Re-Introduce support for RSA signatures

hannestschofenig / mbedtls

An open source, portable, easy to use, readable and flexible SSL library

https://tls.mbed.org

Apache License 2.0

15 stars 8 forks source link

Re-Introduce support for RSA signatures #99

Open hanno-becker opened 3 years ago

hanno-becker commented 3 years ago

If I understand correctly, the TLS 1.3 prototype does currently not support RSA signatures, which isn't because there's any particular issue with it or its relation to TLS 1.3, but simply to accelerate the initial development of the prototype - @hannestschofenig correct me if I'm wrong.

Now that we're getting closer to upstreaming it, support for RSA should be reintroduced.

hanno-becker commented 3 years ago

Related to #92 by @lhuang04.

hanno-becker commented 3 years ago

For example, https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L1843 needs changing because it infers the signature algorithm from the key bitlength. This is fragile and should be replaced by a switch on the actual certificate key type.