fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-08-24 21:07:49 +03:00 · 2022-06-19 11:48:56 +08:00
parent 6babfee178
commit f55886a217
4 changed files with 8 additions and 13 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4412,9 +4412,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif

 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-            conf->sig_hashes = NULL;
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
            if( mbedtls_ssl_conf_is_tls12_only( conf ) )
                conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
@@ -4441,9 +4438,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif

 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-            conf->sig_hashes = NULL;
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
            if( mbedtls_ssl_conf_is_tls12_only( conf ) )
                conf->sig_algs = ssl_tls12_preset_default_sig_algs;
@@ -8177,7 +8171,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
        MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
        p += 2;
-
        MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
    }

--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -855,7 +855,8 @@ cleanup:
 * STATE HANDLING: Output Certificate Verify
 */

-static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
+static int ssl_tls13_select_sig_alg_for_certificate_verify(
+                                          mbedtls_ssl_context *ssl,
                                          mbedtls_pk_context *own_key,
                                          uint16_t *algorithm )
 {
@@ -935,8 +936,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
     *    opaque signature<0..2^16-1>;
     *  } CertificateVerify;
     */
-    ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
-    if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
+    ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key,
+                                                           &algorithm );
+    if( ret != 0 )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1,
                    ( "signature algorithm not in received or offered list." ) );
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -389,7 +389,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
                continue;
            }

-            MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg));
            if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
                    ssl, *sig_alg, &key_cert->cert->pk ) )
            {
@@ -402,7 +401,8 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
        }
    }

-    MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found"));
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: "
+                                "No signature algorithm found" ) );
    return( -1 );
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C &&