diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 05a926bd2..f788baf58 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1922,8 +1922,8 @@ static inline const void *mbedtls_ssl_get_sig_algs( #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - if( ssl->handshake->sig_algs_heap_allocated == 1 && - ssl->handshake != NULL && + if( ssl->handshake != NULL && + ssl->handshake->sig_algs_heap_allocated == 1 && ssl->handshake->sig_algs != NULL ) { return( ssl->handshake->sig_algs ); @@ -1984,6 +1984,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( switch( sig_alg ) { +#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; @@ -2002,7 +2003,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA512_C */ - +#endif /* MBEDTLS_RSA_C */ default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } @@ -2168,9 +2169,8 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - uint16_t sig_alg, - mbedtls_pk_context *key); +int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, + mbedtls_pk_context *key ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dba70e20d..304e61f42 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -856,7 +856,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) ssl->handshake->sig_algs = ssl->conf->sig_algs; ssl->handshake->sig_algs_heap_allocated = 0; } -#endif /* MBEDTLS_DEPRECATED_REMOVED */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ return( 0 ); } @@ -4072,8 +4072,8 @@ static int ssl_preset_suiteb_ciphersuites[] = { * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then - * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm - * for its signature in the key exchange message and as Mbed TLS 1.2 does not + * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm + * for its signature in the key exchange message. As Mbed TLS 1.2 does not * support them, the handshake fails. */ static uint16_t ssl_preset_default_sig_algs[] = { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 62f22fd93..c7c652e59 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -940,16 +940,18 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "select_sig_alg_for_certificate_verify:" - "selected signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str( *sig_alg ), - *sig_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "select_sig_alg_for_certificate_verify:" + "selected signature algorithm %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); *algorithm = *sig_alg; return( 0 ); } } - + MBEDTLS_SSL_DEBUG_MSG( 2, + ( "select_sig_alg_for_certificate_verify:" + "no suitable signature algorithm found" ) ); return( -1 ); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b7b25576e..2d751d656 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -389,20 +389,21 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) continue; } - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "ssl_tls13_pick_key_cert:" - "check signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str( *sig_alg ), - *sig_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "ssl_tls13_pick_key_cert:" + "check signature algorithm %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, &key_cert->cert->pk ) ) { ssl->handshake->key_cert = key_cert; - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "ssl_tls13_pick_key_cert:" - "selected signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str( *sig_alg ), - *sig_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "ssl_tls13_pick_key_cert:" + "selected signature algorithm" + " %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate (chain)", ssl->handshake->key_cert->cert ); @@ -412,7 +413,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: " - "No signature algorithm found" ) ); + "no suitable signature algorithm found" ) ); return( -1 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C && diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 72c0b3ae3..ad9dcdd5b 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -268,8 +268,8 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then - * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm - * for its signature in the key exchange message and as Mbed TLS 1.2 does not + * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm + * for its signature in the key exchange message. As Mbed TLS 1.2 does not * support them, the handshake fails. */ #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ @@ -371,4 +371,4 @@ void mbedtls_print_supported_sig_algs( void ) mbedtls_printf("rsa_pkcs1_sha1 "); mbedtls_printf("ecdsa_sha1\n"); mbedtls_printf( "\n" ); -} \ No newline at end of file +}