diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2a8695a475..d42e463a93 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -218,57 +218,6 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
return( 0 );
}
-/*
- * The ssl_tls13_create_verify_structure() creates the verify structure.
- * As input, it requires the transcript hash.
- *
- * The caller has to ensure that the buffer has size at least
- * SSL_VERIFY_STRUCT_MAX_SIZE bytes.
- */
-static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
- size_t transcript_hash_len,
- unsigned char *verify_buffer,
- size_t *verify_buffer_len,
- int from )
-{
- size_t idx;
-
- /* RFC 8446, Section 4.4.3:
- *
- * The digital signature [in the CertificateVerify message] is then
- * computed over the concatenation of:
- * - A string that consists of octet 32 (0x20) repeated 64 times
- * - The context string
- * - A single 0 byte which serves as the separator
- * - The content to be signed
- */
- uint8_t const verify_padding_val = 0x20;
- size_t const verify_padding_len = 64;
-
- memset( verify_buffer, verify_padding_val, verify_padding_len );
- idx = verify_padding_len;
-
- if( from == MBEDTLS_SSL_IS_CLIENT )
- {
- memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
- idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
- }
- else
- { /* from == MBEDTLS_SSL_IS_SERVER */
- memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
- idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
- }
-
- verify_buffer[idx++] = 0x0;
-
- memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
- idx += transcript_hash_len;
-
- *verify_buffer_len = idx;
-}
-
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
/*
* STATE HANDLING: Read CertificateVerify
*/
@@ -296,8 +245,52 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
MBEDTLS_TLS1_3_MD_MAX_SIZE \
)
+/*
+ * The ssl_tls13_create_verify_structure() creates the verify structure.
+ * As input, it requires the transcript hash.
+ *
+ * The caller has to ensure that the buffer has size at least
+ * SSL_VERIFY_STRUCT_MAX_SIZE bytes.
+ */
+static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
+ size_t transcript_hash_len,
+ unsigned char *verify_buffer,
+ size_t *verify_buffer_len,
+ int from )
+{
+ size_t idx;
+
+ /* RFC 8446, Section 4.4.3:
+ *
+ * The digital signature [in the CertificateVerify message] is then
+ * computed over the concatenation of:
+ * - A string that consists of octet 32 (0x20) repeated 64 times
+ * - The context string
+ * - A single 0 byte which serves as the separator
+ * - The content to be signed
+ */
+ memset( verify_buffer, 0x20, 64 );
+ idx = 64;
+
+ if( from == MBEDTLS_SSL_IS_CLIENT )
+ {
+ memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
+ idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
+ }
+ else
+ { /* from == MBEDTLS_SSL_IS_SERVER */
+ memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
+ idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
+ }
+
+ verify_buffer[idx++] = 0x0;
+
+ memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
+ idx += transcript_hash_len;
+
+ *verify_buffer_len = idx;
+}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_alg )
{
const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
@@ -310,7 +303,7 @@ static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_
return 0;
}
-static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
+static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end,
const unsigned char *verify_buffer,
@@ -350,7 +343,7 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
* Check if algorithm in offered signature algorithms. Send `unsupported_certificate`
* alert message on failure.
*/
- if( ssl_tls13_sig_alg_is_offered( ssl, algorithm ) == 0 )
+ if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) )
{
/* algorithm not in offered signature algorithms list */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "
@@ -429,12 +422,9 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
break;
#endif /* MBEDTLS_SHA512_C */
- default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT(
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ default:
+ ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+ break;
}
if( ret != 0 )
@@ -481,13 +471,6 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
unsigned char *buf;
size_t buf_len;
- if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
- if( ssl->session_negotiate->peer_cert == NULL )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
MBEDTLS_SSL_PROC_CHK(
@@ -495,9 +478,9 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
/* Need to calculate the hash of the transcript first
- * before reading the message since otherwise it gets
- * included in the transcript
- */
+ * before reading the message since otherwise it gets
+ * included in the transcript
+ */
ret = mbedtls_ssl_get_handshake_transcript( ssl,
ssl->handshake->ciphersuite_info->mac,
transcript, sizeof( transcript ),
@@ -514,15 +497,16 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
/* Create verify structure */
ssl_tls13_create_verify_structure( transcript,
- transcript_len,
- verify_buffer,
- &verify_buffer_len,
- !ssl->conf->endpoint );
+ transcript_len,
+ verify_buffer,
+ &verify_buffer_len,
+ ( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ?
+ MBEDTLS_SSL_IS_SERVER :
+ MBEDTLS_SSL_IS_CLIENT );
/* Process the message contents */
- MBEDTLS_SSL_PROC_CHK(
- ssl_tls13_process_certificate_verify_parse( ssl,
- buf, buf + buf_len, verify_buffer, verify_buffer_len ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
+ buf + buf_len, verify_buffer, verify_buffer_len ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );