fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 05a926b..f788baf 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1922,8 +1922,8 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- if( ssl->handshake->sig_algs_heap_allocated == 1 &&
- ssl->handshake != NULL &&
+ if( ssl->handshake != NULL &&
+ ssl->handshake->sig_algs_heap_allocated == 1 &&
ssl->handshake->sig_algs != NULL )
{
return( ssl->handshake->sig_algs );
@@ -1984,6 +1984,7 @@
switch( sig_alg )
{
+#if defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
*md_alg = MBEDTLS_MD_SHA256;
@@ -2002,7 +2003,7 @@
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_SHA512_C */
-
+#endif /* MBEDTLS_RSA_C */
default:
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
@@ -2168,9 +2169,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
- uint16_t sig_alg,
- mbedtls_pk_context *key);
+int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
+ mbedtls_pk_context *key );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dba70e2..304e61f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -856,7 +856,7 @@
ssl->handshake->sig_algs = ssl->conf->sig_algs;
ssl->handshake->sig_algs_heap_allocated = 0;
}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
return( 0 );
}
@@ -4072,8 +4072,8 @@
* When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
* declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
* `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
- * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
- * for its signature in the key exchange message and as Mbed TLS 1.2 does not
+ * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
+ * for its signature in the key exchange message. As Mbed TLS 1.2 does not
* support them, the handshake fails.
*/
static uint16_t ssl_preset_default_sig_algs[] = {
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 62f22fd..c7c652e 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -940,16 +940,18 @@
mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, own_key ) )
{
- MBEDTLS_SSL_DEBUG_MSG(
- 3, ( "select_sig_alg_for_certificate_verify:"
- "selected signature algorithm %s [%04x]",
- mbedtls_ssl_sig_alg_to_str( *sig_alg ),
- *sig_alg ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "select_sig_alg_for_certificate_verify:"
+ "selected signature algorithm %s [%04x]",
+ mbedtls_ssl_sig_alg_to_str( *sig_alg ),
+ *sig_alg ) );
*algorithm = *sig_alg;
return( 0 );
}
}
-
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "select_sig_alg_for_certificate_verify:"
+ "no suitable signature algorithm found" ) );
return( -1 );
}
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index b7b2557..2d751d6 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -389,20 +389,21 @@
continue;
}
- MBEDTLS_SSL_DEBUG_MSG(
- 3, ( "ssl_tls13_pick_key_cert:"
- "check signature algorithm %s [%04x]",
- mbedtls_ssl_sig_alg_to_str( *sig_alg ),
- *sig_alg ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "ssl_tls13_pick_key_cert:"
+ "check signature algorithm %s [%04x]",
+ mbedtls_ssl_sig_alg_to_str( *sig_alg ),
+ *sig_alg ) );
if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, &key_cert->cert->pk ) )
{
ssl->handshake->key_cert = key_cert;
- MBEDTLS_SSL_DEBUG_MSG(
- 3, ( "ssl_tls13_pick_key_cert:"
- "selected signature algorithm %s [%04x]",
- mbedtls_ssl_sig_alg_to_str( *sig_alg ),
- *sig_alg ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "ssl_tls13_pick_key_cert:"
+ "selected signature algorithm"
+ " %s [%04x]",
+ mbedtls_ssl_sig_alg_to_str( *sig_alg ),
+ *sig_alg ) );
MBEDTLS_SSL_DEBUG_CRT(
3, "selected certificate (chain)",
ssl->handshake->key_cert->cert );
@@ -412,7 +413,7 @@
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: "
- "No signature algorithm found" ) );
+ "no suitable signature algorithm found" ) );
return( -1 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C &&
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 72c0b3a..ad9dcdd 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -268,8 +268,8 @@
* When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
* declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
* `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
- * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
- * for its signature in the key exchange message and as Mbed TLS 1.2 does not
+ * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
+ * for its signature in the key exchange message. As Mbed TLS 1.2 does not
* support them, the handshake fails.
*/
#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \
@@ -371,4 +371,4 @@
mbedtls_printf("rsa_pkcs1_sha1 ");
mbedtls_printf("ecdsa_sha1\n");
mbedtls_printf( "\n" );
-}
\ No newline at end of file
+}