|
|
@@ -198,10 +198,16 @@ static int set_ca_cert(tls_context_t *tls, const unsigned char *cacert, size_t c
|
|
|
#ifdef CONFIG_SUITEB192
|
|
|
static uint16_t tls_sig_algs_for_suiteb[] = {
|
|
|
#if defined(MBEDTLS_SHA512_C)
|
|
|
- MBEDTLS_MD_SHA512,
|
|
|
- MBEDTLS_MD_SHA384,
|
|
|
+#if defined(MBEDTLS_ECDSA_C)
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ),
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ),
|
|
|
#endif
|
|
|
- MBEDTLS_MD_NONE
|
|
|
+#if defined(MBEDTLS_RSA_C)
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ),
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ),
|
|
|
+#endif
|
|
|
+#endif /* MBEDTLS_SHA512_C */
|
|
|
+ MBEDTLS_TLS_SIG_NONE
|
|
|
};
|
|
|
|
|
|
const mbedtls_x509_crt_profile suiteb_mbedtls_x509_crt_profile =
|
|
|
@@ -226,17 +232,34 @@ static void tls_set_suiteb_config(tls_context_t *tls)
|
|
|
|
|
|
static uint16_t tls_sig_algs_for_eap[] = {
|
|
|
#if defined(MBEDTLS_SHA512_C)
|
|
|
- MBEDTLS_MD_SHA512,
|
|
|
- MBEDTLS_MD_SHA384,
|
|
|
+#if defined(MBEDTLS_ECDSA_C)
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ),
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ),
|
|
|
+#endif
|
|
|
+#if defined(MBEDTLS_RSA_C)
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ),
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ),
|
|
|
#endif
|
|
|
+#endif /* MBEDTLS_SHA512_C */
|
|
|
#if defined(MBEDTLS_SHA256_C)
|
|
|
- MBEDTLS_MD_SHA256,
|
|
|
- MBEDTLS_MD_SHA224,
|
|
|
+#if defined(MBEDTLS_ECDSA_C)
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ),
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA224 ),
|
|
|
#endif
|
|
|
+#if defined(MBEDTLS_RSA_C)
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ),
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA224 ),
|
|
|
+#endif
|
|
|
+#endif /* MBEDTLS_SHA256_C */
|
|
|
#if defined(MBEDTLS_SHA1_C)
|
|
|
- MBEDTLS_MD_SHA1,
|
|
|
+#if defined(MBEDTLS_ECDSA_C)
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA1 ),
|
|
|
+#endif
|
|
|
+#if defined(MBEDTLS_RSA_C)
|
|
|
+ MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA1 ),
|
|
|
#endif
|
|
|
- MBEDTLS_MD_NONE
|
|
|
+#endif /* MBEDTLS_SHA1_C */
|
|
|
+ MBEDTLS_TLS_SIG_NONE
|
|
|
};
|
|
|
|
|
|
const mbedtls_x509_crt_profile eap_mbedtls_x509_crt_profile =
|
Mahavir Jain