Don't use mbedtls_ssL_set_calc_verify_md writing CertificateRequest
mbedtls_ssl_set_calc_verify_md() serves two purposes:
(a) It checks whether a hash algorithm is suitable to be used
in the CertificateVerify message.
(b) It updates the function callback pointing to the function that
computes handshake transcript for the CertificateVerify message
w.r.t. the chosen hash function.
Step (b) is only necessary when receiving the CertificateVerify
message, while writing the CertificateRequest only involves (a).
This commit modifies the writing code for the CertificateRequest
message to inline the check (a) and thereby avoiding the call to
mbedtls_ssl_calc_verify_md().
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3744cf6..f7ab70c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3082,9 +3082,17 @@
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
{
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
-
- if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
+ if( !( 0
+#if defined(MBEDTLS_SHA512_C)
+ || hash == MBEDTLS_SSL_HASH_SHA384
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ || hash == MBEDTLS_SSL_HASH_SHA256
+#endif
+ ) )
+ {
continue;
+ }
#if defined(MBEDTLS_RSA_C)
p[2 + sa_len++] = hash;