Change the return type of mbedtls_ssl_get_ciphersuite_sig_pk_alg to mbedtls_pk_sigalg_t

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>

library/ssl_ciphersuites.c

@@ -902,17 +902,17 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui
 }
 
 #if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
+mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-            return MBEDTLS_PK_RSA;
+            return MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
 
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return MBEDTLS_PK_ECDSA;
+            return MBEDTLS_PK_SIGALG_ECDSA;
 
         default:
-            return MBEDTLS_PK_NONE;
+            return MBEDTLS_PK_SIGALG_NONE;
     }
 }
 
@@ -943,17 +943,17 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c
     }
 }
 
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
+mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-            return MBEDTLS_PK_RSA;
+            return MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
 
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return MBEDTLS_PK_ECDSA;
+            return MBEDTLS_PK_SIGALG_ECDSA;
 
         default:
-            return MBEDTLS_PK_NONE;
+            return MBEDTLS_PK_SIGALG_NONE;
     }
 }
 

library/ssl_ciphersuites_internal.h

@@ -16,10 +16,10 @@
 #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
 
 #if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
+mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
+mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
 #endif /* MBEDTLS_PK_C */
 
 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);

library/ssl_misc.h

@@ -1510,7 +1510,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
 
 #if defined(MBEDTLS_PK_C)
 unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk);
-unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type);
+unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type);
 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig);
 #endif
 

library/ssl_tls.c

@@ -5619,13 +5619,12 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
     return MBEDTLS_SSL_SIG_ANON;
 }
 
-unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type)
+unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type)
 {
     switch (type) {
-        case MBEDTLS_PK_RSA:
+        case MBEDTLS_PK_SIGALG_RSA_PKCS1V15:
             return MBEDTLS_SSL_SIG_RSA;
-        case MBEDTLS_PK_ECDSA:
+        case MBEDTLS_PK_SIGALG_ECDSA:
-        case MBEDTLS_PK_ECKEY:
             return MBEDTLS_SSL_SIG_ECDSA;
         default:
             return MBEDTLS_SSL_SIG_ANON;

library/ssl_tls12_server.c

@@ -760,7 +760,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
     const mbedtls_ssl_ciphersuite_t *suite_info;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    mbedtls_pk_type_t sig_type;
+    mbedtls_pk_sigalg_t sig_type;
 #endif
 
     suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id);
@@ -829,7 +829,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
     /* If the ciphersuite requires signing, check whether
      * a suitable hash algorithm is present. */
     sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info);
-    if (sig_type != MBEDTLS_PK_NONE &&
+    if (sig_type != MBEDTLS_PK_SIGALG_NONE &&
         mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
             ssl, mbedtls_ssl_sig_from_pk_alg(sig_type)) == MBEDTLS_SSL_HASH_NONE) {
         MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm "
@@ -1608,8 +1608,8 @@ have_ciphersuite:
     /* Debugging-only output for testsuite */
 #if defined(MBEDTLS_DEBUG_C)                         && \
     defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info);
+    mbedtls_pk_sigalg_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info);
-    if (sig_alg != MBEDTLS_PK_NONE) {
+    if (sig_alg != MBEDTLS_PK_SIGALG_NONE) {
         unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
             ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg));
         MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %u",
@@ -2788,7 +2788,7 @@ curve_matching_done:
          *      to choose appropriate hash.
          */
 
-        mbedtls_pk_type_t sig_alg =
+        mbedtls_pk_sigalg_t sig_alg =
             mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
 
         unsigned char sig_hash =
@@ -2799,7 +2799,7 @@ curve_matching_done:
 
         /*    For TLS 1.2, obey signature-hash-algorithm extension
          *    (RFC 5246, Sec. 7.4.1.4.1). */
-        if (sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE) {
+        if (sig_alg == MBEDTLS_PK_SIGALG_NONE || md_alg == MBEDTLS_MD_NONE) {
             MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
             /* (... because we choose a cipher suite
              *      only if there is a matching hash.) */