tls13: avoid to create a new suite in CertificateRequest

This way the ssl object honour the HasSigAlgo list set by
wolfSSL_set1_sigalgs_list.
This commit is contained in:
Marco Oliverio
2026-02-24 17:59:06 +01:00
parent a08efc9b0a
commit d72fcb1d27
+3 -7
View File
@@ -7791,7 +7791,6 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
int sendSz;
word32 i;
word32 reqSz;
word16 hashSigAlgoSz = 0;
SignatureAlgorithms* sa;
WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND);
@@ -7802,14 +7801,11 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
if (ssl->options.side != WOLFSSL_SERVER_END)
return SIDE_ERROR;
/* Get the length of the hashSigAlgo buffer */
InitSuitesHashSigAlgo(NULL, SIG_ALL, 1, 1, ssl->buffers.keySz,
&hashSigAlgoSz);
sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap);
/* Use ssl->suites->hashSigAlgo so wolfSSL_set1_sigalgs_list() is honored.
* hashSigAlgoSz=0 makes GetSize/Write fall back to WOLFSSL_SUITES(ssl). */
sa = TLSX_SignatureAlgorithms_New(ssl, 0, ssl->heap);
if (sa == NULL)
return MEMORY_ERROR;
InitSuitesHashSigAlgo(sa->hashSigAlgo, SIG_ALL, 1, 1, ssl->buffers.keySz,
&hashSigAlgoSz);
ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap);
if (ret != 0) {
TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap);