Minor improvements to ssl_tls12_server.c

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:53:44 +01:00 · 2022-10-25 10:53:44 +01:00 · 3a334c2edc
commit 3a334c2edc
parent 7aee0ec0ba
1 changed files with 13 additions and 13 deletions
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -714,13 +714,13 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
 #endif
        list = ssl->conf->key_cert;

-    int pk_alg_none = 0;
+    int pk_alg_is_none = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    pk_alg_none = ( pk_alg == PSA_ALG_NONE );
+    pk_alg_is_none = ( pk_alg == PSA_ALG_NONE );
 #else
-    pk_alg_none = ( pk_alg == MBEDTLS_PK_NONE );
+    pk_alg_is_none = ( pk_alg == MBEDTLS_PK_NONE );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    if( pk_alg_none )
+    if( pk_alg_is_none )
        return( 0 );

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
@ -737,21 +737,21 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
        MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
                          cur->cert );

-        int key_type_mismatch = 0;
+        int key_type_matches = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-        key_type_mismatch = ( ( ssl->conf->f_async_sign_start == NULL &&
-                    ssl->conf->f_async_decrypt_start == NULL &&
-                    ! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) ||
-                ! mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) );
+        key_type_matches = ( ( ssl->conf->f_async_sign_start != NULL ||
+                    ssl->conf->f_async_decrypt_start != NULL ||
+                    mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) &&
+                mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) );
 #else
-        key_type_mismatch = (
-                ! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) );
+        key_type_matches = (
+                mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) );
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 #else
-        key_type_mismatch = ( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) );
+        key_type_matches = mbedtls_pk_can_do( &cur->cert->pk, pk_alg );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-        if( key_type_mismatch )
+        if( !key_type_matches )
        {
            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
            continue;