yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Minor improvements to ssl_tls12_server.c

Browse source 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann 2022-10-25 10:53:44 +01:00
parent 7aee0ec0ba
commit 3a334c2edc
1 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
library/ssl_tls12_server.c
View file

@ -714,13 +714,13 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
#endif #endif
list = ssl->conf->key_cert; list = ssl->conf->key_cert;
int pk_alg_none = 0; int pk_alg_is_none = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
pk_alg_none = ( pk_alg == PSA_ALG_NONE ); pk_alg_is_none = ( pk_alg == PSA_ALG_NONE );
#else #else
pk_alg_none = ( pk_alg == MBEDTLS_PK_NONE ); pk_alg_is_none = ( pk_alg == MBEDTLS_PK_NONE );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( pk_alg_none ) if( pk_alg_is_none )
return( 0 ); return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
@ -737,21 +737,21 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate", MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
cur->cert ); cur->cert );
int key_type_mismatch = 0; int key_type_matches = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
key_type_mismatch = ( ( ssl->conf->f_async_sign_start == NULL && key_type_matches = ( ( ssl->conf->f_async_sign_start != NULL ||
ssl->conf->f_async_decrypt_start == NULL && ssl->conf->f_async_decrypt_start != NULL ||
! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) || mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) &&
! mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) ); mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) );
#else #else
key_type_mismatch = ( key_type_matches = (
! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ); mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#else #else
key_type_mismatch = ( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) ); key_type_matches = mbedtls_pk_can_do( &cur->cert->pk, pk_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
if( key_type_mismatch ) if( !key_type_matches )
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
continue; continue;