From c2e0493e6ead458a3dd8af0f4fec2d3f6548e503 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Mon, 27 Jun 2022 22:13:03 +0800
Subject: [PATCH] Add rsa_pkcs1 for cert sig match

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index c7c652e596..39bd9f258f 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -855,9 +855,8 @@ cleanup:
  * STATE HANDLING: Output Certificate Verify
  */
 
-int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
-                uint16_t sig_alg,
-                mbedtls_pk_context *key)
+int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
+                                                    mbedtls_pk_context *key )
 {
     mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key );
     size_t key_size = mbedtls_pk_get_bitlen( key );
@@ -912,6 +911,23 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
 #endif /* MBEDTLS_SHA512_C */
 #endif /* MBEDTLS_PKCS1_V21 */
 
+#if defined(MBEDTLS_PKCS1_V15)
+#if defined(MBEDTLS_SHA256_C)
+                case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
+                    return( key_size <= 3072 );
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+                case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
+                    return( key_size <= 7680 );
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+                case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
+                    return( 1 );
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_PKCS1_V15 */
+
                 default:
                     break;
             }