wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor SigAlgs to use a custom struct that can override ssl->suites

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2022-12-28 19:59:24 +01:00
committed by David Garske
parent e431688ca6
commit 5b8026899b
4 changed files with 152 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
src/internal.c
View File

@@ -2782,7 +2782,16 @@ static int GetMacDigestSize(byte macAlgo)
}
#endif /* USE_ECDSA_KEYSZ_HASH_ALGO */
static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
#define ADD_HASH_SIG_ALGO(out, inOutIdx, major, minor) \
do { \
if (out != NULL) { \
out[*inOutIdx ] = major; \
out[*inOutIdx + 1] = minor; \
} \
*inOutIdx += 2; \
} while(0)
static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
byte sigAlgo, int keySz, word16* inOutIdx)
{
int addSigAlgo = 1;
@@ -2802,59 +2811,38 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
if (addSigAlgo) {
#ifdef HAVE_ED25519
if (sigAlgo == ed25519_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = ED25519_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = ED25519_SA_MINOR;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, ED25519_SA_MAJOR, ED25519_SA_MINOR);
}
else
#endif
#ifdef HAVE_ED448
if (sigAlgo == ed448_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = ED448_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = ED448_SA_MINOR;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, ED448_SA_MAJOR, ED448_SA_MINOR);
}
else
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (sigAlgo == falcon_level1_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL1_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL1_SA_MINOR;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, FALCON_LEVEL1_SA_MAJOR, FALCON_LEVEL1_SA_MINOR);
}
else
if (sigAlgo == falcon_level5_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL5_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL5_SA_MINOR;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, FALCON_LEVEL5_SA_MAJOR, FALCON_LEVEL5_SA_MINOR);
}
else
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (sigAlgo == dilithium_level2_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL2_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL2_SA_MINOR;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL2_SA_MAJOR, DILITHIUM_LEVEL2_SA_MINOR);
}
else
if (sigAlgo == dilithium_level3_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL3_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL3_SA_MINOR;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL3_SA_MAJOR, DILITHIUM_LEVEL3_SA_MINOR);
}
else
if (sigAlgo == dilithium_level5_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL5_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL5_SA_MINOR;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, DILITHIUM_LEVEL5_SA_MAJOR, DILITHIUM_LEVEL5_SA_MINOR);
}
else
#endif /* HAVE_DILITHIUM */
@@ -2862,82 +2850,70 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
#ifdef WC_RSA_PSS
if (sigAlgo == rsa_pss_sa_algo) {
/* RSA PSS is sig then mac */
suites->hashSigAlgo[*inOutIdx] = sigAlgo;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = macAlgo;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, macAlgo);
#ifdef WOLFSSL_TLS13
/* Add the certificate algorithm as well */
suites->hashSigAlgo[*inOutIdx] = sigAlgo;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = PSS_RSAE_TO_PSS_PSS(macAlgo);
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, sigAlgo, PSS_RSAE_TO_PSS_PSS(macAlgo));
#endif
}
else
#endif
{
suites->hashSigAlgo[*inOutIdx] = macAlgo;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = sigAlgo;
*inOutIdx += 1;
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, macAlgo, sigAlgo);
}
}
}
void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveECDSAsig, int haveRSAsig,
int haveFalconSig, int haveDilithiumSig,
int haveAnon, int tls1_2, int keySz)
int haveAnon, int tls1_2, int keySz, word16* len)
{
word16 idx = 0;
(void)tls1_2;
(void)keySz;
if (suites == NULL)
return;
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
if (haveECDSAsig) {
#ifdef HAVE_ECC
#ifdef WOLFSSL_SHA512
AddSuiteHashSigAlgo(suites, sha512_mac, ecc_dsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_dsa_sa_algo, keySz, &idx);
#endif
#ifdef WOLFSSL_SHA384
AddSuiteHashSigAlgo(suites, sha384_mac, ecc_dsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_dsa_sa_algo, keySz, &idx);
#endif
#ifndef NO_SHA256
AddSuiteHashSigAlgo(suites, sha256_mac, ecc_dsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_dsa_sa_algo, keySz, &idx);
#endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
AddSuiteHashSigAlgo(suites, sha_mac, ecc_dsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, ecc_dsa_sa_algo, keySz, &idx);
