fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index eb5297d..ec276fd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4412,9 +4412,6 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->sig_hashes = NULL;
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
@@ -4441,9 +4438,6 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->sig_hashes = NULL;
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
conf->sig_algs = ssl_tls12_preset_default_sig_algs;
@@ -8177,7 +8171,6 @@
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
p += 2;
-
MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 738b278..a488faf 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -855,7 +855,8 @@
* STATE HANDLING: Output Certificate Verify
*/
-static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
+static int ssl_tls13_select_sig_alg_for_certificate_verify(
+ mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key,
uint16_t *algorithm )
{
@@ -935,8 +936,9 @@
* opaque signature<0..2^16-1>;
* } CertificateVerify;
*/
- ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
- if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
+ ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key,
+ &algorithm );
+ if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "signature algorithm not in received or offered list." ) );
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index e75a778..a9ef6b4 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -389,7 +389,6 @@
continue;
}
- MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg));
if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
ssl, *sig_alg, &key_cert->cert->pk ) )
{
@@ -402,7 +401,8 @@
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found"));
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: "
+ "No signature algorithm found" ) );
return( -1 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C &&
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8de3728..afabb64 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1600,7 +1600,7 @@
requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
run_test "Default" \
"$P_SRV debug_level=3" \
- "$P_CLI debug_level=4" \
+ "$P_CLI" \
0 \
-s "Protocol is TLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \