Merge branch 'bugfix/remove_sha384_hash_for_bigger_certs' into 'master'

esp_wifi: remove sha384 hash for cert size > 2k Closes WIFI-5208 See merge request espressif/esp-idf!21840
espressif · Jan 9, 2023 · 45571b0 · 45571b0
2 parents 5ba22eb + 7a8a858
commit 45571b0
Showing 1 changed file with 0 additions and 15 deletions.
diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
@@ -294,19 +294,13 @@ static void tls_enable_sha1_config(tls_context_t *tls)
 static const int eap_ciphersuite_preference[] =
 {
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
-	MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-#endif
 #if defined(MBEDTLS_CCM_C)
 	MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
 #endif
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 	MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
 	MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
 #endif
-#if defined(MBEDTLS_GCM_C)
-	MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-#endif
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 	MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
 	MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
@@ -327,9 +321,7 @@ static const int eap_ciphersuite_preference[] =
 #endif
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-	MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
 	MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
-	MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
 	MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
 	MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
 
@@ -338,9 +330,6 @@ static const int eap_ciphersuite_preference[] =
 	MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
 	MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
 #endif
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
-	MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
-#endif
 #if defined(MBEDTLS_CCM_C)
 	MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
 #endif
@@ -389,14 +378,10 @@ static const int eap_ciphersuite_preference[] =
 	MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
 #endif
 	/* The PSK suites */
-#if defined(MBEDTLS_GCM_C)
-	MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
-#endif
 #if defined(MBEDTLS_CCM_C)
 	MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
 #endif
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-	MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
 	MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
 #endif
 #if defined(MBEDTLS_CCM_C)