TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 480905d5635d0dc50ead27529aaf4f36a46a604d^! / . / library
commit480905d5635d0dc50ead27529aaf4f36a46a604d[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Thu Aug 21 19:38:32 2014 +0200
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Sat Aug 30 14:19:59 2014 +0200
tree288a8c2335e226378dc21582b174baf471c9cc9a
parentef5087d150d5804e239878b17f357c9fee627883 [diff]
Fix selection of hash from sig_alg ClientHello ext.

diff --git a/library/md.c b/library/md.c
index 7f9c5dc..5f3f32d 100644
--- a/library/md.c
+++ b/library/md.c

@@ -53,13 +53,13 @@
 static const int supported_digests[] = {
 
 #if defined(POLARSSL_SHA512_C)
-        POLARSSL_MD_SHA384,
         POLARSSL_MD_SHA512,
+        POLARSSL_MD_SHA384,
 #endif
 
 #if defined(POLARSSL_SHA256_C)
-        POLARSSL_MD_SHA224,
         POLARSSL_MD_SHA256,
+        POLARSSL_MD_SHA224,
 #endif
 
 #if defined(POLARSSL_SHA1_C)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 25be988..6cce2ef9 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -494,11 +494,16 @@
         for( p = buf + 2; p < end; p += 2 ) {
             if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
                 ssl->handshake->sig_alg = p[0];
-                break;
+                goto have_sig_alg;
             }
         }
     }
 
+    /* Some key echanges do not need signatures at all */
+    SSL_DEBUG_MSG( 3, ( "no signature_algorithm in common" ) );
+    return( 0 );
+
+have_sig_alg:
     SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
                    ssl->handshake->sig_alg ) );