lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-03 20:33:16 +03:00
Code Activity

remove check_sig_hash

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
2022-01-19 18:35:56 +08:00
parent 24811fb2e0
commit eb821c6916
3 changed files with 7 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
library/ssl_misc.h
View File

@@ -1283,11 +1283,6 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md );
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
( const uint16_t srtp_profile_value ) ( const uint16_t srtp_profile_value )

11
library/ssl_srv.c
View File

@@ -1803,10 +1803,13 @@ read_record_header:
*/ */
if( sig_hash_alg_ext_present == 0 ) if( sig_hash_alg_ext_present == 0 )
{ {
mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1; uint16_t sig_algs[] = { MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) };
mbedtls_md_type_t md_default = MBEDTLS_MD_NONE;
if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 ) for( i = 0; i < sizeof(sig_algs)/sizeof(sig_algs[0]) ; i++ )
md_default = MBEDTLS_MD_NONE; {
if( mbedtls_ssl_sig_alg_is_offered( ssl, sig_algs[ i ] ) )
md_default = MBEDTLS_MD_SHA1;
}
mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default ); mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default );
} }

25
library/ssl_tls.c
View File

@@ -6950,31 +6950,6 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Check if a hash proposed by the peer is in our list.
* Return 0 if we're willing to use it, -1 otherwise.
*/
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md )
{
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( -1 );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
mbedtls_md_type_t hash = mbedtls_ssl_md_alg_from_hash(
MBEDTLS_BYTE_1( *sig_alg ) );
if( hash == md )
return( 0 );
}
return( -1 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite, const mbedtls_ssl_ciphersuite_t *ciphersuite,