#endif
#endif
#ifdef HAVE_ED25519
AddSuiteHashSigAlgo(suites, no_mac, ed25519_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, ed25519_sa_algo, keySz, &idx);
#endif
#ifdef HAVE_ED448
AddSuiteHashSigAlgo(suites, no_mac, ed448_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, ed448_sa_algo, keySz, &idx);
#endif
}
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
if (haveFalconSig) {
#if defined(HAVE_PQC)
#ifdef HAVE_FALCON
AddSuiteHashSigAlgo(suites, no_mac, falcon_level1_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(suites, no_mac, falcon_level5_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level1_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level5_sa_algo, keySz, &idx);
#endif /* HAVE_FALCON */
#endif /* HAVE_PQC */
}
if (haveDilithiumSig) {
#if defined(HAVE_PQC)
#ifdef HAVE_DILITHIUM
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level2_sa_algo, keySz,
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level2_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level3_sa_algo, keySz,
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level3_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level5_sa_algo, keySz,
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level5_sa_algo, keySz,
&idx);
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
@@ -2946,46 +2922,46 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
#ifdef WC_RSA_PSS
if (tls1_2) {
#ifdef WOLFSSL_SHA512
AddSuiteHashSigAlgo(suites, sha512_mac, rsa_pss_sa_algo, keySz,
AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, rsa_pss_sa_algo, keySz,
&idx);
#endif
#ifdef WOLFSSL_SHA384
AddSuiteHashSigAlgo(suites, sha384_mac, rsa_pss_sa_algo, keySz,
AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, rsa_pss_sa_algo, keySz,
&idx);
#endif
#ifndef NO_SHA256
AddSuiteHashSigAlgo(suites, sha256_mac, rsa_pss_sa_algo, keySz,
AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, rsa_pss_sa_algo, keySz,
&idx);
#endif
}
#endif
#ifdef WOLFSSL_SHA512
AddSuiteHashSigAlgo(suites, sha512_mac, rsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, rsa_sa_algo, keySz, &idx);
#endif
#ifdef WOLFSSL_SHA384
AddSuiteHashSigAlgo(suites, sha384_mac, rsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, rsa_sa_algo, keySz, &idx);
#endif
#ifndef NO_SHA256
AddSuiteHashSigAlgo(suites, sha256_mac, rsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, rsa_sa_algo, keySz, &idx);
#endif
#ifdef WOLFSSL_SHA224
AddSuiteHashSigAlgo(suites, sha224_mac, rsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha224_mac, rsa_sa_algo, keySz, &idx);
#endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
AddSuiteHashSigAlgo(suites, sha_mac, rsa_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, rsa_sa_algo, keySz, &idx);
#endif
}
#ifdef HAVE_ANON
if (haveAnon) {
AddSuiteHashSigAlgo(suites, sha_mac, anonymous_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, sha_mac, anonymous_sa_algo, keySz, &idx);
}
#endif
(void)haveAnon;
(void)haveECDSAsig;
suites->hashSigAlgoSz = idx;
*len = idx;
}
int AllocateCtxSuites(WOLFSSL_CTX* ctx)
@@ -3983,9 +3959,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
suites->suiteSz = idx;
if (suites->hashSigAlgoSz == 0) {
InitSuitesHashSigAlgo(suites, haveECDSAsig | haveECC,
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig | haveECC,
haveRSAsig | haveRSA, haveFalconSig,
haveDilithiumSig, 0, tls1_2, keySz);
haveDilithiumSig, 0, tls1_2, keySz,
&suites->hashSigAlgoSz);
}
}
@@ -24280,6 +24257,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
1, 1, 1, 1,
1, 1, 1, 1, 1, 0, 0, ctx->method->side);
return 1; /* wolfSSL default */
}
do {
const char* current = next;
@@ -24612,9 +24590,9 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
#endif
{
suites->suiteSz = (word16)idx;
InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig,
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig, haveRSAsig,
haveFalconSig, haveDilithiumSig, haveAnon,
1, keySz);
1, keySz, &suites->hashSigAlgoSz);
}
suites->setSuites = 1;
}
@@ -24738,8 +24716,9 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
keySz = ctx->privateKeySz;
#endif
suites->suiteSz = (word16)idx;
InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveFalconSig,
haveDilithiumSig, haveAnon, 1, keySz);
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveECDSAsig, haveRSAsig,
haveFalconSig, haveDilithiumSig, haveAnon, 1,
keySz, &suites->hashSigAlgoSz);
suites->setSuites = 1;
}
@@ -24884,7 +24863,7 @@ int SetSuitesHashSigAlgo(Suites* suites, const char* list)
break;
}
}
AddSuiteHashSigAlgo(suites, mac_alg, sig_alg, 0, &idx);
AddSuiteHashSigAlgo(suites->hashSigAlgo, mac_alg, sig_alg, 0, &idx);
sig_alg = 0;
mac_alg = no_mac;
s = list + 1;

