Remove pkcs1 from key cert and sig alg map

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-06-28 16:17:58 +08:00
parent 71b18844ff
commit 660cb4209c
2 changed files with 3 additions and 38 deletions

View file

@ -4916,8 +4916,7 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
sig_alg, sig_alg,
mbedtls_ssl_sig_alg_to_str( sig_alg ) ) ); mbedtls_ssl_sig_alg_to_str( sig_alg ) ) );
if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) || if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) )
! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) )
continue; continue;
MBEDTLS_SSL_DEBUG_MSG( 4, ( "valid signature algorithm: %s", MBEDTLS_SSL_DEBUG_MSG( 4, ( "valid signature algorithm: %s",

View file

@ -863,76 +863,41 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
switch( pk_type ) switch( pk_type )
{ {
#if defined(MBEDTLS_ECDSA_C)
case MBEDTLS_SSL_SIG_ECDSA: case MBEDTLS_SSL_SIG_ECDSA:
switch( key_size ) switch( key_size )
{ {
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case 256: case 256:
return( return(
sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 ); sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 );
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case 384: case 384:
return( return(
sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 ); sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 );
#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case 521: case 521:
return( return(
sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 ); sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 );
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
default: default:
break; break;
} }
break; break;
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_SSL_SIG_RSA: case MBEDTLS_SSL_SIG_RSA:
switch( sig_alg ) switch( sig_alg )
{ {
#if defined(MBEDTLS_PKCS1_V21)
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
return( key_size <= 3072 ); return( key_size <= 3072 );
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
return( key_size <= 7680 ); return( key_size <= 7680 );
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
return( 1 ); return( 1 );
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_PKCS1_V21 */
#if defined(MBEDTLS_PKCS1_V15)
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
return( key_size <= 3072 );
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
return( key_size <= 7680 );
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
return( 1 );
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_PKCS1_V15 */
default: default:
break; break;
} }
break; break;
#endif /* MBEDTLS_RSA_C */
default: default:
break; break;
@ -951,7 +916,8 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify(
*algorithm = MBEDTLS_TLS1_3_SIG_NONE; *algorithm = MBEDTLS_TLS1_3_SIG_NONE;
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
{ {
if( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) &&
mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
*sig_alg ) && *sig_alg ) &&
mbedtls_ssl_tls13_check_sig_alg_cert_key_match( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, own_key ) ) *sig_alg, own_key ) )