Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2025-05-10 03:39:03 +08:00 · 2022-07-01 16:23:50 +02:00 · 2022-07-01 16:23:50 +02:00 · 971f30d917
commit 971f30d917
parent c67e6e96f8
2 changed files with 4 additions and 8 deletions
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@ -1972,7 +1972,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers
 {
    switch( info->key_exchange )
    {
        case MBEDTLS_KEY_EXCHANGE_RSA:
        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
            return( MBEDTLS_PK_RSA );
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7713,13 +7713,10 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
                    continue;
                if( sig_alg_received == MBEDTLS_SSL_SIG_RSA &&
-                    ! ( mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
+                    ! mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
-                                               PSA_ALG_RSA_PKCS1V15_CRYPT,
+                                             PSA_ALG_RSA_PKCS1V15_SIGN(
-                                               PSA_KEY_USAGE_DECRYPT ) ||
+                                                            psa_hash_alg ),
-                        mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
+                                             PSA_KEY_USAGE_SIGN_HASH ) )
                                               PSA_ALG_RSA_PKCS1V15_SIGN(
                                                                psa_hash_alg ),
                                               PSA_KEY_USAGE_SIGN_HASH ) ) )
                    continue;
            }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */