fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/pk_wrap.h

@@ -142,7 +142,7 @@ extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
 int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status );
 #endif
 
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 int mbedtls_pk_error_from_psa( psa_status_t status );

library/ssl_misc.h

@@ -1956,11 +1956,11 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
-    uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg)
+    uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
 {
     *pk_type = MBEDTLS_PK_NONE;
     *md_alg = MBEDTLS_MD_NONE;
-    ((void) sig_alg);
+
     switch( sig_alg )
     {
 #if defined(MBEDTLS_SHA256_C) && \
@@ -2057,9 +2057,9 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
           MBEDTLS_RSA_C */
 
             default:
-                return( 0 );
+                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
         }
-        return( 1 );
+        return( 0 );
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
@@ -2136,7 +2136,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
     {
         mbedtls_pk_type_t pk_type;
         mbedtls_md_type_t md_alg;
-        return( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+        return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
                                                 sig_alg, &pk_type, &md_alg ) );
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

library/ssl_tls13_generic.c

@@ -335,14 +335,9 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
         goto error;
     }
 
-    /* We currently only support ECDSA-based signatures */
     if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
-                                        algorithm, &sig_alg, &md_alg ) == 0 )
+                                        algorithm, &sig_alg, &md_alg ) != 0 )
     {
-        /* algorithm not in offered signature algorithms list */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Get pk type and md algorithm from "
-                                    "signature algorithm(%04x) fail.",
-                                    ( unsigned int ) algorithm ) );
         goto error;
     }
 
@@ -1137,17 +1132,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
     ret = mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( algorithm,
                                                                  &pk_type,
                                                                  &md_alg );
-    if( ret == 0 )
+    if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "signature algorithm is not supported." ) );
-
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s",
-                                    mbedtls_ssl_sig_alg_to_str( algorithm ) ) );
-
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR  );
 
     }
 

tests/suites/test_suite_pk.function

@@ -1091,6 +1091,7 @@ exit:
 /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */
 void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg )
 {
+    /* See the description of pk_genkey() for the description of the `parameter` argument. */
     mbedtls_pk_context pk;
     size_t sig_len;
     unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];