yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Change code based on reviews

Browse source 
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2021-11-24 02:27:38 +00:00
parent 7285067a8c
commit 4d2329fd8a
3 changed files with 5 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
library/ssl_tls13_generic.c
View file

@ -381,11 +381,6 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
sig_alg = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
case MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256:
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PKCS1 V1.5" ) );
md_alg = MBEDTLS_MD_SHA256;
sig_alg = MBEDTLS_PK_RSA;
break;
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
goto error;

5
programs/ssl/ssl_client2.c
View file

@ -1538,6 +1538,10 @@ int main( int argc, char *argv[] )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256;
}
else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256;
}
else
{
mbedtls_printf( "unknown signature algorithm %s\n", q );
@ -1546,6 +1550,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( "ecdsa_secp384r1_sha384 " );
mbedtls_printf( "ecdsa_secp521r1_sha512 " );
mbedtls_printf( "rsa_pss_rsae_sha256 " );
mbedtls_printf( "rsa_pkcs1_sha256 " );
mbedtls_printf( "\n" );
goto exit;
}

5
tests/ssl-opt.sh
View file

@ -8916,12 +8916,7 @@ run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PKCSV15_SHA256" \
"$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \
0 \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-s "Ephemeral EC Diffie-Hellman parameters" \
-s "Version: TLS1.3" \
-s "Cipher: AES-128-GCM" \
-S "Client Signature:" \
-s "Server Signature: RSA-PSS-RSAE-SHA256" \
-c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \