Use convert functions for SSL_SIG_* and SSL_HASH_*
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ba2c68c..511d61d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1183,38 +1183,11 @@
/*
* Get hash algorithm
*/
- switch( (*p)[0] )
+ if( ( *md_alg = ssl_md_alg_from_hash( (*p)[0] ) ) == POLARSSL_MD_NONE )
{
-#if defined(POLARSSL_MD5_C)
- case SSL_HASH_MD5:
- *md_alg = POLARSSL_MD_MD5;
- break;
-#endif
-#if defined(POLARSSL_SHA1_C)
- case SSL_HASH_SHA1:
- *md_alg = POLARSSL_MD_SHA1;
- break;
-#endif
-#if defined(POLARSSL_SHA256_C)
- case SSL_HASH_SHA224:
- *md_alg = POLARSSL_MD_SHA224;
- break;
- case SSL_HASH_SHA256:
- *md_alg = POLARSSL_MD_SHA256;
- break;
-#endif
-#if defined(POLARSSL_SHA512_C)
- case SSL_HASH_SHA384:
- *md_alg = POLARSSL_MD_SHA384;
- break;
- case SSL_HASH_SHA512:
- *md_alg = POLARSSL_MD_SHA512;
- break;
-#endif
- default:
- SSL_DEBUG_MSG( 2, ( "Server used unsupported "
- "HashAlgorithm %d", *(p)[0] ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ SSL_DEBUG_MSG( 2, ( "Server used unsupported "
+ "HashAlgorithm %d", *(p)[0] ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
/*
@@ -1232,24 +1205,11 @@
/*
* Get signature algorithm
*/
- switch( (*p)[1] )
+ if( ( *pk_alg = ssl_pk_alg_from_sig( (*p)[1] ) ) == POLARSSL_PK_NONE )
{
-#if defined(POLARSSL_RSA_C)
- case SSL_SIG_RSA:
- *pk_alg = POLARSSL_PK_RSA;
- break;
-#endif
-
-#if defined(POLARSSL_ECDSA_C)
- case SSL_SIG_ECDSA:
- *pk_alg = POLARSSL_PK_ECDSA;
- break;
-#endif
-
- default:
- SSL_DEBUG_MSG( 2, ( "server used unsupported "
- "SignatureAlgorithm %d", (*p)[1] ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ SSL_DEBUG_MSG( 2, ( "server used unsupported "
+ "SignatureAlgorithm %d", (*p)[1] ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 6c4bdf0..f13b9c2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1998,38 +1998,7 @@
* ServerDHParams params;
* };
*/
- switch( ssl->handshake->sig_alg )
- {
-#if defined(POLARSSL_MD5_C)
- case SSL_HASH_MD5:
- md_alg = POLARSSL_MD_MD5;
- break;
-#endif
-#if defined(POLARSSL_SHA1_C)
- case SSL_HASH_SHA1:
- md_alg = POLARSSL_MD_SHA1;
- break;
-#endif
-#if defined(POLARSSL_SHA256_C)
- case SSL_HASH_SHA224:
- md_alg = POLARSSL_MD_SHA224;
- break;
- case SSL_HASH_SHA256:
- md_alg = POLARSSL_MD_SHA256;
- break;
-#endif
-#if defined(POLARSSL_SHA512_C)
- case SSL_HASH_SHA384:
- md_alg = POLARSSL_MD_SHA384;
- break;
- case SSL_HASH_SHA512:
- md_alg = POLARSSL_MD_SHA512;
- break;
-#endif
- default:
- /* Should never happen */
- return( -1 );
- }
+ md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg );
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
{
@@ -2595,8 +2564,7 @@
sa_len = 2;
/*
- * Hash: as server we know we either have SSL_HASH_SHA384 or
- * SSL_HASH_SHA256
+ * Hash
*/
if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg )
{
@@ -2605,10 +2573,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
}
- if( ssl->handshake->verify_sig_alg == SSL_HASH_SHA384 )
- md_alg = POLARSSL_MD_SHA384;
- else
- md_alg = POLARSSL_MD_SHA256;
+ md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
/*
* Get hashlen from MD
@@ -2623,27 +2588,14 @@
/*
* Signature
*/
- switch( ssl->in_msg[5] )
+ if( ( pk_alg = ssl_pk_alg_from_sig( ssl->in_msg[5] ) )
+ == POLARSSL_PK_NONE )
{
-#if defined(POLARSSL_RSA_C)
- case SSL_SIG_RSA:
- pk_alg = POLARSSL_PK_RSA;
- break;
-#endif
-
-#if defined(POLARSSL_ECDSA_C)
- case SSL_SIG_ECDSA:
- pk_alg = POLARSSL_PK_ECDSA;
- break;
-#endif
-
- default:
- SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
- " for verify message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
}
-
/*
* Check the certificate's key type matches the signature alg
*/
@@ -2663,10 +2615,9 @@
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
}
- ret = pk_verify( &ssl->session_negotiate->peer_cert->pk,
- md_alg, hash, hashlen,
- ssl->in_msg + 6 + sa_len, sig_len );
- if( ret != 0 )
+ if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk,
+ md_alg, hash, hashlen,
+ ssl->in_msg + 6 + sa_len, sig_len ) ) != 0 )
{
SSL_DEBUG_RET( 1, "pk_verify", ret );
return( ret );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 527b333..87a135a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3804,4 +3804,50 @@
return( SSL_SIG_ANON );
}
+pk_type_t ssl_pk_alg_from_sig( unsigned char sig )
+{
+ switch( sig )
+ {
+#if defined(POLARSSL_RSA_C)
+ case SSL_SIG_RSA:
+ return( POLARSSL_PK_RSA );
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ case SSL_SIG_ECDSA:
+ return( POLARSSL_PK_ECDSA );
+#endif
+ default:
+ return( POLARSSL_PK_NONE );
+ }
+}
+
+md_type_t ssl_md_alg_from_hash( unsigned char hash )
+{
+ switch( hash )
+ {
+#if defined(POLARSSL_MD5_C)
+ case SSL_HASH_MD5:
+ return( POLARSSL_MD_MD5 );
+#endif
+#if defined(POLARSSL_SHA1_C)
+ case SSL_HASH_SHA1:
+ return( POLARSSL_MD_SHA1 );
+#endif
+#if defined(POLARSSL_SHA256_C)
+ case SSL_HASH_SHA224:
+ return( POLARSSL_MD_SHA224 );
+ case SSL_HASH_SHA256:
+ return( POLARSSL_MD_SHA256 );
+#endif
+#if defined(POLARSSL_SHA512_C)
+ case SSL_HASH_SHA384:
+ return( POLARSSL_MD_SHA384 );
+ case SSL_HASH_SHA512:
+ return( POLARSSL_MD_SHA512 );
+#endif
+ default:
+ return( POLARSSL_MD_NONE );
+ }
+}
+
#endif