70
src/tls.c
View File

@@ -6373,9 +6373,12 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, const byte* data, word16 len, byte* mac,
static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
{
WOLFSSL* ssl = (WOLFSSL*)data;
SignatureAlgorithms* sa = (SignatureAlgorithms*)data;
return OPAQUE16_LEN + WOLFSSL_SUITES(ssl)->hashSigAlgoSz;
if (sa->hashSigAlgoSz == 0)
return OPAQUE16_LEN + WOLFSSL_SUITES(sa->ssl)->hashSigAlgoSz;
else
return OPAQUE16_LEN + sa->hashSigAlgoSz;
}
/* Creates a bit string of supported hash algorithms with RSA PSS.
@@ -6419,17 +6422,27 @@ static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, const byte* input,
*/
static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output)
{
WOLFSSL* ssl = (WOLFSSL*)data;
const Suites* suites = WOLFSSL_SUITES(ssl);
SignatureAlgorithms* sa = (SignatureAlgorithms*)data;
const Suites* suites = WOLFSSL_SUITES(sa->ssl);
word16 hashSigAlgoSz;
if (sa->hashSigAlgoSz == 0) {
c16toa(suites->hashSigAlgoSz, output);
XMEMCPY(output + OPAQUE16_LEN, suites->hashSigAlgo,
suites->hashSigAlgoSz);
hashSigAlgoSz = suites->hashSigAlgoSz;
}
else {
c16toa(sa->hashSigAlgoSz, output);
XMEMCPY(output + OPAQUE16_LEN, sa->hashSigAlgo,
sa->hashSigAlgoSz);
hashSigAlgoSz = sa->hashSigAlgoSz;
}
TLSX_SignatureAlgorithms_MapPss(ssl, output + OPAQUE16_LEN,
suites->hashSigAlgoSz);
TLSX_SignatureAlgorithms_MapPss(sa->ssl, output + OPAQUE16_LEN,
hashSigAlgoSz);
return OPAQUE16_LEN + suites->hashSigAlgoSz;
return OPAQUE16_LEN + hashSigAlgoSz;
}
/* Parse the SignatureAlgorithms extension.
@@ -6480,18 +6493,52 @@ static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, const byte* input,
* heap The heap used for allocation.
* returns 0 on success, otherwise failure.
*/
static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data,
static int TLSX_SetSignatureAlgorithms(TLSX** extensions, WOLFSSL* ssl,
void* heap)
{
SignatureAlgorithms* sa;
if (extensions == NULL)
return BAD_FUNC_ARG;
return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, data, heap);
/* Already present */
if (TLSX_Find(*extensions, TLSX_SIGNATURE_ALGORITHMS) != NULL)
return 0;
sa = TLSX_SignatureAlgorithms_New(ssl, 0, heap);
if (sa == NULL)
return MEMORY_ERROR;
return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, sa, heap);
}
SignatureAlgorithms* TLSX_SignatureAlgorithms_New(WOLFSSL* ssl,
word16 hashSigAlgoSz, void* heap)
{
SignatureAlgorithms* sa;
(void)heap;
sa = (SignatureAlgorithms*)XMALLOC(sizeof(*sa) + hashSigAlgoSz, heap,
DYNAMIC_TYPE_TLSX);
if (sa != NULL) {
XMEMSET(sa, 0, sizeof(*sa) + hashSigAlgoSz);
sa->ssl = ssl;
sa->hashSigAlgoSz = hashSigAlgoSz;
}
return sa;
}
void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa,
void* heap)
{
XFREE(sa, heap, DYNAMIC_TYPE_TLSX);
(void)heap;
}
#define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize
#define SA_WRITE TLSX_SignatureAlgorithms_Write
#define SA_PARSE TLSX_SignatureAlgorithms_Parse
#define SA_FREE_ALL TLSX_SignatureAlgorithms_FreeAll
#endif
/******************************************************************************/
/* Signature Algorithms Certificate */
@@ -6571,8 +6618,8 @@ static int TLSX_SignatureAlgorithmsCert_Parse(WOLFSSL *ssl, const byte* input,
* heap The heap used for allocation.
* returns 0 on success, otherwise failure.
*/
static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data,
void* heap)
static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions,
const WOLFSSL* data, void* heap)
{
if (extensions == NULL)
return BAD_FUNC_ARG;
@@ -10280,6 +10327,7 @@ void TLSX_FreeAll(TLSX* list, void* heap)
break;
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
case TLSX_SIGNATURE_ALGORITHMS:
SA_FREE_ALL((SignatureAlgorithms*)extension->data, heap);
break;
#endif
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)

