Skip to content

Commit

Permalink
[toup] zephyr: crypto: Fix for embedtls
Browse files Browse the repository at this point in the history
Fix mbedtls for WPA3 enterprise suiteb192 rsa3k connect fail.

Let default config not use MBEDTLS_SSL_PRESET_SUITEB
as input mbedtls_ssl_config_defaults().
For rsa3k case has TLS_CONN_SUITEB flag and will
choose MBEDTLS_SSL_PRESET_SUITEB as input.
Then the signature algorithm will set to
ssl_tls12_preset_suiteb_sig_algs which removed rsa.
Then will cause EAP Hello packet not include rsa
in sig_alg and AP will return EAP failure.
Use MBEDTLS_SSL_PRESET_DEFAULT as input.

Signed-off-by: Li Long <li.long@nxp.com>
  • Loading branch information
LiLongNXP committed Jul 26, 2024
1 parent 074df22 commit ec6dbe5
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/crypto/tls_mbedtls_alt.c
Original file line number Diff line number Diff line change
Expand Up @@ -1730,7 +1730,7 @@ static int tls_mbedtls_set_params(struct tls_conf *tls_conf, const struct tls_co
int ret = mbedtls_ssl_config_defaults(
&tls_conf->conf, tls_ctx_global.tls_conf ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
(tls_conf->flags & TLS_CONN_SUITEB) ? MBEDTLS_SSL_PRESET_SUITEB : MBEDTLS_SSL_PRESET_DEFAULT);
MBEDTLS_SSL_PRESET_DEFAULT);
if (ret != 0)
{
elog(ret, "mbedtls_ssl_config_defaults");
Expand Down

0 comments on commit ec6dbe5

Please sign in to comment.