fix build fail without TLS13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
f017ee4203
commit
6106fdc085
5 changed files with 33 additions and 30 deletions
|
@ -3301,7 +3301,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
|||
const int *hashes );
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/**
|
||||
* \brief Configure allowed signature algorithms for use in TLS 1.3
|
||||
*
|
||||
|
@ -3313,7 +3312,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
|||
*/
|
||||
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
|
||||
const uint16_t* sig_algs );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
|
|
@ -1815,24 +1815,17 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
|
|||
/*
|
||||
* Return supported sig_algs.
|
||||
*/
|
||||
static inline const void *mbedtls_ssl_conf_get_sig_algs(
|
||||
const mbedtls_ssl_config *conf )
|
||||
static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( mbedtls_ssl_conf_is_tls12_enabled( conf ))
|
||||
return( conf->sig_hashes );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( mbedtls_ssl_conf_is_tls13_enabled( conf ))
|
||||
return( conf->sig_algs );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if( ssl->handshake != NULL && ssl->handshake->sig_algs != NULL )
|
||||
return( ssl->handshake->sig_algs );
|
||||
#endif
|
||||
return( ssl->conf->sig_algs );
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
((void) conf);
|
||||
((void) ssl);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -2796,8 +2796,11 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Supported signature algorithms
|
||||
*/
|
||||
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
|
||||
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
|
||||
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
|
||||
if( sig_alg == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||
|
||||
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
|
||||
{
|
||||
/* High byte is hash */
|
||||
unsigned char hash = ( *sig_alg >> 8 ) & 0xff;
|
||||
|
|
|
@ -3187,14 +3187,14 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md );
|
||||
if( hash == MBEDTLS_SSL_HASH_NONE )
|
||||
continue;
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
*p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA);
|
||||
p++;
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
*p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA);
|
||||
p++;
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
*p = MBEDTLS_TLS1_3_SIG_NONE;
|
||||
ssl->handshake->sig_algs_heap_allocated = 1;
|
||||
|
@ -4055,7 +4055,6 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
|||
const int *hashes )
|
||||
{
|
||||
conf->sig_hashes = hashes;
|
||||
conf->sig_algs = NULL;
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
|
@ -6478,8 +6477,9 @@ static int ssl_preset_suiteb_hashes[] = {
|
|||
};
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
static uint16_t ssl_preset_default_sig_algs[] = {
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
/* ECDSA algorithms */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
|
@ -6498,11 +6498,14 @@ static uint16_t ssl_preset_default_sig_algs[] = {
|
|||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||
#endif
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
MBEDTLS_TLS1_3_SIG_NONE
|
||||
};
|
||||
|
||||
static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/* ECDSA algorithms */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
|
@ -6518,10 +6521,10 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
|||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||
#endif
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
MBEDTLS_TLS1_3_SIG_NONE
|
||||
};
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif
|
||||
|
||||
static uint16_t ssl_preset_suiteb_groups[] = {
|
||||
|
@ -6936,7 +6939,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
|||
mbedtls_md_type_t md )
|
||||
{
|
||||
|
||||
const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
|
||||
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
|
||||
if( sig_alg == NULL )
|
||||
return( -1 );
|
||||
|
||||
|
@ -7450,8 +7453,11 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
|
|||
* Write supported_signature_algorithms
|
||||
*/
|
||||
supported_sig_alg = p;
|
||||
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
|
||||
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
|
||||
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
|
||||
if( sig_alg == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||
|
||||
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
|
||||
{
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
||||
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
|
||||
|
|
|
@ -212,8 +212,11 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h
|
|||
static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
|
||||
uint16_t proposed_sig_alg )
|
||||
{
|
||||
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
|
||||
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
|
||||
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
|
||||
if( sig_alg == NULL )
|
||||
return( 0 );
|
||||
|
||||
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
|
||||
{
|
||||
if( *sig_alg == proposed_sig_alg )
|
||||
return( 1 );
|
||||
|
|
Loading…
Reference in a new issue