From f8aa9a44aa37dd493fc5ac3736e8fcc4c48bc718 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 20:40:28 +0800 Subject: [PATCH] fix various issues Signed-off-by: Jerry Yu --- library/pk_wrap.h | 2 +- library/ssl_misc.h | 10 +++++----- library/ssl_tls13_generic.c | 19 +++---------------- tests/suites/test_suite_pk.function | 1 + 4 files changed, 10 insertions(+), 22 deletions(-) diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 7375da134a..1b490cc31b 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -142,7 +142,7 @@ extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); #endif -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_error_from_psa( psa_status_t status ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e7dbe69587..92bb63ff98 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1956,11 +1956,11 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl #if defined(MBEDTLS_SSL_PROTO_TLS1_3) static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( - uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg) + uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg ) { *pk_type = MBEDTLS_PK_NONE; *md_alg = MBEDTLS_MD_NONE; - ((void) sig_alg); + switch( sig_alg ) { #if defined(MBEDTLS_SHA256_C) && \ @@ -2057,9 +2057,9 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( MBEDTLS_RSA_C */ default: - return( 0 ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } - return( 1 ); + return( 0 ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -2136,7 +2136,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported( { mbedtls_pk_type_t pk_type; mbedtls_md_type_t md_alg; - return( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( sig_alg, &pk_type, &md_alg ) ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 5aa8587775..25004fd8a3 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -335,14 +335,9 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, goto error; } - /* We currently only support ECDSA-based signatures */ if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( - algorithm, &sig_alg, &md_alg ) == 0 ) + algorithm, &sig_alg, &md_alg ) != 0 ) { - /* algorithm not in offered signature algorithms list */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Get pk type and md algorithm from " - "signature algorithm(%04x) fail.", - ( unsigned int ) algorithm ) ); goto error; } @@ -1137,17 +1132,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( algorithm, &pk_type, &md_alg ); - if( ret == 0 ) + if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorithm is not supported." ) ); - - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s", - mbedtls_ssl_sig_alg_to_str( algorithm ) ) ); - - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e0877a2051..237a8095d8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1091,6 +1091,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) { + /* See the description of pk_genkey() for the description of the `parameter` argument. */ mbedtls_pk_context pk; size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];