Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 1cd6e0021f14d9f1b5015c8851781a0e07ffabec^! / .
commit1cd6e0021f14d9f1b5015c8851781a0e07ffabec[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Tue Aug 10 13:27:10 2021 +0100
committerHanno Becker <hanno.becker@arm.com>Tue Aug 10 13:55:43 2021 +0100
tree6e059b12ccbf1efb06316895fc696948351f7fa6
parent551265f8798eb843ee61063b34d42add44dd9bb7 [diff]
Add experimental API for configuration of TLS 1.3 sig algs

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3090f93..c62f730 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1182,6 +1182,10 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     const int *MBEDTLS_PRIVATE(sig_hashes);          /*!< allowed signature hashes           */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    const uint16_t* MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms in TLS 1.3 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif
 
 #if defined(MBEDTLS_ECP_C)
@@ -3026,6 +3030,19 @@
  */
 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
                                   const int *hashes );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+/**
+ * \brief          Configure allowed signature algorithms for use in TLS 1.3
+ *
+ * \param conf     The SSL configuration to use.
+ * \param sig_algs A 0-terminated list of IANA values for TLS 1.3 signature algorithms,
+ *                 with the most preferred algorithm listed first. Supported values
+ *                 are available as \c MBEDTLS_TLS13_SIG_XXX.
+ */
+void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
+                                const uint16_t* sig_algs );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 923c671..e2fb9b6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3933,6 +3933,22 @@
 {
     conf->sig_hashes = hashes;
 }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+/**
+ * \brief          Configure allowed signature algorithms for use in TLS 1.3
+ *
+ * \param conf     The SSL configuration to use.
+ * \param sig_algs A 0-terminated list of IANA values for TLS 1.3 signature algorithms,
+ *                 with the most preferred algorithm listed first. Supported values
+ *                 are available as \c MBEDTLS_TLS13_SIG_XXX.
+ */
+void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
+                                const uint16_t* sig_algs )
+{
+    conf->tls13_sig_algs = sig_algs;
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECP_C)