wolfssl: Set additional sigalgs when using anonymous cipher

When setting an anonymous cipher, wolfSSL would only set the anonymous
signature algorithm. This sets some better defaults.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 4db969f9bf452f4969f11b12c2ce699fa3c09bf2..e6c101e73ce7f21fe9b0ea0722164e6059b2239f 100644 (file)
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -2032,6 +2032,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
        char buf[128], *pos, *end;
        u8 *c;
        int ret;
+       bool set_sig_algs = false;
 
        if (!conn || !conn->ssl || !ciphers)
                return -1;
@@ -2056,6 +2057,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
                        break;
                case TLS_CIPHER_ANON_DH_AES128_SHA:
                        suite = "ADH-AES128-SHA";
+                       set_sig_algs = true;
                        break;
                case TLS_CIPHER_RSA_DHE_AES256_SHA:
                        suite = "DHE-RSA-AES256-SHA";
@@ -2083,6 +2085,12 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
                return -1;
        }
 
+       if (set_sig_algs &&
+           wolfSSL_set1_sigalgs_list(conn->ssl, SUITEB_TLS_128_SIGALGS) != 1) {
+               wpa_printf(MSG_DEBUG, "wolfssl: Sigalg configuration failed");
+               return -1;
+       }
+
        return 0;
 }