fix build fail without TLS13

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-01-12 16:36:14 +08:00
parent f017ee4203
commit 6106fdc085
5 changed files with 33 additions and 30 deletions

View file

@ -3301,7 +3301,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes );
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/**
* \brief Configure allowed signature algorithms for use in TLS 1.3
*
@ -3313,7 +3312,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
*/
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)

View file

@ -1815,24 +1815,17 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
/*
* Return supported sig_algs.
*/
static inline const void *mbedtls_ssl_conf_get_sig_algs(
const mbedtls_ssl_config *conf )
static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_enabled( conf ))
return( conf->sig_hashes );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_enabled( conf ))
return( conf->sig_algs );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
if( ssl->handshake != NULL && ssl->handshake->sig_algs != NULL )
return( ssl->handshake->sig_algs );
#endif
return( ssl->conf->sig_algs );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
((void) conf);
((void) ssl);
return NULL;
}

View file

@ -2796,8 +2796,11 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
/*
* Supported signature algorithms
*/
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
/* High byte is hash */
unsigned char hash = ( *sig_alg >> 8 ) & 0xff;

View file

@ -3187,14 +3187,14 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md );
if( hash == MBEDTLS_SSL_HASH_NONE )
continue;
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_ECDSA_C)
*p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA);
p++;
#endif
#if defined(MBEDTLS_RSA_C)
#endif
#if defined(MBEDTLS_RSA_C)
*p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA);
p++;
#endif
#endif
}
*p = MBEDTLS_TLS1_3_SIG_NONE;
ssl->handshake->sig_algs_heap_allocated = 1;
@ -4055,7 +4055,6 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes )
{
conf->sig_hashes = hashes;
conf->sig_algs = NULL;
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@ -6478,8 +6477,9 @@ static int ssl_preset_suiteb_hashes[] = {
};
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static uint16_t ssl_preset_default_sig_algs[] = {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
@ -6498,11 +6498,14 @@ static uint16_t ssl_preset_default_sig_algs[] = {
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
MBEDTLS_TLS1_3_SIG_NONE
};
static uint16_t ssl_preset_suiteb_sig_algs[] = {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
@ -6518,10 +6521,10 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
MBEDTLS_TLS1_3_SIG_NONE
};
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif
static uint16_t ssl_preset_suiteb_groups[] = {
@ -6936,7 +6939,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md )
{
const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( -1 );
@ -7450,8 +7453,11 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
* Write supported_signature_algorithms
*/
supported_sig_alg = p;
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );

View file

@ -212,8 +212,11 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h
static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
uint16_t proposed_sig_alg )
{
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( 0 );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
if( *sig_alg == proposed_sig_alg )
return( 1 );