mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 08:37:25 +00:00
fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
6babfee178
commit
f55886a217
@ -4412,9 +4412,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
conf->sig_hashes = NULL;
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
|
||||
conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
|
||||
@ -4441,9 +4438,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
conf->sig_hashes = NULL;
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
|
||||
conf->sig_algs = ssl_tls12_preset_default_sig_algs;
|
||||
@ -8177,7 +8171,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
||||
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
|
||||
}
|
||||
|
||||
|
@ -855,7 +855,8 @@ cleanup:
|
||||
* STATE HANDLING: Output Certificate Verify
|
||||
*/
|
||||
|
||||
static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
|
||||
static int ssl_tls13_select_sig_alg_for_certificate_verify(
|
||||
mbedtls_ssl_context *ssl,
|
||||
mbedtls_pk_context *own_key,
|
||||
uint16_t *algorithm )
|
||||
{
|
||||
@ -935,8 +936,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
|
||||
* opaque signature<0..2^16-1>;
|
||||
* } CertificateVerify;
|
||||
*/
|
||||
ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
|
||||
if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
|
||||
ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key,
|
||||
&algorithm );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "signature algorithm not in received or offered list." ) );
|
||||
|
@ -389,7 +389,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
|
||||
continue;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg));
|
||||
if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
|
||||
ssl, *sig_alg, &key_cert->cert->pk ) )
|
||||
{
|
||||
@ -402,7 +401,8 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found"));
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: "
|
||||
"No signature algorithm found" ) );
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C &&
|
||||
|
@ -1600,7 +1600,7 @@ requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
run_test "Default" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=4" \
|
||||
"$P_CLI" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.2" \
|
||||
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
|
||||
|
Loading…
x
Reference in New Issue
Block a user