[PATCH 08/24] wolfssl: Set additional sigalgs when using anon cipher

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When setting an anonymous cipher, wolfSSL would only set the anonymous signature algorithm. This sets some better defaults.

Signed-off-by: Juliusz Sosinowicz <juliusz@xxxxxxxxxxx>
---
 src/crypto/tls_wolfssl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 38575375de..a58e1f7607 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -2004,6 +2004,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 	char buf[128], *pos, *end;
 	u8 *c;
 	int ret;
+	int setSigAlgs = 0;
 
 	if (!conn || !conn->ssl || !ciphers)
 		return -1;
@@ -2028,6 +2029,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 			break;
 		case TLS_CIPHER_ANON_DH_AES128_SHA:
 			suite = "ADH-AES128-SHA";
+			setSigAlgs = 1;
 			break;
 		case TLS_CIPHER_RSA_DHE_AES256_SHA:
 			suite = "DHE-RSA-AES256-SHA";
@@ -2054,6 +2056,12 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}
 
+	if (setSigAlgs &&
+			wolfSSL_set1_sigalgs_list(conn->ssl, SUITEB_TLS_128_SIGALGS) != 1) {
+		wpa_printf(MSG_DEBUG, "Sigalg configuration failed");
+		return -1;
+	}
+
 	return 0;
 }
 
-- 
2.34.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux