fix build fail without TLS13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 44f69cb..10aa8ef 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1815,24 +1815,17 @@
/*
* Return supported sig_algs.
*/
-static inline const void *mbedtls_ssl_conf_get_sig_algs(
- const mbedtls_ssl_config *conf )
+static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( mbedtls_ssl_conf_is_tls12_enabled( conf ))
- return( conf->sig_hashes );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( mbedtls_ssl_conf_is_tls13_enabled( conf ))
- return( conf->sig_algs );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ if( ssl->handshake != NULL && ssl->handshake->sig_algs != NULL )
+ return( ssl->handshake->sig_algs );
+#endif
+ return( ssl->conf->sig_algs );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
- ((void) conf);
+ ((void) ssl);
return NULL;
}
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index eb3550e..97199e1 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2796,8 +2796,11 @@
/*
* Supported signature algorithms
*/
- for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
- *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
/* High byte is hash */
unsigned char hash = ( *sig_alg >> 8 ) & 0xff;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 336e479..9a8fe45 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3187,14 +3187,14 @@
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md );
if( hash == MBEDTLS_SSL_HASH_NONE )
continue;
- #if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C)
*p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA);
p++;
- #endif
- #if defined(MBEDTLS_RSA_C)
+#endif
+#if defined(MBEDTLS_RSA_C)
*p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA);
p++;
- #endif
+#endif
}
*p = MBEDTLS_TLS1_3_SIG_NONE;
ssl->handshake->sig_algs_heap_allocated = 1;
@@ -4055,7 +4055,6 @@
const int *hashes )
{
conf->sig_hashes = hashes;
- conf->sig_algs = NULL;
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -6478,8 +6477,9 @@
};
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static uint16_t ssl_preset_default_sig_algs[] = {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
@@ -6498,11 +6498,14 @@
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
MBEDTLS_TLS1_3_SIG_NONE
};
static uint16_t ssl_preset_suiteb_sig_algs[] = {
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
@@ -6518,10 +6521,10 @@
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
MBEDTLS_TLS1_3_SIG_NONE
};
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif
static uint16_t ssl_preset_suiteb_groups[] = {
@@ -6936,7 +6939,7 @@
mbedtls_md_type_t md )
{
- const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( -1 );
@@ -7450,8 +7453,11 @@
* Write supported_signature_algorithms
*/
supported_sig_alg = p;
- for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
- *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1d31ce9..226f8e3 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -212,8 +212,11 @@
static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
uint16_t proposed_sig_alg )
{
- for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
- *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( 0 );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
if( *sig_alg == proposed_sig_alg )
return( 1 );