mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-29 22:20:30 +00:00
Rename and rewrite mbedtls_ssl_sig_hash_set_find
function
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name and rewrite to operate TLS signature algorithm identifiers. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
parent
1226590c88
commit
a3d016ce41
@ -1120,9 +1120,20 @@ int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
/* Find an entry in a signature-hash set matching a given hash algorithm. */
|
||||
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_context *ssl,
|
||||
mbedtls_pk_type_t pk_alg );
|
||||
/**
|
||||
* \brief Find the preferred hash for a given signature algorithm.
|
||||
*
|
||||
* \param[in] ssl SSL context
|
||||
* \param[in] sig_alg A signature algorithm identifier as defined in the
|
||||
* TLS 1.2 SignatureAlgorithm enumeration.
|
||||
*
|
||||
* \return The preferred hash algorithm for \p sig_alg. It is a hash algorithm
|
||||
* identifier as defined in the TLS 1.2 HashAlgorithm enumeration.
|
||||
*/
|
||||
unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
|
||||
mbedtls_ssl_context *ssl,
|
||||
unsigned int sig_alg );
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
|
@ -7653,25 +7653,24 @@ exit:
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
/* Find an entry in a signature-hash set matching a given sign algorithm. */
|
||||
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_context *ssl,
|
||||
mbedtls_pk_type_t pk_alg )
|
||||
/* Find the preferred hash for a given signature algorithm. */
|
||||
unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
|
||||
mbedtls_ssl_context *ssl,
|
||||
unsigned int sig_alg )
|
||||
{
|
||||
unsigned int i;
|
||||
uint16_t sig_alg = mbedtls_ssl_sig_from_pk_alg( pk_alg );
|
||||
uint16_t *set = ssl->handshake->received_sig_algs;
|
||||
uint16_t invalid_sig_alg = MBEDTLS_TLS_SIG_NONE;
|
||||
uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
|
||||
|
||||
if( sig_alg == MBEDTLS_SSL_SIG_ANON )
|
||||
return( MBEDTLS_MD_NONE );
|
||||
return( MBEDTLS_SSL_HASH_NONE );
|
||||
|
||||
for( i = 0; set[i] != invalid_sig_alg; i++ )
|
||||
for( i = 0; received_sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++ )
|
||||
{
|
||||
if( sig_alg == MBEDTLS_SSL_SIG_FROM_SIG_ALG( set[i] ) )
|
||||
return MBEDTLS_SSL_HASH_FROM_SIG_ALG( set[i] );
|
||||
if( sig_alg == MBEDTLS_SSL_SIG_FROM_SIG_ALG( received_sig_algs[i] ) )
|
||||
return MBEDTLS_SSL_HASH_FROM_SIG_ALG( received_sig_algs[i] );
|
||||
}
|
||||
|
||||
return( MBEDTLS_MD_NONE );
|
||||
return( MBEDTLS_SSL_HASH_NONE );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
@ -988,7 +988,8 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||
* a suitable hash algorithm is present. */
|
||||
sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
|
||||
if( sig_type != MBEDTLS_PK_NONE &&
|
||||
mbedtls_ssl_sig_hash_set_find( ssl, sig_type ) == MBEDTLS_MD_NONE )
|
||||
mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
|
||||
ssl, mbedtls_ssl_sig_from_pk_alg( sig_type ) ) == MBEDTLS_SSL_HASH_NONE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
|
||||
"for signature algorithm %u", (unsigned) sig_type ) );
|
||||
@ -1810,7 +1811,9 @@ have_ciphersuite:
|
||||
mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
|
||||
if( sig_alg != MBEDTLS_PK_NONE )
|
||||
{
|
||||
mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( ssl, sig_alg );
|
||||
unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
|
||||
ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) );
|
||||
mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash( sig_hash );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
|
||||
mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
|
||||
}
|
||||
@ -3175,14 +3178,19 @@ curve_matching_done:
|
||||
* to choose appropriate hash.
|
||||
*/
|
||||
|
||||
mbedtls_md_type_t md_alg;
|
||||
mbedtls_pk_type_t sig_alg =
|
||||
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
|
||||
|
||||
unsigned int sig_hash =
|
||||
mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
|
||||
ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) );
|
||||
|
||||
mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash( sig_hash );
|
||||
|
||||
/* For TLS 1.2, obey signature-hash-algorithm extension
|
||||
* (RFC 5246, Sec. 7.4.1.4.1). */
|
||||
if( sig_alg == MBEDTLS_PK_NONE ||
|
||||
( md_alg = mbedtls_ssl_sig_hash_set_find( ssl, sig_alg ) ) == MBEDTLS_MD_NONE )
|
||||
md_alg == MBEDTLS_MD_NONE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
/* (... because we choose a cipher suite
|
||||
|
Loading…
x
Reference in New Issue
Block a user