diff --git a/src/internal.c b/src/internal.c index e21668e2f..1b93022d6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3209,22 +3209,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, } #endif - (void)tls; /* shut up compiler */ - (void)tls1_2; - (void)dtls; - (void)haveDH; - (void)havePSK; - (void)haveStaticRSA; - (void)haveStaticECC; - (void)haveECC; - (void)side; - (void)haveRSA; /* some builds won't read */ - (void)haveRSAsig; /* non ecc builds won't read */ - (void)haveAnon; /* anon ciphers optional */ - (void)haveNull; - (void)haveFalconSig; - (void)haveDilithiumSig; - if (suites == NULL) { WOLFSSL_MSG("InitSuites pointer error"); return; @@ -4241,18 +4225,27 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suiteSz = idx; if (suites->hashSigAlgoSz == 0) { - int haveSig = 0; - haveSig |= (haveRSAsig | haveRSA) ? SIG_RSA : 0; - haveSig |= (haveECDSAsig | haveECC) ? SIG_ECDSA : 0; - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - haveSig |= (haveECDSAsig | haveECC) ? SIG_SM2 : 0; - #endif - haveSig |= haveFalconSig ? SIG_FALCON : 0; - haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0; - haveSig &= ~SIG_ANON; - InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, tls1_2, keySz, + InitSuitesHashSigAlgo(suites->hashSigAlgo, SIG_ALL, tls1_2, keySz, &suites->hashSigAlgoSz); } + + /* Moved to the end as we set some of the vars but never use them */ + (void)tls; /* shut up compiler */ + (void)tls1_2; + (void)dtls; + (void)haveDH; + (void)havePSK; + (void)haveStaticRSA; + (void)haveStaticECC; + (void)haveECC; + (void)haveECDSAsig; + (void)side; + (void)haveRSA; /* some builds won't read */ + (void)haveRSAsig; /* non ecc builds won't read */ + (void)haveAnon; /* anon ciphers optional */ + (void)haveNull; + (void)haveFalconSig; + (void)haveDilithiumSig; } #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) || \ diff --git a/src/tls13.c b/src/tls13.c index eee95733f..1522b3fb5 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7633,10 +7633,6 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, word32 reqSz; word16 hashSigAlgoSz = 0; SignatureAlgorithms* sa; - int haveSig = SIG_RSA | SIG_ECDSA | SIG_FALCON | SIG_DILITHIUM; -#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - haveSig |= SIG_SM2; -#endif WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); WOLFSSL_ENTER("SendTls13CertificateRequest"); @@ -7647,12 +7643,12 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, return SIDE_ERROR; /* Get the length of the hashSigAlgo buffer */ - InitSuitesHashSigAlgo(NULL, haveSig, 1, ssl->buffers.keySz, + InitSuitesHashSigAlgo(NULL, SIG_ALL, 1, ssl->buffers.keySz, &hashSigAlgoSz); sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap); if (sa == NULL) return MEMORY_ERROR; - InitSuitesHashSigAlgo(sa->hashSigAlgo, haveSig, 1, ssl->buffers.keySz, + InitSuitesHashSigAlgo(sa->hashSigAlgo, SIG_ALL, 1, ssl->buffers.keySz, &hashSigAlgoSz); ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap); if (ret != 0) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index bb9c06ccf..c2b289fad 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4039,6 +4039,9 @@ enum KeyExchangeAlgorithm { #define SIG_FALCON 0x08 #define SIG_DILITHIUM 0x10 #define SIG_ANON 0x20 +/* SIG_ANON is omitted by default */ +#define SIG_ALL (SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | \ + SIG_DILITHIUM) /* Supported Authentication Schemes */ enum SignatureAlgorithm {