25
src/tls13.c
View File

@@ -6620,21 +6620,30 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
int sendSz;
word32 i;
word16 reqSz;
TLSX* ext;
word16 hashSigAlgoSz = 0;
SignatureAlgorithms* sa;
WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND);
WOLFSSL_ENTER("SendTls13CertificateRequest");
ssl->options.buildingMsg = 1;
if (ssl->options.side == WOLFSSL_SERVER_END)
InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1, 1,
0, 1, ssl->buffers.keySz);
if (ssl->options.side != WOLFSSL_SERVER_END)
return SIDE_ERROR;
ext = TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS);
if (ext == NULL)
return EXT_MISSING;
ext->resp = 0;
/* Get the length of the hashSigAlgo buffer */
InitSuitesHashSigAlgo(NULL, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz,
&hashSigAlgoSz);
sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap);
if (sa == NULL)
return MEMORY_ERROR;
InitSuitesHashSigAlgo(sa->hashSigAlgo, 1, 1, 1, 1, 0, 1, ssl->buffers.keySz,
&sa->hashSigAlgoSz);
ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap);
if (ret != 0) {
TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap);
return ret;
}
i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
#ifdef WOLFSSL_DTLS13

21
wolfssl/internal.h
View File

@@ -2120,7 +2120,7 @@ struct Suites {
byte setSuites; /* user set suites from default */
};
WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
WOLFSSL_LOCAL void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveECDSAsig,
int haveRSAsig, int haveFalconSig,
int haveDilithiumSig, int haveAnon,
int tls1_2, int keySz, word16* len);
@@ -2777,6 +2777,25 @@ WOLFSSL_API void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx,
CallbackProcessPeerCert cb);
#endif /* DecodedCert && HAVE_PK_CALLBACKS */
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
typedef struct SignatureAlgorithms {
/* Not const since it is modified in TLSX_SignatureAlgorithms_MapPss */
WOLFSSL* ssl;
word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
/* Ignore "nonstandard extension used : zero-sized array in struct/union"
* MSVC warning */
#ifdef _MSC_VER
#pragma warning(disable: 4200)
#endif
byte hashSigAlgo[]; /* sig/algo to offer */
} SignatureAlgorithms;
WOLFSSL_LOCAL SignatureAlgorithms* TLSX_SignatureAlgorithms_New(
WOLFSSL* ssl, word16 hashSigAlgoSz, void* heap);
WOLFSSL_LOCAL void TLSX_SignatureAlgorithms_FreeAll(SignatureAlgorithms* sa,
void* heap);
#endif
/** Supported Elliptic Curves - RFC 4492 (session 4) */
#ifdef HAVE_SUPPORTED_CURVES