fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
202919c23d
commit
cc5391048e
5 changed files with 32 additions and 29 deletions
|
@ -1922,8 +1922,8 @@ static inline const void *mbedtls_ssl_get_sig_algs(
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if( ssl->handshake->sig_algs_heap_allocated == 1 &&
|
||||
ssl->handshake != NULL &&
|
||||
if( ssl->handshake != NULL &&
|
||||
ssl->handshake->sig_algs_heap_allocated == 1 &&
|
||||
ssl->handshake->sig_algs != NULL )
|
||||
{
|
||||
return( ssl->handshake->sig_algs );
|
||||
|
@ -1984,6 +1984,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
|
|||
|
||||
switch( sig_alg )
|
||||
{
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
|
||||
*md_alg = MBEDTLS_MD_SHA256;
|
||||
|
@ -2002,7 +2003,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
|
|||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
break;
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
default:
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
@ -2168,9 +2169,8 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
|
|||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
|
||||
uint16_t sig_alg,
|
||||
mbedtls_pk_context *key);
|
||||
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
|
||||
mbedtls_pk_context *key );
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
|
|
|
@ -856,7 +856,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
ssl->handshake->sig_algs = ssl->conf->sig_algs;
|
||||
ssl->handshake->sig_algs_heap_allocated = 0;
|
||||
}
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -4072,8 +4072,8 @@ static int ssl_preset_suiteb_ciphersuites[] = {
|
|||
* When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
|
||||
* declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
|
||||
* `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
|
||||
* the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
|
||||
* for its signature in the key exchange message and as Mbed TLS 1.2 does not
|
||||
* the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
|
||||
* for its signature in the key exchange message. As Mbed TLS 1.2 does not
|
||||
* support them, the handshake fails.
|
||||
*/
|
||||
static uint16_t ssl_preset_default_sig_algs[] = {
|
||||
|
|
|
@ -940,16 +940,18 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify(
|
|||
mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
|
||||
*sig_alg, own_key ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3, ( "select_sig_alg_for_certificate_verify:"
|
||||
"selected signature algorithm %s [%04x]",
|
||||
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
|
||||
*sig_alg ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "select_sig_alg_for_certificate_verify:"
|
||||
"selected signature algorithm %s [%04x]",
|
||||
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
|
||||
*sig_alg ) );
|
||||
*algorithm = *sig_alg;
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2,
|
||||
( "select_sig_alg_for_certificate_verify:"
|
||||
"no suitable signature algorithm found" ) );
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
|
|
|
@ -389,20 +389,21 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
|
|||
continue;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3, ( "ssl_tls13_pick_key_cert:"
|
||||
"check signature algorithm %s [%04x]",
|
||||
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
|
||||
*sig_alg ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "ssl_tls13_pick_key_cert:"
|
||||
"check signature algorithm %s [%04x]",
|
||||
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
|
||||
*sig_alg ) );
|
||||
if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
|
||||
*sig_alg, &key_cert->cert->pk ) )
|
||||
{
|
||||
ssl->handshake->key_cert = key_cert;
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3, ( "ssl_tls13_pick_key_cert:"
|
||||
"selected signature algorithm %s [%04x]",
|
||||
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
|
||||
*sig_alg ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "ssl_tls13_pick_key_cert:"
|
||||
"selected signature algorithm"
|
||||
" %s [%04x]",
|
||||
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
|
||||
*sig_alg ) );
|
||||
MBEDTLS_SSL_DEBUG_CRT(
|
||||
3, "selected certificate (chain)",
|
||||
ssl->handshake->key_cert->cert );
|
||||
|
@ -412,7 +413,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: "
|
||||
"No signature algorithm found" ) );
|
||||
"no suitable signature algorithm found" ) );
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C &&
|
||||
|
|
|
@ -268,8 +268,8 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len )
|
|||
* When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
|
||||
* declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
|
||||
* `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
|
||||
* the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
|
||||
* for its signature in the key exchange message and as Mbed TLS 1.2 does not
|
||||
* the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
|
||||
* for its signature in the key exchange message. As Mbed TLS 1.2 does not
|
||||
* support them, the handshake fails.
|
||||
*/
|
||||
#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \
|
||||
|
@ -371,4 +371,4 @@ void mbedtls_print_supported_sig_algs( void )
|
|||
mbedtls_printf("rsa_pkcs1_sha1 ");
|
||||
mbedtls_printf("ecdsa_sha1\n");
|
||||
mbedtls_printf( "\n" );
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue