commit 1bab301c0dd6becb49a3328d009659152d6b5053
author Jerry Yu <jerry.h.yu@arm.com> Wed Jan 19 17:43:22 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Tue Jan 25 12:46:17 2022 +0800
tree 071ca90ab284c69d4705518a3f16cfa91c00a0be
parent 7ddc38cedbb6b5030d953e551d8c86901d532015

Add signature algorithm supported check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 5ebbcad..0de1177 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2802,26 +2802,15 @@
 
         for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
         {
-            /* High byte is hash */
             unsigned char hash = MBEDTLS_BYTE_1( *sig_alg );
-            unsigned char sig = MBEDTLS_BYTE_0( *sig_alg );
 
             if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
                 continue;
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_ECDSA_C)
-            if( sig != MBEDTLS_SSL_SIG_RSA && sig != MBEDTLS_SSL_SIG_ECDSA )
+            if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
                 continue;
-#elif defined(MBEDTLS_RSA_C)
-            if( sig != MBEDTLS_SSL_SIG_RSA )
-                continue;
-#elif defined(MBEDTLS_ECDSA_C)
-            if( sig != MBEDTLS_SSL_SIG_ECDSA )
-                continue;
-#endif
 
             MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
             sa_len += 2;
-
         }
 
         MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );