEDTLS_RSA_C) &&  defined(MBEDTLS_SHA256_C)
     MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
 #endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */