mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 08:37:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix various issues

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-06-19 11:48:56 +08:00
parent 6babfee178
commit f55886a217
4 changed files with 8 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/ssl_tls.c
View File

@ -4412,9 +4412,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->sig_hashes = NULL;
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
@ -4441,9 +4438,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->sig_hashes = NULL;
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
conf->sig_algs = ssl_tls12_preset_default_sig_algs;
@ -8177,7 +8171,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
}

8
library/ssl_tls13_generic.c
View File

@ -855,7 +855,8 @@ cleanup:
* STATE HANDLING: Output Certificate Verify
*/
static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
static int ssl_tls13_select_sig_alg_for_certificate_verify(
mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key,
uint16_t *algorithm )
{
@ -935,8 +936,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
* opaque signature<0..2^16-1>;
* } CertificateVerify;
*/
ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key,
&algorithm );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "signature algorithm not in received or offered list." ) );

4
library/ssl_tls13_server.c
View File

@ -389,7 +389,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
continue;
}
MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg));
if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
ssl, *sig_alg, &key_cert->cert->pk ) )
{
@ -402,7 +401,8 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
}
}
MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found"));
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: "
"No signature algorithm found" ) );
return( -1 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C &&

2
tests/ssl-opt.sh
View File

@ -1600,7 +1600,7 @@ requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6"
requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
run_test "Default" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=4" \
"$P_CLI" \
0 \
-s "Protocol is TLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \