AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

replace check_sig_hash with is_offered

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-01-19 18:02:15 +08:00
parent 1bab301c0d
commit 24811fb2e0
4 changed files with 22 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
library/ssl_cli.c
View File

@ -2595,7 +2595,6 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
mbedtls_md_type_t *md_alg, mbedtls_md_type_t *md_alg,
mbedtls_pk_type_t *pk_alg ) mbedtls_pk_type_t *pk_alg )
{ {
((void) ssl);
*md_alg = MBEDTLS_MD_NONE; *md_alg = MBEDTLS_MD_NONE;
*pk_alg = MBEDTLS_PK_NONE; *pk_alg = MBEDTLS_PK_NONE;
@ -2631,9 +2630,9 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
} }
/* /*
* Check if the hash is acceptable * Check if the signature algorithm is acceptable
*/ */
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) if( !mbedtls_ssl_sig_alg_is_offered( ssl, MBEDTLS_GET_UINT16_BE( *p, 0 ) ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_MSG( 1,
( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) );

17
library/ssl_misc.h
View File

@ -1845,6 +1845,23 @@ static inline const void *mbedtls_ssl_get_sig_algs(
} }
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
uint16_t proposed_sig_alg )
{
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( 0 );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
if( *sig_alg == proposed_sig_alg )
return( 1 );
}
return( 0 );
}
static inline int mbedtls_ssl_sig_alg_is_supported( static inline int mbedtls_ssl_sig_alg_is_supported(
const mbedtls_ssl_context *ssl, const mbedtls_ssl_context *ssl,
const uint16_t sig_alg ) const uint16_t sig_alg )

3
library/ssl_srv.c
View File

@ -296,7 +296,8 @@ static int ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
continue; continue;
} }
if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 ) if( mbedtls_ssl_sig_alg_is_offered(
ssl, MBEDTLS_GET_UINT16_BE( p, 0 ) ) )
{ {
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"

17
library/ssl_tls13_generic.c
View File

@ -209,21 +209,6 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h
*verify_buffer_len = idx; *verify_buffer_len = idx;
} }
static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
uint16_t proposed_sig_alg )
{
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( 0 );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
if( *sig_alg == proposed_sig_alg )
return( 1 );
}
return( 0 );
}
static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -268,7 +253,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
* *
* Check if algorithm is an offered signature algorithm. * Check if algorithm is an offered signature algorithm.
*/ */
if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) ) if( ! mbedtls_ssl_sig_alg_is_offered( ssl, algorithm ) )
{ {
/* algorithm not in offered signature algorithms list */ /* algorithm not in offered signature algorithms list */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not " MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "