commit 430db6b6ff0799f0138f3523f69ff2e5bf3549ab
author Jerry Yu <jerry.h.yu@arm.com> Fri Jun 24 13:05:28 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Wed Jun 29 16:16:09 2022 +0800
tree 3c753b7de5439df3f090e00df997ecd062ebb9a8
parent a1255e6b8c8063319b9420239c0fce8fc3eb843a

Remove hack fix for server hybrid issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2bec6b1..dba70e2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -961,20 +961,6 @@
     return( 0 );
 }
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
-    defined(MBEDTLS_SSL_SRV_C) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/* Remove below lines if server side hybrid mode implemented.
- * To fix wrong default signature algorithm setting when both
- * TLS1.2 and TLS1.3 enabled.
- */
-static void ssl_fix_server_side_negotiation_fail( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_SSL_PROTO_TLS1_3 &&
-          MBEDTLS_SSL_SRV_C &&
-          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
 /*
  * Setup an SSL context
  */
@@ -2998,20 +2984,8 @@
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
     {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
         if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
-        {
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-            /* Remove below lines if server side hybrid mode implemented. */
-            if( ssl->state == MBEDTLS_SSL_HELLO_REQUEST )
-            {
-                ssl_fix_server_side_negotiation_fail( ssl );
-            }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
             ret = mbedtls_ssl_tls13_handshake_server_step( ssl );
-        }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)