commit a3d016ce41a0fb9b862e99611c7786e4ab0ece8b
author Gabor Mezei <gabor.mezei@arm.com> Tue May 10 12:44:09 2022 +0200
committer Gabor Mezei <gabor.mezei@arm.com> Wed May 11 14:29:18 2022 +0200
tree 96f7bca0310f7ec684088a4a4f061306a935fb42
parent 1226590c888917cb6cb9ec2546f46d2a85f5deda

Rename and rewrite `mbedtls_ssl_sig_hash_set_find` function

Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

library/ssl_tls12_server.c

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 14dc8e1..449b635 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -988,7 +988,8 @@
      * a suitable hash algorithm is present. */
     sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
     if( sig_type != MBEDTLS_PK_NONE &&
-        mbedtls_ssl_sig_hash_set_find( ssl, sig_type ) == MBEDTLS_MD_NONE )
+        mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
+            ssl, mbedtls_ssl_sig_from_pk_alg( sig_type ) ) == MBEDTLS_SSL_HASH_NONE )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
                                     "for signature algorithm %u", (unsigned) sig_type ) );
@@ -1810,7 +1811,9 @@
     mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
     if( sig_alg != MBEDTLS_PK_NONE )
     {
-        mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( ssl, sig_alg );
+        unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
+                                    ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) );
+        mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash( sig_hash );
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
                                     mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
     }
@@ -3175,14 +3178,19 @@
          *      to choose appropriate hash.
          */
 
-        mbedtls_md_type_t md_alg;
         mbedtls_pk_type_t sig_alg =
             mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
 
+        unsigned int sig_hash =
+            mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
+                ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) );
+
+        mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash( sig_hash );
+
         /*    For TLS 1.2, obey signature-hash-algorithm extension
          *    (RFC 5246, Sec. 7.4.1.4.1). */
         if( sig_alg == MBEDTLS_PK_NONE ||
-            ( md_alg = mbedtls_ssl_sig_hash_set_find( ssl, sig_alg ) ) == MBEDTLS_MD_NONE )
+            md_alg == MBEDTLS_MD_NONE )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
             /* (... because we choose a cipher suite