move big function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-20 20:42:00 +08:00 · 2022-06-20 20:42:00 +08:00 · 0c6be8f863
commit 0c6be8f863
parent 3896ac6e5b
3 changed files with 72 additions and 69 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -2163,75 +2163,9 @@ static inline int mbedtls_ssl_sig_alg_is_supported(

 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)

-static inline int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
+int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
                uint16_t sig_alg,
-                mbedtls_pk_context *key)
-{
-    mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key );
-    size_t key_size = mbedtls_pk_get_bitlen( key );
-
-    switch( pk_type )
-    {
-#if defined(MBEDTLS_ECDSA_C)
-        case MBEDTLS_SSL_SIG_ECDSA:
-            switch( key_size )
-            {
-#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-                case 256:
-                    return(
-                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 );
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-                case 384:
-                    return(
-                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 );
-#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-                case 521:
-                    return(
-                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 );
-#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-                default:
-                    break;
-            }
-            break;
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_RSA_C)
-        case MBEDTLS_SSL_SIG_RSA:
-            switch( sig_alg )
-            {
-#if defined(MBEDTLS_PKCS1_V21)
-#if defined(MBEDTLS_SHA256_C)
-                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
-                    return( key_size <= 2048 );
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA384_C)
-                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
-                    return( key_size <= 3072 );
-#endif /* MBEDTLS_SHA384_C */
-
-#if defined(MBEDTLS_SHA512_C)
-                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
-                    return( key_size <= 4096 );
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_PKCS1_V21 */
-
-                default:
-                    break;
-            }
-            break;
-#endif /* MBEDTLS_RSA_C */
-
-        default:
-            break;
-    }
-
-    return( 0 );
-}
+                mbedtls_pk_context *key);

 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -8188,7 +8188,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
        return( MBEDTLS_ERR_SSL_BAD_CONFIG );

    for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
-
    {
        if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
            continue;
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -855,6 +855,76 @@ cleanup:
 * STATE HANDLING: Output Certificate Verify
 */

+int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
+                uint16_t sig_alg,
+                mbedtls_pk_context *key)
+{
+    mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key );
+    size_t key_size = mbedtls_pk_get_bitlen( key );
+
+    switch( pk_type )
+    {
+#if defined(MBEDTLS_ECDSA_C)
+        case MBEDTLS_SSL_SIG_ECDSA:
+            switch( key_size )
+            {
+#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+                case 256:
+                    return(
+                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 );
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+                case 384:
+                    return(
+                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 );
+#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+                case 521:
+                    return(
+                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 );
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+                default:
+                    break;
+            }
+            break;
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_RSA_C)
+        case MBEDTLS_SSL_SIG_RSA:
+            switch( sig_alg )
+            {
+#if defined(MBEDTLS_PKCS1_V21)
+#if defined(MBEDTLS_SHA256_C)
+                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
+                    return( key_size <= 2048 );
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+                    return( key_size <= 3072 );
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+                    return( key_size <= 4096 );
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_PKCS1_V21 */
+
+                default:
+                    break;
+            }
+            break;
+#endif /* MBEDTLS_RSA_C */
+
+        default:
+            break;
+    }
+
+    return( 0 );
+}
+
 static int ssl_tls13_select_sig_alg_for_certificate_verify(
                                          mbedtls_ssl_context *ssl,
                                          mbedtls_pk_context *own_key,