fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

commit: 713013fa80e0ca75043e33de057035fb47fe5380 [log] [tgz]
author: Jerry Yu <jerry.h.yu@arm.com> Mon Jan 17 18:16:35 2022 +0800
committer: Jerry Yu <jerry.h.yu@arm.com> Tue Jan 25 12:46:17 2022 +0800
tree: 6a41bf51ea89a35de08b41b5f3bfb7186a8e0287
parent: e12f1ddcfaa498b059f2eddc068589454292bff2 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 91e84b5..a6d6dee 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3152,8 +3152,9 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    /* Heap allocate and translate curve_list from internal to IANA group ids */
-    if ( mbedtls_ssl_conf_is_tls12_enabled( ssl->conf ) &&
+    /* Heap allocate and translate sig_hashes from internal hash identifiers to
+       signature algorithms IANA identifiers.  */
+    if ( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) &&
          ssl->conf->sig_hashes != NULL )
     {
         const int *md;
@@ -6467,30 +6468,18 @@
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 static int ssl_preset_suiteb_hashes[] = {
-#if defined(MBEDTLS_SHA384_C)
-    MBEDTLS_MD_SHA384,
-#endif
 #if defined(MBEDTLS_SHA256_C)
     MBEDTLS_MD_SHA256,
 #endif
+#if defined(MBEDTLS_SHA384_C)
+    MBEDTLS_MD_SHA384,
+#endif
     MBEDTLS_MD_NONE
 };
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
 static uint16_t ssl_preset_default_sig_algs[] = {
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA512_C)
-    MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
-#endif
-#if defined(MBEDTLS_SHA384_C)
-    MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
-#endif
-#if defined(MBEDTLS_SHA256_C)
-    MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
     /* ECDSA algorithms */
 #if defined(MBEDTLS_ECDSA_C)
 #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
@@ -6510,12 +6499,10 @@
 #endif
     MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-    MBEDTLS_TLS1_3_SIG_NONE
-};
-
-static uint16_t ssl_preset_suiteb_sig_algs[] = {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA512_C)
+    MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
+#endif
 #if defined(MBEDTLS_SHA384_C)
     MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
 #endif
@@ -6523,7 +6510,10 @@
     MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
 #endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+    MBEDTLS_TLS1_3_SIG_NONE
+};
 
+static uint16_t ssl_preset_suiteb_sig_algs[] = {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     /* ECDSA algorithms */
 #if defined(MBEDTLS_ECDSA_C)
@@ -6541,7 +6531,14 @@
 #endif
     MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA384_C)
+    MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
+#endif
+#if defined(MBEDTLS_SHA256_C)
+    MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
     MBEDTLS_TLS1_3_SIG_NONE
 };
 #endif
@@ -6965,7 +6962,7 @@
     for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
     {
         mbedtls_md_type_t hash = mbedtls_ssl_md_alg_from_hash(
-                                                    ( *sig_alg >> 8 ) & 0xff );
+                                                   MBEDTLS_BYTE_1( *sig_alg ) );
         if( hash == md )
             return( 0 );
     }
commit	713013fa80e0ca75043e33de057035fb47fe5380	[log] [tgz]
author	Jerry Yu <jerry.h.yu@arm.com>	Mon Jan 17 18:16:35 2022 +0800
committer	Jerry Yu <jerry.h.yu@arm.com>	Tue Jan 25 12:46:17 2022 +0800
tree	6a41bf51ea89a35de08b41b5f3bfb7186a8e0287
parent	e12f1ddcfaa498b059f2eddc068589454292bff2 [diff] [blame]